diff --git a/.test-defs/provider-azure.yaml b/.test-defs/provider-azure.yaml deleted file mode 100644 index b35f37813..000000000 --- a/.test-defs/provider-azure.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: TestDefinition -metadata: - name: gen-provider-azure -spec: - owner: gardener-oq@listserv.sap.com - description: Generates the azure provider specific configurations - activeDeadlineSeconds: 3600 - - command: [bash, -c] - args: - - >- - go run -mod=vendor ./controllers/provider-azure/test/tm/generator.go - --infrastructure-provider-config-filepath=$INFRASTRUCTURE_PROVIDER_CONFIG_FILEPATH - --controlplane-provider-config-filepath=$CONTROLPLANE_PROVIDER_CONFIG_FILEPATH - - image: golang:1.13.0 \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 0cd4f597a..c07f4e5bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,6 @@ WORKDIR / FROM base AS gardener-extension-hyper COPY controllers/provider-aws/charts /controllers/provider-aws/charts -COPY controllers/provider-azure/charts /controllers/provider-azure/charts COPY controllers/provider-gcp/charts /controllers/provider-gcp/charts COPY controllers/provider-openstack/charts /controllers/provider-openstack/charts COPY controllers/provider-alicloud/charts /controllers/provider-alicloud/charts diff --git a/Makefile b/Makefile index b7e2cf528..c73db40c8 100644 --- a/Makefile +++ b/Makefile @@ -102,20 +102,6 @@ start-provider-aws: --webhook-config-mode=$(WEBHOOK_CONFIG_MODE) \ $(WEBHOOK_PARAM) -.PHONY: start-provider-azure -start-provider-azure: - @LEADER_ELECTION_NAMESPACE=garden GO111MODULE=on go run \ - -mod=vendor \ - -ldflags $(LD_FLAGS) \ - ./controllers/provider-azure/cmd/gardener-extension-provider-azure \ - --config-file=./controllers/provider-azure/example/00-componentconfig.yaml \ - --ignore-operation-annotation=$(IGNORE_OPERATION_ANNOTATION) \ - --leader-election=$(LEADER_ELECTION) \ - --webhook-config-server-host=0.0.0.0 \ - --webhook-config-server-port=8443 \ - --webhook-config-namespace=$(EXTENSION_NAMESPACE) - $(WEBHOOK_PARAM) - .PHONY: start-provider-gcp start-provider-gcp: @LEADER_ELECTION_NAMESPACE=garden GO111MODULE=on go run \ diff --git a/controllers/hyper/cmd/gardener-extension-hyper/app/app.go b/controllers/hyper/cmd/gardener-extension-hyper/app/app.go index 14edce1cf..c0cec0383 100644 --- a/controllers/hyper/cmd/gardener-extension-hyper/app/app.go +++ b/controllers/hyper/cmd/gardener-extension-hyper/app/app.go @@ -6,7 +6,6 @@ import ( provideralicloud "github.com/gardener/gardener-extensions/controllers/provider-alicloud/cmd/gardener-extension-provider-alicloud/app" provideraws "github.com/gardener/gardener-extensions/controllers/provider-aws/cmd/gardener-extension-provider-aws/app" validatoraws "github.com/gardener/gardener-extensions/controllers/provider-aws/cmd/gardener-extension-validator-aws/app" - providerazure "github.com/gardener/gardener-extensions/controllers/provider-azure/cmd/gardener-extension-provider-azure/app" providergcp "github.com/gardener/gardener-extensions/controllers/provider-gcp/cmd/gardener-extension-provider-gcp/app" provideropenstack "github.com/gardener/gardener-extensions/controllers/provider-openstack/cmd/gardener-extension-provider-openstack/app" @@ -21,7 +20,6 @@ func NewHyperCommand(ctx context.Context) *cobra.Command { cmd.AddCommand( provideraws.NewControllerManagerCommand(ctx), - providerazure.NewControllerManagerCommand(ctx), providergcp.NewControllerManagerCommand(ctx), provideropenstack.NewControllerManagerCommand(ctx), provideralicloud.NewControllerManagerCommand(ctx), diff --git a/controllers/provider-azure/README.md b/controllers/provider-azure/README.md deleted file mode 100644 index 85f37b795..000000000 --- a/controllers/provider-azure/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# [Gardener Extension for Azure provider](https://gardener.cloud) - -[![CI Build status](https://concourse.ci.infra.gardener.cloud/api/v1/teams/gardener/pipelines/gardener-extensions-master/jobs/master-head-update-job/badge)](https://concourse.ci.infra.gardener.cloud/teams/gardener/pipelines/gardener-extensions-master/jobs/master-head-update-job) -[![Go Report Card](https://goreportcard.com/badge/github.com/gardener/gardener-extensions/controllers/provider-azure)](https://goreportcard.com/report/github.com/gardener/gardener-extensions/controllers/provider-azure) - -Project Gardener implements the automated management and operation of [Kubernetes](https://kubernetes.io/) clusters as a service. -Its main principle is to leverage Kubernetes concepts for all of its tasks. - -Recently, most of the vendor specific logic has been developed [in-tree](https://github.com/gardener/gardener). -However, the project has grown to a size where it is very hard to extend, maintain, and test. -With [GEP-1](https://github.com/gardener/gardener/blob/master/docs/proposals/01-extensibility.md) we have proposed how the architecture can be changed in a way to support external controllers that contain their very own vendor specifics. -This way, we can keep Gardener core clean and independent. - -This controller implements Gardener's extension contract for the Azure provider. - -An example for a `ControllerRegistration` resource that can be used to register this controller to Gardener can be found [here](example/controller-registration.yaml). - -Please find more information regarding the extensibility concepts and a detailed proposal [here](https://github.com/gardener/gardener/blob/master/docs/proposals/01-extensibility.md). - -## Supported Kubernetes versions - -This extension controller supports the following Kubernetes versions: - -| Version | Support | Conformance test results | -| --------------- | ----------- | ------------------------ | -| Kubernetes 1.17 | 1.17.0+ | [![Gardener v1.17 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.17%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.17%20Azure) | -| Kubernetes 1.16 | 1.16.0+, except 1.16.2 | [![Gardener v1.16 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.16%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.16%20Azure) | -| Kubernetes 1.15 | 1.15.0+, except 1.15.5 | [![Gardener v1.15 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.15%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.15%20Azure) | -| Kubernetes 1.14 | 1.14.0+ | [![Gardener v1.14 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.14%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.14%20Azure) | -| Kubernetes 1.13 | 1.13.0+ | [![Gardener v1.13 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.13%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.13%20Azure) | -| Kubernetes 1.12 | 1.12.1+ | [![Gardener v1.12 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.12%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.12%20Azure) | -| Kubernetes 1.11 | 1.11.0+ | [![Gardener v1.11 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.11%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.11%20Azure) | -| Kubernetes 1.10 | 1.10.1+ | [![Gardener v1.10 Conformance Tests](https://testgrid.k8s.io/q/summary/conformance-gardener/Gardener,%20v1.10%20Azure/tests_status?style=svg)](https://testgrid.k8s.io/conformance-gardener#Gardener,%20v1.10%20Azure) | - -Please take a look [here](https://github.com/gardener/gardener/blob/master/docs/usage/supported_k8s_versions.md) to see which versions are supported by Gardener in general. - ----- - -## How to start using or developing this extension controller locally - -You can run the controller locally on your machine by executing `make start-provider-azure`. - -Static code checks and tests can be executed by running `VERIFY=true make all`. We are using Go modules for Golang package dependency management and [Ginkgo](https://github.com/onsi/ginkgo)/[Gomega](https://github.com/onsi/gomega) for testing. - -## Feedback and Support - -Feedback and contributions are always welcome. Please report bugs or suggestions as [GitHub issues](https://github.com/gardener/gardener-extensions/issues) or join our [Slack channel #gardener](https://kubernetes.slack.com/messages/gardener) (please invite yourself to the Kubernetes workspace [here](http://slack.k8s.io)). - -## Learn more! - -Please find further resources about out project here: - -* [Our landing page gardener.cloud](https://gardener.cloud/) -* ["Gardener, the Kubernetes Botanist" blog on kubernetes.io](https://kubernetes.io/blog/2018/05/17/gardener/) -* [GEP-1 (Gardener Enhancement Proposal) on extensibility](https://github.com/gardener/gardener/blob/master/docs/proposals/01-extensibility.md) -* [GEP-4 (New `core.gardener.cloud/v1alpha1` API)](https://github.com/gardener/gardener/blob/master/docs/proposals/04-new-core-gardener-cloud-apis.md) -* [Extension contract documentation](https://github.com/gardener/gardener/tree/master/docs/extensions) -* [Gardener Extensions Golang library](https://godoc.org/github.com/gardener/gardener-extensions/pkg) -* [Gardener API Reference](https://gardener.cloud/api-reference/) diff --git a/controllers/provider-azure/charts/images.yaml b/controllers/provider-azure/charts/images.yaml deleted file mode 100644 index 5ab534634..000000000 --- a/controllers/provider-azure/charts/images.yaml +++ /dev/null @@ -1,22 +0,0 @@ -images: -- name: terraformer - sourceRepository: github.com/gardener/terraformer - repository: eu.gcr.io/gardener-project/gardener/terraformer - tag: "0.18.0" -- name: cloud-controller-manager - sourceRepository: github.com/kubernetes/kubernetes - repository: k8s.gcr.io/hyperkube - targetVersion: "< 1.17" -- name: cloud-controller-manager - sourceRepository: github.com/kubernetes-sigs/cloud-provider-azure - repository: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager - tag: v0.4.1 - targetVersion: ">= 1.17" -- name: machine-controller-manager - sourceRepository: github.com/gardener/machine-controller-manager - repository: eu.gcr.io/gardener-project/gardener/machine-controller-manager - tag: "v0.25.0" -- name: etcd-backup-restore - sourceRepository: github.com/gardener/etcd-backup-restore - repository: eu.gcr.io/gardener-project/gardener/etcdbrctl - tag: "0.7.3" diff --git a/controllers/provider-azure/charts/internal/azure-infra/Chart.yaml b/controllers/provider-azure/charts/internal/azure-infra/Chart.yaml deleted file mode 100644 index a0ba4034e..000000000 --- a/controllers/provider-azure/charts/internal/azure-infra/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Azure chart for main k8s infrastructure -name: azure-infra -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/azure-infra/templates/main.tf b/controllers/provider-azure/charts/internal/azure-infra/templates/main.tf deleted file mode 100644 index f2538d76f..000000000 --- a/controllers/provider-azure/charts/internal/azure-infra/templates/main.tf +++ /dev/null @@ -1,141 +0,0 @@ -provider "azurerm" { - subscription_id = "{{ required "azure.subscriptionID is required" .Values.azure.subscriptionID }}" - tenant_id = "{{ required "azure.tenantID is required" .Values.azure.tenantID }}" - client_id = "${var.CLIENT_ID}" - client_secret = "${var.CLIENT_SECRET}" -} - -{{ if .Values.create.resourceGroup -}} -resource "azurerm_resource_group" "rg" { - name = "{{ required "resourceGroup.name is required" .Values.resourceGroup.name }}" - location = "{{ required "azure.region is required" .Values.azure.region }}" -} -{{- else -}} -data "azurerm_resource_group" "rg" { - name = "{{ required "resourceGroup.name is required" .Values.resourceGroup.name }}" -} -{{- end}} - -#===================================================================== -#= VNet, Subnets, Route Table, Security Groups -#===================================================================== - -{{ if .Values.create.vnet -}} -resource "azurerm_virtual_network" "vnet" { - name = "{{ required "resourceGroup.vnet.name is required" .Values.resourceGroup.vnet.name }}" - {{ if .Values.create.resourceGroup -}} - resource_group_name = "${azurerm_resource_group.rg.name}" - {{- else -}} - resource_group_name = "${data.azurerm_resource_group.rg.name}" - {{- end}} - location = "{{ required "azure.region is required" .Values.azure.region }}" - address_space = ["{{ required "resourceGroup.vnet.cidr is required" .Values.resourceGroup.vnet.cidr }}"] -} -{{- else -}} -data "azurerm_virtual_network" "vnet" { - name = "{{ required "resourceGroup.vnet.name is required" .Values.resourceGroup.vnet.name }}" - resource_group_name = "{{ required "resourceGroup.vnet.resourceGroup is required" .Values.resourceGroup.vnet.resourceGroup }}" -} -{{- end }} - -resource "azurerm_subnet" "workers" { - name = "{{ required "clusterName is required" .Values.clusterName }}-nodes" - {{ if .Values.create.vnet -}} - virtual_network_name = "${azurerm_virtual_network.vnet.name}" - resource_group_name = "${azurerm_virtual_network.vnet.resource_group_name}" - {{- else -}} - virtual_network_name = "${data.azurerm_virtual_network.vnet.name}" - resource_group_name = "${data.azurerm_virtual_network.vnet.resource_group_name}" - {{- end }} - address_prefix = "{{ required "networks.worker is required" .Values.networks.worker }}" - service_endpoints = [{{range $index, $serviceEndpoint := .Values.resourceGroup.subnet.serviceEndpoints}}{{if $index}},{{end}}"{{$serviceEndpoint}}"{{end}}] - route_table_id = "${azurerm_route_table.workers.id}" - network_security_group_id = "${azurerm_network_security_group.workers.id}" -} - -resource "azurerm_route_table" "workers" { - name = "worker_route_table" - location = "{{ required "azure.region is required" .Values.azure.region }}" - {{ if .Values.create.resourceGroup -}} - resource_group_name = "${azurerm_resource_group.rg.name}" - {{- else -}} - resource_group_name = "${data.azurerm_resource_group.rg.name}" - {{- end}} -} - -resource "azurerm_network_security_group" "workers" { - name = "{{ required "clusterName is required" .Values.clusterName }}-workers" - location = "{{ required "azure.region is required" .Values.azure.region }}" - {{ if .Values.create.resourceGroup -}} - resource_group_name = "${azurerm_resource_group.rg.name}" - {{- else -}} - resource_group_name = "${data.azurerm_resource_group.rg.name}" - {{- end}} -} - -{{ if .Values.create.availabilitySet -}} -#===================================================================== -#= Availability Set -#===================================================================== - -resource "azurerm_availability_set" "workers" { - name = "{{ required "clusterName is required" .Values.clusterName }}-avset-workers" - {{ if .Values.create.resourceGroup -}} - resource_group_name = "${azurerm_resource_group.rg.name}" - {{- else -}} - resource_group_name = "${data.azurerm_resource_group.rg.name}" - {{- end}} - location = "{{ required "azure.region is required" .Values.azure.region }}" - platform_update_domain_count = "{{ required "azure.countUpdateDomains is required" .Values.azure.countUpdateDomains }}" - platform_fault_domain_count = "{{ required "azure.countFaultDomains is required" .Values.azure.countFaultDomains }}" - managed = true -} -{{- end}} - -//===================================================================== -//= Output variables -//===================================================================== - -output "{{ .Values.outputKeys.resourceGroupName }}" { -{{ if .Values.create.resourceGroup -}} - value = "${azurerm_resource_group.rg.name}" -{{- else -}} - value = "${data.azurerm_resource_group.rg.name}" -{{- end}} -} - -{{ if .Values.create.vnet -}} -output "{{ .Values.outputKeys.vnetName }}" { - value = "${azurerm_virtual_network.vnet.name}" -} -{{- else -}} -output "{{ .Values.outputKeys.vnetName }}" { - value = "${data.azurerm_virtual_network.vnet.name}" -} - -output "{{ .Values.outputKeys.vnetResourceGroup }}" { - value = "${data.azurerm_virtual_network.vnet.resource_group_name}" -} -{{- end}} - -output "{{ .Values.outputKeys.subnetName }}" { - value = "${azurerm_subnet.workers.name}" -} - -output "{{ .Values.outputKeys.routeTableName }}" { - value = "${azurerm_route_table.workers.name}" -} - -output "{{ .Values.outputKeys.securityGroupName }}" { - value = "${azurerm_network_security_group.workers.name}" -} - -{{ if .Values.create.availabilitySet -}} -output "{{ .Values.outputKeys.availabilitySetID }}" { - value = "${azurerm_availability_set.workers.id}" -} - -output "{{ .Values.outputKeys.availabilitySetName }}" { - value = "${azurerm_availability_set.workers.name}" -} -{{- end}} \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/azure-infra/templates/terraform.tfvars b/controllers/provider-azure/charts/internal/azure-infra/templates/terraform.tfvars deleted file mode 100644 index 4a69819a3..000000000 --- a/controllers/provider-azure/charts/internal/azure-infra/templates/terraform.tfvars +++ /dev/null @@ -1 +0,0 @@ -# New line is needed! Do not remove this comment. diff --git a/controllers/provider-azure/charts/internal/azure-infra/templates/variables.tf b/controllers/provider-azure/charts/internal/azure-infra/templates/variables.tf deleted file mode 100644 index 2dbcd286e..000000000 --- a/controllers/provider-azure/charts/internal/azure-infra/templates/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "CLIENT_ID" { - description = "Azure client id of technical user" - type = "string" -} - -variable "CLIENT_SECRET" { - description = "Azure client secret of technical user" - type = "string" -} diff --git a/controllers/provider-azure/charts/internal/azure-infra/values.yaml b/controllers/provider-azure/charts/internal/azure-infra/values.yaml deleted file mode 100644 index 313144353..000000000 --- a/controllers/provider-azure/charts/internal/azure-infra/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -azure: - subscriptionID: 81dde535-61b4-442a-96e6-6e30c6e55039 - tenantID: e9ec4533-d130-4d00-a7c3-d85f1c750c5a - region: westeurope - countUpdateDomains: 5 - countFaultDomains: 2 - -create: - resourceGroup: true - vnet: true - availabilitySet: false - -resourceGroup: - name: my-resource-group - vnet: - name: my-vnet - # resourceGroup: vnet-resource-group - cidr: 10.10.10.10/6 - subnet: - serviceEndpoints: [] - -clusterName: test-namespace - -networks: - worker: 10.250.0.0/19 - -outputKeys: - resourceGroupName: resourceGroupName - vnetName: vnetName - # vnetResourceGroup: vnet-resource-group - subnetName: subnetName - availabilitySetID: availabilitySetID - availabilitySetName: availabilitySetName - routeTableName: routeTableName - securityGroupName: securityGroupName diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/Chart.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/Chart.yaml deleted file mode 100644 index 5d3ee231b..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Helm chart for cloud-controller-manager -name: cloud-controller-manager-shoot -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/templates/rbac-cloud-controller.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/templates/rbac-cloud-controller.yaml deleted file mode 100644 index 04d89e86f..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/templates/rbac-cloud-controller.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if semverCompare ">= 1.12" .Capabilities.KubeVersion.GitVersion }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:azure-cloud-provider -rules: -- apiGroups: [""] - resources: ["events"] - verbs: - - create - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:azure-cloud-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:azure-cloud-provider -subjects: -- kind: ServiceAccount - name: azure-cloud-provider - namespace: kube-system -{{- end }} diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/templates/rbac-node-controller.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/templates/rbac-node-controller.yaml deleted file mode 100644 index 5790d597c..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/templates/rbac-node-controller.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:cloud-node-controller -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - delete - - get - - patch - - update - - list -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:controller:cloud-node-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:cloud-node-controller -subjects: -- kind: ServiceAccount - name: cloud-node-controller - namespace: kube-system diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/values.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager-shoot/values.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/Chart.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager/Chart.yaml deleted file mode 100644 index 05b7e169f..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Helm chart for cloud-controller-manager -name: cloud-controller-manager -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/ccm-monitoring-dashboard.json b/controllers/provider-azure/charts/internal/cloud-controller-manager/ccm-monitoring-dashboard.json deleted file mode 100644 index 89ea38f1f..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/ccm-monitoring-dashboard.json +++ /dev/null @@ -1,418 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 17, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the memory usage of the cloud-controller-manager.", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "container_memory_working_set_bytes{pod=~\"cloud-controller-manager-(.+)\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "current", - "refId": "A" - }, - { - "expr": "kube_pod_container_resource_limits_memory_bytes{pod=~\"cloud-controller-manager-(.+)\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "limits", - "refId": "B" - }, - { - "expr": "kube_pod_container_resource_requests_memory_bytes{pod=~\"cloud-controller-manager-(.+)\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "requests", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cloud-controller-manager Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 2, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the CPU usage of the cloud-controller-manager and shows the requests and limits.", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(container_cpu_usage_seconds_total{pod=~\"cloud-controller-manager-(.+)\"}[5m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "current", - "refId": "A" - }, - { - "expr": "kube_pod_container_resource_limits_cpu_cores{pod=~\"cloud-controller-manager-(.+)\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "limits", - "refId": "C" - }, - { - "expr": "kube_pod_container_resource_requests_cpu_cores{pod=~\"cloud-controller-manager-(.+)\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "requests", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cloud-controller-manager CPU usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "The average http request rate of the last 5m executed by the Cloud Controller Manager to the cluster API server. The request are split by their response status codes.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 6 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{host=~\".*kube-apiserver.*\", job=\"cloud-controller-manager\"}[5m])) by(code)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request Rate to Kube API", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "prometheus", - "description": "Current uptime status of the cloud controller managers.", - "editable": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 5, - "x": 12, - "y": 6 - }, - "hideTimeOverride": false, - "id": 2, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(up{job=\"cloud-controller-manager\"} == 1) / sum(up{job=\"kube-controller-manager\"})) * 100", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 600 - } - ], - "thresholds": "50, 80", - "title": "Cloud Controller Managers UP", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - } - ], - "schemaVersion": 18, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Cloud Controller Manager", - "uid": "8Uz5D5FWz", - "version": 7 -} \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/charts/utils-tls-cipher-suites b/controllers/provider-azure/charts/internal/cloud-controller-manager/charts/utils-tls-cipher-suites deleted file mode 120000 index bb8c882cb..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/charts/utils-tls-cipher-suites +++ /dev/null @@ -1 +0,0 @@ -../../utils-tls-cipher-suites \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/_helpers.tpl b/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/_helpers.tpl deleted file mode 100644 index 00625acc2..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/_helpers.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{- define "cloud-controller-manager.featureGates" -}} -{{- if .Values.featureGates }} -- --feature-gates={{ range $feature, $enabled := .Values.featureGates }}{{ $feature }}={{ $enabled }},{{ end }} -{{- end }} -{{- end -}} - -{{- define "cloud-controller-manager.port" -}} -{{- if semverCompare ">= 1.13" .Values.kubernetesVersion -}} -10258 -{{- else -}} -10253 -{{- end -}} -{{- end -}} - -{{- define "deploymentversion" -}} -apps/v1 -{{- end -}} diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/cloud-controller-manager.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/cloud-controller-manager.yaml deleted file mode 100644 index 04adfccde..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/cloud-controller-manager.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: cloud-controller-manager - namespace: {{ .Release.Namespace }} - labels: - app: kubernetes - role: cloud-controller-manager -spec: - type: ClusterIP - clusterIP: None - ports: - - name: metrics - port: {{ include "cloud-controller-manager.port" . }} - protocol: TCP - selector: - app: kubernetes - role: cloud-controller-manager ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cloud-controller-manager - namespace: {{ .Release.Namespace }} - labels: - garden.sapcloud.io/role: controlplane - app: kubernetes - role: cloud-controller-manager -spec: - revisionHistoryLimit: 0 - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: kubernetes - role: cloud-controller-manager - template: - metadata: -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - labels: - garden.sapcloud.io/role: controlplane - app: kubernetes - role: cloud-controller-manager - networking.gardener.cloud/to-dns: allowed - networking.gardener.cloud/to-public-networks: allowed - networking.gardener.cloud/to-shoot-apiserver: allowed - networking.gardener.cloud/from-prometheus: allowed - spec: - tolerations: - - effect: NoExecute - operator: Exists - containers: - - name: azure-cloud-controller-manager - image: {{ index .Values.images "cloud-controller-manager" }} - imagePullPolicy: IfNotPresent - command: - {{- if semverCompare "< 1.17" .Values.kubernetesVersion }} - - /hyperkube - {{- end }} - - cloud-controller-manager - - --allocate-node-cidrs=true - - --cloud-provider=azure - - --cloud-config=/etc/kubernetes/cloudprovider/cloudprovider.conf - - --cluster-cidr={{ .Values.podNetwork }} - - --cluster-name={{ .Values.clusterName }} - - --concurrent-service-syncs=1 - - --configure-cloud-routes=true - {{- include "cloud-controller-manager.featureGates" . | trimSuffix "," | indent 8 }} - - --kubeconfig=/var/lib/cloud-controller-manager/kubeconfig - - --leader-elect=true - {{- if semverCompare ">= 1.13" .Values.kubernetesVersion }} - - --secure-port={{ include "cloud-controller-manager.port" . }} - - --port=0 - {{- end }} - {{- if semverCompare ">= 1.12" .Values.kubernetesVersion }} - - --authentication-kubeconfig=/var/lib/cloud-controller-manager/kubeconfig - - --authorization-kubeconfig=/var/lib/cloud-controller-manager/kubeconfig - - --tls-cert-file=/var/lib/cloud-controller-manager-server/cloud-controller-manager-server.crt - - --tls-private-key-file=/var/lib/cloud-controller-manager-server/cloud-controller-manager-server.key - {{- end }} - - --tls-cipher-suites={{ include "kubernetes.tlsCipherSuites" . | replace "\n" "," | trimPrefix "," }} - - --use-service-account-credentials - - --v=2 - livenessProbe: - httpGet: - path: /healthz - {{- if semverCompare ">= 1.13" .Values.kubernetesVersion }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - port: {{ include "cloud-controller-manager.port" . }} - successThreshold: 1 - failureThreshold: 2 - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 15 - ports: - - containerPort: {{ include "cloud-controller-manager.port" . }} - name: metrics - protocol: TCP - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- end }} - volumeMounts: - - name: cloud-controller-manager - mountPath: /var/lib/cloud-controller-manager - - name: cloud-controller-manager-server - mountPath: /var/lib/cloud-controller-manager-server - - name: cloud-provider-config - mountPath: /etc/kubernetes/cloudprovider - - name: etc-ssl - mountPath: /etc/ssl - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - terminationGracePeriodSeconds: 30 - volumes: - - name: cloud-controller-manager - secret: - secretName: cloud-controller-manager - - name: cloud-controller-manager-server - secret: - secretName: cloud-controller-manager-server - - name: cloud-provider-config - configMap: - name: cloud-provider-config - - name: etc-ssl - hostPath: - path: /etc/ssl diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/configmap-monitoring.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/configmap-monitoring.yaml deleted file mode 100644 index 769936b1a..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/configmap-monitoring.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cloud-controller-manager-monitoring-config - namespace: {{ .Release.Namespace }} - labels: - extensions.gardener.cloud/configuration: monitoring -data: - scrape_config: | - - job_name: cloud-controller-manager - {{- if semverCompare ">= 1.13" .Values.kubernetesVersion }} - scheme: https - tls_config: - insecure_skip_verify: true - cert_file: /etc/prometheus/seed/prometheus.crt - key_file: /etc/prometheus/seed/prometheus.key - {{- end }} - honor_labels: false - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: [{{ .Release.Namespace }}] - relabel_configs: - - source_labels: - - __meta_kubernetes_service_name - - __meta_kubernetes_endpoint_port_name - action: keep - regex: cloud-controller-manager;metrics - # common metrics - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [ __meta_kubernetes_pod_name ] - target_label: pod - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: ^(rest_client_requests_total|process_max_fds|process_open_fds)$ - action: keep - - alerting_rules: | - cloud-controller-manager.rules.yaml: | - groups: - - name: cloud-controller-manager.rules - rules: - - alert: CloudControllerManagerDown - expr: absent(up{job="cloud-controller-manager"} == 1) - for: 15m - labels: - service: cloud-controller-manager - severity: critical - type: seed - visibility: all - annotations: - description: All infrastruture specific operations cannot be completed (e.g. creating loadbalancers or persistent volumes). - summary: Cloud controller manager is down. - - dashboard_operators: | - cloud-controller-manager-dashboard.json: |- -{{- .Files.Get "ccm-monitoring-dashboard.json" | nindent 6 }} - - dashboard_users: | - cloud-controller-manager-dashboard.json: |- -{{- .Files.Get "ccm-monitoring-dashboard.json" | nindent 6 }} diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/vpa.