Merge pull request #273 from gardener/vmware-integration

vSphere Support

README.md

@@ -166,7 +166,7 @@ landscape:
       credentials: (( iaas.credentials ))     # credentials for the blob storage's IaaS provider (default: same as above)
 
   <a href="#landscapedns">dns</a>:                                    # optional, default values based on `landscape.iaas`
-    type: &lt;google-clouddns|aws-route53|azure-dns|openstack-designate|cloudflare-dns&gt;   # dns provider
+    type: &lt;google-clouddns|aws-route53|azure-dns|openstack-designate|cloudflare-dns|infoblox-dns&gt;   # dns provider
     credentials: (( iaas.credentials ))   # credentials for the dns provider
 
   <a href="#landscapeidentity">identity</a>:
@@ -292,6 +292,7 @@ The `region` field in the openstack credentials is only evaluated within the `dn
 ```yaml
 etcd:
   backup:
+    # active: true
     type: <gcs|s3|abs|swift>
     resourceGroup: ...
     region: (( iaas.region ))
@@ -302,6 +303,7 @@ If you remove single values or the whole block, the missing values will be set t
 
 | Field | Type | Description | Example&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Iaas Provider Documentation |
 |:------|:--------|:--------|:--------|:---------|
+|`backup.active`|Boolean|If set to `false`, deactivates the etcd backup for the virtual cluster etcd. Defaults to `true`.|`true`|n.a.|
 |`backup.type`|Fixed value| Type of your blob store. Supported blob stores: `gcs` ([Google Cloud Storage](https://cloud.google.com/storage/)), `s3` ([Amazon S3](https://aws.amazon.com/s3/)), `abs` ([Azure Blob Storage](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-overview)), and `swift` ([Openstack Swift](https://docs.openstack.org/swift/latest/)).|`gcs`|n.a.|
 |`backup.resourceGroup`|IaaS provider specific |Azure specific. Create an Azure blob store first which uses a resource group. Provide the resource group here. | `my-Azure-RG` | [Azure](https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account?tabs=azure-portal) (HowTo) |
 |`backup.region`|IaaS provider specific|Region of blob storage. |`(( iaas.region ))` |[GCP (overview)](https://cloud.google.com/docs/geography-and-regions), [AWS (overview)](https://docs.aws.amazon.com/general/latest/gr/rande.html)|
@@ -311,21 +313,26 @@ If you remove single values or the whole block, the missing values will be set t
 ### landscape.dns
 ```yaml
 dns:
-  type: <google-clouddns|aws-route53|azure-dns|openstack-designate|cloudflare-dns>
+  type: <google-clouddns|aws-route53|azure-dns|openstack-designate|cloudflare-dns|infoblox-dns>
   credentials:
 ```
 Configuration for the Domain Name Service (DNS) provider. If your IaaS provider also offers a DNS service you can use the same values for `dns.credentials` as for `iaas.creds` above by using the [(( foo ))](https://github.com/mandelsoft/spiff/blob/master/README.md#-foo-) expression of spiff. If they belong to another account (or to another IaaS provider) the appropriate credentials (and their type) have to be configured.
 Similar to `landscape.etcd`, missing values will be set to defaults based on the values given in `landscape.iaas`.
 
 | Field | Type | Description | Example |IaaS Provider Documentation
 |:------|:--------|:--------|:--------|:------------|
-|`type`|Fixed value|Your DNS provider. Supported providers: `google-clouddns` ([Google Cloud DNS](https://cloud.google.com/dns/docs/)), `aws-route53` ([Amazon Route 53](https://aws.amazon.com/route53/)), `azure-dns` ([Azure DNS](https://azure.microsoft.com/de-de/services/dns/)), `openstack-designate` ([Openstack Designate](https://docs.openstack.org/designate/latest/)), and `cloudflare-dns` ([Cloudflare DNS](https://www.cloudflare.com/dns/)).|`google-clouddns`|n.a.|
+|`type`|Fixed value|Your DNS provider. Supported providers: `google-clouddns` ([Google Cloud DNS](https://cloud.google.com/dns/docs/)), `aws-route53` ([Amazon Route 53](https://aws.amazon.com/route53/)), `azure-dns` ([Azure DNS](https://azure.microsoft.com/de-de/services/dns/)), `openstack-designate` ([Openstack Designate](https://docs.openstack.org/designate/latest/)), `cloudflare-dns` ([Cloudflare DNS](https://www.cloudflare.com/dns/)), and `infoblox-dns` ([Infoblox DNS](https://www.infoblox.com/products/dns/)).|`google-clouddns`|n.a.|
 |`credentials`|IaaS provider specific|Service account credentials in a provider-specific format (see above).|`(( iaas.credentials ))`|[GCP](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys), [AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html#id_users_service_accounts), [Azure](https://docs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-create-service-principals)|
 
 #### Cloudflare Credentials
 
 The credentials to use Cloudflare DNS consist of a single key `apiToken`, containing your API token.
 
+#### Infoblox Credentials and Configuration
+
+For Infoblox DNS, you have to specify `USERNAME` and `PASSWORD` in the `credentials` node.
+Additionally, a `host` and a `version` need to be specified, both under `landscape.dns.providerConfig`. See [here](https://github.com/gardener/external-dns-management/blob/master/doc/infoblox/README.md#create-dns-provider) for further information on optional configuration fields that can also be specified in `landscape.dns.providerConfig`.
+
 
 ### landscape.identity
 ```yaml

