From ca8e2e72374bddde9462a31b504c7484d556d3e3 Mon Sep 17 00:00:00 2001 From: fabriziopandini Date: Tue, 30 Apr 2024 20:13:27 +0200 Subject: [PATCH] use config/wcp instead of config/local --- Makefile | 6 +- .../cnsnodevmattachment-crd.yaml | 84 ++++++ ...vmware.com_clustercontentlibraryitems.yaml | 264 ++++++++++++++++++ ...gistry.vmware.com_contentlibraryitems.yaml | 264 ++++++++++++++++++ ...operator.vmware.com_networkinterfaces.yaml | 154 ++++++++++ .../vm-operator/config/kustomization.yaml | 47 +++- .../net-operator-networkinterface-status.yaml | 140 ---------- .../config/vm-operator-drop-certs-volume.yaml | 17 ++ .../config/vm-operator-env-var-patch.yaml | 32 +-- .../config/vm-operator-host-network.yaml | 10 + .../config/vm-operator-image-names.yaml | 15 + .../vm-operator-v1.8.6-0-gde75746a.yaml | 162 +++++------ tilt-provider.yaml | 2 +- 13 files changed, 943 insertions(+), 254 deletions(-) create mode 100644 test/infrastructure/vm-operator/config/external-crds/cnsnodevmattachment-crd.yaml create mode 100644 test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_clustercontentlibraryitems.yaml create mode 100644 test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_contentlibraryitems.yaml create mode 100644 test/infrastructure/vm-operator/config/external-crds/netoperator.vmware.com_networkinterfaces.yaml delete mode 100644 test/infrastructure/vm-operator/config/net-operator-networkinterface-status.yaml create mode 100644 test/infrastructure/vm-operator/config/vm-operator-drop-certs-volume.yaml create mode 100644 test/infrastructure/vm-operator/config/vm-operator-host-network.yaml create mode 100644 test/infrastructure/vm-operator/config/vm-operator-image-names.yaml diff --git a/Makefile b/Makefile index 6f37010c10..7e90a66658 100644 --- a/Makefile +++ b/Makefile @@ -801,8 +801,8 @@ set-manifest-image: .PHONY: release-vm-operator release-vm-operator: docker-build-all-vm-operator generate-manifests-vm-operator docker-push-all-vm-operator clean-vm-operator ## Build and push the vm-operator image and manifest for usage in CI -.PHONY: release-local-vm-operator -release-local-vm-operator: docker-build-all-vm-operator generate-manifests-vm-operator clean-vm-operator ## Build and push the vm-operator image and manifest for local usage only +.PHONY: release-vm-operator-local +release-vm-operator-local: docker-build-all-vm-operator generate-manifests-vm-operator clean-vm-operator ## Build the vm-operator image and manifest for local usage only .PHONY: checkout-vm-operator checkout-vm-operator: @@ -822,7 +822,7 @@ checkout-vm-operator: .PHONY: generate-manifests-vm-operator generate-manifests-vm-operator: $(RELEASE_DIR) $(KUSTOMIZE) checkout-vm-operator ## Build the vm-operator manifest yaml file - kustomize build --load-restrictor LoadRestrictionsNone "$(VM_OPERATOR_TMP_DIR)/config/local" > "$(VM_OPERATOR_DIR)/config/vm-operator.yaml" + kustomize build --load-restrictor LoadRestrictionsNone "$(VM_OPERATOR_TMP_DIR)/config/wcp" > "$(VM_OPERATOR_DIR)/config/vm-operator.yaml" sed -i'' -e 's@image: vmoperator.*@image: '"$(VM_OPERATOR_CONTROLLER_IMG):$(VM_OPERATOR_VERSION)"'@' "$(VM_OPERATOR_DIR)/config/vm-operator.yaml" kustomize build "$(VM_OPERATOR_DIR)/config" > "$(VM_OPERATOR_DIR)/vm-operator-$(VM_OPERATOR_VERSION).yaml" diff --git a/test/infrastructure/vm-operator/config/external-crds/cnsnodevmattachment-crd.yaml b/test/infrastructure/vm-operator/config/external-crds/cnsnodevmattachment-crd.yaml new file mode 100644 index 0000000000..b2f11a2c4d --- /dev/null +++ b/test/infrastructure/vm-operator/config/external-crds/cnsnodevmattachment-crd.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + name: cnsnodevmattachments.cns.vmware.com +spec: + conversion: + strategy: None + group: cns.vmware.com + names: + kind: CnsNodeVmAttachment + listKind: CnsNodeVmAttachmentList + plural: cnsnodevmattachments + singular: cnsnodevmattachment + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CnsNodeVmAttachment is the Schema for the cnsnodevmattachments + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CnsNodeVmAttachmentSpec defines the desired state of CnsNodeVmAttachment + properties: + nodeuuid: + description: NodeUUID indicates the UUID of the node where the volume + needs to be attached to. Here NodeUUID is the bios UUID of the node. + type: string + volumename: + description: VolumeName indicates the name of the volume on the supervisor + Cluster. This is guaranteed to be unique in Supervisor cluster. + type: string + required: + - nodeuuid + - volumename + type: object + status: + description: CnsNodeVmAttachmentStatus defines the observed state of CnsNodeVmAttachment + properties: + attached: + description: Indicates the volume is successfully attached. This field + must only be set by the entity completing the attach operation, + i.e. the CNS Operator. + type: boolean + error: + description: The last error encountered during attach/detach operation, + if any. This field must only be set by the entity completing the + attach operation, i.e. the CNS Operator. + type: string + metadata: + additionalProperties: + type: string + description: Before successful attach, this field is populated with + CNS volume ID. Upon successful attach, this field is populated with + any information returned by the attach operation. This field must + only be set by the entity completing the attach operation, i.e. + the CNS Operator + type: object + required: + - attached + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_clustercontentlibraryitems.yaml b/test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_clustercontentlibraryitems.yaml new file mode 100644 index 0000000000..bbdb77a00d --- /dev/null +++ b/test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_clustercontentlibraryitems.yaml @@ -0,0 +1,264 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: clustercontentlibraryitems.imageregistry.vmware.com +spec: + group: imageregistry.vmware.com + names: + kind: ClusterContentLibraryItem + listKind: ClusterContentLibraryItemList + plural: clustercontentlibraryitems + shortNames: + - cclitem + singular: clustercontentlibraryitem + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.name + name: vSphereName + type: string + - jsonPath: .status.contentLibraryRef.name + name: ClusterContentLibraryRef + type: string + - jsonPath: .status.type + name: Type + type: string + - jsonPath: .status.conditions[?(.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.cached + name: Cached + type: boolean + - jsonPath: .status.sizeInBytes + name: SizeInBytes + type: string + - jsonPath: .status.securityCompliance + name: SecurityCompliant + type: boolean + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ClusterContentLibraryItem is the schema for the content library item API at the cluster scope. + Currently, ClusterContentLibraryItem is immutable to end users. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContentLibraryItemSpec defines the desired state of a ContentLibraryItem. + properties: + uuid: + description: UUID is the identifier which uniquely identifies the + library item in vCenter. This field is immutable. + type: string + required: + - uuid + type: object + status: + description: ContentLibraryItemStatus defines the observed state of ContentLibraryItem. + properties: + cached: + default: false + description: Cached indicates if the library item files are on storage + in vCenter. + type: boolean + certificateVerificationInfo: + description: CertificateVerificationInfo shows the certificate verification + status and the signing certificate. + properties: + certChain: + description: CertChain shows the signing certificate chain in + base64 encoding if the library item is signed. + items: + type: string + type: array + status: + description: Status shows the certificate verification status + of the library item. + enum: + - NOT_AVAILABLE + - VERIFIED + - INTERNAL + - VERIFICATION_FAILURE + - VERIFICATION_IN_PROGRESS + - UNTRUSTED + type: string + type: object + conditions: + description: Conditions describes the current condition information + of the ContentLibraryItem. + items: + description: Condition defines an observation of an Image Registry + Operator API resource operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - status + - type + type: object + type: array + contentLibraryRef: + description: ContentLibraryRef refers to the ContentLibrary custom + resource that this item belongs to. + properties: + kind: + description: |- + Kind is a string value representing the kind of resource to which this + object refers. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name refers to a unique resource in the current namespace. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + required: + - name + type: object + contentVersion: + description: |- + ContentVersion indicates the version of the library item content in vCenter. + This value is incremented when the files comprising the content library item are changed in vCenter. + type: string + creationTime: + description: CreationTime indicates the date and time when this library + item was created in vCenter. + format: date-time + type: string + description: + description: Description is a human-readable description for this + library item. + type: string + fileInfo: + description: FileInfo represents zero, one or more files belonging + to the content library item in vCenter. + items: + description: FileInfo represents the information of a file in a + content library item in vCenter. + properties: + cached: + default: false + description: Cached indicates if the library item file is on + storage in vCenter. + type: boolean + name: + description: Name specifies the name of the file in vCenter. + type: string + sizeInBytes: + anyOf: + - type: integer + - type: string + description: SizeInBytes indicates the library item file size + in bytes on storage in vCenter. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + version: + description: |- + Version indicates the version of the library item file in vCenter. + This value is incremented when a new copy of the file is uploaded to vCenter. + type: string + required: + - cached + - name + - sizeInBytes + - version + type: object + type: array + lastModifiedTime: + description: |- + LastModifiedTime indicates the date and time when this library item was last updated in vCenter. + This field is updated when the library item properties are changed or the file content is changed. + format: date-time + type: string + lastSyncTime: + description: |- + LastSyncTime indicates the date and time when this library item was last synchronized in vCenter. + This field applies only to the library items belonging to the library of Type=Subscribed. + format: date-time + type: string + metadataVersion: + description: |- + MetadataVersion indicates the version of the library item metadata in vCenter. + This value is incremented when the library item properties such as name or description are changed in vCenter. + type: string + name: + description: Name specifies the name of the content library item in + vCenter specified by the user. + type: string + securityCompliance: + description: SecurityCompliance shows the security compliance of the + library item. + type: boolean + sizeInBytes: + anyOf: + - type: integer + - type: string + description: SizeInBytes indicates the library item size in bytes + on storage in vCenter. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type indicates the type of the library item in vCenter. + enum: + - OVF + - ISO + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_contentlibraryitems.yaml b/test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_contentlibraryitems.yaml new file mode 100644 index 0000000000..62687589d4 --- /dev/null +++ b/test/infrastructure/vm-operator/config/external-crds/imageregistry.vmware.com_contentlibraryitems.yaml @@ -0,0 +1,264 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: contentlibraryitems.imageregistry.vmware.com +spec: + group: imageregistry.vmware.com + names: + kind: ContentLibraryItem + listKind: ContentLibraryItemList + plural: contentlibraryitems + shortNames: + - clitem + singular: contentlibraryitem + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.name + name: vSphereName + type: string + - jsonPath: .status.contentLibraryRef.name + name: ContentLibraryRef + type: string + - jsonPath: .status.type + name: Type + type: string + - jsonPath: .status.conditions[?(.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.cached + name: Cached + type: boolean + - jsonPath: .status.sizeInBytes + name: SizeInBytes + type: string + - jsonPath: .status.securityCompliance + name: SecurityCompliant + type: boolean + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ContentLibraryItem is the schema for the content library item API. + Currently, ContentLibraryItem is immutable to end users. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContentLibraryItemSpec defines the desired state of a ContentLibraryItem. + properties: + uuid: + description: UUID is the identifier which uniquely identifies the + library item in vCenter. This field is immutable. + type: string + required: + - uuid + type: object + status: + description: ContentLibraryItemStatus defines the observed state of ContentLibraryItem. + properties: + cached: + default: false + description: Cached indicates if the library item files are on storage + in vCenter. + type: boolean + certificateVerificationInfo: + description: CertificateVerificationInfo shows the certificate verification + status and the signing certificate. + properties: + certChain: + description: CertChain shows the signing certificate chain in + base64 encoding if the library item is signed. + items: + type: string + type: array + status: + description: Status shows the certificate verification status + of the library item. + enum: + - NOT_AVAILABLE + - VERIFIED + - INTERNAL + - VERIFICATION_FAILURE + - VERIFICATION_IN_PROGRESS + - UNTRUSTED + type: string + type: object + conditions: + description: Conditions describes the current condition information + of the ContentLibraryItem. + items: + description: Condition defines an observation of an Image Registry + Operator API resource operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - status + - type + type: object + type: array + contentLibraryRef: + description: ContentLibraryRef refers to the ContentLibrary custom + resource that this item belongs to. + properties: + kind: + description: |- + Kind is a string value representing the kind of resource to which this + object refers. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name refers to a unique resource in the current namespace. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + required: + - name + type: object + contentVersion: + description: |- + ContentVersion indicates the version of the library item content in vCenter. + This value is incremented when the files comprising the content library item are changed in vCenter. + type: string + creationTime: + description: CreationTime indicates the date and time when this library + item was created in vCenter. + format: date-time + type: string + description: + description: Description is a human-readable description for this + library item. + type: string + fileInfo: + description: FileInfo represents zero, one or more files belonging + to the content library item in vCenter. + items: + description: FileInfo represents the information of a file in a + content library item in vCenter. + properties: + cached: + default: false + description: Cached indicates if the library item file is on + storage in vCenter. + type: boolean + name: + description: Name specifies the name of the file in vCenter. + type: string + sizeInBytes: + anyOf: + - type: integer + - type: string + description: SizeInBytes indicates the library item file size + in bytes on storage in vCenter. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + version: + description: |- + Version indicates the version of the library item file in vCenter. + This value is incremented when a new copy of the file is uploaded to vCenter. + type: string + required: + - cached + - name + - sizeInBytes + - version + type: object + type: array + lastModifiedTime: + description: |- + LastModifiedTime indicates the date and time when this library item was last updated in vCenter. + This field is updated when the library item properties are changed or the file content is changed. + format: date-time + type: string + lastSyncTime: + description: |- + LastSyncTime indicates the date and time when this library item was last synchronized in vCenter. + This field applies only to the library items belonging to the library of Type=Subscribed. + format: date-time + type: string + metadataVersion: + description: |- + MetadataVersion indicates the version of the library item metadata in vCenter. + This value is incremented when the library item properties such as name or description are changed in vCenter. + type: string + name: + description: Name specifies the name of the content library item in + vCenter specified by the user. + type: string + securityCompliance: + description: SecurityCompliance shows the security compliance of the + library item. + type: boolean + sizeInBytes: + anyOf: + - type: integer + - type: string + description: SizeInBytes indicates the library item size in bytes + on storage in vCenter. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type indicates the type of the library item in vCenter. + enum: + - OVF + - ISO + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/test/infrastructure/vm-operator/config/external-crds/netoperator.vmware.com_networkinterfaces.yaml b/test/infrastructure/vm-operator/config/external-crds/netoperator.vmware.com_networkinterfaces.yaml new file mode 100644 index 0000000000..8f2821da73 --- /dev/null +++ b/test/infrastructure/vm-operator/config/external-crds/netoperator.vmware.com_networkinterfaces.yaml @@ -0,0 +1,154 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + name: networkinterfaces.netoperator.vmware.com +spec: + group: netoperator.vmware.com + names: + kind: NetworkInterface + listKind: NetworkInterfaceList + plural: networkinterfaces + singular: networkinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkInterface is the Schema for the networkinterfaces API. + A NetworkInterface represents a user's request for network configuration + to use to place a VM/Pod/Container's nic on a specified network. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkInterfaceSpec defines the desired state of NetworkInterface. + properties: + networkName: + description: NetworkName refers to a NetworkObject in the same namespace. + type: string + providerRef: + description: ProviderRef is a reference to a provider specific network + interface object that specifies the network interface configuration. + If unset, default configuration is assumed. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + type: + description: Type is the type of NetworkInterface. Supported values + are vmxnet3. + type: string + type: object + status: + description: NetworkInterfaceStatus defines the observed state of NetworkInterface. + Once NetworkInterfaceReady condition is True, it should contain configuration + to use to place a VM/Pod/Container's nic on the specified network. + properties: + conditions: + description: Conditions is an array of current observed network interface + conditions. + items: + description: NetworkInterfaceCondition describes the state of a + NetworkInterface at a certain point. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Machine understandable string that gives the reason + for condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of network interface condition. + type: string + required: + - status + - type + type: object + type: array + externalID: + description: ExternalID is a network provider specific identifier + assigned to the network interface. + type: string + ipConfigs: + description: IPConfigs is an array of IP configurations for the network + interface. + items: + description: IPConfig represents an IP configuration. + properties: + gateway: + description: Gateway setting. + type: string + ip: + description: IP setting. + type: string + ipFamily: + description: IPFamily specifies the IP family (IPv4 vs IPv6) + the IP belongs to. + type: string + subnetMask: + description: SubnetMask setting. + type: string + required: + - gateway + - ip + - ipFamily + - subnetMask + type: object + type: array + macAddress: + description: MacAddress setting for the network interface. + type: string + networkID: + description: NetworkID is an network provider specific identifier + for the network backing the network interface. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: { } +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/test/infrastructure/vm-operator/config/kustomization.yaml b/test/infrastructure/vm-operator/config/kustomization.yaml index 177f367450..35c7250ca5 100644 --- a/test/infrastructure/vm-operator/config/kustomization.yaml +++ b/test/infrastructure/vm-operator/config/kustomization.yaml @@ -7,15 +7,40 @@ commonLabels: cluster.x-k8s.io/provider: "runtime-extension-vm-operator" resources: + # This is the generated from config/wcp from the vm-operator project - vm-operator.yaml + # Those are copies of files from config/crd/external-crds in the vm-operator project + # IMPORTANT! networkinterfaces requires the addition the status subresource. As soon as this is fixed in the + # vm-operator code base, we can get rid of this manual change +- external-crds/imageregistry.vmware.com_clustercontentlibraryitems.yaml +- external-crds/imageregistry.vmware.com_contentlibraryitems.yaml +- external-crds/netoperator.vmware.com_networkinterfaces.yaml +- external-crds/cnsnodevmattachment-crd.yaml patchesStrategicMerge: +# Set image names / version to use. +# Note: we are not building vm-operator images with Tilt, so those images must be available in a public image repository. +- vm-operator-image-names.yaml + +# Set replicas: 1 and imagePullPolicy: Always to make it easier working in Tilt - vm-operator-replicas.yaml - vm-operator-pull-policy.yaml + +# Set hostNetwork: false because we are running out of the supervisor +# Note: this requires also to drop KUBERNETES_SERVICE_HOST/PORT variables, which is implemented in a patch below. +- vm-operator-host-network.yaml + +# Drop VC cert bundle because we are running out of the supervisor +- vm-operator-drop-certs-volume.yaml + +# This patch derives from vm-operator config/wcp/vmoperator/manager_env_var_patch.yaml, but with +# - VSPHERE_NETWORKING = true and NETWORK_PROVIDER = VSPHERE_NETWORK as suggested by the vm-operator maintainers. +# - Replace all the <..