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/vpa.yaml deleted file mode 100644 index 472a971b9..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/templates/vpa.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: autoscaling.k8s.io/v1beta2 -kind: VerticalPodAutoscaler -metadata: - name: cloud-controller-manager-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: {{ include "deploymentversion" . }} - kind: Deployment - name: cloud-controller-manager - updatePolicy: - updateMode: Auto diff --git a/controllers/provider-azure/charts/internal/cloud-controller-manager/values.yaml b/controllers/provider-azure/charts/internal/cloud-controller-manager/values.yaml deleted file mode 100644 index 15ee92f32..000000000 --- a/controllers/provider-azure/charts/internal/cloud-controller-manager/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -replicas: 1 -clusterName: shoot-foo-bar -kubernetesVersion: 1.7.5 -podNetwork: 192.168.0.0/16 -podAnnotations: {} -featureGates: {} - # CustomResourceValidation: true - # RotateKubeletServerCertificate: false -images: - cloud-controller-manager: image-repository:image-tag -resources: - requests: - cpu: 11m - memory: 75Mi - limits: - cpu: 500m - memory: 512Mi diff --git a/controllers/provider-azure/charts/internal/cloud-provider-config/Chart.yaml b/controllers/provider-azure/charts/internal/cloud-provider-config/Chart.yaml deleted file mode 100644 index 72db75452..000000000 --- a/controllers/provider-azure/charts/internal/cloud-provider-config/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Helm chart for kubernetes cloud-provider-config -name: cloud-provider-config -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/azure-credentials.tpl b/controllers/provider-azure/charts/internal/cloud-provider-config/templates/azure-credentials.tpl deleted file mode 100644 index d9fec202b..000000000 --- a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/azure-credentials.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{- define "azure-credentials"}} -aadClientId: "{{ .Values.aadClientId }}" -aadClientSecret: "{{ .Values.aadClientSecret }}" -tenantId: "{{ .Values.tenantId }}" -subscriptionId: "{{ .Values.subscriptionId }}" -{{- end }} diff --git a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-config.tpl b/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-config.tpl deleted file mode 100644 index f3168bef4..000000000 --- a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-config.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{{- define "cloud-provider-config"}} -cloud: AZUREPUBLICCLOUD -location: "{{ .Values.region }}" -resourceGroup: "{{ .Values.resourceGroup }}" -routeTableName: "{{ .Values.routeTableName }}" -securityGroupName: "{{ .Values.securityGroupName }}" -subnetName: "{{ .Values.subnetName }}" -vnetName: "{{ .Values.vnetName }}" -{{- if hasKey .Values "vnetResourceGroup" }} -vnetResourceGroup: "{{ .Values.vnetResourceGroup }}" -{{- end }} -{{- if hasKey .Values "availabilitySetName" }} -primaryAvailabilitySetName: "{{ .Values.availabilitySetName }}" -loadBalancerSku: "basic" -{{- else }} -loadBalancerSku: "standard" -{{- end }} -cloudProviderBackoff: true -cloudProviderBackoffRetries: 6 -cloudProviderBackoffExponent: 1.5 -cloudProviderBackoffDuration: 5 -cloudProviderBackoffJitter: 1.0 -cloudProviderRateLimit: true -cloudProviderRateLimitQPS: {{ ( max .Values.maxNodes 10 ) }} -cloudProviderRateLimitBucket: 100 -cloudProviderRateLimitQPSWrite: {{ ( max .Values.maxNodes 10 ) }} -cloudProviderRateLimitBucketWrite: 100 -{{- if semverCompare ">= 1.14" .Values.kubernetesVersion }} -cloudProviderBackoffMode: v2 -{{- end }} -{{- end }} diff --git a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-config.yaml b/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-config.yaml deleted file mode 100644 index 853a169cd..000000000 --- a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-config.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cloud-provider-config - namespace: {{ .Release.Namespace }} -data: - cloudprovider.conf: | - {{- include "azure-credentials" . | indent 4 }} - {{- include "cloud-provider-config" . | indent 4 }} \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-kubelet-config.yaml b/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-kubelet-config.yaml deleted file mode 100644 index d7aa7fe67..000000000 --- a/controllers/provider-azure/charts/internal/cloud-provider-config/templates/cloud-provider-kubelet-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cloud-provider-kubelet-config - namespace: {{ .Release.Namespace }} -data: - cloudprovider.conf: | - {{- include "cloud-provider-config" . | indent 4}} - {{- if semverCompare "< 1.15" .Values.kubernetesVersion }} - {{- include "azure-credentials" . | indent 4 }} - {{- else }} - useInstanceMetadata: true - {{- end}} diff --git a/controllers/provider-azure/charts/internal/cloud-provider-config/values.yaml b/controllers/provider-azure/charts/internal/cloud-provider-config/values.yaml deleted file mode 100644 index 6be1e7675..000000000 --- a/controllers/provider-azure/charts/internal/cloud-provider-config/values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kubernetesVersion: 1.13.5 -tenantId: fooTenant -subscriptionId: barSub -aadClientId: fooClient -aadClientSecret: barSecret -resourceGroup: foobarGroup -vnetName: name -# vnetResourceGroup: vnetResourceGroup -subnetName: sname -routeTableName: rtname -securityGroupName: sgname -region: location -maxNodes: 0 \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/Chart.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/Chart.yaml deleted file mode 100644 index 20a7f72d2..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Helm chart for needed resource for machine-controller-manager in control cluster -name: machine-controller-manager -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json deleted file mode 100644 index 7e7cd9106..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json +++ /dev/null @@ -1,1175 +0,0 @@ -{ - "description": "Information about the operations of the Machine Controller Manager", - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 16, - "iteration": 1564731005347, - "links": [ - { - "icon": "external link", - "tags": [], - "targetBlank": true, - "title": "Machine Controller Manager", - "tooltip": "", - "type": "link", - "url": "https://github.com/gardener/machine-controller-manager" - } - ], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "decimals": null, - "description": "State of the managed machines.\n\n| Code | Machine State |\n|---|---|\n| 0 | Running |\n| 1 | Terminating |\n| 2 | Unknown |\n| 3 | Failed |\n| -1 | Available |\n| -2 | Pending |", - "fill": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "mcm_machine_current_status_phase", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Managed Machines States", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": "3.2", - "min": "-2.2", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the CPU usage of the Machine Controller Manager and shows the requests and limits.", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 13, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{pod=~\"machine-controller-manager-(.+)\"}[5m])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Current ({{pod}})", - "refId": "A" - }, - { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Limits ({{pod}})", - "refId": "C" - }, - { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Requests ({{pod}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "MCM CPU usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Shows the memory usage of the Machine Controller Manager.", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Current ({{pod}})", - "refId": "A" - }, - { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Limits ({{pod}})", - "refId": "B" - }, - { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Requests ({{pod}})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "MCM Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 2, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Indicates if the Machine Controller Manager is frozen due to unreachable API server.\n\n0 = ok; 1= frozen", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 13 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "mcm_machine_controller_frozen", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{pod}}", - "refId": "A" - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 0.5, - "yaxis": "left" - }, - { - "colorMode": "ok", - "fill": true, - "line": true, - "op": "lt", - "value": 0.5, - "yaxis": "left" - } - ], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "MCM Frozen Status (API Server reachable)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": "1.2", - "min": "-0.2", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "decimals": null, - "description": "Average per Second rate over 1m of IaaS provider api calls split by services. \n\nShows also the rate of failed iaas calls if at least one failed.", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 13 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(mcm_cloud_api_requests_total[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{provider}} / {{service}} ({{pod}})", - "refId": "A" - }, - { - "expr": "rate(mcm_cloud_api_requests_failed_total[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error: {{provider}} / {{service}} ({{pod}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "IaaS API Calls", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "decimals": 0, - "description": "The count of kubernetes resources managed by the Machine Controller Manager.", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 19 - }, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "mcm_machine_items_total", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "machine(s)", - "refId": "A" - }, - { - "expr": "mcm_machineset_items_total", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "machine set(s)", - "refId": "B" - }, - { - "expr": "mcm_machinedeployment_items_total", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "machine deployment(s)", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Count of Managed Resouces", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 25 - }, - "id": 9, - "panels": [], - "title": "Control Loops", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Average processing time of items in the workqueue.", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "${controlloop}_work_duration{quantile=\"0.5\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ({{pod}})", - "refId": "A" - }, - { - "expr": "${controlloop}_work_duration{quantile=\"0.9\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90 ({{pod}})", - "refId": "B" - }, - { - "expr": "${controlloop}_work_duration{quantile=\"0.99\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99 ({{pod}})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Workqueue item processing time: ${controlloop}", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "How long items stay in the workqueue before they get processed.", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "${controlloop}_queue_latency{quantile=\"0.5\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p50 ({{pod}})", - "refId": "A" - }, - { - "expr": "${controlloop}_queue_latency{quantile=\"0.9\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p90 ({{pod}})", - "refId": "B" - }, - { - "expr": "${controlloop}_queue_latency{quantile=\"0.99\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "p99 ({{pod}})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Workqueue item latency: ${controlloop}", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Current amount of items in the workqueue.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 33 - }, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "${controlloop}_depth", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "${controlloop} ({{pod}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Items in Workqueue: ${controlloop}", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Average per second rate over 5m of workqueue item adds.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 33 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(${controlloop}_adds[5m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "${controlloop} ({{pod}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Adds to Workqueue: ${controlloop}", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "description": "Average per second rate over 5m of workqueue item retries.", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 33 - }, - "id": 17, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(${controlloop}_retries[5m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "${controlloop} ({{pod}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Workqueue item retries: ${controlloop}", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 18, - "style": "dark", - "tags": [ - "controlplane", - "seed" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "tags": [], - "text": "machine", - "value": "machine" - }, - "hide": 0, - "includeAll": false, - "label": "Control Loop", - "multi": false, - "name": "controlloop", - "options": [ - { - "selected": true, - "text": "machine", - "value": "machine" - }, - { - "selected": false, - "text": "machineset", - "value": "machineset" - }, - { - "selected": false, - "text": "machinedeployment", - "value": "machinedeployment" - }, - { - "selected": false, - "text": "node", - "value": "node" - }, - { - "selected": false, - "text": "secret", - "value": "secret" - }, - { - "selected": false, - "text": "machinesafetyapiserver", - "value": "machinesafetyapiserver" - }, - { - "selected": false, - "text": "machinesafetyorphanvms", - "value": "machinesafetyorphanvms" - }, - { - "selected": false, - "text": "machinesafetyovershooting", - "value": "machinesafetyovershooting" - } - ], - "query": "machine, machineset, machinedeployment, node, secret, machinesafetyapiserver, machinesafetyorphanvms, machinesafetyovershooting", - "skipUrlSync": false, - "type": "custom" - } - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "14d" - ] - }, - "timezone": "browser", - "title": "Machine Controller Manager", - "uid": "machine-controller-manager", - "version": 1 -} \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/clusterrole.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/clusterrole.yaml deleted file mode 100644 index eccb92fe1..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/clusterrole.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: extensions.gardener.cloud:{{ .Values.providerName }}:{{ .Release.Namespace }}:machine-controller-manager - ownerReferences: - - apiVersion: v1 - kind: Namespace - name: {{ .Release.Namespace }} - uid: {{ .Values.namespace.uid }} - controller: true - blockOwnerDeletion: true -rules: -- apiGroups: - - machine.sapcloud.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - configmaps - - secrets - - endpoints - - events - verbs: - - "*" diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/clusterrolebinding.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/clusterrolebinding.yaml deleted file mode 100644 index bc3368ebf..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: extensions.gardener.cloud:{{ .Values.providerName }}:{{ .Release.Namespace }}:machine-controller-manager - ownerReferences: - - apiVersion: v1 - kind: Namespace - name: {{ .Release.Namespace }} - uid: {{ .Values.namespace.uid }} - controller: true - blockOwnerDeletion: true -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: extensions.gardener.cloud:{{ .Values.providerName }}:{{ .Release.Namespace }}:machine-controller-manager -subjects: -- kind: ServiceAccount - name: machine-controller-manager - namespace: {{ .Release.Namespace }} diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml deleted file mode 100644 index 425a980d4..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: machine-controller-manager-monitoring-config - namespace: {{ .Release.Namespace }} - labels: - extensions.gardener.cloud/configuration: monitoring -data: - scrape_config: | - - job_name: machine-controller-manager - honor_labels: false - kubernetes_sd_configs: - - role: endpoints - namespaces: - names: [{{ .Release.Namespace }}] - relabel_configs: - - source_labels: - - __meta_kubernetes_service_name - - __meta_kubernetes_endpoint_port_name - action: keep - regex: machine-controller-manager;metrics - # common metrics - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [ __meta_kubernetes_pod_name ] - target_label: pod - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: ^(mcm_cloud_api_requests_failed_total|mcm_cloud_api_requests_total|mcm_machine_controller_frozen|mcm_machine_current_status_phase|mcm_machine_deployment_failed_machines|mcm_machine_items_total|mcm_machine_set_failed_machines|mcm_machinedeployment_items_total|mcm_machineset_items_total|mcm_scrape_failure_total|machine_adds|machine_depth|machine_queue_latency|machine_retries|machine_work_duration|machinedeployment_adds|machinedeployment_depth|machinedeployment_queue_latency|machinedeployment_retries|machinedeployment_work_duration|machinesafetyapiserver_adds|machinesafetyapiserver_depth|machinesafetyapiserver_queue_latency|machinesafetyapiserver_retries|machinesafetyapiserver_work_duration|machinesafetyorphanvms_adds|machinesafetyorphanvms_depth|machinesafetyorphanvms_queue_latency|machinesafetyorphanvms_retries|machinesafetyorphanvms_work_duration|machinesafetyovershooting_adds|machinesafetyovershooting_depth|machinesafetyovershooting_latency|machinesafetyovershooting_retries|machinesafetyovershooting_work_duration|machineset_adds|machineset_depth|machineset_queue_latency|machineset_retries|machineset_work_duration|node_adds|node_depth|node_queue_latency|node_retries|node_work_duration|secret_adds|secret_depth|secret_queue_latency|secret_retries|secret_work_duration|process_max_fds|process_open_fds)$ - action: keep - - alerting_rules: | - machine-controller-manager.rules.yaml: | - groups: - - name: machine-controller-manager.rules - rules: - - alert: MachineControllerManagerDown - expr: absent(up{job="machine-controller-manager"} == 1) - for: 15m - labels: - service: machine-controller-manager - severity: critical - type: seed - visibility: operator - annotations: - description: There are no running machine controller manager instances. No shoot nodes can be created/maintained. - summary: Machine controller manager is down. - - dashboard_operators: | - machine-controller-manager-dashboard.json: |- -{{ .Files.Get "mcm-monitoring-dashboard.json" | indent 6 }} diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/deployment.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/deployment.yaml deleted file mode 100644 index 838b47eeb..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/deployment.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: machine-controller-manager - namespace: {{ .Release.Namespace }} - labels: - garden.sapcloud.io/role: controlplane - app: kubernetes - role: machine-controller-manager -spec: - revisionHistoryLimit: 0 - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: kubernetes - role: machine-controller-manager - template: - metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - labels: - garden.sapcloud.io/role: controlplane - app: kubernetes - role: machine-controller-manager - networking.gardener.cloud/to-dns: allowed - networking.gardener.cloud/to-public-networks: allowed - networking.gardener.cloud/to-private-networks: allowed - networking.gardener.cloud/to-seed-apiserver: allowed - networking.gardener.cloud/to-shoot-apiserver: allowed - networking.gardener.cloud/from-prometheus: allowed - spec: - serviceAccountName: machine-controller-manager - terminationGracePeriodSeconds: 5 - containers: - - name: azure-machine-controller-manager - image: {{ index .Values.images "machine-controller-manager" }} - imagePullPolicy: IfNotPresent - command: - - ./machine-controller-manager - - --control-kubeconfig=inClusterConfig - - --target-kubeconfig=/var/lib/machine-controller-manager/kubeconfig - - --namespace={{ .Release.Namespace }} - - --port={{ .Values.metricsPort }} - - --machine-creation-timeout=20m - - --machine-drain-timeout=2h - - --machine-health-timeout=10m - - --machine-safety-apiserver-statuscheck-timeout=30s - - --machine-safety-apiserver-statuscheck-period=1m - - --machine-safety-orphan-vms-period=30m - - --machine-safety-overshooting-period=1m - - --safety-up=2 - - --safety-down=1 - - --v=3 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: {{ .Values.metricsPort }} - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - ports: - - name: metrics - containerPort: {{ .Values.metricsPort }} - protocol: TCP - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 350m - memory: 256Mi - volumeMounts: - - mountPath: /var/lib/machine-controller-manager - name: machine-controller-manager - readOnly: true - volumes: - - name: machine-controller-manager - secret: - secretName: machine-controller-manager diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/service.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/service.yaml deleted file mode 100644 index d1f2116c2..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: machine-controller-manager - namespace: {{ .Release.Namespace }} - labels: - app: kubernetes - role: machine-controller-manager -spec: - type: ClusterIP - clusterIP: None - ports: - - name: metrics - port: {{ .Values.metricsPort }} - protocol: TCP - selector: - app: kubernetes - role: machine-controller-manager \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/serviceaccount.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/serviceaccount.yaml deleted file mode 100644 index 6f14e5bfb..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: machine-controller-manager - namespace: {{ .Release.Namespace }} diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/vpa.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/vpa.yaml deleted file mode 100644 index 4f89a4c50..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/templates/vpa.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.vpa.enabled }} -apiVersion: autoscaling.k8s.io/v1beta2 -kind: VerticalPodAutoscaler -metadata: - name: machine-controller-manager-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: apps/v1 - kind: Deployment - name: machine-controller-manager - updatePolicy: - updateMode: {{ .Values.vpa.updatePolicy.updateMode | quote }} -{{- end }} diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/values.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/seed/values.yaml deleted file mode 100644 index 4fa079e27..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/seed/values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -images: - machine-controller-manager: image-repository:image-tag - -replicas: 1 - -podAnnotations: {} - -providerName: provider-foo - -namespace: - uid: uuid-of-namespace - -metricsPort: 10258 - -vpa: - enabled: true - updatePolicy: - updateMode: "Auto" diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/Chart.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/Chart.yaml deleted file mode 100644 index 8a921ab3f..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Helm chart for needed resource for machine-controller-manager in target cluster -name: machine-controller-manager -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/clusterrole-machine-controller-manager.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/clusterrole-machine-controller-manager.yaml deleted file mode 100644 index 2e3d2b928..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/clusterrole-machine-controller-manager.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: extensions.gardener.cloud:{{ .Values.providerName }}:machine-controller-manager -rules: -- apiGroups: - - "" - resources: - - nodes - - endpoints - - replicationcontrollers - - pods - - persistentvolumes - - persistentvolumeclaims - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - extensions - - apps - resources: - - replicasets - - statefulsets - - daemonsets - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/clusterrolebinding-machine-controller-manager.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/clusterrolebinding-machine-controller-manager.yaml deleted file mode 100644 index 5c57687ad..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/clusterrolebinding-machine-controller-manager.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: extensions.gardener.cloud:{{ .Values.providerName }}:machine-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: extensions.gardener.cloud:{{ .Values.providerName }}:machine-controller-manager -subjects: -- kind: User - name: system:machine-controller-manager diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/role-machine-controller-manager.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/role-machine-controller-manager.yaml deleted file mode 100644 index 1691bcfd9..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/role-machine-controller-manager.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: kube-system - name: extensions.gardener.cloud:{{ .Values.providerName }}:machine-controller-manager -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/rolebinding-machine-controller-manager.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/rolebinding-machine-controller-manager.yaml deleted file mode 100644 index 979f3c60a..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/templates/rolebinding-machine-controller-manager.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: extensions.gardener.cloud:{{ .Values.providerName }}:machine-controller-manager - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extensions.gardener.cloud:{{ .Values.providerName }}:machine-controller-manager -subjects: -- kind: User - name: system:machine-controller-manager \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/values.yaml b/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/values.yaml deleted file mode 100644 index 7bc5d27da..000000000 --- a/controllers/provider-azure/charts/internal/machine-controller-manager/shoot/values.yaml +++ /dev/null @@ -1 +0,0 @@ -providerName: provider-foo diff --git a/controllers/provider-azure/charts/internal/machineclass/Chart.yaml b/controllers/provider-azure/charts/internal/machineclass/Chart.yaml deleted file mode 100644 index 3e63f66dc..000000000 --- a/controllers/provider-azure/charts/internal/machineclass/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for AzureMachineClasses controlled by the machine-controller-manager in the shoot cluster -name: machineclass -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/machineclass/templates/machineclass.yaml b/controllers/provider-azure/charts/internal/machineclass/templates/machineclass.yaml deleted file mode 100644 index f9d01761f..000000000 --- a/controllers/provider-azure/charts/internal/machineclass/templates/machineclass.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- range $index, $machineClass := .Values.machineClasses }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $machineClass.name }} - namespace: {{ $.Release.Namespace }} -{{- if $machineClass.labels }} - labels: -{{ toYaml $machineClass.labels | indent 4 }} -{{- end }} -type: Opaque -data: - userData: {{ $machineClass.secret.cloudConfig | b64enc }} - azureClientId: {{ $machineClass.secret.clientID | b64enc }} - azureClientSecret: {{ $machineClass.secret.clientSecret | b64enc }} - azureSubscriptionId: {{ $machineClass.secret.subscriptionID | b64enc }} - azureTenantId: {{ $machineClass.secret.tenantID | b64enc }} ---- -apiVersion: machine.sapcloud.io/v1alpha1 -kind: AzureMachineClass -metadata: - name: {{ $machineClass.name }} - namespace: {{ $.Release.Namespace }} -spec: - location: {{ $machineClass.region }} - properties: - {{- if hasKey $machineClass "zone" }} - zone: {{ $machineClass.zone }} - {{- end }} - {{- if hasKey $machineClass "availabilitySetID" }} - availabilitySet: - id: {{ $machineClass.availabilitySetID }} - {{- end }} - hardwareProfile: - vmSize: {{ $machineClass.machineType }} - osProfile: - adminUsername: core - linuxConfiguration: - disablePasswordAuthentication: true - ssh: - publicKeys: - path: /home/core/.ssh/authorized_keys - keyData: {{ $machineClass.sshPublicKey }} - storageProfile: - imageReference: - urn: {{ $machineClass.image.urn }} - osDisk: - caching: None - diskSizeGB: {{ $machineClass.osDisk.size }} - {{- if hasKey $machineClass.osDisk "type" }} - managedDisk: - storageAccountType: {{ $machineClass.osDisk.type }} - {{- end }} - createOption: FromImage - resourceGroup: {{ $machineClass.resourceGroup }} - secretRef: - name: {{ $machineClass.name }} - namespace: {{ $.Release.Namespace }} - subnetInfo: - vnetName: {{ $machineClass.vnetName }} - {{- if hasKey $machineClass "vnetResourceGroup" }} - vnetResourceGroup: {{ $machineClass.vnetResourceGroup}} - {{- end }} - subnetName: {{ $machineClass.subnetName }} -{{- if $machineClass.tags }} - tags: -{{ toYaml $machineClass.tags | indent 4 }} -{{- end }} -{{- end }} diff --git a/controllers/provider-azure/charts/internal/machineclass/values.yaml b/controllers/provider-azure/charts/internal/machineclass/values.yaml deleted file mode 100644 index f75dcdbac..000000000 --- a/controllers/provider-azure/charts/internal/machineclass/values.yaml +++ /dev/null @@ -1,49 +0,0 @@ -machineClasses: -- name: class-1-zone -# labels: -# foo: bar - region: westeurope - resourceGroup: my-resource-group - vnetName: my-vnet - subnetName: my-subnet-in-my-vnet - zone: 1 - tags: - Name: shoot-crazy-botany - kubernetes.io-cluster-shoot-crazy-botany: "1" - kubernetes.io-role-node: "1" - secret: - clientID: ABCD - clientSecret: ABCD - subscriptionID: abc - tenantID: abc - cloudConfig: abc - machineType: Standard_DS1_V2 - image: - urn: "CoreOS:CoreOS:Stable:1576.5.0" - osDisk: - size: 50 - #type: Standard_LRS - sshPublicKey: ssh-rsa AAAAB3... -- name: class-2-availability-set - region: westeurope - resourceGroup: my-resource-group - vnetName: my-vnet - subnetName: my-subnet-in-my-vnet - availabilitySetID: /subscriptions/subscription-id/resourceGroups/resource-group-name/providers/Microsoft.Compute/availabilitySets/availablity-set-name - tags: - Name: shoot-crazy-botany - kubernetes.io-cluster-shoot-crazy-botany: "1" - kubernetes.io-role-node: "1" - secret: - clientID: ABCD - clientSecret: ABCD - subscriptionID: abc - tenantID: abc - cloudConfig: abc - machineType: Standard_DS1_V2 - image: - urn: "CoreOS:CoreOS:Stable:1576.5.0" - osDisk: - size: 50 - type: Standard_LRS - sshPublicKey: ssh-rsa AAAAB3... diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/Chart.