acre.yaml

@@ -139,6 +139,13 @@ landscape:
           chart_path: charts/gardener-extension-shoot-dns-service
           image_tag: (( valid( shoot-dns-service.tag ) ? shoot-dns-service.tag :~~ ))
           image_repo: (( ~~ ))
+        provider-vsphere:
+          <<: (( merge ))
+          tag: (( valid( provider-vsphere.branch ) -or valid( provider-vsphere.commit ) ? ~~ :.dependency_versions.versions.gardener.extensions.provider-vsphere.version ))
+          repo: (( .dependency_versions.versions.gardener.extensions.provider-vsphere.repo ))
+          chart_path: charts/gardener-extension-provider-vsphere
+          image_tag: (( valid( provider-vsphere.tag ) ? provider-vsphere.tag :~~ ))
+          image_repo: (( ~~ ))
     dashboard:
       <<: (( merge ))
       repo: (( .dependency_versions.versions.dashboard.core.repo ))
@@ -217,6 +224,7 @@ landscape:
     <<: (( merge ))
     backup:
       <<: (( merge ))
+      active: true
       type: (( .backup_type_mapping[iaas[0].type] ))
       region: (( iaas[0].region ))
       credentials: (( iaas[0].credentials ))
@@ -267,13 +275,18 @@ validation:
   ### VALIDATOR DEFINITIONS ###
   types:
     iaas:
+      # <type>.config: validated for each iaas entry
+      # <type>.profileConfig: validated for each iaas entry that results in a cloudprofile (= doesn't have a 'cloudprofile' field referencing another iaas entry)
+      # <type>.networks: validated for shooted seed iaas entries
       gcp:
         credentials:
           - mapfield
           - serviceaccount.json
         config:
           - ["mapfield", "region"]
           - ["mapfield", "zones", ["list"]]
+        profileConfig:
+          - (( return_true ))
         networks:
           - ["mapfield", "workers", ["cidr"]]
       aws:
@@ -284,6 +297,8 @@ validation:
         config:
           - ["mapfield", "region"]
           - ["mapfield", "zones", ["list"]]
+        profileConfig:
+          - (( return_true ))
         networks:
           - ["mapfield", "internal", ["cidr"]]
           - ["mapfield", "public", ["cidr"]]
@@ -297,9 +312,76 @@ validation:
           - ["mapfield", "tenantID"]
         config:
           - ["mapfield", "region"]
+        profileConfig:
+          - (( return_true ))
         networks:
           - ["mapfield", "workers", ["cidr"]]
           - ["mapfield", "vnet", ["or", ["mapfield", "name"], ["mapfield", "cidr", ["cidr"]]]]
+      vsphere:
+        credentials:
+          - and
+          - ["mapfield", "nsxtPassword"]
+          - ["mapfield", "nsxtUsername"]
+          - ["mapfield", "vspherePassword"]
+          - ["mapfield", "vsphereUsername"]
+        config:
+          - ["mapfield", "region"]
+          - ["mapfield", "zones", ["list"]]
+        profileConfig:
+          - and
+          - - mapfield
+            - loadBalancerConfig
+            - - and
+              - - mapfield
+                - size
+                - ["valueset", ["SMALL", "MEDIUM", "LARGE"]]
+              - - mapfield
+                - classes
+                - - list
+                  - ["mapfield", "name"]
+          - ["mapfield", "defaultClassStoragePolicyName"]
+          - ["mapfield", "dnsServers", ["list", ["ip"]]]
+          - ["mapfield", "folder"]
+          - - mapfield
+            - machineImageDefinitions
+            - - list
+              - - and
+                - ["mapfield", "name"]
+                - - mapfield
+                  - versions
