deployment: add minimal kustomize overlays for deploying plugins

Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>

Author: marquiz

contrib/kustomize/device-injector/daemonset.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nri-plugin-device-injector
+spec:
+  template:
+    spec:
+      priorityClassName: system-node-critical
+      containers:
+        - name: plugin
+          image: plugin:latest
+          imagePullPolicy: Always
+          args:
+            - "-idx"
+            - "10"
+          resources:
+            requests:
+              cpu: "2m"
+              memory: "5Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - name: nri-socket
+              mountPath: /var/run/nri/nri.sock
+      volumes:
+      - name: nri-socket
+        hostPath:
+          path: /var/run/nri/nri.sock
+          type: Socket

contrib/kustomize/device-injector/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+- daemonset.yaml
+
+images:
+- name: plugin
+  newName: ghcr.io/containerd/nri/plugins/device-injector
+  newTag: unstable
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: nri-plugin-device-injector

contrib/kustomize/differ/daemonset.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nri-plugin-differ
+spec:
+  template:
+    spec:
+      containers:
+        - name: plugin
+          image: plugin:latest
+          imagePullPolicy: Always
+          args: []
+          resources:
+            requests:
+              cpu: "2m"
+              memory: "5Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - name: nri-socket
+              mountPath: /var/run/nri/nri.sock
+      volumes:
+      - name: nri-socket
+        hostPath:
+          path: /var/run/nri/nri.sock
+          type: Socket

contrib/kustomize/differ/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+- daemonset.yaml
+
+images:
+- name: plugin
+  newName: ghcr.io/containerd/nri/plugins/differ
+  newTag: unstable
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: nri-plugin-differ

contrib/kustomize/hook-injector/daemonset.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nri-plugin-hook-injector
+spec:
+  template:
+    spec:
+      priorityClassName: system-node-critical
+      containers:
+        - name: plugin
+          image: plugin:latest
+          imagePullPolicy: Always
+          args:
+            - "-idx"
+            - "10"
+          resources:
+            requests:
+              cpu: "2m"
+              memory: "5Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - name: nri-socket
+              mountPath: /var/run/nri/nri.sock
+            - name: etc-hooks-d
+              mountPath: /etc/containers/oci/hooks.d
+              readOnly: true
+            - name: usr-share-hooks-d
+              mountPath: /usr/share/containers/oci/hooks.d
+              readOnly: true
+            - name: libexec-hooks-d
+              mountPath: /usr/libexec/oci/hooks.d
+              readOnly: true
+      volumes:
+      - name: nri-socket
+        hostPath:
+          path: /var/run/nri/nri.sock
+          type: Socket
+      - name: etc-hooks-d
+        hostPath:
+          path: /etc/containers/oci/hooks.d
+          type: DirectoryOrCreate
+      - name: usr-share-hooks-d
+        hostPath:
+          path: /usr/share/containers/oci/hooks.d
+          type: DirectoryOrCreate
+      - name: libexec-hooks-d
+        hostPath:
+          path: /usr/libexec/oci/hooks.d
+          type: DirectoryOrCreate

contrib/kustomize/hook-injector/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+- daemonset.yaml
+
+images:
+- name: plugin
+  newName: ghcr.io/containerd/nri/plugins/hook-injector
+  newTag: unstable
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: nri-plugin-hook-injector

contrib/kustomize/logger/daemonset.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nri-plugin-logger
+spec:
+  template:
+    spec:
+      containers:
+        - name: plugin
+          image: plugin:latest
+          imagePullPolicy: Always
+          args:
+            - "-idx"
+            - "10"
+            - "-events"
+            - "RunPodSandbox,StopPodSandbox,RemovePodSandbox,CreateContainer,PostCreateContainer,StartContainer,PostStartContainer,UpdateContainer,PostUpdateContainer,StopContainer,RemoveContainer"
+          resources:
+            requests:
+              cpu: "2m"
+              memory: "5Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - name: nri-socket
+              mountPath: /var/run/nri/nri.sock
+      volumes:
+      - name: nri-socket
+        hostPath:
+          path: /var/run/nri/nri.sock
+          type: Socket

contrib/kustomize/logger/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+- daemonset.yaml
+
+images:
+- name: plugin
+  newName: ghcr.io/containerd/nri/plugins/logger
+  newTag: unstable
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: nri-plugin-logger

contrib/kustomize/network-device-injector/daemonset.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nri-plugin-network-device-injector
+spec:
+  template:
+    spec:
+      priorityClassName: system-node-critical
+      containers:
+        - name: plugin
+          image: plugin:latest
+          imagePullPolicy: Always
+          args:
+            - "-idx"
+            - "10"
+          resources:
+            requests:
+              cpu: "2m"
+              memory: "5Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - name: nri-socket
+              mountPath: /var/run/nri/nri.sock
+      volumes:
+      - name: nri-socket
+        hostPath:
+          path: /var/run/nri/nri.sock
+          type: Socket

contrib/kustomize/network-device-injector/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+- daemonset.yaml
+
+images:
+- name: plugin
+  newName: ghcr.io/containerd/nri/plugins/network-device-injector
+  newTag: unstable
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: nri-plugin-network-device-injector