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/Chart.yaml deleted file mode 100644 index fe504597c..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for storageclasses that should be installed to the shoot -name: shoot-storageclasses -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/_helpers.tpl b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/_helpers.tpl deleted file mode 100644 index 50c126b0b..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/_helpers.tpl +++ /dev/null @@ -1,7 +0,0 @@ -{{- define "storageclassversion" -}} -{{- if semverCompare ">= 1.13-0" .Capabilities.KubeVersion.GitVersion -}} -storage.k8s.io/v1 -{{- else -}} -storage.k8s.io/v1beta1 -{{- end -}} -{{- end -}} diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-premium-lrs-storageclass.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-premium-lrs-storageclass.yaml deleted file mode 100644 index 15aaeb202..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-premium-lrs-storageclass.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: {{ include "storageclassversion" . }} -kind: StorageClass -metadata: - name: managed-premium-ssd -provisioner: kubernetes.io/azure-disk -parameters: - storageaccounttype: Premium_LRS - kind: managed \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-standard-lrs-storageclass.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-standard-lrs-storageclass.yaml deleted file mode 100644 index 4b1f82a10..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-standard-lrs-storageclass.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: {{ include "storageclassversion" . }} -kind: StorageClass -metadata: - name: managed-standard-hdd -provisioner: kubernetes.io/azure-disk -parameters: - storageaccounttype: Standard_LRS - kind: managed \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-standard-ssd-lrs-storageclass.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-standard-ssd-lrs-storageclass.yaml deleted file mode 100644 index 352f7aba0..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-disk-standard-ssd-lrs-storageclass.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if semverCompare ">= 1.13" .Capabilities.KubeVersion.GitVersion }} ---- -apiVersion: {{ include "storageclassversion" . }} -kind: StorageClass -metadata: - name: managed-standard-ssd -provisioner: kubernetes.io/azure-disk -parameters: - storageaccounttype: StandardSSD_LRS - kind: managed -{{- end}} \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-file-rbac.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-file-rbac.yaml deleted file mode 100644 index 2b913dc09..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-file-rbac.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:azure-file-provisioner -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:azure-file-provisioner -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: system:azure-file-provisioner -subjects: -- kind: ServiceAccount - name: persistent-volume-binder - namespace: kube-system \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-file-standard-lrs-storageclass.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-file-standard-lrs-storageclass.yaml deleted file mode 100644 index 6a1c7d4a5..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/azure-file-standard-lrs-storageclass.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: {{ include "storageclassversion" . }} -kind: StorageClass -metadata: - name: files -provisioner: kubernetes.io/azure-file -parameters: - skuName: Standard_LRS diff --git a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/default-storageclass.yaml b/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/default-storageclass.yaml deleted file mode 100644 index bebb66c4d..000000000 --- a/controllers/provider-azure/charts/internal/shoot-storageclasses/templates/default-storageclass.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: {{ include "storageclassversion" . }} -kind: StorageClass -metadata: - name: default - annotations: - storageclass.kubernetes.io/is-default-class: "true" -provisioner: kubernetes.io/azure-disk -parameters: - storageaccounttype: Standard_LRS - kind: managed \ No newline at end of file diff --git a/controllers/provider-azure/charts/internal/utils-tls-cipher-suites/Chart.yaml b/controllers/provider-azure/charts/internal/utils-tls-cipher-suites/Chart.yaml deleted file mode 100644 index 11d39bd14..000000000 --- a/controllers/provider-azure/charts/internal/utils-tls-cipher-suites/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Util chart for cipher-suites -name: utils-tls-cipher-suites -version: 0.1.0 diff --git a/controllers/provider-azure/charts/internal/utils-tls-cipher-suites/templates/_tls_cipher_suites.tpl b/controllers/provider-azure/charts/internal/utils-tls-cipher-suites/templates/_tls_cipher_suites.tpl deleted file mode 100644 index 951a2bc73..000000000 --- a/controllers/provider-azure/charts/internal/utils-tls-cipher-suites/templates/_tls_cipher_suites.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "kubernetes.tlsCipherSuites" }} -TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 -TLS_RSA_WITH_AES_128_CBC_SHA -TLS_RSA_WITH_AES_256_CBC_SHA -TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -{{- end -}} diff --git a/controllers/provider-azure/charts/provider-azure/Chart.yaml b/controllers/provider-azure/charts/provider-azure/Chart.yaml deleted file mode 100644 index 50350791e..000000000 --- a/controllers/provider-azure/charts/provider-azure/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for the Gardener Azure Provider extension -name: provider-azure -version: 0.1.0 diff --git a/controllers/provider-azure/charts/provider-azure/doc.go b/controllers/provider-azure/charts/provider-azure/doc.go deleted file mode 100644 index 5184c7b50..000000000 --- a/controllers/provider-azure/charts/provider-azure/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:generate ../../../../hack/generate-controller-registration.sh provider-azure . ../../example/controller-registration.yaml BackupBucket:azure BackupEntry:azure ControlPlane:azure Infrastructure:azure Worker:azure - -// Package chart enables go:generate support for generating the correct controller registration. -package chart diff --git a/controllers/provider-azure/charts/provider-azure/templates/_helpers.tpl b/controllers/provider-azure/charts/provider-azure/templates/_helpers.tpl deleted file mode 100644 index f17b65e87..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{- define "name" -}} -gardener-extension-provider-azure -{{- end -}} - -{{- define "labels.app.key" -}} -app.kubernetes.io/name -{{- end -}} -{{- define "labels.app.value" -}} -{{ include "name" . }} -{{- end -}} - -{{- define "labels" -}} -{{ include "labels.app.key" . }}: {{ include "labels.app.value" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{- define "image" -}} - {{- if hasPrefix "sha256:" .Values.image.tag }} - {{- printf "%s@%s" .Values.image.repository .Values.image.tag }} - {{- else }} - {{- printf "%s:%s" .Values.image.repository .Values.image.tag }} - {{- end }} -{{- end }} - -{{- define "deploymentversion" -}} -apps/v1 -{{- end -}} \ No newline at end of file diff --git a/controllers/provider-azure/charts/provider-azure/templates/configmap-imagevector-overwrite.yaml b/controllers/provider-azure/charts/provider-azure/templates/configmap-imagevector-overwrite.yaml deleted file mode 100644 index 42499d851..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/configmap-imagevector-overwrite.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.imageVectorOverwrite }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "name" . }}-imagevector-overwrite - namespace: {{ .Release.Namespace }} - labels: -{{ include "labels" . | indent 4 }} -data: - images_overwrite.yaml: | -{{ .Values.imageVectorOverwrite | indent 4 }} -{{- end }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/configmap-logging.yaml b/controllers/provider-azure/charts/provider-azure/templates/configmap-logging.yaml deleted file mode 100644 index 0765651c3..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/configmap-logging.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "name" . }}-logging-config - namespace: garden - labels: - extensions.gardener.cloud/configuration: logging -data: - filter-kubernetes.conf: | - [FILTER] - Name parser - Match kubernetes.cloud-controller-manager*azure-cloud-controller-manager* - Key_Name log - Parser kubeapiserverParser - Reserve_Data True - - [FILTER] - Name parser - Match kubernetes.machine-controller-manager*azure-machine-controller-manager* - Key_Name log - Parser kubeapiserverParser - Reserve_Data True - - [FILTER] - Name record_modifier - Match *azure-cloud-controller-manager* - Record type user diff --git a/controllers/provider-azure/charts/provider-azure/templates/configmap.yaml b/controllers/provider-azure/charts/provider-azure/templates/configmap.yaml deleted file mode 100644 index 013fca1bc..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "name" . }}-configmap - namespace: {{ .Release.Namespace }} - labels: -{{ include "labels" . | indent 4 }} -data: - config.yaml: | - --- - apiVersion: azure.provider.extensions.config.gardener.cloud/v1alpha1 - kind: ControllerConfiguration -{{- if .Values.config.clientConnection }} - clientConnection: - acceptContentTypes: {{ required ".Values.config.clientConnection.acceptContentTypes is required" .Values.config.clientConnection.acceptContentTypes }} - contentType: {{ required ".Values.config.clientConnection.contentType is required" .Values.config.clientConnection.contentType }} - qps: {{ required ".Values.config.clientConnection.qps is required" .Values.config.clientConnection.qps }} - burst: {{ required ".Values.config.clientConnection.burst is required" .Values.config.clientConnection.burst }} -{{- end }} - etcd: - storage: - className: {{ .Values.config.etcd.storage.className }} - capacity: {{ .Values.config.etcd.storage.capacity }} -{{- if .Values.config.etcd.backup }} -{{ toYaml .Values.config.etcd.backup | indent 6 }} -{{- end }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/deployment.yaml b/controllers/provider-azure/charts/provider-azure/templates/deployment.yaml deleted file mode 100644 index 8361eeb15..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "name" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.ignoreResources }} - annotations: - resources.gardener.cloud/ignore: "true" -{{- end }} - labels: -{{ include "labels" . | indent 4 }} -spec: - revisionHistoryLimit: 0 - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "labels" . | indent 6 }} - template: - metadata: - annotations: - {{- if .Values.imageVectorOverwrite }} - checksum/configmap-azure-imagevector-overwrite: {{ include (print $.Template.BasePath "/configmap-imagevector-overwrite.yaml") . | sha256sum }} - {{- end }} - checksum/configmap-{{ include "name" . }}-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - labels: -{{ include "labels" . | indent 8 }} - spec: - containers: - - name: {{ include "name" . }} - image: {{ include "image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /gardener-extension-hyper - - provider-azure-controller-manager - - --backupbucket-max-concurrent-reconciles={{ .Values.controllers.backupbucket.concurrentSyncs }} - - --backupentry-max-concurrent-reconciles={{ .Values.controllers.backupentry.concurrentSyncs }} - - --config-file=/etc/{{ include "name" . }}/config/config.yaml - - --controlplane-max-concurrent-reconciles={{ .Values.controllers.controlplane.concurrentSyncs }} - - --infrastructure-max-concurrent-reconciles={{ .Values.controllers.infrastructure.concurrentSyncs }} - - --ignore-operation-annotation={{ .Values.controllers.ignoreOperationAnnotation }} - - --worker-max-concurrent-reconciles={{ .Values.controllers.worker.concurrentSyncs }} - - --webhook-config-namespace={{ .Release.Namespace }} - - --webhook-config-server-port={{ .Values.webhookConfig.serverPort }} - - --disable-controllers={{ .Values.disableControllers | join "," }} - - --disable-webhooks={{ .Values.disableWebhooks | join "," }} - env: - - name: LEADER_ELECTION_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.imageVectorOverwrite }} - - name: IMAGEVECTOR_OVERWRITE - value: /charts_overwrite/images_overwrite.yaml - {{- end }} - ports: - - name: webhook-server - containerPort: {{ .Values.webhookConfig.serverPort }} - protocol: TCP -{{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | nindent 10 }} -{{- end }} - volumeMounts: - - name: config - mountPath: /etc/{{ include "name" . }}/config - {{- if .Values.imageVectorOverwrite }} - - name: imagevector-overwrite - mountPath: /charts_overwrite/ - readOnly: true - {{- end }} - serviceAccountName: {{ include "name" . }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: {{ include "labels.app.key" . }} - operator: In - values: - - {{ include "labels.app.value" . }} - topologyKey: "kubernetes.io/hostname" - volumes: - - name: config - configMap: - name: {{ include "name" . }}-configmap - defaultMode: 420 - {{- if .Values.imageVectorOverwrite }} - - name: imagevector-overwrite - configMap: - name: {{ include "name" . }}-imagevector-overwrite - defaultMode: 420 - {{- end }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/poddisruptionbudget.yaml b/controllers/provider-azure/charts/provider-azure/templates/poddisruptionbudget.yaml deleted file mode 100644 index 6a135cc62..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if gt (int .Values.replicaCount) 1 }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "name" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "labels" . | indent 4 }} -spec: - maxUnavailable: {{ sub (int .Values.replicaCount) 1 }} - selector: - matchLabels: -{{ include "labels" . | indent 6 }} -{{- end }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/rbac.yaml b/controllers/provider-azure/charts/provider-azure/templates/rbac.yaml deleted file mode 100644 index 91e36eaaf..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/rbac.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "name" . }} - labels: -{{ include "labels" . | indent 4 }} -rules: -- apiGroups: - - extensions.gardener.cloud - resources: - - backupbuckets - - backupbuckets/status - - backupentries - - backupentries/status - - clusters - - controlplanes - - controlplanes/status - - infrastructures - - infrastructures/status - - workers - - workers/status - verbs: - - get - - list - - watch - - patch - - update -- apiGroups: - - resources.gardener.cloud - resources: - - managedresources - verbs: - - "*" -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - provider-azure-leader-election - verbs: - - get - - watch - - update - - patch -- apiGroups: - - "" - - apps - - batch - - rbac.authorization.k8s.io - - admissionregistration.k8s.io - - apiextensions.k8s.io - resources: - - namespaces - - events - - secrets - - configmaps - - endpoints - - deployments - - services - - serviceaccounts - - clusterroles - - clusterrolebindings - - roles - - rolebindings - - jobs - - pods - - pods/log - - mutatingwebhookconfigurations - - customresourcedefinitions - verbs: - - "*" -- apiGroups: - - machine.sapcloud.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "name" . }} - labels: -{{ include "labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "name" . }} - namespace: {{ .Release.Namespace }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/service.yaml b/controllers/provider-azure/charts/provider-azure/templates/service.yaml deleted file mode 100644 index 4520dda48..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "name" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.ignoreResources }} - annotations: - resources.gardener.cloud/ignore: "true" -{{- end }} - labels: -{{ include "labels" . | indent 4 }} -spec: - type: ClusterIP - selector: -{{ include "labels" . | indent 6 }} - ports: - - port: 443 - protocol: TCP - targetPort: {{ .Values.webhookConfig.serverPort }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/serviceaccount.yaml b/controllers/provider-azure/charts/provider-azure/templates/serviceaccount.yaml deleted file mode 100644 index 52458f74c..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "name" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "labels" . | indent 4 }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/storageclass.yaml b/controllers/provider-azure/charts/provider-azure/templates/storageclass.yaml deleted file mode 100644 index 5d5894493..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/storageclass.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if eq .Values.gardener.seed.provider "azure" }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.config.etcd.storage.className }} - labels: -{{ include "labels" . | indent 4 }} -provisioner: kubernetes.io/azure-disk -allowVolumeExpansion: true -parameters: - storageaccounttype: Premium_LRS - kind: managed -{{- end }} diff --git a/controllers/provider-azure/charts/provider-azure/templates/vpa.yaml b/controllers/provider-azure/charts/provider-azure/templates/vpa.yaml deleted file mode 100644 index 5c7774883..000000000 --- a/controllers/provider-azure/charts/provider-azure/templates/vpa.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.vpa.enabled}} -apiVersion: "autoscaling.k8s.io/v1beta2" -kind: VerticalPodAutoscaler -metadata: - name: {{ include "name" . }}-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "name" . }} - updatePolicy: - updateMode: {{ .Values.vpa.updatePolicy.updateMode }} -{{- end }} diff --git a/controllers/provider-azure/charts/provider-azure/values.yaml b/controllers/provider-azure/charts/provider-azure/values.yaml deleted file mode 100644 index 7b0b762d9..000000000 --- a/controllers/provider-azure/charts/provider-azure/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -image: - repository: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper - tag: latest - pullPolicy: IfNotPresent - -replicaCount: 1 -resources: {} -vpa: - enabled: true - updatePolicy: - updateMode: "Auto" - -controllers: - backupbucket: - concurrentSyncs: 5 - backupentry: - concurrentSyncs: 5 - controlplane: - concurrentSyncs: 5 - infrastructure: - concurrentSyncs: 5 - worker: - concurrentSyncs: 5 - ignoreOperationAnnotation: false - -disableControllers: [] -disableWebhooks: [] -ignoreResources: false - -# imageVectorOverwrite: | -# images: -# - name: pause-container -# sourceRepository: github.com/kubernetes/kubernetes/blob/master/build/pause/Dockerfile -# repository: gcr.io/google_containers/pause-amd64 -# tag: "3.0" -# version: 1.11.x -# - name: pause-container -# sourceRepository: github.com/kubernetes/kubernetes/blob/master/build/pause/Dockerfile -# repository: gcr.io/google_containers/pause-amd64 -# tag: "3.1" -# version: ">= 1.12" -# ... - -webhookConfig: - serverPort: 443 - -config: - clientConnection: - acceptContentTypes: application/json - contentType: application/json - qps: 100 - burst: 130 - etcd: - storage: - className: gardener.cloud-fast - capacity: 33Gi -# backup: -# schedule: "0 */24 * * *" - -gardener: - seed: - provider: azure diff --git a/controllers/provider-azure/cmd/gardener-extension-provider-azure/app/app.go b/controllers/provider-azure/cmd/gardener-extension-provider-azure/app/app.go deleted file mode 100644 index 3f007da2b..000000000 --- a/controllers/provider-azure/cmd/gardener-extension-provider-azure/app/app.go +++ /dev/null @@ -1,185 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package app - -import ( - "context" - "fmt" - "os" - - azureinstall "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/install" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - azurecmd "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/cmd" - azurebackupbucket "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/backupbucket" - azurebackupentry "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/backupentry" - azurecontrolplane "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/controlplane" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/healthcheck" - azureinfrastructure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/infrastructure" - azureworker "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/worker" - azurecontrolplanebackup "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/webhook/controlplanebackup" - azurecontrolplaneexposure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/webhook/controlplaneexposure" - "github.com/gardener/gardener-extensions/pkg/controller" - controllercmd "github.com/gardener/gardener-extensions/pkg/controller/cmd" - "github.com/gardener/gardener-extensions/pkg/controller/worker" - "github.com/gardener/gardener-extensions/pkg/util" - webhookcmd "github.com/gardener/gardener-extensions/pkg/webhook/cmd" - - machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" - "github.com/spf13/cobra" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -// NewControllerManagerCommand creates a new command for running a Azure provider controller. -func NewControllerManagerCommand(ctx context.Context) *cobra.Command { - var ( - restOpts = &controllercmd.RESTOptions{} - mgrOpts = &controllercmd.ManagerOptions{ - LeaderElection: true, - LeaderElectionID: controllercmd.LeaderElectionNameID(azure.Name), - LeaderElectionNamespace: os.Getenv("LEADER_ELECTION_NAMESPACE"), - WebhookServerPort: 443, - WebhookCertDir: "/tmp/gardener-extensions-cert", - } - configFileOpts = &azurecmd.ConfigOptions{} - - // options for the backupbucket controller - backupBucketCtrlOpts = &controllercmd.ControllerOptions{ - MaxConcurrentReconciles: 5, - } - - // options for the backupentry controller - backupEntryCtrlOpts = &controllercmd.ControllerOptions{ - MaxConcurrentReconciles: 5, - } - - // options for the health care controller - healthCheckCtrlOpts = &controllercmd.ControllerOptions{ - MaxConcurrentReconciles: 5, - } - - // options for the controlplane controller - controlPlaneCtrlOpts = &controllercmd.ControllerOptions{ - MaxConcurrentReconciles: 5, - } - - // options for the infrastructure controller - infraCtrlOpts = &controllercmd.ControllerOptions{ - MaxConcurrentReconciles: 5, - } - reconcileOpts = &controllercmd.ReconcilerOptions{} - - // options for the worker controller - workerCtrlOpts = &controllercmd.ControllerOptions{ - MaxConcurrentReconciles: 5, - } - workerReconcileOpts = &worker.Options{ - DeployCRDs: true, - } - workerCtrlOptsUnprefixed = controllercmd.NewOptionAggregator(workerCtrlOpts, workerReconcileOpts) - - // options for the webhook server - webhookServerOptions = &webhookcmd.ServerOptions{ - Namespace: os.Getenv("WEBHOOK_CONFIG_NAMESPACE"), - } - - controllerSwitches = azurecmd.ControllerSwitchOptions() - webhookSwitches = azurecmd.WebhookSwitchOptions() - webhookOptions = webhookcmd.NewAddToManagerOptions(azure.Name, webhookServerOptions, webhookSwitches) - - aggOption = controllercmd.NewOptionAggregator( - restOpts, - mgrOpts, - controllercmd.PrefixOption("backupbucket-", backupBucketCtrlOpts), - controllercmd.PrefixOption("backupentry-", backupEntryCtrlOpts), - controllercmd.PrefixOption("controlplane-", controlPlaneCtrlOpts), - controllercmd.PrefixOption("infrastructure-", infraCtrlOpts), - controllercmd.PrefixOption("worker-", &workerCtrlOptsUnprefixed), - controllercmd.PrefixOption("healthcheck-", healthCheckCtrlOpts), - configFileOpts, - controllerSwitches, - reconcileOpts, - webhookOptions, - ) - ) - - cmd := &cobra.Command{ - Use: fmt.Sprintf("%s-controller-manager", azure.Name), - - Run: func(cmd *cobra.Command, args []string) { - if err := aggOption.Complete(); err != nil { - controllercmd.LogErrAndExit(err, "Error completing options") - } - - util.ApplyClientConnectionConfigurationToRESTConfig(configFileOpts.Completed().Config.ClientConnection, restOpts.Completed().Config) - - if workerReconcileOpts.Completed().DeployCRDs { - if err := worker.ApplyMachineResourcesForConfig(ctx, restOpts.Completed().Config); err != nil { - controllercmd.LogErrAndExit(err, "Error ensuring the machine CRDs") - } - } - - mgr, err := manager.New(restOpts.Completed().Config, mgrOpts.Completed().Options()) - if err != nil { - controllercmd.LogErrAndExit(err, "Could not instantiate manager") - } - - scheme := mgr.GetScheme() - if err := controller.AddToScheme(scheme); err != nil { - controllercmd.LogErrAndExit(err, "Could not update manager scheme") - } - - if err := azureinstall.AddToScheme(scheme); err != nil { - controllercmd.LogErrAndExit(err, "Could not update manager scheme") - } - - // add common meta types to schema for controller-runtime to use v1.ListOptions - metav1.AddToGroupVersion(scheme, machinev1alpha1.SchemeGroupVersion) - // add types required for Azure Health check - scheme.AddKnownTypes(machinev1alpha1.SchemeGroupVersion, - &machinev1alpha1.MachineDeploymentList{}, - ) - - configFileOpts.Completed().ApplyETCDStorage(&azurecontrolplaneexposure.DefaultAddOptions.ETCDStorage) - configFileOpts.Completed().ApplyETCDBackup(&azurecontrolplanebackup.DefaultAddOptions.ETCDBackup) - configFileOpts.Completed().ApplyHealthCheckConfig(&healthcheck.DefaultAddOptions.HealthCheckConfig) - healthCheckCtrlOpts.Completed().Apply(&healthcheck.DefaultAddOptions.Controller) - backupBucketCtrlOpts.Completed().Apply(&azurebackupbucket.DefaultAddOptions.Controller) - backupEntryCtrlOpts.Completed().Apply(&azurebackupentry.DefaultAddOptions.Controller) - controlPlaneCtrlOpts.Completed().Apply(&azurecontrolplane.DefaultAddOptions.Controller) - infraCtrlOpts.Completed().Apply(&azureinfrastructure.DefaultAddOptions.Controller) - reconcileOpts.Completed().Apply(&azureinfrastructure.DefaultAddOptions.IgnoreOperationAnnotation) - reconcileOpts.Completed().Apply(&azurecontrolplane.DefaultAddOptions.IgnoreOperationAnnotation) - reconcileOpts.Completed().Apply(&azureworker.DefaultAddOptions.IgnoreOperationAnnotation) - workerCtrlOpts.Completed().Apply(&azureworker.DefaultAddOptions.Controller) - - if _, _, err := webhookOptions.Completed().AddToManager(mgr); err != nil { - controllercmd.LogErrAndExit(err, "Could not add webhooks to manager") - } - - if err := controllerSwitches.Completed().AddToManager(mgr); err != nil { - controllercmd.LogErrAndExit(err, "Could not add controllers to manager") - } - - if err := mgr.Start(ctx.Done()); err != nil { - controllercmd.LogErrAndExit(err, "Error running manager") - } - }, - } - - aggOption.AddFlags(cmd.Flags()) - - return cmd -} diff --git a/controllers/provider-azure/cmd/gardener-extension-provider-azure/main.go b/controllers/provider-azure/cmd/gardener-extension-provider-azure/main.go deleted file mode 100644 index 313d49688..000000000 --- a/controllers/provider-azure/cmd/gardener-extension-provider-azure/main.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package main - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/cmd/gardener-extension-provider-azure/app" - "github.com/gardener/gardener-extensions/pkg/controller" - controllercmd "github.com/gardener/gardener-extensions/pkg/controller/cmd" - "github.com/gardener/gardener-extensions/pkg/log" - - runtimelog "sigs.k8s.io/controller-runtime/pkg/log" -) - -func main() { - runtimelog.SetLogger(log.ZapLogger(false)) - cmd := app.NewControllerManagerCommand(controller.SetupSignalHandlerContext()) - - if err := cmd.Execute(); err != nil { - controllercmd.LogErrAndExit(err, "error executing the main controller command") - } -} diff --git a/controllers/provider-azure/docs/migrate-loadbalancer.md b/controllers/provider-azure/docs/migrate-loadbalancer.md deleted file mode 100644 index 84c36c9be..000000000 --- a/controllers/provider-azure/docs/migrate-loadbalancer.md +++ /dev/null @@ -1,89 +0,0 @@ -# Migrate Azure Shoot Load Balancer from basic to standard SKU - -This guide descibes how to migrate the Load Balancer of an Azure Shoot cluster from the basic SKU to the standard SKU.
-**Be aware:** You need to delete and recreate all services of type Load Balancer, which means that the public ip addresses of your service endpoints will change.
-Please do this only if the Stakeholder really needs to migrate this Shoot to use standard Load Balancers. All new Shoot clusters will automatically use Azure Standard Load Balancers. - -1. Disable temporarily Gardeners reconciliation.