+                  - - list
+                    - - and
+                      - ["mapfield", "guestId"]
+                      - ["mapfield", "path"]
+                      - ["mapfield", "version"]
+          - - optionalfield
+            - machineTypeOptions
+            - - list
+              - - and
+                - ["mapfield", "name"]
+                - ["mapfield", "memoryReservationLockedToMax", ["type", "bool"]]
+                - ["optionalfield", "extraConfig", "map"]
+          - - mapfield
+            - regionDefinitions
+            - - list
+              - - and
+                - ["mapfield", "name"]
+                - ["mapfield", "vsphereHost"]
+                - ["mapfield", "vsphereInsecureSSL", ["type", "bool"]]
+                - ["mapfield", "nsxtHost"]
+                - ["mapfield", "nsxtInsecureSSL", ["type", "bool"]]
+                - ["optionalfield", "nsxtRemoteAuth", ["type", "bool"]]
+                - ["mapfield", "transportZone"]
+                - ["mapfield", "logicalTier0Router"]
+                - ["mapfield", "edgeCluster"]
+                - ["mapfield", "snatIPPool"]
+          - ["optionalfield", "csiResizerDisabled", ["type", "bool"]]
+          - - optionalfield
+            - failureDomainLabels
+            - - and
+              - ["mapfield", "region"]
+              - ["mapfield", "zone"]
+        networks: []
       openstack:
         credentials:
           - and
@@ -309,6 +391,10 @@ validation:
           - ["mapfield", "password"]
           - ["mapfield", "authURL"]
         config:
+          - ["mapfield", "region"]
+          - ["mapfield", "zones", ["list"]]
+        profileConfig:
+          - and
           - - mapfield
             - floatingPools
             - - list
@@ -345,24 +431,24 @@ validation:
           - ["optionalfield", "keystoneURL", "dnsdomain"]
           - ["optionalfield", "useOctavia", ["type", "bool"]]
           - ["optionalfield", "dnsServers", ["list", ["ip"]]]
-          - - or
-            - - mapfield
-              - cloudprofile
-            - - mapfield
-              - extensionConfig
-              - - mapfield
-                - machineImages
-                - - list
-                  - - and
-                    - ["mapfield", "name"]
-                    - - mapfield
-                      - versions
-                      - - list
-                        - - and
-                          - ["mapfield", "image"]
-                          - ["mapfield", "version"]
-          - ["mapfield", "region"]
-          - ["mapfield", "zones", ["list"]]
+          - - mapfield
+            - machineImageDefinitions
+            - - list
+              - - and
+                - ["mapfield", "name"]
+                - - mapfield
+                  - versions
+                  - - list
+                    - - and
+                      - - or
+                        - ["mapfield", "image"]
+                        - - mapfield
+                          - regions
+                          - - list
+                            - - and
+                              - ["mapfield", "name"]
+                              - ["mapfield", "id"]
+                      - ["mapfield", "version"]
         networks:
           - ["mapfield", "workers", ["cidr"]]
     etcd_backup:
@@ -378,6 +464,17 @@ validation:
       swift:
         credentials: (( iaas.openstack.credentials ))
