Implement alicloud infrastructure controller

Gopkg.toml

@@ -58,6 +58,10 @@ required = [
   name = "github.com/russross/blackfriday"
   revision = "300106c228d52c8941d4b3de6054a6062a86dda3"
 
+[[override]]
+  name = "github.com/jmespath/go-jmespath"
+  version = "^0.2.2"
+
 [[constraint]]
   name = "github.com/aws/aws-sdk-go"
   version = "~1.12.48"

controllers/provider-alicloud/charts/internal/alicloud-infra/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+description: Alicloud chart for main k8s infrastructure
+name: alicloud-infra
+version: 0.1.0

controllers/provider-alicloud/charts/internal/alicloud-infra/templates/main.tf

@@ -0,0 +1,115 @@
+provider "alicloud" {
+  access_key = "${var.ACCESS_KEY_ID}"
+  secret_key = "${var.ACCESS_KEY_SECRET}"
+  region = "{{ required "alicloud.region is required" .Values.alicloud.region }}"
+}
+
+// Import an existing public key to build a alicloud key pair
+resource "alicloud_key_pair" "publickey" {
+  key_name = "{{ required "clusterName is required" .Values.clusterName }}-ssh-publickey"
+  public_key = "{{ required "sshPublicKey is required" .Values.sshPublicKey }}"
+}
+
+{{ if .Values.create.vpc -}}
+resource "alicloud_vpc" "vpc" {
+  name       = "{{ required "clusterName is required" .Values.clusterName }}-vpc"
+  cidr_block = "{{ required "vpc.cidr is required" .Values.vpc.cidr }}"
+}
+resource "alicloud_nat_gateway" "nat_gateway" {
+  vpc_id = "{{ required "vpc.id is required" .Values.vpc.id }}"
+  spec   = "Small"
+  name   = "{{ required "clusterName is required" .Values.clusterName }}-natgw"
+}
+{{- end }}
+
+
+// Loop zones
+{{ range $index, $zone := .Values.zones }}
+
+resource "alicloud_vswitch" "vsw_z{{ $index }}" {
+  name              = "{{ required "clusterName is required" $.Values.clusterName }}-{{ required "zone.name is required" $zone.name }}-vsw"
+  vpc_id            = "{{ required "vpc.id is required" $.Values.vpc.id }}"
+  cidr_block        = "{{ required "zone.cidr.worker is required" $zone.cidr.worker }}"
+  availability_zone = "{{ required "zone.name is required" $zone.name }}"
+}
+
+// Create a new EIP.
+resource "alicloud_eip" "eip_natgw_z{{ $index }}" {
+  name                 = "{{ required "clusterName is required" $.Values.clusterName }}-eip-natgw-z{{ $index }}"
+  bandwidth            = "20"
+  internet_charge_type = "PayByBandwidth"
+}
+
+resource "alicloud_eip_association" "eip_natgw_asso_z{{ $index }}" {
+  allocation_id = "${alicloud_eip.eip_natgw_z{{ $index }}.id}"
+  instance_id   = "{{ required "natGatewayID is required" $.Values.vpc.natGatewayID }}"
+}
+
+resource "alicloud_snat_entry" "snat_z{{ $index }}" {
+  snat_table_id     = "{{ required "snatTableID is required" $.Values.vpc.snatTableID }}"
+  source_vswitch_id = "${alicloud_vswitch.vsw_z{{ $index }}.id}"
+  snat_ip           = "${alicloud_eip.eip_natgw_z{{ $index }}.ip_address}"
+}
+
+// Output
+output "vswitch_id_z{{ $index }}" {
+  value = "${alicloud_vswitch.vsw_z{{ $index }}.id}"
+}
+
+{{end}}
+// End of loop zones
+
+resource "alicloud_security_group" "sg" {
+  name   = "{{ required "clusterName is required" .Values.clusterName }}-sg"
+  vpc_id = "{{ required "vpc.id is required" .Values.vpc.id }}"
+}
+
+resource "alicloud_security_group_rule" "allow_k8s_tcp_in" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  policy            = "accept"
+  port_range        = "30000/32767"
+  priority          = 1
+  security_group_id = "${alicloud_security_group.sg.id}"
+  cidr_ip           = "0.0.0.0/0"
+}
+
+resource "alicloud_security_group_rule" "allow_all_internal_tcp_in" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  policy            = "accept"
+  port_range        = "1/65535"
+  priority          = 1
+  security_group_id = "${alicloud_security_group.sg.id}"
+  cidr_ip           = "{{ required "pod is required" .Values.vpc.cidr }}"
+}
+
+resource "alicloud_security_group_rule" "allow_all_internal_udp_in" {
+  type              = "ingress"
+  ip_protocol       = "udp"
+  policy            = "accept"
+  port_range        = "1/65535"
+  priority          = 1
+  security_group_id = "${alicloud_security_group.sg.id}"
+  cidr_ip           = "{{ required "pod is required" .Values.vpc.cidr }}"
+}
+
+//=====================================================================
+//= Output variables
+//=====================================================================
+
+output "{{ .Values.outputKeys.securityGroupID }}" {
+  value = "${alicloud_security_group.sg.id}"
+}
+
+output "{{ .Values.outputKeys.vpcID }}" {
+  value = "{{ required "vpc.id is required" .Values.vpc.id }}"
+}
+
+output "{{ .Values.outputKeys.vpcCIDR }}" {
+  value = "{{ required "vpc.cidr is required" .Values.vpc.cidr }}"
+}
+
+output "{{ .Values.outputKeys.keyPairName }}" {
+  value = "${alicloud_key_pair.publickey.key_name}"
+}