-The Gardener Controller Manager need to be configured to allow ignoring Shoot clusters. -This can be configured in its the `ControllerManagerConfiguration` via the field `.controllers.shoot.respectSyncPeriodOverwrite="true"`. - -```sh -# In the Garden cluster. -kubectl annotate shoot shoot.garden.sapcloud.io/ignore="true" - -# In the Seed cluster. -kubectl -n scale deployment gardener-resource-manager --replicas=0 -``` - -2. Backup all Kubernetes services of type Load Balancer. -```sh -# In the Shoot cluster. -# Determine all Load Balancer services. -kubectl get service --all-namespaces | grep LoadBalancer - -# Backup each Load Balancer service. -echo "---" >> service-backup.yaml && kubectl -n get service -o yaml >> service-backup.yaml -``` - -3. Delete all Load Balancer services. -```sh -# In the Shoot cluster. -kubectl -n delete service -``` - -4. Wait until until Load Balancer is deleted. -Wait until all services of type Load Balancer are deleted and the Azure Load Balancer resource is also deleted. -Check via the Azure Portal if the Load Balancer within the Shoot Resource Group has been deleted. -This should happen automatically after all Kubernetes Load Balancer service are gone within a few minutes. - -Alternatively the Azure cli can be used to check the Load Balancer in the Shoot Resource Group. -The credentials to configure the cli are available on the Seed cluster in the Shoot namespace. -```sh -# In the Seed cluster. -# Fetch the credentials from cloudprovider secret. -kubectl -n get secret cloudprovider -o yaml - -# Configure the Azure cli, with the base64 decoded values of the cloudprovider secret. -az login --service-principal --username --password --tenant -az account set -s - -# Fetch the constantly the Shoot Load Balancer in the Shoot Resource Group. Wait until the resource is gone. -watch 'az network lb show -g shoot---- -n shoot----' - -# Logout. -az logout -``` - -5. Modify the `cloud-povider-config` configmap in the Seed namespace of the Shoot.
-The key `cloudprovider.conf` contains the Kubernetes cloud-provider configuration. -The value is a multiline string. Please change the value of the field `loadBalancerSku` from `basic` to `standard`. -Iff the field does not exists then append `loadBalancerSku: \"standard\"\n` to the value/string. -```sh -# In the Seed cluster. -kubectl -n edit cm cloud-provider-config -``` - -6. Enable Gardeners reconcilation and trigger a reconciliation. -``` -# In the Garden cluster -# Enable reconcilation -kubectl annotate shoot shoot.garden.sapcloud.io/ignore- - -# Trigger reconcilation -kubectl annotate shoot shoot.garden.sapcloud.io/operation="reconcile" -``` -Wait until the cluster has been reconciled. - -6. Recreate the services from the backup file.
-Probably you need to remove some fields from the service defintions e.g. `.spec.clusterIP`, `.metadata.uid` or `.status` etc. -```sh -kubectl apply -f service-backup.yaml -``` - -7. If successful remove backup file. -```sh -# Delete the backup file. -rm -f service-backup.yaml -``` - diff --git a/controllers/provider-azure/docs/usage-as-end-user.md b/controllers/provider-azure/docs/usage-as-end-user.md deleted file mode 100644 index e681e996c..000000000 --- a/controllers/provider-azure/docs/usage-as-end-user.md +++ /dev/null @@ -1,196 +0,0 @@ -# Using the Azure provider extension with Gardener as end-user - -The [`core.gardener.cloud/v1beta1.Shoot` resource](https://github.com/gardener/gardener/blob/master/example/90-shoot.yaml) declares a few fields that are meant to contain provider-specific configuration. - -In this document we are describing how this configuration looks like for Azure and provide an example `Shoot` manifest with minimal configuration that you can use to create an Azure cluster (modulo the landscape-specific information like cloud profile names, secret binding names, etc.). - -## Provider secret data - -Every shoot cluster references a `SecretBinding` which itself references a `Secret`, and this `Secret` contains the provider credentials of your Azure subscription. -This `Secret` must look as follows: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: core-azure - namespace: garden-dev -type: Opaque -data: - clientID: base64(client-id) - clientSecret: base64(client-secret) - subscriptionID: base64(subscription-id) - tenantID: base64(tenant-id) -``` - -Please look up https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal as well. - -## `InfrastructureConfig` - -The infrastructure configuration mainly describes how the network layout looks like in order to create the shoot worker nodes in a later step, thus, prepares everything relevant to create VMs, load balancers, volumes, etc. - -An example `InfrastructureConfig` for the Azure extension looks as follows: - -```yaml -apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 -kind: InfrastructureConfig -networks: - vnet: # specify either 'name' and 'resourceGroup' or 'cidr' - # name: my-vnet - # resouceGroup: my-vnet-resource-group - cidr: 10.250.0.0/16 - workers: 10.250.0.0/19 - # serviceEndpoints: - # - Microsoft.Test -zoned: false -# resourceGroup: -# name: mygroup -``` - -The `networks.vnet` section describes whether you want to create the shoot cluster in an already existing VNet or whether to create a new one: - -* If `networks.vnet.name` and `networks.vnet.resourceGroup` are given then you have to specify the VNet name and VNet resource group name of the existing VNet that was created by other means (manually, other tooling, ...). -* If `networks.vnet.cidr` is given then you have to specify the VNet CIDR of a new VNet that will be created during shoot creation. -You can freely choose a private CIDR range. -* Either `networks.vnet.name` and `neworks.vnet.resourceGroup` or `networks.vnet.cidr` must be present, but not both at the same time. - -The `networks.workers` section describes the CIDR for a subnet that is used for all shoot worker nodes, i.e., VMs which later run your applications. -The specified CIDR range must be contained in the VNet CIDR specified above, or the VNet CIDR of your already existing VNet. -You can freely choose this CIDR and it is your responsibility to properly design the network layout to suit your needs. - -In the `networks.serviceEndpoints[]` list you can specify the list of Azure service endpoints which shall be associated with the worker subnet. All available service endpoints and their technical names can be found in the (Azure Service Endpoint documentation](https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview). - -Via the `.zoned` boolean you can tell whether you want to use Azure availability zones or not. -If you don't use zones then an availability set will be created and only basic load balancers will be used. -Zoned clusters use standard load balancers. - -Currently, it's not yet possible to deploy into existing resource groups, but in the future it will. -The `.resourceGroup.name` field will allow specifying the name of an already existing resource group that the shoot cluster and all infrastructure resources will be deployed to. - -Apart from the VNet and the worker subnet the Azure extension will also create a dedicated resource group, route tables, security groups, and an availability set (if not using zoned clusters). - -## `ControlPlaneConfig` - -The control plane configuration mainly contains values for the Azure-specific control plane components. -Today, the only component deployed by the Azure extension is the `cloud-controller-manager`. - -An example `ControlPlaneConfig` for the Azure extension looks as follows: - -```yaml -apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 -kind: ControlPlaneConfig -cloudControllerManager: - featureGates: - CustomResourceValidation: true -``` - -The `cloudControllerManager.featureGates` contains a map of explicitly enabled or disabled feature gates. -For production usage it's not recommend to use this field at all as you can enable alpha features or disable beta/stable features, potentially impacting the cluster stability. -If you don't want to configure anything for the `cloudControllerManager` simply omit the key in the YAML specification. - -## Example `Shoot` manifest (non-zoned) - -Please find below an example `Shoot` manifest for a non-zoned cluster: - -```yaml -apiVersion: core.gardener.cloud/v1alpha1 -kind: Shoot -metadata: - name: johndoe-azure - namespace: garden-dev -spec: - cloudProfileName: azure - region: westeurope - secretBindingName: core-azure - provider: - type: azure - infrastructureConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: InfrastructureConfig - networks: - vnet: - cidr: 10.250.0.0/16 - workers: 10.250.0.0/19 - zoned: false - controlPlaneConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: ControlPlaneConfig - workers: - - name: worker-xoluy - machine: - type: Standard_D4_v3 - minimum: 2 - maximum: 2 - volume: - size: 50Gi - type: Standard_LRS - networking: - nodes: 10.250.0.0/16 - type: calico - kubernetes: - version: 1.16.1 - maintenance: - autoUpdate: - kubernetesVersion: true - machineImageVersion: true - addons: - kubernetes-dashboard: - enabled: true - nginx-ingress: - enabled: true -``` - -## Example `Shoot` manifest (zoned) - -Please find below an example `Shoot` manifest for a zoned cluster: - -```yaml -apiVersion: core.gardener.cloud/v1alpha1 -kind: Shoot -metadata: - name: johndoe-azure - namespace: garden-dev -spec: - cloudProfileName: azure - region: westeurope - secretBindingName: core-azure - provider: - type: azure - infrastructureConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: InfrastructureConfig - networks: - vnet: - cidr: 10.250.0.0/16 - workers: 10.250.0.0/19 - zoned: true - controlPlaneConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: ControlPlaneConfig - workers: - - name: worker-xoluy - machine: - type: Standard_D4_v3 - minimum: 2 - maximum: 2 - volume: - size: 50Gi - type: Standard_LRS - zones: - - "1" - - "2" - networking: - nodes: 10.250.0.0/16 - type: calico - kubernetes: - version: 1.16.1 - maintenance: - autoUpdate: - kubernetesVersion: true - machineImageVersion: true - addons: - kubernetes-dashboard: - enabled: true - nginx-ingress: - enabled: true -``` diff --git a/controllers/provider-azure/docs/usage-as-operator.md b/controllers/provider-azure/docs/usage-as-operator.md deleted file mode 100644 index 63d458ab4..000000000 --- a/controllers/provider-azure/docs/usage-as-operator.md +++ /dev/null @@ -1,84 +0,0 @@ -# Using the Azure provider extension with Gardener as operator - -The [`core.gardener.cloud/v1alpha1.CloudProfile` resource](https://github.com/gardener/gardener/blob/master/example/30-cloudprofile.yaml) declares a `providerConfig` field that is meant to contain provider-specific configuration. - -In this document we are describing how this configuration looks like for Azure and provide an example `CloudProfile` manifest with minimal configuration that you can use to allow creating Azure shoot clusters. - -## `CloudProfileConfig` - -The cloud profile configuration contains information about the update and failure domain counts in the Azure regions you want to offer. -Additionally, it contains the real machine image identifiers in the Azure environment. -You have to map every version that you specify in `.spec.machineImages[].versions` here such that the Azure extension knows the machine image identifiers for every version you want to offer. - -An example `CloudProfileConfig` for the Azure extension looks as follows: - -```yaml -apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 -kind: CloudProfileConfig -countUpdateDomains: -- region: westeurope - count: 5 -countFaultDomains: -- region: westeurope - count: 3 -machineImages: -- name: coreos - versions: - - version: 2135.6.0 - urn: "CoreOS:CoreOS:Stable:2135.6.0" -``` - -## Example `CloudProfile` manifest - -The possible values for `.spec.volumeTypes[].name` on Azure are `Standard_LRS`, `StandardSSD_LRS` and `Premium_LRS`. There is another volume type called `UltraSSD_LRS` but this type is not supported to use as os disk. If an end user select a volume type whose name is not equal to one of the valid values then the machine will be created with the default volume type which belong to the selected machine type. Therefore it is recommended to configure only the valid values for the `.spec.volumeType[].name` in the `CloudProfile`. - -Please find below an example `CloudProfile` manifest: - -```yaml -apiVersion: core.gardener.cloud/v1beta1 -kind: CloudProfile -metadata: - name: azure -spec: - type: azure - kubernetes: - versions: - - version: 1.16.1 - - version: 1.16.0 - expirationDate: "2020-04-05T01:02:03Z" - machineImages: - - name: coreos - versions: - - version: 2135.6.0 - machineTypes: - - name: Standard_D4_v3 - cpu: "4" - gpu: "0" - memory: 16Gi - volumeTypes: - - name: Standard_LRS - class: standard - usable: true - - name: StandardSSD_LRS - class: premium - usable: false - - name: Premium_LRS - class: premium - usable: false - regions: - - name: westeurope - providerConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: CloudProfileConfig - countUpdateDomains: - - region: westeurope - count: 5 - countFaultDomains: - - region: westeurope - count: 3 - machineImages: - - name: coreos - versions: - - version: 2135.6.0 - urn: "CoreOS:CoreOS:Stable:2135.6.0" -``` diff --git a/controllers/provider-azure/example/00-componentconfig.yaml b/controllers/provider-azure/example/00-componentconfig.yaml deleted file mode 100644 index 697ba1915..000000000 --- a/controllers/provider-azure/example/00-componentconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: azure.provider.extensions.config.gardener.cloud/v1alpha1 -kind: ControllerConfiguration -clientConnection: - acceptContentTypes: application/json - contentType: application/json - qps: 100 - burst: 130 -etcd: - storage: - className: gardener.cloud-fast - capacity: 33Gi -# backup: -# schedule: "0 */24 * * *" -#healthCheckConfig: -# syncPeriod: 30s \ No newline at end of file diff --git a/controllers/provider-azure/example/10-fake-shoot-controlplane.yaml b/controllers/provider-azure/example/10-fake-shoot-controlplane.yaml deleted file mode 100644 index 6a3eba17c..000000000 --- a/controllers/provider-azure/example/10-fake-shoot-controlplane.yaml +++ /dev/null @@ -1,183 +0,0 @@ -# This manifest creates a namespace into which an etcd as well as an kube-apiserver will be deployed. -# Also, some certificates will be generated that are needed by the controllers. All of this together -# is providing a test environment. The control planes deployed by Gardener look similar. ---- -apiVersion: v1 -kind: Namespace -metadata: - name: shoot--foobar--azure ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: etcd - namespace: shoot--foobar--azure -spec: - replicas: 1 - selector: - matchLabels: - run: etcd - template: - metadata: - labels: - run: etcd - spec: - containers: - - image: quay.io/coreos/etcd:v3.3.12 - name: etcd - command: - - etcd - - -advertise-client-urls=http://0.0.0.0:2379 - - -listen-client-urls=http://0.0.0.0:2379 - - -data-dir=/etcd-data - volumeMounts: - - mountPath: /etcd-data - name: data - volumes: - - name: data - emptyDir: {} ---- -apiVersion: v1 -kind: Service -metadata: - name: etcd - namespace: shoot--foobar--azure -spec: - ports: - - port: 2379 - selector: - run: etcd - type: ClusterIP ---- -apiVersion: v1 -kind: Secret -metadata: - name: ca - namespace: shoot--foobar--azure -type: Opaque -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrakNDQWVLZ0F3SUJBZ0lVVHAzWHZocldPVk04WkdlODZZb1hNVi9VSjdBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweE9UQXlNamN4TlRNME1EQmFGdzB5TkRBeQpNall4TlRNME1EQmFNQlV4RXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDeWkwUUdPY3YyYlRmM044T0xOOTdSd3NnSDZRQXI4d1NwQU9ydHRCSmcKRm5mblUyVDFSSGd4bTdxZDE5MFdMOERDaHYwZFpmNzZkNmVTUTRacmpqeUFyVHp1ZmI0RHRQd2crVldxN1h2RgpCTnluKzJoZjRTeVNrd2Q2azdYTGhVVFJ4MDQ4SWJCeUM0ditGRXZtb0xBd3JjMGQwRzE0ZWM2c25EKzdqTzdlCmt5a1EvTmdBT0w3UDZrRHM5ejYrYk9mZ0YwbkdOK2JtZVdRcUplalIwdCtPeVFEQ3g1L0ZNdFVmRVZSNVFYODAKYWVlZmdwM0pGWmI2ZkF3OUtoTHRkUlYzRlAwdHo2aFMrZTRTZzBtd0FBT3FpalpzVjg3a1A1R1l6anRjZkExMgpsRFlsL25iMUd0VnZ2a1FENDlWblY3bURubDZtRzNMQ01OQ05INldsWk52M0FnTUJBQUdqUWpCQU1BNEdBMVVkCkR3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCU0ZBM0x2Sk0yMWQ4cXMKWlZWQ2U2UnJUVDl3aVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW5zL0VKM3lLc2p0SVNvdGVRNzE0cjJVbQpCTVB5VVlUVGRSSEQ4TFpNZDNSeWt2c2FjRjJsMnk4OE56NndKY0F1b1VqMWg4YUJEUDVvWFZ0Tm1GVDlqeWJTClRYclJ2V2krYWVZZGI1NTZuRUE1L2E5NGUrY2IrQ2szcXkvMXhnUW9TNDU3QVpRT0Rpc0RaTkJZV2tBRnMyTGMKdWNwY0F0WEp0SXRoVm03RmpvQUhZY3NyWTA0eUFpWUVKTEQwMlRqVURYZzRpR09HTWtWSGRtaGF3QkRCRjNBagplc2ZjcUZ3amk2SnlBS0ZSQUNQb3d5a1FPTkZ3VVNvbTg5dVlFU1NDSkZ2TkNrOU1KbWpKMlB6RFV0NkN5cFI0CmVwRmRkMWZYTHd1d243ZnZQTW1KcUQzSHRMYWxYMUFabVBrK0JJOGV6ZkFpVmNWcW5USlFNWGxZUHBZZTlBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBc290RUJqbkw5bTAzOXpmRGl6ZmUwY0xJQitrQUsvTUVxUURxN2JRU1lCWjM1MU5rCjlVUjRNWnU2bmRmZEZpL0F3b2I5SFdYKytuZW5ra09HYTQ0OGdLMDg3bjIrQTdUOElQbFZxdTE3eFFUY3AvdG8KWCtFc2twTUhlcE8xeTRWRTBjZE9QQ0d3Y2d1TC9oUkw1cUN3TUszTkhkQnRlSG5Pckp3L3U0enUzcE1wRVB6WQpBRGkreitwQTdQYyt2bXpuNEJkSnhqZm01bmxrS2lYbzBkTGZqc2tBd3NlZnhUTFZIeEZVZVVGL05Hbm5uNEtkCnlSV1crbndNUFNvUzdYVVZkeFQ5TGMrb1V2bnVFb05Kc0FBRHFvbzJiRmZPNUQrUm1NNDdYSHdOZHBRMkpmNTIKOVJyVmI3NUVBK1BWWjFlNWc1NWVwaHR5d2pEUWpSK2xwV1RiOXdJREFRQUJBb0lCQURTSEZuZENiOGhMTDZqeQo1ZnZDYnpLRlBMWmZEV2JnczJGSlhOU2NJci9VUEdoNU4zMlZMRXRrQm81RG9NN1RNOEhIVnhaY0dKejFzUDR1CkVaRDVJc0cwdGZWd1Z3UGVMa05CTjd2MjdHLzFVem0wbEd1STRzVW9ybzJZZ1dha0NiQXlFOGxMSEE4aGFJbFMKelZYSHRxNUxvOG4rdFFZNXg5MHVodTJWcy8wVkRscXdNNzNhbDNrdThLRS9XMkxTK0xXMTkrYjV1UXQrZEg5ZQpjdDN5UnpHMXorUWNpT3JVN3dSNHMxTlViOGJ0eXNZNHpwNVo1bXNaMHBobXN1eWR0SVVESUpndjBYU2EzbHZsCkJ2M2M0MFhneGdHVkRHam1sS2dqbWM0TFNVVlA3Rk5wQlBZRFphL2gyTWNYeDZYYUlyd1huVVdNaUFLdi9IK0kKazdHMjRBa0NnWUVBNXBSbEJzTHVhaUsyekxpQ2k1UFNXU0xBZVZ3K1BMSGJZS2tELzBzOFhLQjEyUzI3Tk00cwpQdUpFWFMzZnFqKzl1aFhiM0VtUmxycEthVldRWDc1b1RJaG0yZDN0ZDNEbHNjOUZUcDZSdkZweU5ZUWRXZTJjClNFUE42UnF5VTlQTVBuYlhoaWp5U2ZNNGRQeGRCdUxlRG1DZWNvaDl1MzJ2bmczT3ZONXdOOVVDZ1lFQXhqcEgKV2VBbFFaTFFQNDdPNWNiejVNRVowc0JqbDA4Y3RMdUFFbU5aRnJVcWR3VjlESWdpc210OHlYWHowSWVRdGdkQwpxUWFoekdCU1lkc3JQZGtTS1JCYkw3eEdMSVhGVkNvOFhNYi83ZEJGdTI5NzBqeStBWnlXMGdycFg4UmJYU1VoCk9mZm5BeEpQY1U0Nzg5OFlpWUNTMkNUNWJaMkszRlY2YktncjFwc0NnWUVBM3ZMTlhHUlBNc0N1RC9TNEJVM0IKTGY2MExLUk1hVk52MDE2WlJ0ZndYWCtwYzMwTWJscUwzYUhhaUY0Nnpkc2tFREhpakhWMkdFKzRjM0VRVUFORAp4Zng5dGxzbnFUMjRXdDBYSHBXa1JJTVB1ejhyUWpERjAvbjd0MURnN0x6MTE5QUJSTytDbG81ZUlIK0RVNDA1Ck9KMmpsd3J5eDc4WGQ3UFNHanphTktFQ2dZQldxbkk1bENzVndVZDFFazNZM2lRUjFtOGcybVp3Wi9GSC8xWWUKTS90bVZ5ekt2c2FPYlJLbWFTSTB2bklyc0ttUFBCdGo1UGRtY0pKMElDdUdyZG9udy9QcUtlbVFXNmdMaFMvQQo3R3hHb0RGc29uQkRXYlZFNVI1M2xMZTEzQmFKNGNybUdrR1E4VGQwZFZ6MjRZcEx5Ny9uNmpwM04xTFh4RE56ClFBOXlrd0tCZ1FEUm8yR2VTeHRsUHJYNUlIakRWeTRBLzFqc3lBSTZHdEhqVXdVY3J6NVAzV1JKL0FQK1UzUisKYkUzMmxjV3A5OEFmUkZyYjFJNkYybVJXcHB2VjlFV2R0SnpjYzEyeUR1bUlUalVJdHhvMkxiY0d3SklGN1ZYZwpFODNuK0IrNmZ1WEl6Q1IyeTUrQjVyTTZPYnl1Z1NZUndGWG91dW9SeXhUL3VXRWl3U0J4ZXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= ---- -apiVersion: v1 -kind: Secret -metadata: - name: kube-apiserver - namespace: shoot--foobar--azure -type: Opaque -data: - kube-apiserver.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEakNDQXZhZ0F3SUJBZ0lVSjQzbHJublpXSmYyTEV2OWMxVDVoaDAzb1Fvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweE9UQTBNekF4TVRVNU1EQmFGdzB5T1RBMApNamN4TVRVNU1EQmFNQnN4R1RBWEJnTlZCQU1URUhONWMzUmxiVHBoY0dselpYSjJaWEl3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURFTjVKUUhsODJKeTdWeDcvT3VDOWl6dFhPZG1CSUV6Q0sKY3VCa0RxbVZhY3ZLUi90VjhZellCb2lVZCtVR0dKWG5TSFVjT1ArR200a0tPQkxOMDNpV3Fkakx2amU5d0tiZgp2ZVoxKzhaSFdDdUtTWXEzZE5BdXdKSzZqdnl3dDErOHhZUS9uYzVGYWkvR0owVE92NFE5YUlZd0VUV0t5eVFyCm4vU2NyY1M5NXJQTFhueFQvbVlxZCttczhBc0RQOUNDRWZoQnRCejN4ZmJ3RHk4L1BkSnp5dC9mOVVqR3JhcjMKbU1sbzdUL1V1VTcxYk1TUU1tNWtHZXNFSXU1RkozL2t5NTlpamdScW5FQ0JUbkZSeENzamh3anRQSkYveHFZYwpQdlJIT3RweU5nTUVsRmZqRlh5ZkU3Z1UzaGJScGRRRmtYeEpGT2V6eGdyMzQrRTN0SkFCQWdNQkFBR2pnZ0ZPCk1JSUJTakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3REFZRFZSMFQKQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVMktlb2lxUEJQN29aRmEyVFJqcTFzU25xdkkwd0h3WURWUjBqQkJndwpGb0FVaFFOeTd5VE50WGZLckdWVlFudWthMDAvY0lrd2dkUUdBMVVkRVFTQnpEQ0J5WUlPYTNWaVpTMWhjR2x6ClpYSjJaWEtDSG10MVltVXRZWEJwYzJWeWRtVnlMbk5vYjI5MExTMW1iMjh0TFdKaGNvSWlhM1ZpWlMxaGNHbHoKWlhKMlpYSXVjMmh2YjNRdExXWnZieTB0WW1GeUxuTjJZNElLYTNWaVpYSnVaWFJsYzRJU2EzVmlaWEp1WlhSbApjeTVrWldaaGRXeDBnaFpyZFdKbGNtNWxkR1Z6TG1SbFptRjFiSFF1YzNaamdpUnJkV0psY201bGRHVnpMbVJsClptRjFiSFF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDQ1d4dlkyRnNhRzl6ZEljRWZ3QUFBWWNFWkVBQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBcENGSmkxaWx2SDZEc1VuSmxRTDhOcEttN0dXejJoSWlPd2hqQzZHeQp0TjVhWGNDdXkyc0RvRFB2R1dHd3NEZjhHL1JyTGIwNEhJU0JUbUhTUGJvNHZQSnQvcXBacU10bGtLOWFOQ3NlCmtEU3E5UTM5a0hFSmtNcmgrYnpJMUtVa1gycEZoZ0g0bG5qZzA5TVc1KzdMTVBJRXdSVFpjanc5WjJuM0QxTVYKeUIveFpTR1h3V0JSbVg4cjdJcEVmYzNQK0Rmc015MUdEN2c5S2p0cVRIUkg5Tml3cUhoSFpOMkZYZ2w1S2JWYQpjcmwrQmxjemZtbUNubEFOMmpONU85YzV1dHhLRDVOVEdVS1R2b2J0Rkt0VE55dUV0THk2WUZBd2ZGSEx3aEZaCkdURGxJdWpPNVlyK2g0bHpqQ1ZHSCtZdWZSYzRSbVRXMHNadTZseVRiRjRGdnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - kube-apiserver.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBeERlU1VCNWZOaWN1MWNlL3pyZ3ZZczdWem5aZ1NCTXdpbkxnWkE2cGxXbkx5a2Y3ClZmR00yQWFJbEhmbEJoaVY1MGgxSERqL2hwdUpDamdTemRONGxxbll5NzQzdmNDbTM3M21kZnZHUjFncmlrbUsKdDNUUUxzQ1N1bzc4c0xkZnZNV0VQNTNPUldvdnhpZEV6citFUFdpR01CRTFpc3NrSzUvMG5LM0V2ZWF6eTE1OApVLzVtS25mcHJQQUxBei9RZ2hINFFiUWM5OFgyOEE4dlB6M1NjOHJmMy9WSXhxMnE5NWpKYU8wLzFMbE85V3pFCmtESnVaQm5yQkNMdVJTZC81TXVmWW80RWFweEFnVTV4VWNRckk0Y0k3VHlSZjhhbUhENzBSenJhY2pZREJKUlgKNHhWOG54TzRGTjRXMGFYVUJaRjhTUlRuczhZSzkrUGhON1NRQVFJREFRQUJBb0lCQUJsZGRiU1Z1SWt2bDRaYgpSQmhkQndNbTZjeSswTU9BZDQzdU84T3pnWWluSElrUnRSUHZIZDN2T2tpM0Z3d3FzWFlzajdjT1J6b0hjVGU0CjkvVlRtUXNnK2IyYzRXZk9OOFJFc0Q0Z1JnbURCRjNrRStLVFh6WXIvc3ZQSUN0WUNUQkYrRXFoQThGRmNOZVUKeS9oT0diSTJpT0k5MTBZUjdLTVhFbkFPcHBoRnVCYzhJbXRrT2w2MWZlRG15ZnRzTnZ1N25FSXRTeldDZy9XawpoUHVWYTZWMGxETEdjK2JRQi82bGVoK1FvNWxhRmRBSnhjT25VOUYzcWtMTVUrbnZ5YUh5OHR4L25VbitJK3pECnV1VGdJQngzUC91cGVSYi8rQUZvSGN4L3hRZDc5V3h1UXdyYlYrL3RmMzN4SE9VQXNYMTYvYWd2eHY2TzhpdmUKRXBKN3JJRUNnWUVBeEtseHdnYWVwaWo1b0tKVzJJTVE5emFVMEs0Ykh5QTVKV3l1cThQd1BQWmpMalhWNFE4aQpidHlOWW1VK2xMMDZxUDUrdWdBUDduamVoRHM0NktJMUlVa1Nvamx2WUhUTSswUHQ0WUZiVHlMYVh4QW5qRXVyCmtHeXBnUmdWRi9ZSm1zVms3bDIrakF5U2NFeE9nNDFudmJRMzh5L0NMNEZjT3pmUkdEVTRINDBDZ1lFQS8ydkUKeW9OU2hhaUp3QVpaRExrTHVXTVp6UDNxUzFyaDNaaGt5UmxUcHBENm50UWEyaVEwK0hXSDM3c1QzRmlYa28rNApjU015OUN1cnNsL05EV3l2aXNzMDJ0bkJScG5ZaFBoK0VHWnY5ZmkzYUVQR3k2ZmR0cVEzNituWG9kOS9hcWNGClhhUlVyZjdoZ212MUJQQ3NtMVFkZldaRjdxTmQ4Y0FRNWdCZEMwVUNnWUJuZTFYZHA4Z1JYTnhGdDBhRmRTb1gKTzBSQkxtd2RDOEttTzdNSnRQZVR6SDVSMFlneWZkazdocGhxM3lWMzlMNktNQ2dVelhXVW9VdE5QekJwMFBpdQpCQnBtL0Z2cjRHb0FDVFdDQktROFZ2V2JNZy90VmQvNEJnV0haVm1zR3czZ3Y5K2xRZlRERXRaM2V0K1JmM1hJCkw2MkZMR3M4dmcvL0pSYkVhelNWL1FLQmdEOWUrYUJWSExCVXRIaVVHcHZ4ZlZzdG4wVWc2blJ2eEFJNndTYXoKeGZGWm54U3hBMGlFR3pCWjJMQkZ0aFBCVnpuaHRwMDdZblQ2TU1zOHdaOUhDL2FmbkNtQVJWZkM2OWx4M2JVcgo5VE5OMWhOa1hYcEIxOXhzdWdNcUxYblgvY0QwVjN4NFBSbytWcTBKSSsxcDJTbGdvVUJ2azRJMXZpVXd4Z0NLCnJvc1JBb0dBVkVDODI4YlRXYk1xVzlBN2tCVWJzQWpMdHJZNVZhNjFjeGg5M2pOeHpJbnlHS2JEMVF5ZEFRSXMKNDlrcjZUSURaZUpGY2M5ZjFaQU5RRjZSTXRLL1g2QzFjRjl5TEJTWXNTL1d5VTg1dzhtbFN3SmNqcCtnWWNYVApZaE9vdHloM0dwbnlnSGQycUw3M1pIVmMrRFFVZWdJTkdSbGhUM2YxWjFiQmxpd0VyU2s9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== ---- -apiVersion: v1 -kind: Secret -metadata: - name: gardener - namespace: shoot--foobar--azure -type: Opaque -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrakNDQWVLZ0F3SUJBZ0lVVHAzWHZocldPVk04WkdlODZZb1hNVi9VSjdBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweE9UQXlNamN4TlRNME1EQmFGdzB5TkRBeQpNall4TlRNME1EQmFNQlV4RXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDeWkwUUdPY3YyYlRmM044T0xOOTdSd3NnSDZRQXI4d1NwQU9ydHRCSmcKRm5mblUyVDFSSGd4bTdxZDE5MFdMOERDaHYwZFpmNzZkNmVTUTRacmpqeUFyVHp1ZmI0RHRQd2crVldxN1h2RgpCTnluKzJoZjRTeVNrd2Q2azdYTGhVVFJ4MDQ4SWJCeUM0ditGRXZtb0xBd3JjMGQwRzE0ZWM2c25EKzdqTzdlCmt5a1EvTmdBT0w3UDZrRHM5ejYrYk9mZ0YwbkdOK2JtZVdRcUplalIwdCtPeVFEQ3g1L0ZNdFVmRVZSNVFYODAKYWVlZmdwM0pGWmI2ZkF3OUtoTHRkUlYzRlAwdHo2aFMrZTRTZzBtd0FBT3FpalpzVjg3a1A1R1l6anRjZkExMgpsRFlsL25iMUd0VnZ2a1FENDlWblY3bURubDZtRzNMQ01OQ05INldsWk52M0FnTUJBQUdqUWpCQU1BNEdBMVVkCkR3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCU0ZBM0x2Sk0yMWQ4cXMKWlZWQ2U2UnJUVDl3aVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW5zL0VKM3lLc2p0SVNvdGVRNzE0cjJVbQpCTVB5VVlUVGRSSEQ4TFpNZDNSeWt2c2FjRjJsMnk4OE56NndKY0F1b1VqMWg4YUJEUDVvWFZ0Tm1GVDlqeWJTClRYclJ2V2krYWVZZGI1NTZuRUE1L2E5NGUrY2IrQ2szcXkvMXhnUW9TNDU3QVpRT0Rpc0RaTkJZV2tBRnMyTGMKdWNwY0F0WEp0SXRoVm03RmpvQUhZY3NyWTA0eUFpWUVKTEQwMlRqVURYZzRpR09HTWtWSGRtaGF3QkRCRjNBagplc2ZjcUZ3amk2SnlBS0ZSQUNQb3d5a1FPTkZ3VVNvbTg5dVlFU1NDSkZ2TkNrOU1KbWpKMlB6RFV0NkN5cFI0CmVwRmRkMWZYTHd1d243ZnZQTW1KcUQzSHRMYWxYMUFabVBrK0JJOGV6ZkFpVmNWcW5USlFNWGxZUHBZZTlBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - gardener.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSRENDQWl5Z0F3SUJBZ0lVRWFQVkVoYXMyck5wMHRwQWVwbGs2UE00emZrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweE9UQXlNamN4TlRNMU1EQmFGdzB5T1RBeQpNalF4TlRNMU1EQmFNQ3d4RnpBVkJnTlZCQW9URG5ONWMzUmxiVHB0WVhOMFpYSnpNUkV3RHdZRFZRUURFd2huCllYSmtaVzVsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUlJRTd3SVJ4amEKYlcrdldJTFF1QjZ6WkI0by9vU0NOaWp1UVZGQy9FYkhzREtJZjVNcHpnWlMrQ3FTbFBTYnM3UkNvL2JPVVhCcApLZE52c01lOW82RXRGSnZTd3MrTlFpY0d5TEsvN2FTZmhwQkYyL3R6amUzYU40MiswS2RaRG81TWNuWW1PYVY4CmtFeGhRbmpyQkVQd05hRW12MnRyTGljdG1XYjNBZjFKZmgrU0RkNkh6S1ZkS2FWYzd1R2NvOEtSL2xxRTBNUGkKRkI0clFabnJvNFMxMXVVSWx6ckc2VFdvZVNUMXlrWXlSazNxQnlLSG12NnBUaWhKa2ZWcXRLS0RWNzdTajZIOApkenIvdm1WMlpSYzhVSTh4d3Y0ZVgvbjQzcXpwUHNJNU14a0FHQ0tkSTVFb3lvSHNtTWNJckQ1d1NkZkNHd3F5Ckd2U3drNTBDaiswQ0F3RUFBYU4xTUhNd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZPUk1UTnF1eWFQaERQY1ZiSDZxZlQ3eApBZE50TUI4R0ExVWRJd1FZTUJhQUZJVURjdThremJWM3lxeGxWVUo3cEd0TlAzQ0pNQTBHQ1NxR1NJYjNEUUVCCkN3VUFBNElCQVFBUXZGOFRlZFBlL2F1WWxNM2t0aW9sRlpIcHpSSG5QcHZjU3hOWU03ZE5IbjBFOWlPRFlYK1AKUTZBZ1lGcE5XRzN6V0dqZC9jQXJwVXhjb25CV2FwWmpCWHhKYS9oL0htSktpdHRDVmRGM2NVQ0lwK3VZdVYyWgpsR3l5TmM4ZHRVanFKZmd3cVkrQzZxZmFUVmQ3SlZRcjlZczZhTWl5TEZEclh3N1ZFWU5CWWZUUEwrSWRGUzVDCjIxSXNXY2w4bGJLa3RTYWxVTlF1NUNVTFVBT3FhdXJpRCt2QTl3TW8wZERtMGMrQTZLUEJNOVVzay9tNlFXcmwKWTRjb1cwT1ArZG9BelpMeUpTRDQ3UUdRWTVOZHB6Rm5lR2o0Y3pMSFgyMVJudkc0SFV2VlpjcTZGdmFPZitnRwpzRGc5emsrRzRoV2hrNGlZV0dnQnJTU3ZwR01XZzY0RQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - gardener.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd2dnVHZBaEhHTnB0YjY5WWd0QzRIck5rSGlqK2hJSTJLTzVCVVVMOFJzZXdNb2gvCmt5bk9CbEw0S3BLVTlKdXp0RUtqOXM1UmNHa3AwMit3eDcyam9TMFVtOUxDejQxQ0p3Yklzci90cEorR2tFWGIKKzNPTjdkbzNqYjdRcDFrT2preHlkaVk1cFh5UVRHRkNlT3NFUS9BMW9TYS9hMnN1SnkyWlp2Y0IvVWwrSDVJTgozb2ZNcFYwcHBWenU0Wnlqd3BIK1dvVFF3K0lVSGl0Qm1ldWpoTFhXNVFpWE9zYnBOYWg1SlBYS1JqSkdUZW9ICklvZWEvcWxPS0VtUjlXcTBvb05YdnRLUG9meDNPdisrWlhabEZ6eFFqekhDL2g1ZitmamVyT2srd2prekdRQVkKSXAwamtTaktnZXlZeHdpc1BuQkoxOEliQ3JJYTlMQ1RuUUtQN1FJREFRQUJBb0lCQVFDeVd0NVpEM3JiRzUxUQo5bXQwQkF2YkhLZEJHZ21ySUU1TW5ZV28vdHdLNisvSTQ3UHhRSkpET2Uwb3BRa0xPRHlkekV3UHlHTVA0M3N4CkFoQUw2d1FJV2ZvQnFtQ3NqSHBzaVUzZkVaR09xNXp6N1dOaTVqdG1raHBTenozWk5vR3N5QlRIQ2lnZk9Ec2sKR3BzUnIyYUNWTUhYV2xqR2t3VWZ1a2l5WHdlVEhHckFsVGlNdHErakN0N0NvK1VGMDR0VUVBMVZHajlOT2ZSbQpwNmp5OTVlVkpyWmtkVkZ2UUtSeDRnczJtcFg0bnBHaFhKUExQYk14RXExNzJyalZqbWpxRjZPTGU0YVBRd2g5CkN5cGdmUjBCM2M5enU0MlBnSTFtU1o1UHRPK2pabS9udmRnZkZIOHlRVnIwTll6bHVQS2VRb0dvTFpnMWI5dTYKdndWYnUwMjVBb0dCQU94MGYza1NMbUNJWGJ1T3h1bzNEWk1nQmFINXpCOEdqWVFJVmVnVHA4RUM4bWd2c2J1agppSFpjaFFQZjFjVExaMmhqTUYvK01VM2RVMXFpU2RpaEEyOG9hY3ozV283QjNrVW91ZU5kTDFwa251TURjMUMzClA5NzFrK25MTUNXZDdERXBSc2tJaUVXTXQ1Y2E4bFpGd1pRcno1aEFTZ1BVOGd3bStSaGh0SEdyQW9HQkFOSVIKNEpPVlNZVGpvSU53bjBpYjNyMGJvT0ZRcXlVa1Y0NWJmY3RNYzhxbngwYWx1Q0ZCVDBjdGhnYUVIdlRpWnZGQwowMVVHWFBSSEg0TXdiZmlDcnhoTE9hTFYwYkdaOSs4VTNkYVFOSDJSRjFtSVZOL0lYRG9GWUR5dlFrUm90OGFQCnI0VEhLWUIwNGVCSWlsS1NRRUEzbUFRN3l3RjdaQ1RqMm9PWGJwekhBb0dBSU5qT0hITjZIYzdUdG9wTzk1cE8KT0hIcVZtWHRCU0pUNWxPQ0c0c2ZjcUNHTEJMMERhelorQmRDSXhlbENvRjNDL2s3YnhwUW54QnYwOWRYaXRCVApPYzNUWkxXM3pyei9zM3ZFMXVETEF6T1hIdElMNHRxUjlOY0loU0hFdm5VQnFwS2hVcXZzd2p5YUJGT3A5bklhClFnc1QrNEp5eGJWL0tsRC9xWE5wTGFFQ2dZQThNLzltakZ3N2gzalM4bzNUbzBnY2JqU1hIaVZPU2JJR0RGWnEKMHdoRVJmMG9WQW9IRGM2SW1aVlZmTHZhZHFBRitKN1VPVFNlbFZ1RW4zYUV4LzhpT1R6VlcrM3l0aXVHQ3piZwpiUWQrRFB6aUhkNGxIQ2pDUUJRcWtCZXZ2MHNienNZQWlZdHRVeElBMHdsQlRNUzVJcldnVVBxRy9EUGhGcVBqCkhwMEd0UUtCZ1FDd2RqOE9SMkRROUJ4VlI5ejFzMEZvSG1rNDRQaDFtUEt0bVVmMWZoZEhDN2tsMlVURm5yVXIKd1hyWWZqVjRsSHVjaitvMklNUjBGVCs4QjJZS0FWTGNMZEZyaWJtY0cxZHNrRHR0bXBxdWpLY2t1OXAveWdmNApxd0Z5QWJjR0I2OGtRZVpJSXVYOTM3UzJRY3AxUExwVjl2Zm9JUURkRVVBM1JBTjBSRC80ZlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - kubeconfig: LS0tCmFwaVZlcnNpb246IHYxCmtpbmQ6IENvbmZpZwpjdXJyZW50LWNvbnRleHQ6IHNtYWxsLWNsdXN0ZXIKY2x1c3RlcnM6Ci0gbmFtZTogc21hbGwtY2x1c3RlcgogIGNsdXN0ZXI6CiAgICBjZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YTogTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXJha05EUVdWTFowRjNTVUpCWjBsVlZIQXpXSFpvY2xkUFZrMDRXa2RsT0RaWmIxaE5WaTlWU2pkQmQwUlJXVXBMYjFwSmFIWmpUa0ZSUlV3S1FsRkJkMFpVUlZSTlFrVkhRVEZWUlVGNFRVdGhNMVpwV2xoS2RWcFlVbXhqZWtGbFJuY3dlRTlVUVhsTmFtTjRUbFJOTUUxRVFtRkdkekI1VGtSQmVRcE5hbGw0VGxSTk1FMUVRbUZOUWxWNFJYcEJVa0puVGxaQ1FVMVVRMjEwTVZsdFZubGliVll3V2xoTmQyZG5SV2xOUVRCSFExTnhSMU5KWWpORVVVVkNDa0ZSVlVGQk5FbENSSGRCZDJkblJVdEJiMGxDUVZGRGVXa3dVVWRQWTNZeVlsUm1NMDQ0VDB4T09UZFNkM05uU0RaUlFYSTRkMU53UVU5eWRIUkNTbWNLUm01bWJsVXlWREZTU0dkNGJUZHhaREU1TUZkTU9FUkRhSFl3WkZwbU56WmtObVZUVVRSYWNtcHFlVUZ5VkhwMVptSTBSSFJRZDJjclZsZHhOMWgyUmdwQ1RubHVLekpvWmpSVGVWTnJkMlEyYXpkWVRHaFZWRko0TURRNFNXSkNlVU0wZGl0R1JYWnRiMHhCZDNKak1HUXdSekUwWldNMmMyNUVLemRxVHpkbENtdDVhMUV2VG1kQlQwdzNVRFpyUkhNNWVqWXJZazltWjBZd2JrZE9LMkp0WlZkUmNVcGxhbEl3ZEN0UGVWRkVRM2cxTDBaTmRGVm1SVlpTTlZGWU9EQUtZV1ZsWm1kd00wcEdXbUkyWmtGM09VdG9USFJrVWxZelJsQXdkSG8yYUZNclpUUlRaekJ0ZDBGQlQzRnBhbHB6VmpnM2ExQTFSMWw2YW5SalprRXhNZ3BzUkZsc0wyNWlNVWQwVm5aMmExRkVORGxXYmxZM2JVUnViRFp0UnpOTVEwMU9RMDVJTmxkc1drNTJNMEZuVFVKQlFVZHFVV3BDUVUxQk5FZEJNVlZrQ2tSM1JVSXZkMUZGUVhkSlFrSnFRVkJDWjA1V1NGSk5Ra0ZtT0VWQ1ZFRkVRVkZJTDAxQ01FZEJNVlZrUkdkUlYwSkNVMFpCTTB4MlNrMHlNV1E0Y1hNS1dsWldRMlUyVW5KVVZEbDNhVlJCVGtKbmEzRm9hMmxIT1hjd1FrRlJjMFpCUVU5RFFWRkZRVzV6TDBWS00zbExjMnAwU1ZOdmRHVlJOekUwY2pKVmJRcENUVkI1VlZsVVZHUlNTRVE0VEZwTlpETlNlV3QyYzJGalJqSnNNbms0T0U1Nk5uZEtZMEYxYjFWcU1XZzRZVUpFVURWdldGWjBUbTFHVkRscWVXSlRDbFJZY2xKMlYya3JZV1ZaWkdJMU5UWnVSVUUxTDJFNU5HVXJZMklyUTJzemNYa3ZNWGhuVVc5VE5EVTNRVnBSVDBScGMwUmFUa0paVjJ0QlJuTXlUR01LZFdOd1kwRjBXRXAwU1hSb1ZtMDNSbXB2UVVoWlkzTnlXVEEwZVVGcFdVVktURVF3TWxScVZVUllaelJwUjA5SFRXdFdTR1J0YUdGM1FrUkNSak5CYWdwbGMyWmpjVVozYW1rMlNubEJTMFpTUVVOUWIzZDVhMUZQVGtaM1ZWTnZiVGc1ZFZsRlUxTkRTa1oyVGtOck9VMUtiV3BLTWxCNlJGVjBOa041Y0ZJMENtVndSbVJrTVdaWVRIZDFkMjQzWm5aUVRXMUtjVVF6U0hSTVlXeFlNVUZhYlZCckswSkpPR1Y2WmtGcFZtTldjVzVVU2xGTldHeFpVSEJaWlRsQlBUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0KICAgIHNlcnZlcjogaHR0cHM6Ly9sb2NhbGhvc3Q6MzIyMjMKY29udGV4dHM6Ci0gbmFtZTogc21hbGwtY2x1c3RlcgogIGNvbnRleHQ6CiAgICBjbHVzdGVyOiBzbWFsbC1jbHVzdGVyCiAgICB1c2VyOiBzbWFsbC1jbHVzdGVyCnVzZXJzOgotIG5hbWU6IHNtYWxsLWNsdXN0ZXIKICB1c2VyOgogICAgY2xpZW50LWNlcnRpZmljYXRlLWRhdGE6IExTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVJTUkVORFFXbDVaMEYzU1VKQlowbFZSV0ZRVmtWb1lYTXljazV3TUhSd1FXVndiR3MyVUUwMGVtWnJkMFJSV1VwTGIxcEphSFpqVGtGUlJVd0tRbEZCZDBaVVJWUk5Ra1ZIUVRGVlJVRjRUVXRoTTFacFdsaEtkVnBZVW14amVrRmxSbmN3ZUU5VVFYbE5hbU40VGxSTk1VMUVRbUZHZHpCNVQxUkJlUXBOYWxGNFRsUk5NVTFFUW1GTlEzZDRSbnBCVmtKblRsWkNRVzlVUkc1T05XTXpVbXhpVkhCMFdWaE9NRnBZU25wTlVrVjNSSGRaUkZaUlVVUkZkMmh1Q2xsWVNtdGFWelZzWTJwRFEwRlRTWGRFVVZsS1MyOWFTV2gyWTA1QlVVVkNRbEZCUkdkblJWQkJSRU5EUVZGdlEyZG5SVUpCVFVsSlJUZDNTVko0YW1FS1lsY3JkbGRKVEZGMVFqWjZXa0kwYnk5dlUwTk9hV3AxVVZaR1F5OUZZa2h6UkV0SlpqVk5jSHBuV2xNclEzRlRiRkJUWW5NM1VrTnZMMkpQVlZoQ2NBcExaRTUyYzAxbE9XODJSWFJHU25aVGQzTXJUbEZwWTBkNVRFc3ZOMkZUWm1od1FrWXlMM1I2YW1VellVNDBNaXN3UzJSYVJHODFUV051V1cxUFlWWTRDbXRGZUdoUmJtcHlRa1ZRZDA1aFJXMTJNblJ5VEdsamRHMVhZak5CWmpGS1ptZ3JVMFJrTmtoNlMxWmtTMkZXWXpkMVIyTnZPRXRTTDJ4eFJUQk5VR2tLUmtJMGNsRmFibkp2TkZNeE1YVlZTV3g2Y2tjMlZGZHZaVk5VTVhscldYbFNhek54UW5sTFNHMTJObkJVYVdoS2EyWldjWFJMUzBSV056ZFRhalpJT0Fwa2VuSXZkbTFXTWxwU1l6aFZTVGg0ZDNZMFpWZ3ZialF6Y1hwd1VITkpOVTE0YTBGSFEwdGtTVFZGYjNsdlNITnRUV05KY2tRMWQxTmtaa05IZDNGNUNrZDJVM2RyTlRCRGFpc3dRMEYzUlVGQllVNHhUVWhOZDBSbldVUldVakJRUVZGSUwwSkJVVVJCWjFkblRVSk5SMEV4VldSS1VWRk5UVUZ2UjBORGMwY0tRVkZWUmtKM1RVTk5RWGRIUVRGVlpFVjNSVUl2ZDFGRFRVRkJkMGhSV1VSV1VqQlBRa0paUlVaUFVrMVVUbkYxZVdGUWFFUlFZMVppU0RaeFpsUTNlQXBCWkU1MFRVSTRSMEV4VldSSmQxRlpUVUpoUVVaSlZVUmpkVGhyZW1KV00zbHhlR3hXVlVvM2NFZDBUbEF6UTBwTlFUQkhRMU54UjFOSllqTkVVVVZDQ2tOM1ZVRkJORWxDUVZGQlVYWkdPRlJsWkZCbEwyRjFXV3hOTTJ0MGFXOXNSbHBJY0hwU1NHNVFjSFpqVTNoT1dVMDNaRTVJYmpCRk9XbFBSRmxZSzFBS1VUWkJaMWxHY0U1WFJ6TjZWMGRxWkM5alFYSndWWGhqYjI1Q1YyRndXbXBDV0hoS1lTOW9MMGh0U2t0cGRIUkRWbVJHTTJOVlEwbHdLM1ZaZFZZeVdncHNSM2w1VG1NNFpIUlZhbkZLWm1kM2NWa3JRelp4Wm1GVVZtUTNTbFpSY2psWmN6WmhUV2w1VEVaRWNsaDNOMVpGV1U1Q1dXWlVVRXdyU1dSR1V6VkRDakl4U1hOWFkydzRiR0pMYTNSVFlXeFZUbEYxTlVOVlRGVkJUM0ZoZFhKcFJDdDJRVGwzVFc4d1pFUnRNR01yUVRaTFVFSk5PVlZ6YXk5dE5sRlhjbXdLV1RSamIxY3dUMUFyWkc5QmVscE1lVXBUUkRRM1VVZFJXVFZPWkhCNlJtNWxSMm8wWTNwTVNGZ3lNVkp1ZGtjMFNGVjJWbHBqY1RaR2RtRlBaaXRuUndwelJHYzVlbXNyUnpSb1YyaHJOR2xaVjBkblFuSlRVM1p3UjAxWFp6WTBSUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09CiAgICBjbGllbnQta2V5LWRhdGE6IExTMHRMUzFDUlVkSlRpQlNVMEVnVUZKSlZrRlVSU0JMUlZrdExTMHRMUXBOU1VsRmNFRkpRa0ZCUzBOQlVVVkJkMmRuVkhaQmFFaEhUbkIwWWpZNVdXZDBRelJJY2s1clNHbHFLMmhKU1RKTFR6VkNWVlZNT0ZKelpYZE5iMmd2Q210NWJrOUNiRXcwUzNCTFZUbEtkWHAwUlV0cU9YTTFVbU5IYTNBd01pdDNlRGN5YW05VE1GVnRPVXhEZWpReFEwcDNZa2x6Y2k5MGNFb3JSMnRGV0dJS0t6TlBUamRrYnpOcVlqZFJjREZyVDJwcmVIbGthVmsxY0ZoNVVWUkhSa05sVDNORlVTOUJNVzlUWVM5aE1uTjFTbmt5V2xwMlkwSXZWV3dyU0RWSlRnb3piMlpOY0ZZd2NIQldlblUwV25scWQzQklLMWR2VkZGM0swbFZTR2wwUW0xbGRXcG9URmhYTlZGcFdFOXpZbkJPWVdnMVNsQllTMUpxU2tkVVpXOUlDa2x2WldFdmNXeFBTMFZ0VWpsWGNUQnZiMDVZZG5STFVHOW1lRE5QZGlzcldsaGFiRVo2ZUZGcWVraERMMmcxWml0bWFtVnlUMnNyZDJwcmVrZFJRVmtLU1hBd2FtdFRha3RuWlhsWmVIZHBjMUJ1UWtveE9FbGlRM0pKWVRsTVExUnVVVXRRTjFGSlJFRlJRVUpCYjBsQ1FWRkRlVmQwTlZwRU0zSmlSelV4VVFvNWJYUXdRa0YyWWtoTFpFSkhaMjF5U1VVMVRXNVpWMjh2ZEhkTE5pc3ZTVFEzVUhoUlNrcEVUMlV3YjNCUmEweFBSSGxrZWtWM1VIbEhUVkEwTTNONENrRm9RVXcyZDFGSlYyWnZRbkZ0UTNOcVNIQnphVlV6WmtWYVIwOXhOWHA2TjFkT2FUVnFkRzFyYUhCVGVub3pXazV2UjNONVFsUklRMmxuWms5RWMyc0tSM0J6VW5JeVlVTldUVWhZVjJ4cVIydDNWV1oxYTJsNVdIZGxWRWhIY2tGc1ZHbE5kSEVyYWtOME4wTnZLMVZHTURSMFZVVkJNVlpIYWpsT1QyWlNiUXB3Tm1wNU9UVmxWa3B5V210a1ZrWjJVVXRTZURSbmN6SnRjRmcwYm5CSGFGaEtVRXhRWWsxNFJYRXhOekp5YWxacWJXcHhSalpQVEdVMFlWQlJkMmc1Q2tONWNHZG1VakJDTTJNNWVuVTBNbEJuU1RGdFUxbzFVSFJQSzJwYWJTOXVkbVJuWmtaSU9IbFJWbkl3VGxsNmJIVlFTMlZSYjBkdlRGcG5NV0k1ZFRZS2RuZFdZblV3TWpWQmIwZENRVTk0TUdZemExTk1iVU5KV0dKMVQzaDFiek5FV2sxblFtRklOWHBDT0VkcVdWRkpWbVZuVkhBNFJVTTRiV2QyYzJKMWFncHBTRnBqYUZGUVpqRmpWRXhhTW1ocVRVWXZLMDFWTTJSVk1YRnBVMlJwYUVFeU9HOWhZM296VjI4M1FqTnJWVzkxWlU1a1RERndhMjUxVFVSak1VTXpDbEE1TnpGcksyNU1UVU5YWkRkRVJYQlNjMnRKYVVWWFRYUTFZMkU0YkZwR2QxcFJjbm8xYUVGVFoxQlZPR2QzYlN0U2FHaDBTRWR5UVc5SFFrRk9TVklLTkVwUFZsTlpWR3B2U1U1M2JqQnBZak55TUdKdlQwWlJjWGxWYTFZME5XSm1ZM1JOWXpoeGJuZ3dZV3gxUTBaQ1ZEQmpkR2huWVVWSWRsUnBXblpHUXdvd01WVkhXRkJTU0VnMFRYZGlabWxEY25ob1RFOWhURll3WWtkYU9TczRWVE5rWVZGT1NESlNSakZ0U1ZaT0wwbFlSRzlHV1VSNWRsRnJVbTkwT0dGUUNuSTBWRWhMV1VJd05HVkNTV2xzUzFOUlJVRXpiVUZSTjNsM1JqZGFRMVJxTW05UFdHSndla2hCYjBkQlNVNXFUMGhJVGpaSVl6ZFVkRzl3VHprMWNFOEtUMGhJY1ZadFdIUkNVMHBVTld4UFEwYzBjMlpqY1VOSFRFSk1NRVJoZWxvclFtUkRTWGhsYkVOdlJqTkRMMnMzWW5od1VXNTRRbll3T1dSWWFYUkNWQXBQWXpOVVdreFhNM3B5ZWk5ek0zWkZNWFZFVEVGNlQxaElkRWxNTkhSeFVqbE9ZMGxvVTBoRmRtNVZRbkZ3UzJoVmNYWnpkMnA1WVVKR1QzQTVia2xoQ2xGbmMxUXJORXA1ZUdKV0wwdHNSQzl4V0U1d1RHRkZRMmRaUVRoTkx6bHRha1ozTjJnemFsTTRiek5VYnpCblkySnFVMWhJYVZaUFUySkpSMFJHV25FS01IZG9SVkptTUc5V1FXOUlSR00yU1cxYVZsWm1USFpoWkhGQlJpdEtOMVZQVkZObGJGWjFSVzR6WVVWNEx6aHBUMVI2Vmxjck0zbDBhWFZIUTNwaVp3cGlVV1FyUkZCNmFVaGtOR3hJUTJwRFVVSlJjV3RDWlhaMk1ITmllbk5aUVdsWmRIUlZlRWxCTUhkc1FsUk5VelZKY2xkblZWQnhSeTlFVUdoR2NWQnFDa2h3TUVkMFVVdENaMUZEZDJScU9FOVNNa1JST1VKNFZsSTVlakZ6TUVadlNHMXJORFJRYURGdFVFdDBiVlZtTVdab1pFaEROMnRzTWxWVVJtNXlWWElLZDFoeVdXWnFWalJzU0hWamFpdHZNa2xOVWpCR1ZDczRRakpaUzBGV1RHTk1aRVp5YVdKdFkwY3haSE5yUkhSMGJYQnhkV3BMWTJ0MU9YQXZlV2RtTkFweGQwWjVRV0pqUjBJMk9HdFJaVnBKU1hWWU9UTTNVekpSWTNBeFVFeHdWamwyWm05SlVVUmtSVlZCTTFKQlRqQlNSQzgwWmxFOVBRb3RMUzB0TFVWT1JDQlNVMEVnVUZKSlZrRlVSU0JMUlZrdExTMHRMUW89Cg== ---- -apiVersion: v1 -kind: Service -metadata: - name: kube-apiserver - namespace: shoot--foobar--azure -spec: - ports: - - name: kube-apiserver - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: kubernetes - role: apiserver - type: NodePort ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: kubernetes - role: apiserver - name: kube-apiserver - namespace: shoot--foobar--azure -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: kubernetes - role: apiserver - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - labels: - app: kubernetes - role: apiserver - spec: - containers: - - command: - - /hyperkube - - apiserver - - --enable-admission-plugins=Priority,NamespaceLifecycle,LimitRanger,PodSecurityPolicy,ServiceAccount,NodeRestriction,DefaultStorageClass,Initializers,DefaultTolerationSeconds,ResourceQuota,StorageObjectInUseProtection,MutatingAdmissionWebhook,ValidatingAdmissionWebhook - - --disable-admission-plugins=PersistentVolumeLabel - - --allow-privileged=true - - --anonymous-auth=false - - --authorization-mode=Node,RBAC - - --client-ca-file=/srv/kubernetes/ca/ca.crt - - --enable-aggregator-routing=true - - --enable-bootstrap-token-auth=true - - --http2-max-streams-per-connection=1000 - - --endpoint-reconciler-type=none - - --etcd-servers=http://etcd:2379 - - --kubelet-preferred-address-types=InternalIP,Hostname,ExternalIP - - --insecure-port=0 - - --profiling=false - - --secure-port=443 - - --service-cluster-ip-range=100.64.0.0/13 - - --tls-cert-file=/srv/kubernetes/apiserver/kube-apiserver.crt - - --tls-private-key-file=/srv/kubernetes/apiserver/kube-apiserver.key - - --v=2 - image: k8s.gcr.io/hyperkube:v1.12.6 - imagePullPolicy: IfNotPresent - name: kube-apiserver - ports: - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8080 - name: local - protocol: TCP - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /srv/kubernetes/ca - name: ca - - mountPath: /srv/kubernetes/apiserver - name: kube-apiserver - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - volumes: - - name: ca - secret: - defaultMode: 420 - secretName: ca - - name: kube-apiserver - secret: - defaultMode: 420 - secretName: kube-apiserver diff --git a/controllers/provider-azure/example/20-crd-backupbucket.yaml b/controllers/provider-azure/example/20-crd-backupbucket.yaml deleted file mode 100644 index 273e8549b..000000000 --- a/controllers/provider-azure/example/20-crd-backupbucket.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: backupbuckets.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Cluster - names: - plural: backupbuckets - singular: backupbucket - kind: BackupBucket - shortNames: - - bb - additionalPrinterColumns: - - name: Type - type: string - description: The type of the cloud provider for this resource. - JSONPath: .spec.type - - name: Region - type: string - description: The region into which the backup bucket should be created. - JSONPath: .spec.region - - name: State - type: string - JSONPath: .status.lastOperation.state - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-backupentry.yaml b/controllers/provider-azure/example/20-crd-backupentry.yaml deleted file mode 100644 index ddbfdac59..000000000 --- a/controllers/provider-azure/example/20-crd-backupentry.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: backupentries.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Cluster - names: - plural: backupentries - singular: backupentry - kind: BackupEntry - shortNames: - - be - additionalPrinterColumns: - - name: Type - type: string - description: The type of the cloud provider for this resource. - JSONPath: .spec.type - - name: Region - type: string - description: The region into which the backup entry should be created. - JSONPath: .spec.region - - name: Bucket - type: string - description: The bucket into which the backup entry should be created. - JSONPath: .spec.bucketName - - name: State - type: string - JSONPath: .status.lastOperation.state - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-cluster.yaml b/controllers/provider-azure/example/20-crd-cluster.yaml deleted file mode 100644 index 9397fd5ab..000000000 --- a/controllers/provider-azure/example/20-crd-cluster.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusters.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Cluster - names: - plural: clusters - singular: cluster - kind: Cluster - additionalPrinterColumns: - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-controlplane.yaml b/controllers/provider-azure/example/20-crd-controlplane.yaml deleted file mode 100644 index 8926518a6..000000000 --- a/controllers/provider-azure/example/20-crd-controlplane.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: controlplanes.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Namespaced - names: - plural: controlplanes - singular: controlplane - kind: ControlPlane - shortNames: - - cp - additionalPrinterColumns: - - name: Type - type: string - description: The control plane type. - JSONPath: .spec.type - - name: State - type: string - JSONPath: .status.lastOperation.state - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-infrastructure.yaml b/controllers/provider-azure/example/20-crd-infrastructure.yaml deleted file mode 100644 index 4ab9e233f..000000000 --- a/controllers/provider-azure/example/20-crd-infrastructure.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: infrastructures.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Namespaced - names: - plural: infrastructures - singular: infrastructure - kind: Infrastructure - shortNames: - - infra - additionalPrinterColumns: - - name: Type - type: string - description: The type of the cloud provider for this resource. - JSONPath: .spec.type - - name: Region - type: string - description: The region into which the infrastructure should be deployed. - JSONPath: .spec.region - - name: State - type: string - JSONPath: .status.lastOperation.state - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-managedresource.yaml b/controllers/provider-azure/example/20-crd-managedresource.yaml deleted file mode 100644 index 3237f2064..000000000 --- a/controllers/provider-azure/example/20-crd-managedresource.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: managedresources.resources.gardener.cloud -spec: - group: resources.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Namespaced - names: - plural: managedresources - singular: managedresource - kind: ManagedResource - shortNames: - - mr - additionalPrinterColumns: - - name: Class - type: string - JSONPath: .spec.class - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-network.yaml b/controllers/provider-azure/example/20-crd-network.yaml deleted file mode 100644 index 7df90c9d4..000000000 --- a/controllers/provider-azure/example/20-crd-network.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networks.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Namespaced - names: - plural: networks - singular: network - kind: Network - shortNames: - - nw - additionalPrinterColumns: - - name: Type - type: string - description: The type of the network plugin for this resource. - JSONPath: .spec.type - - name: STATE - type: string - description: The state of the last operation. - JSONPath: .status.lastOperation.state - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-operatingsystemconfig.yaml b/controllers/provider-azure/example/20-crd-operatingsystemconfig.yaml deleted file mode 100644 index 2c2db728e..000000000 --- a/controllers/provider-azure/example/20-crd-operatingsystemconfig.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatingsystemconfigs.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Namespaced - names: - plural: operatingsystemconfigs - singular: operatingsystemconfig - kind: OperatingSystemConfig - shortNames: - - osc - additionalPrinterColumns: - - name: Type - type: string - description: The type of the operating system configuration. - JSONPath: .spec.type - - name: State - type: string - JSONPath: .status.lastOperation.state - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/20-crd-vpa.yaml b/controllers/provider-azure/example/20-crd-vpa.yaml deleted file mode 100644 index a54d9e4bf..000000000 --- a/controllers/provider-azure/example/20-crd-vpa.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: verticalpodautoscalers.autoscaling.k8s.io -spec: - group: autoscaling.k8s.io - scope: Namespaced - names: - plural: verticalpodautoscalers - singular: verticalpodautoscaler - kind: VerticalPodAutoscaler - shortNames: - - vpa - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: false - - name: v1beta2 - served: true - storage: true - validation: - # openAPIV3Schema is the schema for validating custom objects. - openAPIV3Schema: - properties: - spec: - required: [] - properties: - targetRef: - type: object - updatePolicy: - properties: - updateMode: - type: string - resourcePolicy: - properties: - containerPolicies: - type: array ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: verticalpodautoscalercheckpoints.autoscaling.k8s.io -spec: - group: autoscaling.k8s.io - scope: Namespaced - names: - plural: verticalpodautoscalercheckpoints - singular: verticalpodautoscalercheckpoint - kind: VerticalPodAutoscalerCheckpoint - shortNames: - - vpacheckpoint - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: false - - name: v1beta2 - served: true - storage: true diff --git a/controllers/provider-azure/example/20-crd-worker.yaml b/controllers/provider-azure/example/20-crd-worker.yaml deleted file mode 100644 index c4cc1a865..000000000 --- a/controllers/provider-azure/example/20-crd-worker.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workers.extensions.gardener.cloud -spec: - group: extensions.gardener.cloud - versions: - - name: v1alpha1 - served: true - storage: true - version: v1alpha1 - scope: Namespaced - names: - plural: workers - singular: worker - kind: Worker - additionalPrinterColumns: - - name: Type - type: string - description: The worker type. - JSONPath: .spec.type - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - status: {} diff --git a/controllers/provider-azure/example/30-backupbucket.yaml b/controllers/provider-azure/example/30-backupbucket.yaml deleted file mode 100644 index c061d97f0..000000000 --- a/controllers/provider-azure/example/30-backupbucket.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: backupprovider - namespace: garden -type: Opaque -data: -# clientID: base64(clientID) -# clientSecret: base64(clientSecret) -# subscriptionID: base64(subscriptionID) -# tenantID: base64(tenantID) ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: BackupBucket -metadata: - name: cloud--azure--fg2d6 -spec: - type: azure - region: eu-west-1 - secretRef: - name: backupprovider - namespace: garden \ No newline at end of file diff --git a/controllers/provider-azure/example/30-backupentry.yaml b/controllers/provider-azure/example/30-backupentry.yaml deleted file mode 100644 index fd015d643..000000000 --- a/controllers/provider-azure/example/30-backupentry.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: backupprovider - namespace: shoot--foobar--azure -type: Opaque -data: -# storageAccount: base64(storageAccount) -# storageKey: base64(storageKey) ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: BackupEntry -metadata: - name: shoot--foobar--azure--sd34f -spec: - type: azure - region: eu-west-1 - bucketName: cloud--azure--fg2d6 - secretRef: - name: backupprovider - namespace: garden diff --git a/controllers/provider-azure/example/30-controlplane.yaml b/controllers/provider-azure/example/30-controlplane.yaml deleted file mode 100644 index 7183226a6..000000000 --- a/controllers/provider-azure/example/30-controlplane.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: shoot--foobar--azure - labels: -# backup.gardener.cloud/provider: azure -# seed.gardener.cloud/provider: azure - shoot.gardener.cloud/provider: azure ---- -apiVersion: v1 -kind: Secret -metadata: - name: cloudprovider - namespace: shoot--foobar--azure -type: Opaque -data: - clientID: Y2xpZW50SUQ= - clientSecret: Y2xpZW50U2VjcmV0 - subscriptionID: c3Vic2NyaXB0aW9uSUQ= - tenantID: dGVuYW50SUQ= ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: Cluster -metadata: - name: shoot--foobar--azure -spec: - cloudProfile: - apiVersion: core.gardener.cloud/v1alpha1 - kind: CloudProfile - seed: - apiVersion: core.gardener.cloud/v1alpha1 - kind: Seed - shoot: - apiVersion: core.gardener.cloud/v1alpha1 - kind: Shoot - spec: - networking: - pods: 10.250.0.0/19 - kubernetes: - version: 1.13.4 - hibernation: - enabled: false - status: - lastOperation: - state: Succeeded ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: ControlPlane -metadata: - name: control-plane - namespace: shoot--foobar--azure -spec: - type: azure - region: europe-west1 - secretRef: - name: cloudprovider - namespace: shoot--foobar--azure - providerConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: ControlPlaneConfig - cloudControllerManager: - featureGates: - CustomResourceValidation: true - infrastructureProviderStatus: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: InfrastructureStatus - resourceGroup: - name: rg-1234 - networks: - vnet: - name: vnet-1234 - subnets: - - purpose: nodes - name: subnet-acbd1234 - availabilitySets: - - id: /example/id - name: azure-avset-workers - purpose: nodes - routeTables: - - name: route-table - purpose: nodes - securityGroups: - - name: sec-groups - purpose: nodes diff --git a/controllers/provider-azure/example/30-etcd-backup-secret.yaml b/controllers/provider-azure/example/30-etcd-backup-secret.yaml deleted file mode 100644 index 24bf9eb05..000000000 --- a/controllers/provider-azure/example/30-etcd-backup-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: etcd-backup - namespace: shoot--foobar--azure -type: Opaque -data: - storageAccount: dGVzdEFjY291bnQK #testAccount - storageKey: dGVzdEtleQo= #testKey diff --git a/controllers/provider-azure/example/30-infrastructure.yaml b/controllers/provider-azure/example/30-infrastructure.yaml deleted file mode 100644 index 3bb1f026f..000000000 --- a/controllers/provider-azure/example/30-infrastructure.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: shoot--foobar--azure ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: shoot--foobar--azure - name: core-azure -type: Opaque -data: -# clientID: base64(clientID) -# clientSecret: base64(clientSecret) -# subscriptionID: base64(subscriptionID) -# tenantID: base64(tenantID) ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: Cluster -metadata: - name: shoot--foobar--azure -spec: - cloudProfile: - apiVersion: core.gardener.cloud/v1alpha1 - kind: CloudProfile - spec: - providerConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: CloudProfileConfig - countFaultDomains: - - region: westeurope - count: 2 - countUpdateDomains: - - region: westeurope - count: 5 - seed: - apiVersion: core.gardener.cloud/v1alpha1 - kind: Seed - shoot: - apiVersion: core.gardener.cloud/v1alpha1 - kind: Shoot - spec: - networking: - pods: 10.243.128.0/17 - services: 10.243.0.0/17 - status: - lastOperation: - state: Succeeded ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: Infrastructure -metadata: - namespace: shoot--foobar--azure - name: azure-infra -spec: - type: azure - region: westeurope - secretRef: - namespace: shoot--foobar--azure - name: core-azure - providerConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: InfrastructureConfig - networks: - vnet: # specify either 'name' and 'resourceGroup' or 'cidr' - # name: my-vnet - # resourceGroup: my-vnet-group - cidr: 10.250.0.0/16 - workers: 10.250.0.0/19 - # serviceEndpoints: - # - entry1 - zoned: false - # resourceGroup: - # name: mygroup diff --git a/controllers/provider-azure/example/30-worker.yaml b/controllers/provider-azure/example/30-worker.yaml deleted file mode 100644 index 85019fab4..000000000 --- a/controllers/provider-azure/example/30-worker.yaml +++ /dev/null @@ -1,111 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: cloudprovider - namespace: shoot--foobar--azure -type: Opaque -data: - clientID: ZGF0YQo= - clientSecret: ZGF0YQo= - subscriptionID: ZGF0YQo= - tenantID: ZGF0YQo= ---- -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: Cluster -metadata: - name: shoot--foobar--azure -spec: - cloudProfile: - apiVersion: core.gardener.cloud/v1alpha1 - kind: CloudProfile - spec: - providerConfig: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: CloudProfileConfig - machineImages: - - name: coreos - versions: - - version: 2135.6.0 - urn: azureimageurn - seed: - apiVersion: core.gardener.cloud/v1alpha1 - kind: Seed - shoot: - apiVersion: core.gardener.cloud/v1alpha1 - kind: Shoot - spec: - kubernetes: - version: 1.13.4 - status: - lastOperation: - state: Succeeded ---- -apiVersion: v1 -kind: Secret -metadata: - name: ssh-keypair - namespace: shoot--foobar--azure -type: Opaque -data: - id_rsa.pub: dGhlLXNzaC1rZXktZm9yLXRoZS1tYWNoaW5l ---- -# This resource does result in the deployment of the machine-controller-manager, the machine classes, -# and the desired MachineDeployments. However, it does not create actual virtual machines because the -# provided infrastructure status data (subnet id, etc.) is not valid/does not exist. -apiVersion: extensions.gardener.cloud/v1alpha1 -kind: Worker -metadata: - name: worker - namespace: shoot--foobar--azure - annotations: - gardener.cloud/operation: reconcile -spec: - type: azure - region: westeurope - secretRef: - name: cloudprovider - namespace: shoot--foobar--azure - infrastructureProviderStatus: - apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 - kind: InfrastructureStatus - resourceGroup: - name: my-resource-group - networks: - vnet: - name: my-vnet - subnets: - - purpose: nodes - name: subnet-123 - availabilitySets: - - purpose: nodes - id: av-nodes-1234-id - name: av-nodes-1234-name - routeTables: - - purpose: nodes - name: route-table-1 - securityGroups: - - purpose: nodes - name: sec-group-1 - pools: - - name: cpu-worker - machineType: Standard_D2_v3 - machineImage: - name: coreos - version: 2135.6.0 - minimum: 1 - maximum: 1 - maxSurge: 1 - maxUnavailable: 0 - # labels: - # key: value - # annotations: - # key: value - # taints: # See also https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - # - key: foo - # value: bar - # effect: NoSchedule - userData: IyEvYmluL2Jhc2gKCmVjaG8gImhlbGxvIHdvcmxkIgo= - volume: - type: standard - size: 35Gi diff --git a/controllers/provider-azure/example/controller-registration.yaml b/controllers/provider-azure/example/controller-registration.yaml deleted file mode 100644 index 24aa41e1e..000000000 --- a/controllers/provider-azure/example/controller-registration.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: core.gardener.cloud/v1alpha1 -kind: ControllerRegistration -metadata: - name: provider-azure -spec: - resources: - - kind: BackupBucket - type: azure - - kind: BackupEntry - type: azure - - kind: ControlPlane - type: azure - - kind: Infrastructure - type: azure - - kind: Worker - type: azure - deployment: - type: helm - providerConfig: - chart: H4sIAAAAAAAAA+0c/W/btrI/+68gvDegLWr529nTQx+em3idsTQx4qzFMAwBLdG2GlnUKCqp1+1/f8cPyZQsW3Gbpmura4HIJO94JO+Ox+NJIaM3nktYA/8ZM9J89CmgBXDU78u/APm/8rnd7bU7/c5gIMrhqdt+hPqfhJscxBHHDKFHjFK+r11Z/RcKYXb9j5eYcWuNV/499lG2/p1ON7f+vV5/8Ai17pGHnfCNrz8OvdeERR4NbHTTruEwNH5aXavVcMlNzSWRw7yQy/Ih+on4K+QIUUFzyhBfEvQSM5cEhKGhkCM00WKFyDtOAkGvFuAVsVFW3mo3BZ197in5piCn/y51rAW95z5K9L/TGvRy+t8ddDuV/j8ENJvomIZr5i2WHD12nqBOq/1vNB1O0HSEQLdxIH/g+dzzPcwJcugqxMHaQkPfRxItQoxEhN0Q10KXSy9C0JQg+Ot7Dug+cVEcCFMgzMQwxA78mdI5v8VgJ05Vk2foxkIdMBYOCTnCEQooBzwKKOzWi4BaINFPx8ejM2BM9FBrNuF/QqGgk5S2tmioY7XQY9GgrqvqT/4jSKxpjFZ4LTpFMXTG00FohqB3MWyYgMAh6NbjS8WNomIJGr9qGnTGMTTHgBDCr7nZEGGumZaw5Dy0m83b21sLS44tyhZNPWlRU4+1AVxrrF8Cn0Ritv+IPQYjnq0R2GtAwDPg1ce3csEWjEAdp4LrW+ZxL1g8Q5GecEHG9SLOvFnMM5OW8AhDNxvAtIEI1IdTNJ7W0YvhdDx9Joi8GV/+dP7LJXozvLgYnl2OR1N0foGOz89Oxpfj8zP49SManv2Kfh6fnTxDxBMrCdMZMjECYNMT0wkSI2hNCcmwkOwpUUgcb+45MLRgEeMFQQsKG0YAI0IhYSsvEssaAYOuION7K49jLou2xmXVoMmC2guxSQk5tqxm+n+JnetmUtNwaMAZ9X0wiowsxFxIola0zO1eyNJUyDsMwyHNXZjCn0IvoJM4fBE714TbCl8VjQBprUuOFYUJjJjoonEwZxhIxQ6Hn7rwDWXXhKkfYmRoAqTEDKldmQRCJCJkDjiKw5DqHVsXiokUc+RQxojD0YZ/lOG/FprUqw36K4Lc/s8JCDJIS3SfJ8HDz3+9fueoOv89BOxc/6sl8cHIRhYPP/YsWLL+7U6nn1v/o1a/V/l/DwHv3zeQS+ZeAF6ROKHVUePvv2sLfZprpMe3Ru7gJvBI4MrWNZOIj2fEj8CjCa1rslbk5I94Bls3AdGyPNoUXWVo7CBxg/1Y8/T+PXg0jh+7KacW0oh7GNnGzTMoqNhoRwvdv+xpexReAMIDLqFEty6ITzB4GmfAXCFnKWveCjZTxRlCosaboyWOJgzq36F6tMSd/sCGbl+L7qEr0d7ieIFSjJB5AZ+j+vfR/76P8i0ZCWnkccrW+0jAGEkRQfuDCcJgjXHnF8QloU/XKxJwfepPhSNq3rTN6frcSvENwU77D77g3FuscNiQK30D/iFlDeF/i0MFOSRGWLb/9wa5+F+ne9TuVvb/IUBbn4xWv5ZrfZ4stbJ9mTDhtRe4tjisgIi8wmFtRTh2Mcc2WAIV5yu21sWypJEiOGUUmFJZrIyMMsx2gTkX5P+CQti1OOqJ1gk7ssfoKiu4NvpLENk76iw5w6h97iW7V7iD/vt0sYCT4offCpT5f/3WIKf/bUCo9P8h4L4UWwtJQ4lNVqOVN2nor4h+pZ5lZCXepuX4NHa15MUq9mAjTTlV6Lnnc5BXwxMTCEKjBdnffhyfXo4ufq8hDdIby0GIWURY2uQV5s4y18QkL7gyo0IrHIC9YE+lyjR2Vqf0fybrqzwbMKq0fiLZ2e4f1kbGVdkky++FCrdencCMJGWXLCa1TzUDK+wswYXbPQd7GvyjZoERhzL3akVdb+5tjf/OC3ohySC+DokIGLMveEsot/8ffxtcdv/TPhrkz//dQWX/HwTuy/6n4vJJnTnVS+rCCV1sNBryrzkQKctWItqWsdVoArkd56aN/XCJ25JQOgVa/Y/N7aiW85c1Pcf3gFdoGYATKa6a5AiB31y5rU0IdsS9kugDqi/BjERyqtKbnXoJfWubgLi4SfDrZfwV4WuW5SQnpQdyZWAexo6JmPLxR3jorADGYf0KhLS/WcwifmCPEuewPhVK9kghuifccRP5iOAkAluOne44jo+j6CxRwFwXAtPSKFbacjMwQBcXjB5fl2Prhgl/26Ium8/kxZVqhDj9Vdxv7WmXKvPgaz5KfZGwc//fROs+2gEo2f+PtvM/jgatfrX/PwRktk0diVU74EkqAHf2Au6498tYuBl0WgSUEfDnacycZCfCQUD1bb4ygyypz+/eCt1GdQ7efz1rVg9xMkS6geiKkRtPTMhPnrCK61ORVmCjlqyR2RZRxozqwmMaB1x1GsGgRSxJ8b0SZ4vTu/ExUAQSLdQEjNmXzkN+ZgTcMY6XbghL4lxH8coI86jDT2GALrPej+VNAfqXdam5tF7ACk8wX6L6naLG9SdyyOqWA3gw+crtiTtY3euDfgCzJWzdUYh+SDASQUqcKQxHY5auVaNMhRTI+cu20tdG280mse9PKEhhdoNXVzRhWpmZVbqCY627EaAGahbc+i3BI2NGm+x2UXBINto2Gmr7n8mUF2jwTrR3YsZgthriKB44nk+i51mfRBOMLBPb2mBO14ETmUPZ9EREJs2HdiSRy/pRItMQyWHPm+DiNItXUYtW0ziv5MmI3kOR5nM4vyZ2GcNeJnvo8L6y+KW9SVPcoCFRx6XGxlbt7ECinCcYwxQhT/tWpjwdPgKFV8b5LZktKb1OFjjdxp7vOcHuxFbxqoZItzK50q3UgdLSQS2RkpWj5nqRSN8ytCszOF29OaFGYIPeUi9A9Wf1XbR030WE3uiqHVRIcGNaCWW8TkfDk9HF1eh0dCzS/a7Ohq9G08nweJS2REjenf/I6Mo2CkX8lvjuBZlnS3W5sMx2uuNZ6TJ86D6X8Dt+NXw5eg3Mnl9cnb8eXby5GF9u8WqjpkxwM26LmoXXR/u2K7Ho0faEJRKiVt3oOd0ghCRkzPddxAUJi8ypQ30bXR5P8mc2lvWpFKSFdsHpbYPxFwr0xtZuFRxX5axRP16RV8LzKRhyehWQwEo0VCtcbjs/dsV33TQWMbO16kY7RrB7Hviwswr3cvfKi/XxHDJ0HEH4rHyLFynVgTiTG6LjDgPuDbcqUBpeOInBn1lMwSdyYx+extJ66uLRO+LEZphJzYd0VaYZn9SYBuGdjlRebtajTNCvyXpnekyaQJPDQkhtAdAfGgdblVLbtroSnd0hDcdE4DSkPl2sfxY81rPJOUsacTnpGkMJ65YblpM2Jwl9mtzdOfKZgEvmOPb5K+oCXq/T0lUHifLdBPlwfssUYw/vVdTmq4Od8R8wRuAfsFi+9DWL3QX54EBQWf5Pv3eUv//vd6r3fx4EtElacPRYHJSLghpPUDufAhTK82Tzpj0DTy0JGE2oe5JKzAspMfcdOfqwgA4cGX4J8A32fOHuSvJRPCsd8EcHcr4Ek7lT/xmciu/pReAS/e92uvn476Dbqe5/HwTE9amp2XLZccyXlHl/qrd/rn+Q/tTmdtiHOSPsgvrkEP0+RHNZ7AtPrSFudV8yGofSbWvsThqqZY41oqkZPYq2S5qw7Dw2K0T8xyMFJWZTR41d/zDiMAUlJl42jFJYZjZXMYvM86YafLaZHqQwsdLF9yL1cCtslHwK06c4hBUi25O5K6C+PZcqtuempVkm6k/r28Tr9W0yqaccGXXSvqv6XHAR7L/4IW2wuHovHPltfpibsRfz1JDXHHqVE9ydUq8QXP2qYealOLNB6BmSmVbkhp9ucKp38MEDLZkRcVgipZlJkvtHSL2k4eZSLkGUh87MD6xOoBl5BZkkWwUz0Dg4NaryTYutqrd0ph7AJdw8NFXuFghHzOWbhDpckcne031Cl3SVzIZ8HcBLasvkSGeWWREOpXAWzqzALCcF60sjB4tj8841Ahoc3AAfRpg0V3qYJ/5RZvOFmt5PZj2hCx1gS6ZgD4e1NOXFsOsl/ID79Ba0UppohTzNhD/ux9v73HvjtwA7/T9tTe7DBSw7/w36+e+/HLUG1fnvQaAw/08r8zd2789lwpu2guNJ5vx3t3v7NPbfkI826vW6cgzZIL2MXGIGLsxBMf9Psv5l+q+9iY8yA2X63+m1c/GfVq/bqvT/IWCf/ieb+WcN4nzuCfrKYbf+q4xQmU76kU5Aafy3m3//s9Vutyv9fwjQ8V/yR7oFpbtsRIibJtGjuhSQej4SnCQO5087U1V+LMSn2IAckMR8iL2QDAveCLNR9kZQhRVcL7quYd+nt6/ljeDoXYgDNRh5wxtiBh1znbGlOdLboHIRJoysvHh1dXoxTQ9POkTyRcR8Tdip/zchvq/vQJbq/5b/P+hU738+DOSupMWqq49HuTlFr2+HT/T9T6eudf61Dp5MqDtMgyd3f4UI+r6jB5F67NKJTnOJinKZRflWPnPZHTk0UNFEnVQpEVSJuhY3zJeYMbOxtWn3JdwB5fRfZWbc8wdgS/S/0+vnv//TO+pU+f8PAirNWAZCk0+82IjE1sJhQsPTlGCQExHxSwv2JQtzvLCR3EWEqoVGcvJ4fkb5RHwuErSwZt652qhd28Ri0fu/a6BYgi9tjdL0q/2KWReGp16rGamTopF59aOQcumgNuqnzWQi8J5W5iXPnmbZ6509DdUFzz5Ku1JkbTTHfkRqte2UUBv99nstl+Apy3JBl5TEd6goHUm8ZfkdSr6iYcvnJDEpxHGkklRl/qKsA4dJ0r0wpGnh8WU8Az9v1dz4Y+bjzKez5gqLsEtzFnu+25SkmycU1ovJb30q2qaMJgJK6cInV5s0e4XbwCt30NNoUh7rXatV1wXpV4fbVrttvfuyR9XeGlX9v8/FyDqqwrKsWi0TV5J+bRpaUlGqmpNWFb+0WvTKqv76qGjUfBvRIBHhzeujhS3ki53tlsos029dtrvi5+YdyNwbkMb7j9koYGOOI540St9y7HZfenLwSqPtZBVV3qSwEy30tNnpoafiH9iLhKiaGqKZSDZH/UbxP3MHr6CCCiqooIIKKqigggoqqKCCCiqooIIKKqigggoqyML/ATurESwAeAAA - values: - image: - tag: v1.3.0-dev diff --git a/controllers/provider-azure/hack/api-reference/api.json b/controllers/provider-azure/hack/api-reference/api.json deleted file mode 100644 index d50497d19..000000000 --- a/controllers/provider-azure/hack/api-reference/api.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "hideMemberFields": [ - "TypeMeta" - ], - "hideTypePatterns": [ - "ParseError$", - "List$" - ], - "externalPackages": [ - { - "typeMatchPrefix": "^k8s\\.io/(api|apimachinery/pkg/apis)/", - "docsURLTemplate": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#{{lower .TypeIdentifier}}-{{arrIndex .PackageSegments -1}}-{{arrIndex .PackageSegments -2}}" - } - ], - "typeDisplayNamePrefixOverrides": { - "k8s.io/api/": "Kubernetes ", - "k8s.io/apimachinery/pkg/apis/": "Kubernetes " - }, - "markdownDisabled": false -} diff --git a/controllers/provider-azure/hack/api-reference/api.md b/controllers/provider-azure/hack/api-reference/api.md deleted file mode 100644 index f7fc02f71..000000000 --- a/controllers/provider-azure/hack/api-reference/api.md +++ /dev/null @@ -1,985 +0,0 @@ -