         config: (( return_true ))
+    backup_config:
+      - <<: (( &template ))
+      - and
+      - - mapfield
+        - type
+        - - valueset
+          - (( keys( types.etcd_backup ) ))
+      - ["mapfield", "region"]
+      - - mapfield
+        - credentials
+        - (( types.etcd_backup[values.type].credentials ))
     dns:
       google-clouddns:
         credentials: (( iaas.gcp.credentials ))
@@ -398,6 +495,25 @@ validation:
           - mapfield
           - apiToken
         config: (( return_true ))
+      infoblox-dns:
+        credentials:
+          - and
+          - ["mapfield", "USERNAME"]
+          - ["mapfield", "PASSWORD"]
+        config:
+          - mapfield
+          - providerConfig
+          - - and
+            - ["mapfield", "host", ["ip"]]
+            - ["optionalfield", "port", ["type", "int"]]
+            - ["optionalfield", "sslVerify", ["type", "bool"]]
+            - ["mapfield", "version"]
+            - ["optionalfield", "view"]
+            - ["optionalfield", "httpPoolConnections", ["type", "int"]]
+            - ["optionalfield", "httpRequestTimeout", ["type", "int"]]
+            - ["optionalfield", "caCert", ["ca"]]
+            - ["optionalfield", "maxResults", ["type", "int"]]
+            - ["optionalfield", "proxyUrl"]
   iaas_entry_validators:
     basic:
       - <<: (( &template ))
@@ -467,27 +583,39 @@ validation:
                       - ["optionalfield", "tag"]
                       - ["optionalfield", "version"]
       - <<: (( types.iaas[values.type].config ))
-    initial_seed:
+    seeds_common:
       - <<: (( &template ))
-      - and
-      - ["mapfield", "mode", ["valueset", ["seed", "soil"]]]
       - - mapfield
         - credentials
         - (( types.iaas[values.type].credentials ))
+      - - optionalfield
+        - seedConfig
+        - - and
+          - - optionalfield
+            - backup
+            - - and
+              - ["optionalfield", "active", ["type", "bool"]]
+              - (( defined( values.seedConfig.backup.type ) -or defined( values.seedConfig.backup.credentials ) -or defined( values.seedConfig.backup.region ) ? validation.instantiate_validator( values.seedConfig.backup, validation.types.backup_config ) :~~ ))
+          - ["optionalfield", "providerConfig", "map"]
+    initial_seed:
+      - <<: (( &template ))
+      - and
+      - ["mapfield", "mode", ["valueset", ["seed", "soil"]]]
+      - <<: (( *validation.iaas_entry_validators.seeds_common ))
     seed:
       - <<: (( &template ))
       - and
-      - - mapfield
-        - credentials
-        - (( types.iaas[values.type].credentials ))
       - - mapfield
         - cluster
         - - and
           - ["mapfield", "kubeconfig"]
           - - mapfield
             - networks
             - (( validation.networks ))
-    cloudprofile: (( &template( return_true ) ))
+      - <<: (( *validation.iaas_entry_validators.seeds_common ))
+    cloudprofile:
+      - <<: (( &template ))
+      - <<: (( types.iaas[values.type].profileConfig ))
     shooted_seed:
       - <<: (( &template ))
       - and
@@ -498,14 +626,12 @@ validation:
       - - mapfield
         - mode
         - ["valueset", ["seed", "soil"]]
-      - - mapfield
-        - credentials
-        - (( types.iaas[values.type].credentials ))
       - - mapfield
         - cluster
         - - mapfield
           - networks
           - (( validation.networks types.iaas[values.type].networks ))