controllers/provider-alicloud/charts/internal/alicloud-infra/templates/terraform.tfvars

@@ -0,0 +1,2 @@
+
+# New line is needed! Do not remove this comment.

controllers/provider-alicloud/charts/internal/alicloud-infra/templates/variables.tf

@@ -0,0 +1,9 @@
+variable "ACCESS_KEY_ID" {
+  description = "Alicloud access key id"
+  type        = "string"
+}
+
+variable "ACCESS_KEY_SECRET" {
+  description = "Alicloud access key secret"
+  type        = "string"
+}

controllers/provider-alicloud/charts/internal/alicloud-infra/values.yaml

@@ -0,0 +1,37 @@
+alicloud:
+  region: cn-beijing
+
+create:
+  vpc: true
+
+clusterName: test-namespace
+
+sshPublicKey: sshkey-12345
+
+vpc:
+  id: ${alicloud_vpc.vpc.id}
+  cidr: 10.10.10.10/6
+  natGatewayID: ${alicloud_nat_gateway.nat_gateway.id}
+  snatTableID: ${alicloud_nat_gateway.nat_gateway.snat_table_ids} 
+
+
+zones:
+- name: cn-beijing-a
+  cidr:
+    worker: 10.250.0.0/19
+- name: cn-beijing-b
+  cidr:
+    worker: 10.250.32.0/19
+
+names:
+  configuration: shoot.tf-config
+  variables: shoot.tf-vars
+  state: shoot.tf-state
+
+initializeEmptyState: true
+
+outputKeys:
+  securityGroupID: sg_id
+  vpcID: vpc_id
+  vpcCIDR: vpc_cidr
+  keyPairName: key_pair_name

controllers/provider-alicloud/cmd/gardener-extension-provider-alicloud/app/app.go

@@ -17,6 +17,8 @@ package app
 import (
 	"context"
 	"fmt"
+	alicloudcontroller "github.com/gardener/gardener-extensions/controllers/provider-alicloud/pkg/controller"
+	alicloudinfrastructure "github.com/gardener/gardener-extensions/controllers/provider-alicloud/pkg/controller/infrastructure"
 	"os"
 