Packages:

- -

azure.provider.extensions.gardener.cloud/v1alpha1

-

-

Package v1alpha1 contains the Azure provider API resources.

-

-Resource Types: - -

CloudProfileConfig -

-

-

CloudProfileConfig contains provider-specific configuration that is embedded into Gardener’s CloudProfile -resource.

-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -azure.provider.extensions.gardener.cloud/v1alpha1 - -
-kind
-string -		CloudProfileConfig
-countUpdateDomains
- - -[]DomainCount - - -		 -

CountUpdateDomains is list of update domain counts for each region.

-
-countFaultDomains
- - -[]DomainCount - - -		 -

CountFaultDomains is list of fault domain counts for each region.

-
-machineImages
- - -[]MachineImages - - -		 -

MachineImages is the list of machine images that are understood by the controller. It maps -logical names and versions to provider-specific identifiers.

-
-

ControlPlaneConfig -

-

-

ControlPlaneConfig contains configuration settings for the control plane.

-

- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -azure.provider.extensions.gardener.cloud/v1alpha1 - -
-kind
-string -		ControlPlaneConfig
-cloudControllerManager
- - -CloudControllerManagerConfig - - -		 -(Optional) -

CloudControllerManager contains configuration settings for the cloud-controller-manager.

-
-

InfrastructureConfig -

-

-

InfrastructureConfig infrastructure configuration resource

-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -azure.provider.extensions.gardener.cloud/v1alpha1 - -
-kind
-string -		InfrastructureConfig
-resourceGroup
- - -ResourceGroup - - -		 -(Optional) -

ResourceGroup is azure resource group.

-
-networks
- - -NetworkConfig - - -		 -

Networks is the network configuration (VNet, subnets, etc.).

-
-zoned
- -bool - -		 -(Optional) -

Zoned indicates whether the cluster uses availability zones.

-
-

WorkerStatus -

-

-

WorkerStatus contains information about created worker resources.

-

- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -azure.provider.extensions.gardener.cloud/v1alpha1 - -
-kind
-string -		WorkerStatus
-machineImages
- - -[]MachineImage - - -		 -(Optional) -

MachineImages is a list of machine images that have been used in this worker. Usually, the extension controller -gets the mapping from name/version to the provider-specific machine image data in its componentconfig. However, if -a version that is still in use gets removed from this componentconfig it cannot reconcile anymore existing Worker -resources that are still using this version. Hence, it stores the used versions in the provider status to ensure -reconciliation is possible.

-
-

AvailabilitySet -

-

-(Appears on: -InfrastructureStatus) -

-

-

AvailabilitySet contains information about the azure availability set

-

- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-purpose
- - -Purpose - - -		 -

Purpose is the purpose of the availability set

-
-id
- -string - -		 -

ID is the id of the availability set

-
-name
- -string - -		 -

Name is the name of the availability set

-
-

CloudControllerManagerConfig -

-

-(Appears on: -ControlPlaneConfig) -

-

-

CloudControllerManagerConfig contains configuration settings for the cloud-controller-manager.

-

- - - - - - - - - - - - - -
FieldDescription
-featureGates
- -map[string]bool - -		 -(Optional) -

FeatureGates contains information about enabled feature gates.

-
-

DomainCount -

-

-(Appears on: -CloudProfileConfig) -

-

-

DomainCount defines the region and the count for this domain count value.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-region
- -string - -		 -

Region is a region.

-
-count
- -int - -		 -

Count is the count value for the respective domain count.

-
-

InfrastructureStatus -

-

-

InfrastructureStatus contains information about created infrastructure resources.

-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-networks
- - -NetworkStatus - - -		 -

Networks is the status of the networks of the infrastructure.

-
-resourceGroup
- - -ResourceGroup - - -		 -

ResourceGroup is azure resource group

-
-availabilitySets
- - -[]AvailabilitySet - - -		 -

AvailabilitySets is a list of created availability sets

-
-routeTables
- - -[]RouteTable - - -		 -

AvailabilitySets is a list of created route tables

-
-securityGroups
- - -[]SecurityGroup - - -		 -

SecurityGroups is a list of created security groups

-
-zoned
- -bool - -		 -(Optional) -

Zoned indicates whether the cluster uses zones

-
-

MachineImage -

-

-(Appears on: -WorkerStatus) -

-

-

MachineImage is a mapping from logical names and versions to provider-specific machine image data.

-

- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -		 -

Name is the logical name of the machine image.

-
-version
- -string - -		 -

Version is the logical version of the machine image.

-
-urn
- -string - -		 -(Optional) -

URN is the uniform resource name, it has the format ‘publisher:offer:sku:version’

-
-

MachineImageVersion -

-

-(Appears on: -MachineImages) -

-

-

MachineImageVersion contains a version and a provider-specific identifier.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-version
- -string - -		 -

Version is the version of the image.

-
-urn
- -string - -		 -

URN is the identifier for the image.

-
-

MachineImages -

-

-(Appears on: -CloudProfileConfig) -

-

-

MachineImages is a mapping from logical names and versions to provider-specific identifiers.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -		 -

Name is the logical name of the machine image.

-
-versions
- - -[]MachineImageVersion - - -		 -

Versions contains versions and a provider-specific identifier.

-
-

NetworkConfig -

-

-(Appears on: -InfrastructureConfig) -

-

-

NetworkConfig holds information about the Kubernetes and infrastructure networks.

-

- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-vnet
- - -VNet - - -		 -

VNet indicates whether to use an existing VNet or create a new one.

-
-workers
- -string - -		 -

Workers is the worker subnet range to create (used for the VMs).

-
-serviceEndpoints
- -[]string - -		 -(Optional) -

ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the worker subnet.

-
-

NetworkStatus -

-

-(Appears on: -InfrastructureStatus) -

-

-

NetworkStatus is the current status of the infrastructure networks.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-vnet
- - -VNetStatus - - -		 -

VNetStatus states the name of the infrastructure VNet.

-
-subnets
- - -[]Subnet - - -		 -

Subnets are the subnets that have been created.

-
-

Purpose -(string alias)

-

-(Appears on: -AvailabilitySet, -RouteTable, -SecurityGroup, -Subnet) -

-

-

Purpose is a purpose of a subnet.

-

-

ResourceGroup -

-

-(Appears on: -InfrastructureConfig, -InfrastructureStatus) -

-

-

ResourceGroup is azure resource group

-

- - - - - - - - - - - - - -
FieldDescription
-name
- -string - -		 -

Name is the name of the resource group

-
-

RouteTable -

-

-(Appears on: -InfrastructureStatus) -

-

-

RouteTable is the azure route table

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-purpose
- - -Purpose - - -		 -

Purpose is the purpose of the route table

-
-name
- -string - -		 -

Name is the name of the route table

-
-

SecurityGroup -

-

-(Appears on: -InfrastructureStatus) -

-

-

SecurityGroup contains information about the security group

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-purpose
- - -Purpose - - -		 -

Purpose is the purpose of the security group

-
-name
- -string - -		 -

Name is the name of the security group

-
-

Subnet -

-

-(Appears on: -NetworkStatus) -

-

-

Subnet is a subnet that was created.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -		 -

Name is the name of the subnet.

-
-purpose
- - -Purpose - - -		 -

Purpose is the purpose for which the subnet was created.

-
-

VNet -

-

-(Appears on: -NetworkConfig) -

-

-

VNet contains information about the VNet and some related resources.

-

- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -		 -(Optional) -

Name is the name of an existing vNet which should be used.

-
-resourceGroup
- -string - -		 -(Optional) -

ResourceGroup is the resource group where the existing vNet blongs to.

-
-cidr
- -string - -		 -(Optional) -

CIDR is the VNet CIDR

-
-

VNetStatus -

-

-(Appears on: -NetworkStatus) -

-

-

VNetStatus contains the VNet name.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -		 -

Name is the VNet name.

-
-resourceGroup
- -string - -		 -(Optional) -

ResourceGroup is the resource group where the existing vNet belongs to.

-
-
diff --git a/controllers/provider-azure/hack/api-reference/config.json b/controllers/provider-azure/hack/api-reference/config.json deleted file mode 100644 index d27ff9914..000000000 --- a/controllers/provider-azure/hack/api-reference/config.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "hideMemberFields": [ - "TypeMeta" - ], - "hideTypePatterns": [ - "ParseError$", - "List$" - ], - "externalPackages": [ - { - "typeMatchPrefix": "^k8s\\.io/component-base/config/v1alpha1", - "docsURLTemplate": "https://godoc.org/k8s.io/component-base/config/v1alpha1#{{.TypeIdentifier}}" - }, - { - "typeMatchPrefix": "^k8s\\.io/apimachinery/pkg/api/resource\\.Quantity$", - "docsURLTemplate": "https://godoc.org/k8s.io/apimachinery/pkg/api/resource#Quantity" - }, - { - "typeMatchPrefix": "^k8s\\.io/(api|apimachinery/pkg/apis)/", - "docsURLTemplate": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#{{lower .TypeIdentifier}}-{{arrIndex .PackageSegments -1}}-{{arrIndex .PackageSegments -2}}" - }, - { - "typeMatchPrefix": "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config", - "docsURLTemplate": "https://github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config" - } - ], - "typeDisplayNamePrefixOverrides": { - "k8s.io/api/": "Kubernetes ", - "k8s.io/apimachinery/pkg/apis/": "Kubernetes ", - "k8s.io/component-base/config/": "Kubernetes " - }, - "markdownDisabled": false -} diff --git a/controllers/provider-azure/hack/api-reference/config.md b/controllers/provider-azure/hack/api-reference/config.md deleted file mode 100644 index ddac6fe24..000000000 --- a/controllers/provider-azure/hack/api-reference/config.md +++ /dev/null @@ -1,210 +0,0 @@ -

Packages:

- -

azure.provider.extensions.config.gardener.cloud/v1alpha1

-

-

Package v1alpha1 contains the Azure provider configuration API resources.

-

-Resource Types: - -

ControllerConfiguration -

-

-

ControllerConfiguration defines the configuration for the Azure provider.

-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -azure.provider.extensions.config.gardener.cloud/v1alpha1 - -
-kind
-string -		ControllerConfiguration
-clientConnection
- - -Kubernetes v1alpha1.ClientConnectionConfiguration - - -		 -(Optional) -

ClientConnection specifies the kubeconfig file and client connection -settings for the proxy server to use when communicating with the apiserver.

-
-etcd
- - -ETCD - - -		 -

ETCD is the etcd configuration.

-
-healthCheckConfig
- - -github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config/v1alpha1.HealthCheckConfig - - -		 -(Optional) -

HealthCheckConfig is the config for the health check controller

-
-

ETCD -

-

-(Appears on: -ControllerConfiguration) -

-

-

ETCD is an etcd configuration.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-storage
- - -ETCDStorage - - -		 -

ETCDStorage is the etcd storage configuration.

-
-backup
- - -ETCDBackup - - -		 -

ETCDBackup is the etcd backup configuration.

-
-

ETCDBackup -

-

-(Appears on: -ETCD) -

-

-

ETCDBackup is an etcd backup configuration.

-

- - - - - - - - - - - - - -
FieldDescription
-schedule
- -string - -		 -(Optional) -

Schedule is the etcd backup schedule.

-
-

ETCDStorage -

-

-(Appears on: -ETCD) -

-

-

ETCDStorage is an etcd storage configuration.

-

- - - - - - - - - - - - - - - - - -
FieldDescription
-className
- -string - -		 -(Optional) -

ClassName is the name of the storage class used in etcd-main volume claims.

-
-capacity
- - -k8s.io/apimachinery/pkg/api/resource.Quantity - - -		 -(Optional) -

Capacity is the storage capacity used in etcd-main volume claims.