+      - <<: (( *validation.iaas_entry_validators.seeds_common ))
   dashboard_validator:
     - and
     - - optionalfield
@@ -590,15 +716,12 @@ validation:
     basic: (( map[landscape.iaas|entry|-> validate( entry, validation.instantiate_validator(entry, iaas_entry_validators.basic) )] ))
     initial_seed: (( validate( landscape.iaas[0], validation.instantiate_validator(landscape.iaas[0], iaas_entry_validators.initial_seed) ) ))
     seed_soil: (( map[select[landscape.iaas.[1..]|elem|-> elem.mode == "seed" -or elem.mode == "soil"]|id,entry|-> validate( entry, validation.instantiate_validator(entry, iaas_entry_validators.seed) )] ))
-    cloudprofile: (( map[select[landscape.iaas.[1..]|elem|-> elem.mode == "profile" -or elem.mode == "cloudprofile"]|id,entry|-> validate( entry, validation.instantiate_validator(entry, iaas_entry_validators.cloudprofile) )] ))
+    cloudprofile: (( map[select[landscape.iaas landscape.iaas_shooted_seeds|elem|-> ! valid( elem.cloudprofile )]|id,entry|-> validate( entry, validation.instantiate_validator(entry, iaas_entry_validators.cloudprofile) )] ))
     shooted_seed: (( map[validation.flatten( select[select[landscape.iaas|elem|-> elem.mode == "seed" -or elem.mode == "soil"]|elem|-> valid( elem.seeds )].[*].seeds ) |entry|-> validate( entry, validation.instantiate_validator(entry, iaas_entry_validators.basic), validation.instantiate_validator(entry, iaas_entry_validators.shooted_seed) )] ))
   ##### landscape.etcd
   etcd:
-    backup:
-      type: (( validate( landscape.etcd.backup, ["mapfield", "type", ["valueset", keys( types.etcd_backup )]] ) ))
-      region: (( validate( landscape.etcd.backup, ["mapfield", "region"] ) ))
-      provider_config: (( validate( landscape.etcd.backup, types.etcd_backup[landscape.etcd.backup.type].config ) ))
-      credentials: (( validate( landscape.etcd.backup, ["mapfield", "credentials", types.etcd_backup[landscape.etcd.backup.type].credentials] ) ))
+    backup_active: (( validate( landscape.etcd.backup.active, ["type", "bool"] ) ))
+    backup: (( landscape.etcd.backup.active == true ? validate( landscape.etcd.backup, [ "and", validation.instantiate_validator( landscape.etcd.backup, validation.types.backup_config ), validation.types.etcd_backup[landscape.etcd.backup.type].config ] ) :~~ ))
   ##### landscape.dns
   dns:
     type: (( validate( landscape.dns, ["mapfield", "type", ["valueset", keys( types.dns )]] ) ))

acre.yaml.example

@@ -45,7 +45,7 @@ landscape:
 #      credentials: (( iaas[0].credentials ))
 
 #  dns: # optional
-#    type: <google-clouddns/aws-route53/azure-dns/openstack-designate/cloudflare-dns>
+#    type: <google-clouddns/aws-route53/azure-dns/openstack-designate/cloudflare-dns/infoblox-dns>
 #    credentials: (( iaas[0].credentials ))
 
   identity:

components/dashboard/deployment.yaml

@@ -82,8 +82,10 @@ dashboard:
 
 terminal_config:
   <<: (( &temporary &template ))
-  containerImage: eu.gcr.io/gardener-project/gardener/ops-toolbelt:0.9.0
-  containerImageOperator: eu.gcr.io/gardener-project/gardener/ops-toolbelt:0.9.0
+  container:
+    image: eu.gcr.io/gardener-project/gardener/ops-toolbelt:0.9.0
+  containerOperator:
+    image: eu.gcr.io/gardener-project/gardener/ops-toolbelt:0.9.0
   containerImageDescriptions:
   - image: /eu.gcr.io/gardener-project/gardener/ops-toolbelt:.*/
     description: Run `ghelp` to get information about installed tools and packages