 	"github.com/gardener/gardener-extensions/pkg/controller"
@@ -40,14 +42,16 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 			LeaderElectionID:        controllercmd.LeaderElectionNameID(Name),
 			LeaderElectionNamespace: os.Getenv("LEADER_ELECTION_NAMESPACE"),
 		}
-		ctrlOpts = &controllercmd.ControllerOptions{
+		infraCtrlOpts = &controllercmd.ControllerOptions{
 			MaxConcurrentReconciles: 5,
 		}
-		infrastructureReconcilerOpts = &infrastructure.ReconcilerOptions{
+		infraReconcileOpts = &infrastructure.ReconcilerOptions{
 			IgnoreOperationAnnotation: true,
 		}
+		unprefixedInfraOpts = controllercmd.NewOptionAggregator(infraCtrlOpts, infraReconcileOpts)
+		infraOpts           = controllercmd.PrefixOption("infrastructure-", &unprefixedInfraOpts)
 
-		aggOption = controllercmd.NewOptionAggregator(restOpts, mgrOpts, ctrlOpts, infrastructureReconcilerOpts)
+		aggOption = controllercmd.NewOptionAggregator(restOpts, mgrOpts, infraOpts)
 	)
 
 	cmd := &cobra.Command{
@@ -67,6 +71,13 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 				controllercmd.LogErrAndExit(err, "Could not update manager scheme")
 			}
 
+			infraCtrlOpts.Completed().Apply(&alicloudinfrastructure.DefaultAddOptions.Controller)
+			infraReconcileOpts.Completed().Apply(&alicloudinfrastructure.DefaultAddOptions.IgnoreOperationAnnotation)
+
+			if err := alicloudcontroller.AddToManager(mgr); err != nil {
+				controllercmd.LogErrAndExit(err, "Could not add controllers to manager")
+			}
+
 			if err := mgr.Start(ctx.Done()); err != nil {
 				controllercmd.LogErrAndExit(err, "Error running manager")
 			}

controllers/provider-alicloud/example/infrastructure.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: shoot--foo--bar
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: shoot--foo--bar
+  name: core-alicloud
+type: Opaque
+data:
+#  accessKeyID: base64(accessKeyID)
+#  accessKeySecret: base64(accessKeySecret)
+---
+apiVersion: extensions.gardener.cloud/v1alpha1
+kind: Cluster
+metadata:
+  name: shoot--foo--bar
+spec:
+  cloudProfile:
+    apiVersion: garden.sapcloud.io/v1beta1
+    kind: CloudProfile
+    spec:
+      alicloud:
+  seed:
+    apiVersion: garden.sapcloud.io/v1beta1
+    kind: Seed
+  shoot:
+    apiVersion: garden.sapcloud.io/v1beta1
+    kind: Shoot
+    spec:
+      cloud:
+        alicloud:
+          networks:
+            pods: 10.243.128.0/17
+            services: 10.243.0.0/17
+    status:
+      lastOperation:
+        state: Succeeded
+---
+apiVersion: extensions.gardener.cloud/v1alpha1
+kind: Infrastructure
+metadata:
+  namespace: shoot--foo--bar
+  name: alicloud-infra
+spec:
+  type: alicloud
+  region: eu-central-1
+  secretRef:
+    namespace: shoot--foo--bar
+    name: core-alicloud
+#  sshPublicKey: base64(sshPublicKey)
+  providerConfig:
+    apiVersion: alicloud.provider.extensions.gardener.cloud/v1alpha1
+    kind: InfrastructureConfig
+    networks:
+      vpc: # specify either 'id' or 'cidr'
+      # id: my-vnet
+        cidr: 10.250.0.0/16
+      zones:
+      - name: eu-central-1a
+        worker: 10.250.1.0/24
+  # resourceGroup:
+  #   name: mygroup