-
-
diff --git a/controllers/provider-azure/hack/generate-code b/controllers/provider-azure/hack/generate-code deleted file mode 100755 index 7ed5fa5d3..000000000 --- a/controllers/provider-azure/hack/generate-code +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -rm -f $GOPATH/bin/*-gen - -PROJECT_ROOT=$(dirname $0)/../../.. - -bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ - deepcopy,defaulter \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/client \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - "azure:v1alpha1" \ - --go-header-file "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" - -bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ - conversion \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/client \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - "azure:v1alpha1" \ - --extra-peer-dirs=github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure,github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1,k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/apimachinery/pkg/conversion,k8s.io/apimachinery/pkg/runtime \ - --go-header-file "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" - -bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ - deepcopy,defaulter \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/client/componentconfig \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - "config:v1alpha1" \ - --go-header-file "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" - -bash "${PROJECT_ROOT}"/vendor/k8s.io/code-generator/generate-internal-groups.sh \ - conversion \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/client/componentconfig \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis \ - "config:v1alpha1" \ - --extra-peer-dirs=github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config,github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config/v1alpha1,k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/apimachinery/pkg/conversion,k8s.io/apimachinery/pkg/runtime, github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config/v1alpha1 \ - --go-header-file "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" diff --git a/controllers/provider-azure/pkg/apis/azure/doc.go b/controllers/provider-azure/pkg/apis/azure/doc.go deleted file mode 100644 index e38fa60ca..000000000 --- a/controllers/provider-azure/pkg/apis/azure/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +k8s:deepcopy-gen=package -// +groupName="azure.provider.extensions.gardener.cloud" - -//go:generate ../../../hack/generate-code Infrastructure:azure ControlPlane:azure - -package azure // import "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" diff --git a/controllers/provider-azure/pkg/apis/azure/helper/helper.go b/controllers/provider-azure/pkg/apis/azure/helper/helper.go deleted file mode 100644 index 6e10f5af3..000000000 --- a/controllers/provider-azure/pkg/apis/azure/helper/helper.go +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package helper - -import ( - "fmt" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" -) - -// FindSubnetByPurpose takes a list of subnets and tries to find the first entry -// whose purpose matches with the given purpose. If no such entry is found then an error will be -// returned. -func FindSubnetByPurpose(subnets []api.Subnet, purpose api.Purpose) (*api.Subnet, error) { - for _, subnet := range subnets { - if subnet.Purpose == purpose { - return &subnet, nil - } - } - return nil, fmt.Errorf("cannot find subnet with purpose %q", purpose) -} - -// FindSecurityGroupByPurpose takes a list of security groups and tries to find the first entry -// whose purpose matches with the given purpose. If no such entry is found then an error will be -// returned. -func FindSecurityGroupByPurpose(securityGroups []api.SecurityGroup, purpose api.Purpose) (*api.SecurityGroup, error) { - for _, securityGroup := range securityGroups { - if securityGroup.Purpose == purpose { - return &securityGroup, nil - } - } - return nil, fmt.Errorf("cannot find security group with purpose %q", purpose) -} - -// FindRouteTableByPurpose takes a list of route tables and tries to find the first entry -// whose purpose matches with the given purpose. If no such entry is found then an error will be -// returned. -func FindRouteTableByPurpose(routeTables []api.RouteTable, purpose api.Purpose) (*api.RouteTable, error) { - for _, routeTable := range routeTables { - if routeTable.Purpose == purpose { - return &routeTable, nil - } - } - return nil, fmt.Errorf("cannot find route table with purpose %q", purpose) -} - -// FindAvailabilitySetByPurpose takes a list of availability sets and tries to find the first entry -// whose purpose matches with the given purpose. If no such entry is found then an error will be -// returned. -func FindAvailabilitySetByPurpose(availabilitySets []api.AvailabilitySet, purpose api.Purpose) (*api.AvailabilitySet, error) { - for _, availabilitySet := range availabilitySets { - if availabilitySet.Purpose == purpose { - return &availabilitySet, nil - } - } - return nil, fmt.Errorf("cannot find availability set with purpose %q", purpose) -} - -// FindMachineImage takes a list of machine images and tries to find the first entry -// whose name, version, and zone matches with the given name, version, and zone. If no such entry is -// found then an error will be returned. -func FindMachineImage(machineImages []api.MachineImage, name, version string) (*api.MachineImage, error) { - for _, machineImage := range machineImages { - if machineImage.Name == name && machineImage.Version == version { - return &machineImage, nil - } - } - return nil, fmt.Errorf("no machine image with name %q, version %q found", name, version) -} - -// FindDomainCountByRegion takes a region and the domain counts and finds the count for the given region. -func FindDomainCountByRegion(domainCounts []api.DomainCount, region string) (int, error) { - for _, domainCount := range domainCounts { - if domainCount.Region == region { - return domainCount.Count, nil - } - } - return 0, fmt.Errorf("could not find a domain count for region %s", region) -} - -// FindImageFromCloudProfile takes a list of machine images, and the desired image name and version. It tries -// to find the image with the given name and version. If it cannot be found then an error -// is returned. -func FindImageFromCloudProfile(cloudProfileConfig *api.CloudProfileConfig, imageName, imageVersion string) (*api.MachineImage, error) { - if cloudProfileConfig != nil { - for _, machineImage := range cloudProfileConfig.MachineImages { - if machineImage.Name != imageName { - continue - } - for _, version := range machineImage.Versions { - if imageVersion == version.Version { - urn := version.URN - return &api.MachineImage{ - Name: imageName, - Version: version.Version, - URN: &urn, - }, nil - } - } - } - } - - return nil, fmt.Errorf("could not find an image for name %q in version %q", imageName, imageVersion) -} diff --git a/controllers/provider-azure/pkg/apis/azure/helper/helper_suite_test.go b/controllers/provider-azure/pkg/apis/azure/helper/helper_suite_test.go deleted file mode 100644 index c55991e5e..000000000 --- a/controllers/provider-azure/pkg/apis/azure/helper/helper_suite_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package helper_test - -import ( - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func TestHelper(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure API Helper Suite") -} diff --git a/controllers/provider-azure/pkg/apis/azure/helper/helper_test.go b/controllers/provider-azure/pkg/apis/azure/helper/helper_test.go deleted file mode 100644 index d6d41c2d2..000000000 --- a/controllers/provider-azure/pkg/apis/azure/helper/helper_test.go +++ /dev/null @@ -1,155 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package helper_test - -import ( - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - . "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/ginkgo/extensions/table" - . "github.com/onsi/gomega" -) - -var ( - profileURN = "publisher:offer:sku:1.2.4" -) - -var _ = Describe("Helper", func() { - var ( - purpose api.Purpose = "foo" - purposeWrong api.Purpose = "baz" - urn string = "publisher:offer:sku:version" - ) - - DescribeTable("#FindSubnetByPurpose", - func(subnets []api.Subnet, purpose api.Purpose, expectedSubnet *api.Subnet, expectErr bool) { - subnet, err := FindSubnetByPurpose(subnets, purpose) - expectResults(subnet, expectedSubnet, err, expectErr) - }, - - Entry("list is nil", nil, purpose, nil, true), - Entry("empty list", []api.Subnet{}, purpose, nil, true), - Entry("entry not found", []api.Subnet{{Name: "bar", Purpose: purposeWrong}}, purpose, nil, true), - Entry("entry exists", []api.Subnet{{Name: "bar", Purpose: purpose}}, purpose, &api.Subnet{Name: "bar", Purpose: purpose}, false), - ) - - DescribeTable("#FindSecurityGroupByPurpose", - func(securityGroups []api.SecurityGroup, purpose api.Purpose, expectedSecurityGroup *api.SecurityGroup, expectErr bool) { - securityGroup, err := FindSecurityGroupByPurpose(securityGroups, purpose) - expectResults(securityGroup, expectedSecurityGroup, err, expectErr) - }, - - Entry("list is nil", nil, purpose, nil, true), - Entry("empty list", []api.SecurityGroup{}, purpose, nil, true), - Entry("entry not found", []api.SecurityGroup{{Name: "bar", Purpose: purposeWrong}}, purpose, nil, true), - Entry("entry exists", []api.SecurityGroup{{Name: "bar", Purpose: purpose}}, purpose, &api.SecurityGroup{Name: "bar", Purpose: purpose}, false), - ) - - DescribeTable("#FindRouteTableByPurpose", - func(routeTables []api.RouteTable, purpose api.Purpose, expectedRouteTable *api.RouteTable, expectErr bool) { - routeTable, err := FindRouteTableByPurpose(routeTables, purpose) - expectResults(routeTable, expectedRouteTable, err, expectErr) - }, - - Entry("list is nil", nil, purpose, nil, true), - Entry("empty list", []api.RouteTable{}, purpose, nil, true), - Entry("entry not found", []api.RouteTable{{Name: "bar", Purpose: purposeWrong}}, purpose, nil, true), - Entry("entry exists", []api.RouteTable{{Name: "bar", Purpose: purpose}}, purpose, &api.RouteTable{Name: "bar", Purpose: purpose}, false), - ) - - DescribeTable("#FindAvailabilitySetByPurpose", - func(availabilitySets []api.AvailabilitySet, purpose api.Purpose, expectedAvailabilitySet *api.AvailabilitySet, expectErr bool) { - availabilitySet, err := FindAvailabilitySetByPurpose(availabilitySets, purpose) - expectResults(availabilitySet, expectedAvailabilitySet, err, expectErr) - }, - - Entry("list is nil", nil, purpose, nil, true), - Entry("empty list", []api.AvailabilitySet{}, purpose, nil, true), - Entry("entry not found", []api.AvailabilitySet{{ID: "bar", Purpose: purposeWrong}}, purpose, nil, true), - Entry("entry exists", []api.AvailabilitySet{{ID: "bar", Purpose: purpose}}, purpose, &api.AvailabilitySet{ID: "bar", Purpose: purpose}, false), - ) - - DescribeTable("#FindMachineImage", - func(machineImages []api.MachineImage, name, version string, expectedMachineImage *api.MachineImage, expectErr bool) { - machineImage, err := FindMachineImage(machineImages, name, version) - expectResults(machineImage, expectedMachineImage, err, expectErr) - }, - - Entry("list is nil", nil, "foo", "1.2.3", nil, true), - Entry("empty list", []api.MachineImage{}, "foo", "1.2.3", nil, true), - Entry("entry not found (no name)", []api.MachineImage{{Name: "bar", Version: "1.2.3", URN: &urn}}, "foo", "1.2.3", nil, true), - Entry("entry not found (no version)", []api.MachineImage{{Name: "bar", Version: "1.2.3", URN: &urn}}, "bar", "1.2.4", nil, true), - Entry("entry exists", []api.MachineImage{{Name: "bar", Version: "1.2.3", URN: &urn}}, "bar", "1.2.3", &api.MachineImage{Name: "bar", Version: "1.2.3", URN: &urn}, false), - ) - - DescribeTable("#FindDomainCountByRegion", - func(domainCounts []api.DomainCount, region string, expectedCount int, expectErr bool) { - count, err := FindDomainCountByRegion(domainCounts, region) - expectResults(count, expectedCount, err, expectErr) - }, - - Entry("list is nil", nil, "foo", 0, true), - Entry("empty list", []api.DomainCount{}, "foo", 0, true), - Entry("entry not found", []api.DomainCount{{Region: "bar", Count: 1}}, "foo", 0, true), - Entry("entry exists", []api.DomainCount{{Region: "bar", Count: 1}}, "bar", 1, false), - ) - - DescribeTable("#FindImage", - func(profileImages []api.MachineImages, imageName, version string, expectedImage *api.MachineImage) { - cfg := &api.CloudProfileConfig{} - cfg.MachineImages = profileImages - image, err := FindImageFromCloudProfile(cfg, imageName, version) - - Expect(image).To(Equal(expectedImage)) - if expectedImage != nil { - Expect(err).NotTo(HaveOccurred()) - } else { - Expect(err).To(HaveOccurred()) - } - }, - - Entry("list is nil", nil, "ubuntu", "1", nil), - - Entry("profile empty list", []api.MachineImages{}, "ubuntu", "1", nil), - Entry("profile entry not found (image does not exist)", makeProfileMachineImages("debian", "1"), "ubuntu", "1", nil), - Entry("profile entry not found (version does not exist)", makeProfileMachineImages("ubuntu", "2"), "ubuntu", "1", nil), - Entry("profile entry", makeProfileMachineImages("ubuntu", "1"), "ubuntu", "1", &api.MachineImage{Name: "ubuntu", Version: "1", URN: &profileURN}), - ) -}) - -func makeProfileMachineImages(name, version string) []api.MachineImages { - return []api.MachineImages{ - { - Name: name, - Versions: []api.MachineImageVersion{ - { - Version: version, - URN: profileURN, - }, - }, - }, - } -} - -func expectResults(result, expected interface{}, err error, expectErr bool) { - if !expectErr { - Expect(result).To(Equal(expected)) - Expect(err).NotTo(HaveOccurred()) - } else { - Expect(result).To(BeZero()) - Expect(err).To(HaveOccurred()) - } -} diff --git a/controllers/provider-azure/pkg/apis/azure/helper/scheme.go b/controllers/provider-azure/pkg/apis/azure/helper/scheme.go deleted file mode 100644 index 0b54f9f4d..000000000 --- a/controllers/provider-azure/pkg/apis/azure/helper/scheme.go +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package helper - -import ( - "fmt" - - "github.com/pkg/errors" - - "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/util" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/install" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var ( - // Scheme is a scheme with the types relevant for OpenStack actuators. - Scheme *runtime.Scheme - - decoder runtime.Decoder -) - -func init() { - Scheme = runtime.NewScheme() - utilruntime.Must(install.AddToScheme(Scheme)) - - decoder = serializer.NewCodecFactory(Scheme).UniversalDecoder() -} - -// InfrastructureConfigFromInfrastructure extracts the InfrastructureConfig from the -// ProviderConfig section of the given Infrastructure. -func InfrastructureConfigFromInfrastructure(infra *extensionsv1alpha1.Infrastructure) (*api.InfrastructureConfig, error) { - config := &api.InfrastructureConfig{} - if infra.Spec.ProviderConfig != nil && infra.Spec.ProviderConfig.Raw != nil { - if _, _, err := decoder.Decode(infra.Spec.ProviderConfig.Raw, nil, config); err != nil { - return nil, err - } - return config, nil - } - return nil, fmt.Errorf("provider config is not set on the infrastructure resource") -} - -// CloudProfileConfigFromCluster decodes the provider specific cloud profile configuration for a cluster -func CloudProfileConfigFromCluster(cluster *controller.Cluster) (*api.CloudProfileConfig, error) { - var cloudProfileConfig *api.CloudProfileConfig - if cluster != nil && cluster.CloudProfile != nil && cluster.CloudProfile.Spec.ProviderConfig != nil && cluster.CloudProfile.Spec.ProviderConfig.Raw != nil { - cloudProfileConfig = &api.CloudProfileConfig{} - if _, _, err := decoder.Decode(cluster.CloudProfile.Spec.ProviderConfig.Raw, nil, cloudProfileConfig); err != nil { - return nil, errors.Wrapf(err, "could not decode providerConfig of cloudProfile for '%s'", util.ObjectName(cluster.CloudProfile)) - } - } - return cloudProfileConfig, nil -} diff --git a/controllers/provider-azure/pkg/apis/azure/install/install.go b/controllers/provider-azure/pkg/apis/azure/install/install.go deleted file mode 100644 index b6f44f14d..000000000 --- a/controllers/provider-azure/pkg/apis/azure/install/install.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package install - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" - - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var ( - schemeBuilder = runtime.NewSchemeBuilder( - v1alpha1.AddToScheme, - azure.AddToScheme, - setVersionPriority, - ) - - // AddToScheme adds all APIs to the scheme. - AddToScheme = schemeBuilder.AddToScheme -) - -func setVersionPriority(scheme *runtime.Scheme) error { - return scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion) -} - -// Install installs all APIs in the scheme. -func Install(scheme *runtime.Scheme) { - utilruntime.Must(AddToScheme(scheme)) -} diff --git a/controllers/provider-azure/pkg/apis/azure/register.go b/controllers/provider-azure/pkg/apis/azure/register.go deleted file mode 100644 index 15e910166..000000000 --- a/controllers/provider-azure/pkg/apis/azure/register.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "azure.provider.extensions.gardener.cloud" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // schemeBuilder used to register the Shoot resource. - schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a pointer to schemeBuilder.AddToScheme. - AddToScheme = schemeBuilder.AddToScheme -) - -// Adds the list of known types to api.Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &CloudProfileConfig{}, - &InfrastructureConfig{}, - &InfrastructureStatus{}, - &ControlPlaneConfig{}, - &WorkerStatus{}, - ) - return nil -} diff --git a/controllers/provider-azure/pkg/apis/azure/types_cloudprofile.go b/controllers/provider-azure/pkg/apis/azure/types_cloudprofile.go deleted file mode 100644 index 2271376d6..000000000 --- a/controllers/provider-azure/pkg/apis/azure/types_cloudprofile.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CloudProfileConfig contains provider-specific configuration that is embedded into Gardener's `CloudProfile` -// resource. -type CloudProfileConfig struct { - metav1.TypeMeta - // CountUpdateDomains is list of update domain counts for each region. - CountUpdateDomains []DomainCount - // CountFaultDomains is list of fault domain counts for each region. - CountFaultDomains []DomainCount - // MachineImages is the list of machine images that are understood by the controller. It maps - // logical names and versions to provider-specific identifiers. - MachineImages []MachineImages -} - -// DomainCount defines the region and the count for this domain count value. -type DomainCount struct { - // Region is a region. - Region string - // Count is the count value for the respective domain count. - Count int -} - -// MachineImages is a mapping from logical names and versions to provider-specific identifiers. -type MachineImages struct { - // Name is the logical name of the machine image. - Name string `json:"name"` - // Versions contains versions and a provider-specific identifier. - Versions []MachineImageVersion `json:"versions"` -} - -// MachineImageVersion contains a version and a provider-specific identifier. -type MachineImageVersion struct { - // Version is the version of the image. - Version string `json:"version"` - // URN is the identifier for the image. - URN string `json:"urn"` -} diff --git a/controllers/provider-azure/pkg/apis/azure/types_controlplane.go b/controllers/provider-azure/pkg/apis/azure/types_controlplane.go deleted file mode 100644 index 4d1e32fbc..000000000 --- a/controllers/provider-azure/pkg/apis/azure/types_controlplane.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControlPlaneConfig contains configuration settings for the control plane. -type ControlPlaneConfig struct { - metav1.TypeMeta - - // CloudControllerManager contains configuration settings for the cloud-controller-manager. - // +optional - CloudControllerManager *CloudControllerManagerConfig -} - -// CloudControllerManagerConfig contains configuration settings for the cloud-controller-manager. -type CloudControllerManagerConfig struct { - // FeatureGates contains information about enabled feature gates. - FeatureGates map[string]bool -} diff --git a/controllers/provider-azure/pkg/apis/azure/types_infrastructure.go b/controllers/provider-azure/pkg/apis/azure/types_infrastructure.go deleted file mode 100644 index 8aa14828f..000000000 --- a/controllers/provider-azure/pkg/apis/azure/types_infrastructure.go +++ /dev/null @@ -1,137 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InfrastructureConfig infrastructure configuration resource -type InfrastructureConfig struct { - metav1.TypeMeta - // ResourceGroup is azure resource group - ResourceGroup *ResourceGroup - // Networks is the network configuration (VNets, subnets, etc.) - Networks NetworkConfig - // Zoned indicates whether the cluster uses zones - Zoned bool -} - -// ResourceGroup is azure resource group -type ResourceGroup struct { - // Name is the name of the resource group - Name string -} - -// NetworkConfig holds information about the Kubernetes and infrastructure networks. -type NetworkConfig struct { - // VNet indicates whether to use an existing VNet or create a new one. - VNet VNet - // Workers is the worker subnet range to create (used for the VMs). - Workers string - // ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the worker subnet. - ServiceEndpoints []string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InfrastructureStatus contains information about created infrastructure resources. -type InfrastructureStatus struct { - metav1.TypeMeta - // Networks is the status of the networks of the infrastructure. - Networks NetworkStatus - // ResourceGroup is azure resource group - ResourceGroup ResourceGroup - // AvailabilitySets is a list of created availability sets - AvailabilitySets []AvailabilitySet - // AvailabilitySets is a list of created route tables - RouteTables []RouteTable - // SecurityGroups is a list of created security groups - SecurityGroups []SecurityGroup - // Zoned indicates whether the cluster uses zones - Zoned bool -} - -// NetworkStatus is the current status of the infrastructure networks. -type NetworkStatus struct { - // VNet states the name of the infrastructure VNet. - VNet VNetStatus - // Subnets are the subnets that have been created. - Subnets []Subnet -} - -// Purpose is a purpose of a subnet. -type Purpose string - -const ( - // PurposeNodes is a Purpose for nodes. - PurposeNodes Purpose = "nodes" - // PurposeInternal is a Purpose for internal use. - PurposeInternal Purpose = "internal" -) - -// Subnet is a subnet that was created. -type Subnet struct { - // Name is the name of the subnet. - Name string - // Purpose is the purpose for which the subnet was created. - Purpose Purpose -} - -// AvailabilitySet contains information about the azure availability set -type AvailabilitySet struct { - // Purpose is the purpose of the availability set - Purpose Purpose - // ID is the id of the availability set - ID string - // Name is the name of the availability set - Name string -} - -// RouteTable is the azure route table -type RouteTable struct { - // Purpose is the purpose of the route table - Purpose Purpose - // Name is the name of the route table - Name string -} - -// SecurityGroup contains information about the security group -type SecurityGroup struct { - // Purpose is the purpose of the security group - Purpose Purpose - // Name is the name of the security group - Name string -} - -// VNet contains information about the VNet and some related resources. -type VNet struct { - // Name is the VNet name. - Name *string - // ResourceGroup is the resource group where the existing vNet belongs to. - ResourceGroup *string - // CIDR is the VNet CIDR - CIDR *string -} - -// VNetStatus contains the VNet name. -type VNetStatus struct { - // Name is the VNet name. - Name string - // ResourceGroup is the resource group where the existing vNet belongs to. - ResourceGroup *string -} diff --git a/controllers/provider-azure/pkg/apis/azure/types_worker.go b/controllers/provider-azure/pkg/apis/azure/types_worker.go deleted file mode 100644 index 9534373c0..000000000 --- a/controllers/provider-azure/pkg/apis/azure/types_worker.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// WorkerStatus contains information about created worker resources. -type WorkerStatus struct { - metav1.TypeMeta - - // MachineImages is a list of machine images that have been used in this worker. Usually, the extension controller - // gets the mapping from name/version to the provider-specific machine image data in its componentconfig. However, if - // a version that is still in use gets removed from this componentconfig it cannot reconcile anymore existing `Worker` - // resources that are still using this version. Hence, it stores the used versions in the provider status to ensure - // reconciliation is possible. - MachineImages []MachineImage -} - -// MachineImage is a mapping from logical names and versions to provider-specific machine image data. -type MachineImage struct { - // Name is the logical name of the machine image. - Name string - // Version is the logical version of the machine image. - Version string - // URN is the uniform resource name, it has the format 'publisher:offer:sku:version' - URN *string -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/defaults.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/defaults.go deleted file mode 100644 index 8b665d270..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/defaults.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/doc.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/doc.go deleted file mode 100644 index 6f1d50720..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -//go:generate gen-crd-api-reference-docs -api-dir . -config ../../../../hack/api-reference/api.json -template-dir ../../../../../../hack/api-reference/template -out-file ../../../../hack/api-reference/api.md - -// Package v1alpha1 contains the Azure provider API resources. -// +groupName=azure.provider.extensions.gardener.cloud -package v1alpha1 // import "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/register.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/register.go deleted file mode 100644 index 4c856dc83..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/register.go +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "azure.provider.extensions.gardener.cloud" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = runtime.NewSchemeBuilder(addDefaultingFuncs, addKnownTypes) - // AddToScheme is a pointer to SchemeBuilder.AddToScheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -// Adds the list of known types to api.Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &CloudProfileConfig{}, - &InfrastructureConfig{}, - &InfrastructureStatus{}, - &ControlPlaneConfig{}, - &WorkerStatus{}, - ) - return nil -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_cloudprofile.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_cloudprofile.go deleted file mode 100644 index 2f9d4bf9d..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_cloudprofile.go +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CloudProfileConfig contains provider-specific configuration that is embedded into Gardener's `CloudProfile` -// resource. -type CloudProfileConfig struct { - metav1.TypeMeta `json:",inline"` - // CountUpdateDomains is list of update domain counts for each region. - CountUpdateDomains []DomainCount `json:"countUpdateDomains"` - // CountFaultDomains is list of fault domain counts for each region. - CountFaultDomains []DomainCount `json:"countFaultDomains"` - // MachineImages is the list of machine images that are understood by the controller. It maps - // logical names and versions to provider-specific identifiers. - MachineImages []MachineImages `json:"machineImages"` -} - -// DomainCount defines the region and the count for this domain count value. -type DomainCount struct { - // Region is a region. - Region string `json:"region"` - // Count is the count value for the respective domain count. - Count int `json:"count"` -} - -// MachineImages is a mapping from logical names and versions to provider-specific identifiers. -type MachineImages struct { - // Name is the logical name of the machine image. - Name string `json:"name"` - // Versions contains versions and a provider-specific identifier. - Versions []MachineImageVersion `json:"versions"` -} - -// MachineImageVersion contains a version and a provider-specific identifier. -type MachineImageVersion struct { - // Version is the version of the image. - Version string `json:"version"` - // URN is the identifier for the image. - URN string `json:"urn"` -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_controlplane.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_controlplane.go deleted file mode 100644 index 70d855e88..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_controlplane.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControlPlaneConfig contains configuration settings for the control plane. -type ControlPlaneConfig struct { - metav1.TypeMeta `json:",inline"` - - // CloudControllerManager contains configuration settings for the cloud-controller-manager. - // +optional - CloudControllerManager *CloudControllerManagerConfig `json:"cloudControllerManager,omitempty"` -} - -// CloudControllerManagerConfig contains configuration settings for the cloud-controller-manager. -type CloudControllerManagerConfig struct { - // FeatureGates contains information about enabled feature gates. - // +optional - FeatureGates map[string]bool `json:"featureGates,omitempty"` -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_infrastructure.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_infrastructure.go deleted file mode 100644 index e4862fd12..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_infrastructure.go +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InfrastructureConfig infrastructure configuration resource -type InfrastructureConfig struct { - metav1.TypeMeta `json:",inline"` - // ResourceGroup is azure resource group. - // +optional - ResourceGroup *ResourceGroup `json:"resourceGroup,omitempty"` - // Networks is the network configuration (VNet, subnets, etc.). - Networks NetworkConfig `json:"networks"` - // Zoned indicates whether the cluster uses availability zones. - // +optional - Zoned bool `json:"zoned,omitempty"` -} - -// ResourceGroup is azure resource group -type ResourceGroup struct { - // Name is the name of the resource group - Name string `json:"name"` -} - -// NetworkConfig holds information about the Kubernetes and infrastructure networks. -type NetworkConfig struct { - // VNet indicates whether to use an existing VNet or create a new one. - VNet VNet `json:"vnet"` - // Workers is the worker subnet range to create (used for the VMs). - Workers string `json:"workers"` - // ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the worker subnet. - // +optional - ServiceEndpoints []string `json:"serviceEndpoints,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InfrastructureStatus contains information about created infrastructure resources. -type InfrastructureStatus struct { - metav1.TypeMeta `json:",inline"` - // Networks is the status of the networks of the infrastructure. - Networks NetworkStatus `json:"networks"` - // ResourceGroup is azure resource group - ResourceGroup ResourceGroup `json:"resourceGroup"` - // AvailabilitySets is a list of created availability sets - AvailabilitySets []AvailabilitySet `json:"availabilitySets"` - // AvailabilitySets is a list of created route tables - RouteTables []RouteTable `json:"routeTables"` - // SecurityGroups is a list of created security groups - SecurityGroups []SecurityGroup `json:"securityGroups"` - // Zoned indicates whether the cluster uses zones - // +optional - Zoned bool `json:"zoned,omitempty"` -} - -// NetworkStatus is the current status of the infrastructure networks. -type NetworkStatus struct { - // VNetStatus states the name of the infrastructure VNet. - VNet VNetStatus `json:"vnet"` - - // Subnets are the subnets that have been created. - Subnets []Subnet `json:"subnets"` -} - -// Purpose is a purpose of a subnet. -type Purpose string - -const ( - // PurposeNodes is a Purpose for nodes. - PurposeNodes Purpose = "nodes" - // PurposeInternal is a Purpose for internal use. - PurposeInternal Purpose = "internal" -) - -// Subnet is a subnet that was created. -type Subnet struct { - // Name is the name of the subnet. - Name string `json:"name"` - // Purpose is the purpose for which the subnet was created. - Purpose Purpose `json:"purpose"` -} - -// AvailabilitySet contains information about the azure availability set -type AvailabilitySet struct { - // Purpose is the purpose of the availability set - Purpose Purpose `json:"purpose"` - // ID is the id of the availability set - ID string `json:"id"` - // Name is the name of the availability set - Name string `json:"name"` -} - -// RouteTable is the azure route table -type RouteTable struct { - // Purpose is the purpose of the route table - Purpose Purpose `json:"purpose"` - // Name is the name of the route table - Name string `json:"name"` -} - -// SecurityGroup contains information about the security group -type SecurityGroup struct { - // Purpose is the purpose of the security group - Purpose Purpose `json:"purpose"` - // Name is the name of the security group - Name string `json:"name"` -} - -// VNet contains information about the VNet and some related resources. -type VNet struct { - // Name is the name of an existing vNet which should be used. - // +optional - Name *string `json:"name,omitempty"` - // ResourceGroup is the resource group where the existing vNet blongs to. - // +optional - ResourceGroup *string `json:"resourceGroup,omitempty"` - // CIDR is the VNet CIDR - // +optional - CIDR *string `json:"cidr,omitempty"` -} - -// VNetStatus contains the VNet name. -type VNetStatus struct { - // Name is the VNet name. - Name string `json:"name"` - // ResourceGroup is the resource group where the existing vNet belongs to. - // +optional - ResourceGroup *string `json:"resourceGroup,omitempty"` -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_worker.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_worker.go deleted file mode 100644 index 1809a0dce..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/types_worker.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// WorkerStatus contains information about created worker resources. -type WorkerStatus struct { - metav1.TypeMeta `json:",inline"` - - // MachineImages is a list of machine images that have been used in this worker. Usually, the extension controller - // gets the mapping from name/version to the provider-specific machine image data in its componentconfig. However, if - // a version that is still in use gets removed from this componentconfig it cannot reconcile anymore existing `Worker` - // resources that are still using this version. Hence, it stores the used versions in the provider status to ensure - // reconciliation is possible. - // +optional - MachineImages []MachineImage `json:"machineImages,omitempty"` -} - -// MachineImage is a mapping from logical names and versions to provider-specific machine image data. -type MachineImage struct { - // Name is the logical name of the machine image. - Name string `json:"name"` - // Version is the logical version of the machine image. - Version string `json:"version"` - // URN is the uniform resource name, it has the format 'publisher:offer:sku:version' - // +optional - URN *string `json:"urn,omitempty"` -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.conversion.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index f4b71dc11..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,679 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - azure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*AvailabilitySet)(nil), (*azure.AvailabilitySet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AvailabilitySet_To_azure_AvailabilitySet(a.(*AvailabilitySet), b.(*azure.AvailabilitySet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.AvailabilitySet)(nil), (*AvailabilitySet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_AvailabilitySet_To_v1alpha1_AvailabilitySet(a.(*azure.AvailabilitySet), b.(*AvailabilitySet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*CloudControllerManagerConfig)(nil), (*azure.CloudControllerManagerConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CloudControllerManagerConfig_To_azure_CloudControllerManagerConfig(a.(*CloudControllerManagerConfig), b.(*azure.CloudControllerManagerConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.CloudControllerManagerConfig)(nil), (*CloudControllerManagerConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManagerConfig(a.(*azure.CloudControllerManagerConfig), b.(*CloudControllerManagerConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*CloudProfileConfig)(nil), (*azure.CloudProfileConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CloudProfileConfig_To_azure_CloudProfileConfig(a.(*CloudProfileConfig), b.(*azure.CloudProfileConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.CloudProfileConfig)(nil), (*CloudProfileConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_CloudProfileConfig_To_v1alpha1_CloudProfileConfig(a.(*azure.CloudProfileConfig), b.(*CloudProfileConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ControlPlaneConfig)(nil), (*azure.ControlPlaneConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ControlPlaneConfig_To_azure_ControlPlaneConfig(a.(*ControlPlaneConfig), b.(*azure.ControlPlaneConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.ControlPlaneConfig)(nil), (*ControlPlaneConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_ControlPlaneConfig_To_v1alpha1_ControlPlaneConfig(a.(*azure.ControlPlaneConfig), b.(*ControlPlaneConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*DomainCount)(nil), (*azure.DomainCount)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_DomainCount_To_azure_DomainCount(a.(*DomainCount), b.(*azure.DomainCount), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.DomainCount)(nil), (*DomainCount)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_DomainCount_To_v1alpha1_DomainCount(a.(*azure.DomainCount), b.(*DomainCount), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*InfrastructureConfig)(nil), (*azure.InfrastructureConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_InfrastructureConfig_To_azure_InfrastructureConfig(a.(*InfrastructureConfig), b.(*azure.InfrastructureConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.InfrastructureConfig)(nil), (*InfrastructureConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_InfrastructureConfig_To_v1alpha1_InfrastructureConfig(a.(*azure.InfrastructureConfig), b.(*InfrastructureConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*InfrastructureStatus)(nil), (*azure.InfrastructureStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_InfrastructureStatus_To_azure_InfrastructureStatus(a.(*InfrastructureStatus), b.(*azure.InfrastructureStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.InfrastructureStatus)(nil), (*InfrastructureStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_InfrastructureStatus_To_v1alpha1_InfrastructureStatus(a.(*azure.InfrastructureStatus), b.(*InfrastructureStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*MachineImage)(nil), (*azure.MachineImage)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_MachineImage_To_azure_MachineImage(a.(*MachineImage), b.(*azure.MachineImage), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.MachineImage)(nil), (*MachineImage)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_MachineImage_To_v1alpha1_MachineImage(a.(*azure.MachineImage), b.(*MachineImage), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*MachineImageVersion)(nil), (*azure.MachineImageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_MachineImageVersion_To_azure_MachineImageVersion(a.(*MachineImageVersion), b.(*azure.MachineImageVersion), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.MachineImageVersion)(nil), (*MachineImageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_MachineImageVersion_To_v1alpha1_MachineImageVersion(a.(*azure.MachineImageVersion), b.(*MachineImageVersion), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*MachineImages)(nil), (*azure.MachineImages)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_MachineImages_To_azure_MachineImages(a.(*MachineImages), b.(*azure.MachineImages), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.MachineImages)(nil), (*MachineImages)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_MachineImages_To_v1alpha1_MachineImages(a.(*azure.MachineImages), b.(*MachineImages), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*NetworkConfig)(nil), (*azure.NetworkConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_NetworkConfig_To_azure_NetworkConfig(a.(*NetworkConfig), b.(*azure.NetworkConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.NetworkConfig)(nil), (*NetworkConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_NetworkConfig_To_v1alpha1_NetworkConfig(a.(*azure.NetworkConfig), b.(*NetworkConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*NetworkStatus)(nil), (*azure.NetworkStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_NetworkStatus_To_azure_NetworkStatus(a.(*NetworkStatus), b.(*azure.NetworkStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.NetworkStatus)(nil), (*NetworkStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_NetworkStatus_To_v1alpha1_NetworkStatus(a.(*azure.NetworkStatus), b.(*NetworkStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ResourceGroup)(nil), (*azure.ResourceGroup)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceGroup_To_azure_ResourceGroup(a.(*ResourceGroup), b.(*azure.ResourceGroup), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.ResourceGroup)(nil), (*ResourceGroup)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_ResourceGroup_To_v1alpha1_ResourceGroup(a.(*azure.ResourceGroup), b.(*ResourceGroup), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*RouteTable)(nil), (*azure.RouteTable)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RouteTable_To_azure_RouteTable(a.(*RouteTable), b.(*azure.RouteTable), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.RouteTable)(nil), (*RouteTable)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_RouteTable_To_v1alpha1_RouteTable(a.(*azure.RouteTable), b.(*RouteTable), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*SecurityGroup)(nil), (*azure.SecurityGroup)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_SecurityGroup_To_azure_SecurityGroup(a.(*SecurityGroup), b.(*azure.SecurityGroup), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.SecurityGroup)(nil), (*SecurityGroup)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_SecurityGroup_To_v1alpha1_SecurityGroup(a.(*azure.SecurityGroup), b.(*SecurityGroup), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Subnet)(nil), (*azure.Subnet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Subnet_To_azure_Subnet(a.(*Subnet), b.(*azure.Subnet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.Subnet)(nil), (*Subnet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_Subnet_To_v1alpha1_Subnet(a.(*azure.Subnet), b.(*Subnet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*VNet)(nil), (*azure.VNet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VNet_To_azure_VNet(a.(*VNet), b.(*azure.VNet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.VNet)(nil), (*VNet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_VNet_To_v1alpha1_VNet(a.(*azure.VNet), b.(*VNet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*VNetStatus)(nil), (*azure.VNetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VNetStatus_To_azure_VNetStatus(a.(*VNetStatus), b.(*azure.VNetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.VNetStatus)(nil), (*VNetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_VNetStatus_To_v1alpha1_VNetStatus(a.(*azure.VNetStatus), b.(*VNetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*WorkerStatus)(nil), (*azure.WorkerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_WorkerStatus_To_azure_WorkerStatus(a.(*WorkerStatus), b.(*azure.WorkerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*azure.WorkerStatus)(nil), (*WorkerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_azure_WorkerStatus_To_v1alpha1_WorkerStatus(a.