> placeholders as per config/local (including drop PRIVILEGED_USERS) +# - Also make sure we are not overriding the KUBERNETES_SERVICE_HOST/PORT to use local host. - vm-operator-env-var-patch.yaml -- net-operator-networkinterface-status.yaml patches: +# Drop web-console-validator deployment, not used in tilt - target: labelSelector: app=web-console-validator patch: | @@ -23,3 +48,23 @@ patches: kind: Deployment metadata: name: web-console-validator + +# Drop vm-operator ConfigMaps, we are adding them back later via VMOperatorDependencies / vcsim or E2E test setup +- target: + kind: ConfigMap + namespace: vmware-system-vmop + name: vsphere.provider.config.vmoperator.vmware.com + patch: | + $patch: delete + kind: ConfigMap + metadata: + name: vsphere.provider.config.vmoperator.vmware.com +- target: + kind: ConfigMap + namespace: vmware-system-vmop + name: vmoperator-network-config + patch: | + $patch: delete + kind: ConfigMap + metadata: + name: vmoperator-network-config diff --git a/test/infrastructure/vm-operator/config/net-operator-networkinterface-status.yaml b/test/infrastructure/vm-operator/config/net-operator-networkinterface-status.yaml deleted file mode 100644 index 1d9fe13caf..0000000000 --- a/test/infrastructure/vm-operator/config/net-operator-networkinterface-status.yaml +++ /dev/null @@ -1,140 +0,0 @@ -# This is a copy of the CRD in vm-operator with the only addition of the status subresource. As soon as this is fixed in the -# vm-operator code base, we can get rid of this patch -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkinterfaces.netoperator.vmware.com -spec: - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: NetworkInterface is the Schema for the networkinterfaces API. - A NetworkInterface represents a user's request for network configuration - to use to place a VM/Pod/Container's nic on a specified network. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkInterfaceSpec defines the desired state of NetworkInterface. - properties: - networkName: - description: NetworkName refers to a NetworkObject in the same namespace. - type: string - providerRef: - description: ProviderRef is a reference to a provider specific network - interface object that specifies the network interface configuration. - If unset, default configuration is assumed. - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. - type: string - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - apiGroup - - kind - - name - type: object - type: - description: Type is the type of NetworkInterface. Supported values - are vmxnet3. - type: string - type: object - status: - description: NetworkInterfaceStatus defines the observed state of NetworkInterface. - Once NetworkInterfaceReady condition is True, it should contain configuration - to use to place a VM/Pod/Container's nic on the specified network. - properties: - conditions: - description: Conditions is an array of current observed network interface - conditions. - items: - description: NetworkInterfaceCondition describes the state of a - NetworkInterface at a certain point. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Machine understandable string that gives the reason - for condition's last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of network interface condition. - type: string - required: - - status - - type - type: object - type: array - externalID: - description: ExternalID is a network provider specific identifier - assigned to the network interface. - type: string - ipConfigs: - description: IPConfigs is an array of IP configurations for the network - interface. - items: - description: IPConfig represents an IP configuration. - properties: - gateway: - description: Gateway setting. - type: string - ip: - description: IP setting. - type: string - ipFamily: - description: IPFamily specifies the IP family (IPv4 vs IPv6) - the IP belongs to. - type: string - subnetMask: - description: SubnetMask setting. - type: string - required: - - gateway - - ip - - ipFamily - - subnetMask - type: object - type: array - macAddress: - description: MacAddress setting for the network interface. - type: string - networkID: - description: NetworkID is an network provider specific identifier - for the network backing the network interface. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: { } diff --git a/test/infrastructure/vm-operator/config/vm-operator-drop-certs-volume.yaml b/test/infrastructure/vm-operator/config/vm-operator-drop-certs-volume.yaml new file mode 100644 index 0000000000..bafae1741f --- /dev/null +++ b/test/infrastructure/vm-operator/config/vm-operator-drop-certs-volume.yaml @@ -0,0 +1,17 @@ +# Drop VC cert bundle because we are running out of the supervisor +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vmware-system-vmop-controller-manager + namespace: vmware-system-vmop +spec: + template: + spec: + containers: + - name: manager + volumeMounts: + - $patch: delete + mountPath: /etc/vmware/wcp/tls + volumes: + - $patch: delete + name: vmca-certs diff --git a/test/infrastructure/vm-operator/config/vm-operator-env-var-patch.yaml b/test/infrastructure/vm-operator/config/vm-operator-env-var-patch.yaml index b0131d9f3f..951acc374d 100644 --- a/test/infrastructure/vm-operator/config/vm-operator-env-var-patch.yaml +++ b/test/infrastructure/vm-operator/config/vm-operator-env-var-patch.yaml @@ -1,5 +1,7 @@ -# This patch derives from vm-operator config/local, but it is now using NETWORK_PROVIDER = VSPHERE_NETWORK -# as suggested by the vm-operator maintainers. +# This patch derives from vm-operator config/wcp/vmoperator/manager_env_var_patch.yaml, but with +# - VSPHERE_NETWORKING = true and NETWORK_PROVIDER = VSPHERE_NETWORK as suggested by the vm-operator maintainers. +# - Replace all the <..