diff --git a/control-plane/roles/gardener/README.md b/control-plane/roles/gardener/README.md index 119979d6..8e4368fa 100644 --- a/control-plane/roles/gardener/README.md +++ b/control-plane/roles/gardener/README.md @@ -96,10 +96,14 @@ This includes the metal-stack extension provider called [gardener-extension-prov | gardener_extension_networking_cilium_enabled | | If enabled, deploys the gardener-networking-extension-cilium | | gardener_extension_shoot_cert_service_enabled | | If enabled, deploys the gardener-extension-shoot-cert-service | | gardener_extension_shoot_dns_service_enabled | | If enabled, deploys the gardener-extension-shoot-dns-service | +| gardener_extension_backup_s3_enabled | | If enabled, deploys the gardener-extension-backup-s3 | +| gardener_extension_dns_powerdns_enabled | | If enabled, deploys the gardener-extension-dns-powerdns | | gardener_os_controller_repo_ref | | A repo reference for deploying the [os-metal-extension](https://github.com/metal-stack/os-metal-extension/) | | gardener_networking_cilium_repo_ref | | A repo reference for deploying the [gardener-extension-networking-cilium](https://github.com/gardener/gardener-extension-networking-cilium) | | gardener_extension_provider_metal_repo_ref | | A repo reference for deploying the [gardener-extension-provider-metal](https://github.com/metal-stack/gardener-extension-provider-metal) | | gardener_shoot_dns_service_repo_ref | | A repo reference for deploying the [gardener-extension-shoot-dns-service](https://github.com/gardener/gardener-extension-shoot-dns-service) | +| gardener_extension_backup_s3_repo_ref | | A repo reference for deploying the [gardener-extension-backup-s3](https://github.com/metal-stack/gardener-extension-backup-s3) | +| gardener_extension_dns_powerdns_repo_ref | | A repo reference for deploying the [gardener-extension-dns-powerdns](https://github.com/metal-stack/gardener-extension-dns-powerdns) | | gardener_metal_admission_replicas | | Specifies the amount of metal-admission webhook replicas | | gardener_metal_admission_vpa | | Enables the VPA for the metal-admission webhook | | gardener_extension_provider_metal_cluster_audit_enabled | | Enables the audit functionality of the GEPM | @@ -122,6 +126,10 @@ This includes the metal-stack extension provider called [gardener-extension-prov | gardener_shoot_dns_service_image_vector_overwrite | | Allows overriding the image vector for the shoot-dns-service extension | | gardener_shoot_dns_service_dns_controller_manager_image_name | | Setting an explicit image name for the dns-controller-manager | | gardener_shoot_dns_service_dns_controller_manager_image_tag | | Setting an explicit image tag for the dns-controller-manager | +| gardener_extension_backup_s3_image_name | | Setting an explicit image name for the gardener-extension-backup-s3 | +| gardener_extension_backup_s3_image_tag | | Setting an explicit image tag for the gardener-extension-backup-s3 | +| gardener_extension_dns_powerdns_image_name | | Setting an explicit image name for the gardener-extension-dns-powerdns | +| gardener_extension_dns_powerdns_image_tag | | Setting an explicit image tag for the gardener-extension-dns-powerdns | ### Certificates diff --git a/control-plane/roles/gardener/defaults/main/extensions.yaml b/control-plane/roles/gardener/defaults/main/extensions.yaml index 2b724d6c..4156bc1c 100644 --- a/control-plane/roles/gardener/defaults/main/extensions.yaml +++ b/control-plane/roles/gardener/defaults/main/extensions.yaml @@ -6,11 +6,15 @@ gardener_extension_provider_gcp_enabled: true gardener_extension_provider_metal_enabled: true gardener_extension_shoot_cert_service_enabled: true gardener_extension_shoot_dns_service_enabled: true +gardener_extension_dns_powerdns_enabled: false +gardener_extension_backup_s3_enabled: false gardener_extension_provider_metal_repo_ref: "{{ gardener_extension_provider_metal_image_tag }}" gardener_networking_cilium_repo_ref: "gardener/gardener-extension-networking-cilium/{{ gardener_networking_cilium_image_tag }}" gardener_os_controller_repo_ref: "{{ gardener_os_controller_image_tag }}" gardener_shoot_dns_service_repo_ref: "gardener/gardener-extension-shoot-dns-service/{{ gardener_shoot_dns_service_image_tag }}" +gardener_extension_backup_s3_repo_ref: "metal-stack/gardener-extension-backup-s3/{{ gardener_extension_backup_s3_image_tag }}" +gardener_extension_dns_powerdns_repo_ref: "metal-stack/gardener-extension-dns-powerdns/{{ gardener_extension_dns_powerdns_image_tag }}" gardener_metal_admission_replicas: 1 gardener_metal_admission_vpa: true diff --git a/control-plane/roles/gardener/tasks/extensions.yaml b/control-plane/roles/gardener/tasks/extensions.yaml index c2a7cbab..1497f460 100644 --- a/control-plane/roles/gardener/tasks/extensions.yaml +++ b/control-plane/roles/gardener/tasks/extensions.yaml @@ -100,3 +100,32 @@ - controller-deployment.yaml - controller-registration.yaml when: gardener_extension_shoot_dns_service_enabled + +- name: "Register controller: dns powerdns" + k8s: + definition: "{{ lookup('template', 'powerdns/{{ item }}', split_lines=False) }}" + kubeconfig: "{{ gardener_kube_apiserver_kubeconfig_path }}" + apply: yes + register: result + until: result is success + retries: 10 + delay: 6 + loop: + - controller-deployment.yaml + - controller-registration.yaml + when: gardener_extension_dns_powerdns_enabled + +- name: "Register controller: backup s3" + k8s: + definition: "{{ lookup('template', 'backup-s3/{{ item }}', split_lines=False) }}" + kubeconfig: "{{ gardener_kube_apiserver_kubeconfig_path }}" + apply: yes + tags: shoot-dns-service + register: result + until: result is success + retries: 10 + delay: 6 + loop: + - controller-deployment.yaml + - controller-registration.yaml + when: gardener_extension_backup_s3_enabled diff --git a/control-plane/roles/gardener/templates/backup-s3/controller-deployment.yaml b/control-plane/roles/gardener/templates/backup-s3/controller-deployment.yaml new file mode 100644 index 00000000..1a9a520b --- /dev/null +++ b/control-plane/roles/gardener/templates/backup-s3/controller-deployment.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: core.gardener.cloud/v1 +kind: ControllerDeployment +metadata: + name: backup-s3 +helm: + rawChart: "{{ (lookup('url', 'https://raw.githubusercontent.com/' + gardener_extension_backup_s3_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].helm.rawChart }}" + values: + image: + repository: "{{ gardener_extension_backup_s3_image_name }}" + tag: "{{ gardener_extension_backup_s3_image_tag }}" diff --git a/control-plane/roles/gardener/templates/backup-s3/controller-registration.yaml b/control-plane/roles/gardener/templates/backup-s3/controller-registration.yaml new file mode 100644 index 00000000..2ec73ab7 --- /dev/null +++ b/control-plane/roles/gardener/templates/backup-s3/controller-registration.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: core.gardener.cloud/v1beta1 +kind: ControllerRegistration +metadata: + name: backup-s3 + annotations: + security.gardener.cloud/pod-security-enforce: baseline +spec: + deployment: + deploymentRefs: + - name: backup-s3 + resources: + - kind: BackupBucket + type: S3 + - kind: BackupEntry + type: S3 diff --git a/control-plane/roles/gardener/templates/powerdns/controller-deployment.yaml b/control-plane/roles/gardener/templates/powerdns/controller-deployment.yaml new file mode 100644 index 00000000..4b4cffbb --- /dev/null +++ b/control-plane/roles/gardener/templates/powerdns/controller-deployment.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: core.gardener.cloud/v1 +kind: ControllerDeployment +metadata: + name: powerdns +helm: + rawChart: "{{ (lookup('url', 'https://raw.githubusercontent.com/' + gardener_extension_dns_powerdns_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].helm.rawChart }}" + values: + image: + repository: "{{ gardener_extension_dns_powerdns_image_name }}" + tag: "{{ gardener_extension_dns_powerdns_image_tag }}" diff --git a/control-plane/roles/gardener/templates/powerdns/controller-registration.yaml b/control-plane/roles/gardener/templates/powerdns/controller-registration.yaml new file mode 100644 index 00000000..b6845be6 --- /dev/null +++ b/control-plane/roles/gardener/templates/powerdns/controller-registration.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: core.gardener.cloud/v1beta1 +kind: ControllerRegistration +metadata: + name: powerdns + annotations: + security.gardener.cloud/pod-security-enforce: baseline +spec: + deployment: + deploymentRefs: + - name: powerdns + resources: + - kind: DNSRecord + type: powerdns diff --git a/defaults/main.yaml b/defaults/main.yaml index a6d8b792..613267a9 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -58,6 +58,10 @@ metal_stack_release: gardener_mcm_provider_metal_image_tag: "docker-images.metal-stack.gardener.machine-controller-manager-provider-metal.tag" gardener_extension_audit_image_name: "docker-images.metal-stack.gardener.gardener-extension-audit.name" gardener_extension_audit_image_tag: "docker-images.metal-stack.gardener.gardener-extension-audit.tag" + gardener_extension_backup_s3_image_tag: "docker-images.metal-stack.gardener.gardener-extension-backup-s3.tag" + gardener_extension_backup_s3_image_name: "docker-images.metal-stack.gardener.gardener-extension-backup-s3.name" + gardener_extension_dns_powerdns_image_tag: "docker-images.metal-stack.gardener.gardener-extension-dns-powerdns.tag" + gardener_extension_dns_powerdns_image_name: "docker-images.metal-stack.gardener.gardener-extension-dns-powerdns.name" # kubernetes csi_lvm_controller_image_tag: "docker-images.metal-stack.kubernetes.csi-lvm-controller.tag" csi_lvm_controller_image_name: "docker-images.metal-stack.kubernetes.csi-lvm-controller.name"