> placeholders as per config/local (including drop PRIVILEGED_USERS). +# - Also make sure we are not overriding the KUBERNETES_SERVICE_HOST/PORT to use local host. apiVersion: apps/v1 kind: Deployment metadata: @@ -15,7 +17,6 @@ spec: value: "true" - name: NETWORK_PROVIDER value: "VSPHERE_NETWORK" - - name: FSS_WCP_INSTANCE_STORAGE value: "true" - name: FSS_WCP_VMSERVICE_BACKUPRESTORE @@ -24,24 +25,11 @@ spec: value: "false" - name: FSS_WCP_TKG_Multiple_CL value: "false" - # - # Feature state switch flags beneath this line are enabled on main and - # only retained in this file because it is used by internal testing to - # determine the state of the feature. Since this is used by older - # branches as well, the flags must remain, otherwise the absence of the - # flag indicates a feature is not present or disabled. - # - - name: FSS_WCP_Unified_TKG - value: "true" - - name: FSS_WCP_VMSERVICE_V1ALPHA2 - value: "true" - - name: FSS_WCP_VM_CLASS_AS_CONFIG - value: "true" - - name: FSS_WCP_VM_CLASS_AS_CONFIG_DAYNDATE - value: "true" - - name: FSS_WCP_VM_IMAGE_REGISTRY - value: "true" + - $patch: delete + name: PRIVILEGED_USERS - name: FSS_WCP_NAMESPACED_VM_CLASS value: "true" - - name: FSS_WCP_WINDOWS_SYSPREP - value: "true" + - $patch: delete + name: KUBERNETES_SERVICE_HOST + - $patch: delete + name: KUBERNETES_SERVICE_PORT diff --git a/test/infrastructure/vm-operator/config/vm-operator-host-network.yaml b/test/infrastructure/vm-operator/config/vm-operator-host-network.yaml new file mode 100644 index 0000000000..5bbda0f52d --- /dev/null +++ b/test/infrastructure/vm-operator/config/vm-operator-host-network.yaml @@ -0,0 +1,10 @@ +# Set hostNetwork: false because we are running out of the supervisor +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vmware-system-vmop-controller-manager + namespace: vmware-system-vmop +spec: + template: + spec: + hostNetwork: false diff --git a/test/infrastructure/vm-operator/config/vm-operator-image-names.yaml b/test/infrastructure/vm-operator/config/vm-operator-image-names.yaml new file mode 100644 index 0000000000..3b2a56ca4f --- /dev/null +++ b/test/infrastructure/vm-operator/config/vm-operator-image-names.yaml @@ -0,0 +1,15 @@ +# Set image names / version to use. +# Note: we are not building vm-operator images with Tilt, so those images must be available in a public image repository. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vmware-system-vmop-controller-manager + namespace: vmware-system-vmop +spec: + template: + spec: + containers: + - name: manager + image: gcr.io/k8s-staging-capi-vsphere/extra/vm-operator:v1.8.6-0-gde75746a + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 diff --git a/test/infrastructure/vm-operator/vm-operator-v1.8.6-0-gde75746a.yaml b/test/infrastructure/vm-operator/vm-operator-v1.8.6-0-gde75746a.yaml index 0efbe0ee14..b549488cee 100644 --- a/test/infrastructure/vm-operator/vm-operator-v1.8.6-0-gde75746a.yaml +++ b/test/infrastructure/vm-operator/vm-operator-v1.8.6-0-gde75746a.yaml @@ -3,8 +3,7 @@ kind: Namespace metadata: labels: cluster.x-k8s.io/provider: runtime-extension-vm-operator - control-plane: controller-manager - controller-tools.k8s.io: "1.0" + pod-security.kubernetes.io/enforce: privileged name: vmware-system-vmop --- apiVersion: apiextensions.k8s.io/v1 @@ -7479,71 +7478,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - labels: - cluster.x-k8s.io/provider: runtime-extension-vm-operator - name: vmxnet3networkinterfaces.netoperator.vmware.com -spec: - group: netoperator.vmware.com - names: - kind: VMXNET3NetworkInterface - listKind: VMXNET3NetworkInterfaceList - plural: vmxnet3networkinterfaces - singular: vmxnet3networkinterface - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: VMXNET3NetworkInterface is the Schema for the vmxnet3networkinterfaces - API. It represents configuration of a vSphere VMXNET3 type network interface - card. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VMXNET3NetworkInterfaceSpec defines the desired state of - VMXNET3NetworkInterface. - properties: - uptCompatibilityEnabled: - description: UPTCompatibilityEnabled indicates whether UPT(Universal - Pass-through) compatibility is enabled on this network interface. - type: boolean - wakeOnLanEnabled: - description: WakeOnLanEnabled indicates whether wake-on-LAN is enabled - on this network interface. Clients can set this property to selectively - enable or disable wake-on-LAN. - type: boolean - type: object - status: - description: VMXNET3NetworkInterfaceStatus is unused. VMXNET3NetworkInterface - is a configuration only resource. - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.1 @@ -8218,6 +8152,22 @@ rules: - create --- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-vm-operator + name: vmware-system-vmop-wcp-privileged-psp +rules: +- apiGroups: + - policy + resourceNames: + - wcp-privileged-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: @@ -8234,6 +8184,25 @@ subjects: namespace: vmware-system-vmop --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-vm-operator + name: vmware-system-vmop-vmware-system-vmop:psp + namespace: vmware-system-vmop +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vmware-system-vmop-wcp-privileged-psp +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:nodes +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:serviceaccounts:vmware-system-vmop +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -8281,6 +8250,8 @@ subjects: apiVersion: v1 kind: Service metadata: + annotations: + prometheus.io/port: "9848" labels: cluster.x-k8s.io/provider: runtime-extension-vm-operator control-plane: controller-manager @@ -8289,7 +8260,7 @@ metadata: spec: ports: - name: https - port: 8443 + port: 9848 targetPort: https selector: cluster.x-k8s.io/provider: runtime-extension-vm-operator @@ -8327,7 +8298,6 @@ metadata: namespace: vmware-system-vmop spec: replicas: 1 - revisionHistoryLimit: 1 selector: matchLabels: cluster.x-k8s.io/provider: runtime-extension-vm-operator @@ -8340,15 +8310,29 @@ spec: type: RollingUpdate template: metadata: + annotations: + prometheus.io/port: "9848" + prometheus.io/scheme: https + prometheus.io/scrape: "true" labels: cluster.x-k8s.io/provider: runtime-extension-vm-operator control-plane: controller-manager controller-tools.k8s.io: "1.0" name: vmoperator-controller-manager spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - vmoperator-controller-manager + topologyKey: kubernetes.io/hostname containers: - args: - - --metrics-addr=127.0.0.1:8080 + - --metrics-addr=127.0.0.1:8083 command: - /manager env: @@ -8364,20 +8348,8 @@ spec: value: "false" - name: FSS_WCP_TKG_Multiple_CL value: "false" - - name: FSS_WCP_Unified_TKG - value: "true" - - name: FSS_WCP_VMSERVICE_V1ALPHA2 - value: "true" - - name: FSS_WCP_VM_CLASS_AS_CONFIG - value: "true" - - name: FSS_WCP_VM_CLASS_AS_CONFIG_DAYNDATE - value: "true" - - name: FSS_WCP_VM_IMAGE_REGISTRY - value: "true" - name: FSS_WCP_NAMESPACED_VM_CLASS value: "true" - - name: FSS_WCP_WINDOWS_SYSPREP - value: "true" - name: MAX_CONCURRENT_RECONCILES value: "20" - name: LEADER_ELECTION_ID @@ -8406,6 +8378,18 @@ spec: value: /tmp/k8s-webhook-server/serving-certs - name: WEBHOOK_SERVICE_CONTAINER_PORT value: "9878" + - name: FSS_WCP_Unified_TKG + value: "true" + - name: FSS_WCP_VMSERVICE_V1ALPHA2 + value: "true" + - name: FSS_WCP_VM_CLASS_AS_CONFIG + value: "true" + - name: FSS_WCP_VM_CLASS_AS_CONFIG_DAYNDATE + value: "true" + - name: FSS_WCP_VM_IMAGE_REGISTRY + value: "true" + - name: FSS_WCP_WINDOWS_SYSPREP + value: "true" image: gcr.io/k8s-staging-capi-vsphere/extra/vm-operator:v1.8.6-0-gde75746a imagePullPolicy: Always name: manager @@ -8422,8 +8406,8 @@ spec: port: health-probe resources: limits: - cpu: 2000m - memory: 300Mi + cpu: 750m + memory: 550Mi requests: cpu: 100m memory: 75Mi @@ -8432,16 +8416,20 @@ spec: name: cert readOnly: true - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ + - --secure-listen-address=0.0.0.0:9848 + - --upstream=http://127.0.0.1:8083 - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - --logtostderr=true - --v=10 + command: + - /kube-rbac-proxy image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - - containerPort: 8443 + - containerPort: 9848 name: https + hostNetwork: false nodeSelector: node-role.kubernetes.io/control-plane: "" terminationGracePeriodSeconds: 10 diff --git a/tilt-provider.yaml b/tilt-provider.yaml index 751c9517af..4a5a9715b6 100644 --- a/tilt-provider.yaml +++ b/tilt-provider.yaml @@ -34,6 +34,6 @@ config: version: v1.8.6 label: VMOP - kustomize_folder: "/test/infrastructure/vm-operator" + kustomize_folder: "/test/infrastructure/vm-operator/config" kustomize_options: - "--load-restrictor=LoadRestrictionsNone"