(*azure.WorkerStatus), b.(*WorkerStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_AvailabilitySet_To_azure_AvailabilitySet(in *AvailabilitySet, out *azure.AvailabilitySet, s conversion.Scope) error { - out.Purpose = azure.Purpose(in.Purpose) - out.ID = in.ID - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_AvailabilitySet_To_azure_AvailabilitySet is an autogenerated conversion function. -func Convert_v1alpha1_AvailabilitySet_To_azure_AvailabilitySet(in *AvailabilitySet, out *azure.AvailabilitySet, s conversion.Scope) error { - return autoConvert_v1alpha1_AvailabilitySet_To_azure_AvailabilitySet(in, out, s) -} - -func autoConvert_azure_AvailabilitySet_To_v1alpha1_AvailabilitySet(in *azure.AvailabilitySet, out *AvailabilitySet, s conversion.Scope) error { - out.Purpose = Purpose(in.Purpose) - out.ID = in.ID - out.Name = in.Name - return nil -} - -// Convert_azure_AvailabilitySet_To_v1alpha1_AvailabilitySet is an autogenerated conversion function. -func Convert_azure_AvailabilitySet_To_v1alpha1_AvailabilitySet(in *azure.AvailabilitySet, out *AvailabilitySet, s conversion.Scope) error { - return autoConvert_azure_AvailabilitySet_To_v1alpha1_AvailabilitySet(in, out, s) -} - -func autoConvert_v1alpha1_CloudControllerManagerConfig_To_azure_CloudControllerManagerConfig(in *CloudControllerManagerConfig, out *azure.CloudControllerManagerConfig, s conversion.Scope) error { - out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) - return nil -} - -// Convert_v1alpha1_CloudControllerManagerConfig_To_azure_CloudControllerManagerConfig is an autogenerated conversion function. -func Convert_v1alpha1_CloudControllerManagerConfig_To_azure_CloudControllerManagerConfig(in *CloudControllerManagerConfig, out *azure.CloudControllerManagerConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_CloudControllerManagerConfig_To_azure_CloudControllerManagerConfig(in, out, s) -} - -func autoConvert_azure_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManagerConfig(in *azure.CloudControllerManagerConfig, out *CloudControllerManagerConfig, s conversion.Scope) error { - out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) - return nil -} - -// Convert_azure_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManagerConfig is an autogenerated conversion function. -func Convert_azure_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManagerConfig(in *azure.CloudControllerManagerConfig, out *CloudControllerManagerConfig, s conversion.Scope) error { - return autoConvert_azure_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManagerConfig(in, out, s) -} - -func autoConvert_v1alpha1_CloudProfileConfig_To_azure_CloudProfileConfig(in *CloudProfileConfig, out *azure.CloudProfileConfig, s conversion.Scope) error { - out.CountUpdateDomains = *(*[]azure.DomainCount)(unsafe.Pointer(&in.CountUpdateDomains)) - out.CountFaultDomains = *(*[]azure.DomainCount)(unsafe.Pointer(&in.CountFaultDomains)) - out.MachineImages = *(*[]azure.MachineImages)(unsafe.Pointer(&in.MachineImages)) - return nil -} - -// Convert_v1alpha1_CloudProfileConfig_To_azure_CloudProfileConfig is an autogenerated conversion function. -func Convert_v1alpha1_CloudProfileConfig_To_azure_CloudProfileConfig(in *CloudProfileConfig, out *azure.CloudProfileConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_CloudProfileConfig_To_azure_CloudProfileConfig(in, out, s) -} - -func autoConvert_azure_CloudProfileConfig_To_v1alpha1_CloudProfileConfig(in *azure.CloudProfileConfig, out *CloudProfileConfig, s conversion.Scope) error { - out.CountUpdateDomains = *(*[]DomainCount)(unsafe.Pointer(&in.CountUpdateDomains)) - out.CountFaultDomains = *(*[]DomainCount)(unsafe.Pointer(&in.CountFaultDomains)) - out.MachineImages = *(*[]MachineImages)(unsafe.Pointer(&in.MachineImages)) - return nil -} - -// Convert_azure_CloudProfileConfig_To_v1alpha1_CloudProfileConfig is an autogenerated conversion function. -func Convert_azure_CloudProfileConfig_To_v1alpha1_CloudProfileConfig(in *azure.CloudProfileConfig, out *CloudProfileConfig, s conversion.Scope) error { - return autoConvert_azure_CloudProfileConfig_To_v1alpha1_CloudProfileConfig(in, out, s) -} - -func autoConvert_v1alpha1_ControlPlaneConfig_To_azure_ControlPlaneConfig(in *ControlPlaneConfig, out *azure.ControlPlaneConfig, s conversion.Scope) error { - out.CloudControllerManager = (*azure.CloudControllerManagerConfig)(unsafe.Pointer(in.CloudControllerManager)) - return nil -} - -// Convert_v1alpha1_ControlPlaneConfig_To_azure_ControlPlaneConfig is an autogenerated conversion function. -func Convert_v1alpha1_ControlPlaneConfig_To_azure_ControlPlaneConfig(in *ControlPlaneConfig, out *azure.ControlPlaneConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_ControlPlaneConfig_To_azure_ControlPlaneConfig(in, out, s) -} - -func autoConvert_azure_ControlPlaneConfig_To_v1alpha1_ControlPlaneConfig(in *azure.ControlPlaneConfig, out *ControlPlaneConfig, s conversion.Scope) error { - out.CloudControllerManager = (*CloudControllerManagerConfig)(unsafe.Pointer(in.CloudControllerManager)) - return nil -} - -// Convert_azure_ControlPlaneConfig_To_v1alpha1_ControlPlaneConfig is an autogenerated conversion function. -func Convert_azure_ControlPlaneConfig_To_v1alpha1_ControlPlaneConfig(in *azure.ControlPlaneConfig, out *ControlPlaneConfig, s conversion.Scope) error { - return autoConvert_azure_ControlPlaneConfig_To_v1alpha1_ControlPlaneConfig(in, out, s) -} - -func autoConvert_v1alpha1_DomainCount_To_azure_DomainCount(in *DomainCount, out *azure.DomainCount, s conversion.Scope) error { - out.Region = in.Region - out.Count = in.Count - return nil -} - -// Convert_v1alpha1_DomainCount_To_azure_DomainCount is an autogenerated conversion function. -func Convert_v1alpha1_DomainCount_To_azure_DomainCount(in *DomainCount, out *azure.DomainCount, s conversion.Scope) error { - return autoConvert_v1alpha1_DomainCount_To_azure_DomainCount(in, out, s) -} - -func autoConvert_azure_DomainCount_To_v1alpha1_DomainCount(in *azure.DomainCount, out *DomainCount, s conversion.Scope) error { - out.Region = in.Region - out.Count = in.Count - return nil -} - -// Convert_azure_DomainCount_To_v1alpha1_DomainCount is an autogenerated conversion function. -func Convert_azure_DomainCount_To_v1alpha1_DomainCount(in *azure.DomainCount, out *DomainCount, s conversion.Scope) error { - return autoConvert_azure_DomainCount_To_v1alpha1_DomainCount(in, out, s) -} - -func autoConvert_v1alpha1_InfrastructureConfig_To_azure_InfrastructureConfig(in *InfrastructureConfig, out *azure.InfrastructureConfig, s conversion.Scope) error { - out.ResourceGroup = (*azure.ResourceGroup)(unsafe.Pointer(in.ResourceGroup)) - if err := Convert_v1alpha1_NetworkConfig_To_azure_NetworkConfig(&in.Networks, &out.Networks, s); err != nil { - return err - } - out.Zoned = in.Zoned - return nil -} - -// Convert_v1alpha1_InfrastructureConfig_To_azure_InfrastructureConfig is an autogenerated conversion function. -func Convert_v1alpha1_InfrastructureConfig_To_azure_InfrastructureConfig(in *InfrastructureConfig, out *azure.InfrastructureConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_InfrastructureConfig_To_azure_InfrastructureConfig(in, out, s) -} - -func autoConvert_azure_InfrastructureConfig_To_v1alpha1_InfrastructureConfig(in *azure.InfrastructureConfig, out *InfrastructureConfig, s conversion.Scope) error { - out.ResourceGroup = (*ResourceGroup)(unsafe.Pointer(in.ResourceGroup)) - if err := Convert_azure_NetworkConfig_To_v1alpha1_NetworkConfig(&in.Networks, &out.Networks, s); err != nil { - return err - } - out.Zoned = in.Zoned - return nil -} - -// Convert_azure_InfrastructureConfig_To_v1alpha1_InfrastructureConfig is an autogenerated conversion function. -func Convert_azure_InfrastructureConfig_To_v1alpha1_InfrastructureConfig(in *azure.InfrastructureConfig, out *InfrastructureConfig, s conversion.Scope) error { - return autoConvert_azure_InfrastructureConfig_To_v1alpha1_InfrastructureConfig(in, out, s) -} - -func autoConvert_v1alpha1_InfrastructureStatus_To_azure_InfrastructureStatus(in *InfrastructureStatus, out *azure.InfrastructureStatus, s conversion.Scope) error { - if err := Convert_v1alpha1_NetworkStatus_To_azure_NetworkStatus(&in.Networks, &out.Networks, s); err != nil { - return err - } - if err := Convert_v1alpha1_ResourceGroup_To_azure_ResourceGroup(&in.ResourceGroup, &out.ResourceGroup, s); err != nil { - return err - } - out.AvailabilitySets = *(*[]azure.AvailabilitySet)(unsafe.Pointer(&in.AvailabilitySets)) - out.RouteTables = *(*[]azure.RouteTable)(unsafe.Pointer(&in.RouteTables)) - out.SecurityGroups = *(*[]azure.SecurityGroup)(unsafe.Pointer(&in.SecurityGroups)) - out.Zoned = in.Zoned - return nil -} - -// Convert_v1alpha1_InfrastructureStatus_To_azure_InfrastructureStatus is an autogenerated conversion function. -func Convert_v1alpha1_InfrastructureStatus_To_azure_InfrastructureStatus(in *InfrastructureStatus, out *azure.InfrastructureStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_InfrastructureStatus_To_azure_InfrastructureStatus(in, out, s) -} - -func autoConvert_azure_InfrastructureStatus_To_v1alpha1_InfrastructureStatus(in *azure.InfrastructureStatus, out *InfrastructureStatus, s conversion.Scope) error { - if err := Convert_azure_NetworkStatus_To_v1alpha1_NetworkStatus(&in.Networks, &out.Networks, s); err != nil { - return err - } - if err := Convert_azure_ResourceGroup_To_v1alpha1_ResourceGroup(&in.ResourceGroup, &out.ResourceGroup, s); err != nil { - return err - } - out.AvailabilitySets = *(*[]AvailabilitySet)(unsafe.Pointer(&in.AvailabilitySets)) - out.RouteTables = *(*[]RouteTable)(unsafe.Pointer(&in.RouteTables)) - out.SecurityGroups = *(*[]SecurityGroup)(unsafe.Pointer(&in.SecurityGroups)) - out.Zoned = in.Zoned - return nil -} - -// Convert_azure_InfrastructureStatus_To_v1alpha1_InfrastructureStatus is an autogenerated conversion function. -func Convert_azure_InfrastructureStatus_To_v1alpha1_InfrastructureStatus(in *azure.InfrastructureStatus, out *InfrastructureStatus, s conversion.Scope) error { - return autoConvert_azure_InfrastructureStatus_To_v1alpha1_InfrastructureStatus(in, out, s) -} - -func autoConvert_v1alpha1_MachineImage_To_azure_MachineImage(in *MachineImage, out *azure.MachineImage, s conversion.Scope) error { - out.Name = in.Name - out.Version = in.Version - out.URN = (*string)(unsafe.Pointer(in.URN)) - return nil -} - -// Convert_v1alpha1_MachineImage_To_azure_MachineImage is an autogenerated conversion function. -func Convert_v1alpha1_MachineImage_To_azure_MachineImage(in *MachineImage, out *azure.MachineImage, s conversion.Scope) error { - return autoConvert_v1alpha1_MachineImage_To_azure_MachineImage(in, out, s) -} - -func autoConvert_azure_MachineImage_To_v1alpha1_MachineImage(in *azure.MachineImage, out *MachineImage, s conversion.Scope) error { - out.Name = in.Name - out.Version = in.Version - out.URN = (*string)(unsafe.Pointer(in.URN)) - return nil -} - -// Convert_azure_MachineImage_To_v1alpha1_MachineImage is an autogenerated conversion function. -func Convert_azure_MachineImage_To_v1alpha1_MachineImage(in *azure.MachineImage, out *MachineImage, s conversion.Scope) error { - return autoConvert_azure_MachineImage_To_v1alpha1_MachineImage(in, out, s) -} - -func autoConvert_v1alpha1_MachineImageVersion_To_azure_MachineImageVersion(in *MachineImageVersion, out *azure.MachineImageVersion, s conversion.Scope) error { - out.Version = in.Version - out.URN = in.URN - return nil -} - -// Convert_v1alpha1_MachineImageVersion_To_azure_MachineImageVersion is an autogenerated conversion function. -func Convert_v1alpha1_MachineImageVersion_To_azure_MachineImageVersion(in *MachineImageVersion, out *azure.MachineImageVersion, s conversion.Scope) error { - return autoConvert_v1alpha1_MachineImageVersion_To_azure_MachineImageVersion(in, out, s) -} - -func autoConvert_azure_MachineImageVersion_To_v1alpha1_MachineImageVersion(in *azure.MachineImageVersion, out *MachineImageVersion, s conversion.Scope) error { - out.Version = in.Version - out.URN = in.URN - return nil -} - -// Convert_azure_MachineImageVersion_To_v1alpha1_MachineImageVersion is an autogenerated conversion function. -func Convert_azure_MachineImageVersion_To_v1alpha1_MachineImageVersion(in *azure.MachineImageVersion, out *MachineImageVersion, s conversion.Scope) error { - return autoConvert_azure_MachineImageVersion_To_v1alpha1_MachineImageVersion(in, out, s) -} - -func autoConvert_v1alpha1_MachineImages_To_azure_MachineImages(in *MachineImages, out *azure.MachineImages, s conversion.Scope) error { - out.Name = in.Name - out.Versions = *(*[]azure.MachineImageVersion)(unsafe.Pointer(&in.Versions)) - return nil -} - -// Convert_v1alpha1_MachineImages_To_azure_MachineImages is an autogenerated conversion function. -func Convert_v1alpha1_MachineImages_To_azure_MachineImages(in *MachineImages, out *azure.MachineImages, s conversion.Scope) error { - return autoConvert_v1alpha1_MachineImages_To_azure_MachineImages(in, out, s) -} - -func autoConvert_azure_MachineImages_To_v1alpha1_MachineImages(in *azure.MachineImages, out *MachineImages, s conversion.Scope) error { - out.Name = in.Name - out.Versions = *(*[]MachineImageVersion)(unsafe.Pointer(&in.Versions)) - return nil -} - -// Convert_azure_MachineImages_To_v1alpha1_MachineImages is an autogenerated conversion function. -func Convert_azure_MachineImages_To_v1alpha1_MachineImages(in *azure.MachineImages, out *MachineImages, s conversion.Scope) error { - return autoConvert_azure_MachineImages_To_v1alpha1_MachineImages(in, out, s) -} - -func autoConvert_v1alpha1_NetworkConfig_To_azure_NetworkConfig(in *NetworkConfig, out *azure.NetworkConfig, s conversion.Scope) error { - if err := Convert_v1alpha1_VNet_To_azure_VNet(&in.VNet, &out.VNet, s); err != nil { - return err - } - out.Workers = in.Workers - out.ServiceEndpoints = *(*[]string)(unsafe.Pointer(&in.ServiceEndpoints)) - return nil -} - -// Convert_v1alpha1_NetworkConfig_To_azure_NetworkConfig is an autogenerated conversion function. -func Convert_v1alpha1_NetworkConfig_To_azure_NetworkConfig(in *NetworkConfig, out *azure.NetworkConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_NetworkConfig_To_azure_NetworkConfig(in, out, s) -} - -func autoConvert_azure_NetworkConfig_To_v1alpha1_NetworkConfig(in *azure.NetworkConfig, out *NetworkConfig, s conversion.Scope) error { - if err := Convert_azure_VNet_To_v1alpha1_VNet(&in.VNet, &out.VNet, s); err != nil { - return err - } - out.Workers = in.Workers - out.ServiceEndpoints = *(*[]string)(unsafe.Pointer(&in.ServiceEndpoints)) - return nil -} - -// Convert_azure_NetworkConfig_To_v1alpha1_NetworkConfig is an autogenerated conversion function. -func Convert_azure_NetworkConfig_To_v1alpha1_NetworkConfig(in *azure.NetworkConfig, out *NetworkConfig, s conversion.Scope) error { - return autoConvert_azure_NetworkConfig_To_v1alpha1_NetworkConfig(in, out, s) -} - -func autoConvert_v1alpha1_NetworkStatus_To_azure_NetworkStatus(in *NetworkStatus, out *azure.NetworkStatus, s conversion.Scope) error { - if err := Convert_v1alpha1_VNetStatus_To_azure_VNetStatus(&in.VNet, &out.VNet, s); err != nil { - return err - } - out.Subnets = *(*[]azure.Subnet)(unsafe.Pointer(&in.Subnets)) - return nil -} - -// Convert_v1alpha1_NetworkStatus_To_azure_NetworkStatus is an autogenerated conversion function. -func Convert_v1alpha1_NetworkStatus_To_azure_NetworkStatus(in *NetworkStatus, out *azure.NetworkStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_NetworkStatus_To_azure_NetworkStatus(in, out, s) -} - -func autoConvert_azure_NetworkStatus_To_v1alpha1_NetworkStatus(in *azure.NetworkStatus, out *NetworkStatus, s conversion.Scope) error { - if err := Convert_azure_VNetStatus_To_v1alpha1_VNetStatus(&in.VNet, &out.VNet, s); err != nil { - return err - } - out.Subnets = *(*[]Subnet)(unsafe.Pointer(&in.Subnets)) - return nil -} - -// Convert_azure_NetworkStatus_To_v1alpha1_NetworkStatus is an autogenerated conversion function. -func Convert_azure_NetworkStatus_To_v1alpha1_NetworkStatus(in *azure.NetworkStatus, out *NetworkStatus, s conversion.Scope) error { - return autoConvert_azure_NetworkStatus_To_v1alpha1_NetworkStatus(in, out, s) -} - -func autoConvert_v1alpha1_ResourceGroup_To_azure_ResourceGroup(in *ResourceGroup, out *azure.ResourceGroup, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_ResourceGroup_To_azure_ResourceGroup is an autogenerated conversion function. -func Convert_v1alpha1_ResourceGroup_To_azure_ResourceGroup(in *ResourceGroup, out *azure.ResourceGroup, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceGroup_To_azure_ResourceGroup(in, out, s) -} - -func autoConvert_azure_ResourceGroup_To_v1alpha1_ResourceGroup(in *azure.ResourceGroup, out *ResourceGroup, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_azure_ResourceGroup_To_v1alpha1_ResourceGroup is an autogenerated conversion function. -func Convert_azure_ResourceGroup_To_v1alpha1_ResourceGroup(in *azure.ResourceGroup, out *ResourceGroup, s conversion.Scope) error { - return autoConvert_azure_ResourceGroup_To_v1alpha1_ResourceGroup(in, out, s) -} - -func autoConvert_v1alpha1_RouteTable_To_azure_RouteTable(in *RouteTable, out *azure.RouteTable, s conversion.Scope) error { - out.Purpose = azure.Purpose(in.Purpose) - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_RouteTable_To_azure_RouteTable is an autogenerated conversion function. -func Convert_v1alpha1_RouteTable_To_azure_RouteTable(in *RouteTable, out *azure.RouteTable, s conversion.Scope) error { - return autoConvert_v1alpha1_RouteTable_To_azure_RouteTable(in, out, s) -} - -func autoConvert_azure_RouteTable_To_v1alpha1_RouteTable(in *azure.RouteTable, out *RouteTable, s conversion.Scope) error { - out.Purpose = Purpose(in.Purpose) - out.Name = in.Name - return nil -} - -// Convert_azure_RouteTable_To_v1alpha1_RouteTable is an autogenerated conversion function. -func Convert_azure_RouteTable_To_v1alpha1_RouteTable(in *azure.RouteTable, out *RouteTable, s conversion.Scope) error { - return autoConvert_azure_RouteTable_To_v1alpha1_RouteTable(in, out, s) -} - -func autoConvert_v1alpha1_SecurityGroup_To_azure_SecurityGroup(in *SecurityGroup, out *azure.SecurityGroup, s conversion.Scope) error { - out.Purpose = azure.Purpose(in.Purpose) - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_SecurityGroup_To_azure_SecurityGroup is an autogenerated conversion function. -func Convert_v1alpha1_SecurityGroup_To_azure_SecurityGroup(in *SecurityGroup, out *azure.SecurityGroup, s conversion.Scope) error { - return autoConvert_v1alpha1_SecurityGroup_To_azure_SecurityGroup(in, out, s) -} - -func autoConvert_azure_SecurityGroup_To_v1alpha1_SecurityGroup(in *azure.SecurityGroup, out *SecurityGroup, s conversion.Scope) error { - out.Purpose = Purpose(in.Purpose) - out.Name = in.Name - return nil -} - -// Convert_azure_SecurityGroup_To_v1alpha1_SecurityGroup is an autogenerated conversion function. -func Convert_azure_SecurityGroup_To_v1alpha1_SecurityGroup(in *azure.SecurityGroup, out *SecurityGroup, s conversion.Scope) error { - return autoConvert_azure_SecurityGroup_To_v1alpha1_SecurityGroup(in, out, s) -} - -func autoConvert_v1alpha1_Subnet_To_azure_Subnet(in *Subnet, out *azure.Subnet, s conversion.Scope) error { - out.Name = in.Name - out.Purpose = azure.Purpose(in.Purpose) - return nil -} - -// Convert_v1alpha1_Subnet_To_azure_Subnet is an autogenerated conversion function. -func Convert_v1alpha1_Subnet_To_azure_Subnet(in *Subnet, out *azure.Subnet, s conversion.Scope) error { - return autoConvert_v1alpha1_Subnet_To_azure_Subnet(in, out, s) -} - -func autoConvert_azure_Subnet_To_v1alpha1_Subnet(in *azure.Subnet, out *Subnet, s conversion.Scope) error { - out.Name = in.Name - out.Purpose = Purpose(in.Purpose) - return nil -} - -// Convert_azure_Subnet_To_v1alpha1_Subnet is an autogenerated conversion function. -func Convert_azure_Subnet_To_v1alpha1_Subnet(in *azure.Subnet, out *Subnet, s conversion.Scope) error { - return autoConvert_azure_Subnet_To_v1alpha1_Subnet(in, out, s) -} - -func autoConvert_v1alpha1_VNet_To_azure_VNet(in *VNet, out *azure.VNet, s conversion.Scope) error { - out.Name = (*string)(unsafe.Pointer(in.Name)) - out.ResourceGroup = (*string)(unsafe.Pointer(in.ResourceGroup)) - out.CIDR = (*string)(unsafe.Pointer(in.CIDR)) - return nil -} - -// Convert_v1alpha1_VNet_To_azure_VNet is an autogenerated conversion function. -func Convert_v1alpha1_VNet_To_azure_VNet(in *VNet, out *azure.VNet, s conversion.Scope) error { - return autoConvert_v1alpha1_VNet_To_azure_VNet(in, out, s) -} - -func autoConvert_azure_VNet_To_v1alpha1_VNet(in *azure.VNet, out *VNet, s conversion.Scope) error { - out.Name = (*string)(unsafe.Pointer(in.Name)) - out.ResourceGroup = (*string)(unsafe.Pointer(in.ResourceGroup)) - out.CIDR = (*string)(unsafe.Pointer(in.CIDR)) - return nil -} - -// Convert_azure_VNet_To_v1alpha1_VNet is an autogenerated conversion function. -func Convert_azure_VNet_To_v1alpha1_VNet(in *azure.VNet, out *VNet, s conversion.Scope) error { - return autoConvert_azure_VNet_To_v1alpha1_VNet(in, out, s) -} - -func autoConvert_v1alpha1_VNetStatus_To_azure_VNetStatus(in *VNetStatus, out *azure.VNetStatus, s conversion.Scope) error { - out.Name = in.Name - out.ResourceGroup = (*string)(unsafe.Pointer(in.ResourceGroup)) - return nil -} - -// Convert_v1alpha1_VNetStatus_To_azure_VNetStatus is an autogenerated conversion function. -func Convert_v1alpha1_VNetStatus_To_azure_VNetStatus(in *VNetStatus, out *azure.VNetStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_VNetStatus_To_azure_VNetStatus(in, out, s) -} - -func autoConvert_azure_VNetStatus_To_v1alpha1_VNetStatus(in *azure.VNetStatus, out *VNetStatus, s conversion.Scope) error { - out.Name = in.Name - out.ResourceGroup = (*string)(unsafe.Pointer(in.ResourceGroup)) - return nil -} - -// Convert_azure_VNetStatus_To_v1alpha1_VNetStatus is an autogenerated conversion function. -func Convert_azure_VNetStatus_To_v1alpha1_VNetStatus(in *azure.VNetStatus, out *VNetStatus, s conversion.Scope) error { - return autoConvert_azure_VNetStatus_To_v1alpha1_VNetStatus(in, out, s) -} - -func autoConvert_v1alpha1_WorkerStatus_To_azure_WorkerStatus(in *WorkerStatus, out *azure.WorkerStatus, s conversion.Scope) error { - out.MachineImages = *(*[]azure.MachineImage)(unsafe.Pointer(&in.MachineImages)) - return nil -} - -// Convert_v1alpha1_WorkerStatus_To_azure_WorkerStatus is an autogenerated conversion function. -func Convert_v1alpha1_WorkerStatus_To_azure_WorkerStatus(in *WorkerStatus, out *azure.WorkerStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_WorkerStatus_To_azure_WorkerStatus(in, out, s) -} - -func autoConvert_azure_WorkerStatus_To_v1alpha1_WorkerStatus(in *azure.WorkerStatus, out *WorkerStatus, s conversion.Scope) error { - out.MachineImages = *(*[]MachineImage)(unsafe.Pointer(&in.MachineImages)) - return nil -} - -// Convert_azure_WorkerStatus_To_v1alpha1_WorkerStatus is an autogenerated conversion function. -func Convert_azure_WorkerStatus_To_v1alpha1_WorkerStatus(in *azure.WorkerStatus, out *WorkerStatus, s conversion.Scope) error { - return autoConvert_azure_WorkerStatus_To_v1alpha1_WorkerStatus(in, out, s) -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.deepcopy.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index cf95d21ac..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,475 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AvailabilitySet) DeepCopyInto(out *AvailabilitySet) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvailabilitySet. -func (in *AvailabilitySet) DeepCopy() *AvailabilitySet { - if in == nil { - return nil - } - out := new(AvailabilitySet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CloudControllerManagerConfig) DeepCopyInto(out *CloudControllerManagerConfig) { - *out = *in - if in.FeatureGates != nil { - in, out := &in.FeatureGates, &out.FeatureGates - *out = make(map[string]bool, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudControllerManagerConfig. -func (in *CloudControllerManagerConfig) DeepCopy() *CloudControllerManagerConfig { - if in == nil { - return nil - } - out := new(CloudControllerManagerConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CloudProfileConfig) DeepCopyInto(out *CloudProfileConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.CountUpdateDomains != nil { - in, out := &in.CountUpdateDomains, &out.CountUpdateDomains - *out = make([]DomainCount, len(*in)) - copy(*out, *in) - } - if in.CountFaultDomains != nil { - in, out := &in.CountFaultDomains, &out.CountFaultDomains - *out = make([]DomainCount, len(*in)) - copy(*out, *in) - } - if in.MachineImages != nil { - in, out := &in.MachineImages, &out.MachineImages - *out = make([]MachineImages, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudProfileConfig. -func (in *CloudProfileConfig) DeepCopy() *CloudProfileConfig { - if in == nil { - return nil - } - out := new(CloudProfileConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CloudProfileConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControlPlaneConfig) DeepCopyInto(out *ControlPlaneConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.CloudControllerManager != nil { - in, out := &in.CloudControllerManager, &out.CloudControllerManager - *out = new(CloudControllerManagerConfig) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneConfig. -func (in *ControlPlaneConfig) DeepCopy() *ControlPlaneConfig { - if in == nil { - return nil - } - out := new(ControlPlaneConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ControlPlaneConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DomainCount) DeepCopyInto(out *DomainCount) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainCount. -func (in *DomainCount) DeepCopy() *DomainCount { - if in == nil { - return nil - } - out := new(DomainCount) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureConfig) DeepCopyInto(out *InfrastructureConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(ResourceGroup) - **out = **in - } - in.Networks.DeepCopyInto(&out.Networks) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureConfig. -func (in *InfrastructureConfig) DeepCopy() *InfrastructureConfig { - if in == nil { - return nil - } - out := new(InfrastructureConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InfrastructureConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureStatus) DeepCopyInto(out *InfrastructureStatus) { - *out = *in - out.TypeMeta = in.TypeMeta - in.Networks.DeepCopyInto(&out.Networks) - out.ResourceGroup = in.ResourceGroup - if in.AvailabilitySets != nil { - in, out := &in.AvailabilitySets, &out.AvailabilitySets - *out = make([]AvailabilitySet, len(*in)) - copy(*out, *in) - } - if in.RouteTables != nil { - in, out := &in.RouteTables, &out.RouteTables - *out = make([]RouteTable, len(*in)) - copy(*out, *in) - } - if in.SecurityGroups != nil { - in, out := &in.SecurityGroups, &out.SecurityGroups - *out = make([]SecurityGroup, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureStatus. -func (in *InfrastructureStatus) DeepCopy() *InfrastructureStatus { - if in == nil { - return nil - } - out := new(InfrastructureStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InfrastructureStatus) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineImage) DeepCopyInto(out *MachineImage) { - *out = *in - if in.URN != nil { - in, out := &in.URN, &out.URN - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImage. -func (in *MachineImage) DeepCopy() *MachineImage { - if in == nil { - return nil - } - out := new(MachineImage) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImageVersion. -func (in *MachineImageVersion) DeepCopy() *MachineImageVersion { - if in == nil { - return nil - } - out := new(MachineImageVersion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineImages) DeepCopyInto(out *MachineImages) { - *out = *in - if in.Versions != nil { - in, out := &in.Versions, &out.Versions - *out = make([]MachineImageVersion, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImages. -func (in *MachineImages) DeepCopy() *MachineImages { - if in == nil { - return nil - } - out := new(MachineImages) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkConfig) DeepCopyInto(out *NetworkConfig) { - *out = *in - in.VNet.DeepCopyInto(&out.VNet) - if in.ServiceEndpoints != nil { - in, out := &in.ServiceEndpoints, &out.ServiceEndpoints - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfig. -func (in *NetworkConfig) DeepCopy() *NetworkConfig { - if in == nil { - return nil - } - out := new(NetworkConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { - *out = *in - in.VNet.DeepCopyInto(&out.VNet) - if in.Subnets != nil { - in, out := &in.Subnets, &out.Subnets - *out = make([]Subnet, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. -func (in *NetworkStatus) DeepCopy() *NetworkStatus { - if in == nil { - return nil - } - out := new(NetworkStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceGroup) DeepCopyInto(out *ResourceGroup) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceGroup. -func (in *ResourceGroup) DeepCopy() *ResourceGroup { - if in == nil { - return nil - } - out := new(ResourceGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RouteTable) DeepCopyInto(out *RouteTable) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteTable. -func (in *RouteTable) DeepCopy() *RouteTable { - if in == nil { - return nil - } - out := new(RouteTable) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityGroup) DeepCopyInto(out *SecurityGroup) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroup. -func (in *SecurityGroup) DeepCopy() *SecurityGroup { - if in == nil { - return nil - } - out := new(SecurityGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Subnet) DeepCopyInto(out *Subnet) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subnet. -func (in *Subnet) DeepCopy() *Subnet { - if in == nil { - return nil - } - out := new(Subnet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VNet) DeepCopyInto(out *VNet) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(string) - **out = **in - } - if in.CIDR != nil { - in, out := &in.CIDR, &out.CIDR - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VNet. -func (in *VNet) DeepCopy() *VNet { - if in == nil { - return nil - } - out := new(VNet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VNetStatus) DeepCopyInto(out *VNetStatus) { - *out = *in - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VNetStatus. -func (in *VNetStatus) DeepCopy() *VNetStatus { - if in == nil { - return nil - } - out := new(VNetStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WorkerStatus) DeepCopyInto(out *WorkerStatus) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.MachineImages != nil { - in, out := &in.MachineImages, &out.MachineImages - *out = make([]MachineImage, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkerStatus. -func (in *WorkerStatus) DeepCopy() *WorkerStatus { - if in == nil { - return nil - } - out := new(WorkerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WorkerStatus) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.defaults.go b/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5db2b64b0..000000000 --- a/controllers/provider-azure/pkg/apis/azure/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,32 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/controllers/provider-azure/pkg/apis/azure/validation/cloudprofile.go b/controllers/provider-azure/pkg/apis/azure/validation/cloudprofile.go deleted file mode 100644 index 734ed4509..000000000 --- a/controllers/provider-azure/pkg/apis/azure/validation/cloudprofile.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package validation - -import ( - "fmt" - "strings" - - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ValidateCloudProfileConfig validates a CloudProfileConfig object. -func ValidateCloudProfileConfig(cloudProfile *apisazure.CloudProfileConfig) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, validateDomainCount(cloudProfile.CountFaultDomains, field.NewPath("countFaultDomains"))...) - allErrs = append(allErrs, validateDomainCount(cloudProfile.CountUpdateDomains, field.NewPath("countUpdateDomains"))...) - - machineImagesPath := field.NewPath("machineImages") - if len(cloudProfile.MachineImages) == 0 { - allErrs = append(allErrs, field.Required(machineImagesPath, "must provide at least one machine image")) - } - for i, machineImage := range cloudProfile.MachineImages { - idxPath := machineImagesPath.Index(i) - - if len(machineImage.Name) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("name"), "must provide a name")) - } - - if len(machineImage.Versions) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("versions"), fmt.Sprintf("must provide at least one version for machine image %q", machineImage.Name))) - } - for j, version := range machineImage.Versions { - jdxPath := idxPath.Child("versions").Index(j) - - if len(version.Version) == 0 { - allErrs = append(allErrs, field.Required(jdxPath.Child("version"), "must provide a version")) - } - if len(version.URN) == 0 { - allErrs = append(allErrs, field.Required(jdxPath.Child("urn"), "must provide an urn")) - } - if len(strings.Split(version.URN, ":")) != 4 { - allErrs = append(allErrs, field.Invalid(jdxPath.Child("urn"), version.URN, "please use the format `Publisher:Offer:Sku:Version` for the urn")) - } - } - } - - return allErrs -} - -func validateDomainCount(domainCount []apisazure.DomainCount, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(domainCount) == 0 { - allErrs = append(allErrs, field.Required(fldPath, "must provide at least one domain count")) - } - - for i, count := range domainCount { - idxPath := fldPath.Index(i) - regionPath := idxPath.Child("region") - countPath := idxPath.Child("count") - - if len(count.Region) == 0 { - allErrs = append(allErrs, field.Required(regionPath, "must provide a region")) - } - if count.Count < 0 { - allErrs = append(allErrs, field.Invalid(countPath, count.Count, "count must not be negative")) - } - } - - return allErrs -} diff --git a/controllers/provider-azure/pkg/apis/azure/validation/cloudprofile_test.go b/controllers/provider-azure/pkg/apis/azure/validation/cloudprofile_test.go deleted file mode 100644 index 55cd3a723..000000000 --- a/controllers/provider-azure/pkg/apis/azure/validation/cloudprofile_test.go +++ /dev/null @@ -1,199 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package validation_test - -import ( - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - . "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/validation" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/ginkgo/extensions/table" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gstruct" - gomegatypes "github.com/onsi/gomega/types" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -var _ = Describe("CloudProfileConfig validation", func() { - Describe("#ValidateCloudProfileConfig", func() { - var cloudProfileConfig *apisazure.CloudProfileConfig - - BeforeEach(func() { - cloudProfileConfig = &apisazure.CloudProfileConfig{ - CountUpdateDomains: []apisazure.DomainCount{ - { - Region: "westeurope", - Count: 1, - }, - }, - CountFaultDomains: []apisazure.DomainCount{ - { - Region: "westeurope", - Count: 1, - }, - }, - MachineImages: []apisazure.MachineImages{ - { - Name: "ubuntu", - Versions: []apisazure.MachineImageVersion{ - { - Version: "Version", - URN: "Publisher:Offer:Sku:Version", - }, - }, - }, - }, - } - }) - - Context("machine image validation", func() { - It("should enforce that at least one machine image has been defined", func() { - cloudProfileConfig.MachineImages = []apisazure.MachineImages{} - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("machineImages"), - })))) - }) - - It("should forbid unsupported machine image values", func() { - cloudProfileConfig.MachineImages = []apisazure.MachineImages{{}} - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("machineImages[0].name"), - })), PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("machineImages[0].versions"), - })))) - }) - - DescribeTable("forbid unsupported machine image urn", - func(urn string, matcher gomegatypes.GomegaMatcher) { - cloudProfileConfig.MachineImages = []apisazure.MachineImages{ - { - Name: "my-image", - Versions: []apisazure.MachineImageVersion{ - { - Version: "1.2.3", - URN: urn, - }, - }, - }, - } - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(matcher) - }, - Entry("correct urn", "foo:bar:baz:ban", BeEmpty()), - Entry("only one part", "foo", ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{"Type": Equal(field.ErrorTypeInvalid), "Field": Equal("machineImages[0].versions[0].urn")})))), - Entry("only two parts", "foo:bar", ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{"Type": Equal(field.ErrorTypeInvalid), "Field": Equal("machineImages[0].versions[0].urn")})))), - Entry("only three parts", "foo:bar:baz", ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{"Type": Equal(field.ErrorTypeInvalid), "Field": Equal("machineImages[0].versions[0].urn")})))), - Entry("more than four parts", "foo:bar:baz:ban:bam", ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{"Type": Equal(field.ErrorTypeInvalid), "Field": Equal("machineImages[0].versions[0].urn")})))), - ) - - It("should forbid unsupported machine image version configuration", func() { - cloudProfileConfig.MachineImages = []apisazure.MachineImages{ - { - Name: "abc", - Versions: []apisazure.MachineImageVersion{{}}, - }, - } - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("machineImages[0].versions[0].version"), - })), PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("machineImages[0].versions[0].urn"), - })), PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("machineImages[0].versions[0].urn"), - })))) - }) - }) - - Context("fault domain count validation", func() { - It("should enforce that at least one fault domain count has been defined", func() { - cloudProfileConfig.CountFaultDomains = []apisazure.DomainCount{} - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("countFaultDomains"), - })))) - }) - - It("should forbid fault domain count with unsupported format", func() { - cloudProfileConfig.CountFaultDomains = []apisazure.DomainCount{ - { - Region: "", - Count: -1, - }, - } - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("countFaultDomains[0].region"), - })), PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("countFaultDomains[0].count"), - })))) - }) - }) - - Context("update domain count validation", func() { - It("should enforce that at least one update domain count has been defined", func() { - cloudProfileConfig.CountUpdateDomains = []apisazure.DomainCount{} - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("countUpdateDomains"), - })))) - }) - - It("should forbid update domain count with unsupported format", func() { - cloudProfileConfig.CountUpdateDomains = []apisazure.DomainCount{ - { - Region: "", - Count: -1, - }, - } - - errorList := ValidateCloudProfileConfig(cloudProfileConfig) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeRequired), - "Field": Equal("countUpdateDomains[0].region"), - })), PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("countUpdateDomains[0].count"), - })))) - }) - }) - }) -}) diff --git a/controllers/provider-azure/pkg/apis/azure/validation/infrastructure.go b/controllers/provider-azure/pkg/apis/azure/validation/infrastructure.go deleted file mode 100644 index cd7c790e7..000000000 --- a/controllers/provider-azure/pkg/apis/azure/validation/infrastructure.go +++ /dev/null @@ -1,104 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package validation - -import ( - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - - cidrvalidation "github.com/gardener/gardener/pkg/utils/validation/cidr" - apivalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ValidateInfrastructureConfig validates a InfrastructureConfig object. -func ValidateInfrastructureConfig(infra *apisazure.InfrastructureConfig, resourceGroupName, nodesCIDR, podsCIDR, servicesCIDR *string) field.ErrorList { - allErrs := field.ErrorList{} - - var ( - nodes cidrvalidation.CIDR - pods cidrvalidation.CIDR - services cidrvalidation.CIDR - ) - - if nodesCIDR != nil { - nodes = cidrvalidation.NewCIDR(*nodesCIDR, nil) - } - if podsCIDR != nil { - pods = cidrvalidation.NewCIDR(*podsCIDR, nil) - } - if servicesCIDR != nil { - services = cidrvalidation.NewCIDR(*servicesCIDR, nil) - } - - // Currently, we will not allow deployments into existing resource groups or VNets although this functionality - // is already implemented, because the Azure cloud provider is not cleaning up self-created resources properly. - // This resources would be orphaned when the cluster will be deleted. We block these cases thereby that the Azure shoot - // validation here will fail for those cases. - // TODO: remove the following block and uncomment below blocks once deployment into existing resource groups works properly. - if infra.ResourceGroup != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("resourceGroup"), infra.ResourceGroup, "specifying an existing resource group is not supported yet")) - } - - networksPath := field.NewPath("networks") - if len(infra.Networks.Workers) == 0 { - allErrs = append(allErrs, field.Required(networksPath.Child("workers"), "must specify the network range for the worker network")) - } - - workerCIDR := cidrvalidation.NewCIDR(infra.Networks.Workers, networksPath.Child("workers")) - - allErrs = append(allErrs, cidrvalidation.ValidateCIDRParse(workerCIDR)...) - allErrs = append(allErrs, cidrvalidation.ValidateCIDRIsCanonical(networksPath.Child("workers"), infra.Networks.Workers)...) - - if (infra.Networks.VNet.Name != nil && infra.Networks.VNet.ResourceGroup == nil) || (infra.Networks.VNet.Name == nil && infra.Networks.VNet.ResourceGroup != nil) { - allErrs = append(allErrs, field.Invalid(networksPath.Child("vnet"), infra.Networks.VNet, "specifying an existing vnet name require a vnet name and vnet resource group")) - } else if infra.Networks.VNet.Name != nil && infra.Networks.VNet.ResourceGroup != nil { - if infra.Networks.VNet.CIDR != nil { - allErrs = append(allErrs, field.Invalid(networksPath.Child("vnet", "cidr"), *infra.Networks.VNet.ResourceGroup, "specifying a cidr for an existing vnet is not possible")) - } - if *infra.Networks.VNet.ResourceGroup == *resourceGroupName { - allErrs = append(allErrs, field.Invalid(networksPath.Child("vnet", "resourceGroup"), *infra.Networks.VNet.ResourceGroup, "specifying an existing vnet is the cluster resource group is not supported")) - } - } else { - cidrPath := networksPath.Child("vnet", "cidr") - if infra.Networks.VNet.CIDR == nil { - // Use worker/subnet cidr as cidr for the vnet. - allErrs = append(allErrs, workerCIDR.ValidateSubset(nodes)...) - allErrs = append(allErrs, workerCIDR.ValidateNotSubset(pods, services)...) - } else { - vpcCIDR := cidrvalidation.NewCIDR(*(infra.Networks.VNet.CIDR), cidrPath) - allErrs = append(allErrs, vpcCIDR.ValidateParse()...) - allErrs = append(allErrs, vpcCIDR.ValidateSubset(nodes)...) - allErrs = append(allErrs, vpcCIDR.ValidateSubset(workerCIDR)...) - allErrs = append(allErrs, vpcCIDR.ValidateNotSubset(pods, services)...) - allErrs = append(allErrs, cidrvalidation.ValidateCIDRIsCanonical(cidrPath, *infra.Networks.VNet.CIDR)...) - } - } - - if nodes != nil { - allErrs = append(allErrs, nodes.ValidateSubset(workerCIDR)...) - } - - return allErrs -} - -// ValidateInfrastructureConfigUpdate validates a InfrastructureConfig object. -func ValidateInfrastructureConfigUpdate(oldConfig, newConfig *apisazure.InfrastructureConfig, nodesCIDR, podsCIDR, servicesCIDR *string) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, apivalidation.ValidateImmutableField(newConfig.ResourceGroup, oldConfig.ResourceGroup, field.NewPath("resourceGroup"))...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(newConfig.Networks, oldConfig.Networks, field.NewPath("networks"))...) - - return allErrs -} diff --git a/controllers/provider-azure/pkg/apis/azure/validation/infrastructure_test.go b/controllers/provider-azure/pkg/apis/azure/validation/infrastructure_test.go deleted file mode 100644 index 316eaa27d..000000000 --- a/controllers/provider-azure/pkg/apis/azure/validation/infrastructure_test.go +++ /dev/null @@ -1,257 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package validation_test - -import ( - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - . "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/validation" - - . "github.com/gardener/gardener/pkg/utils/validation/gomega" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gstruct" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -var _ = Describe("InfrastructureConfig validation", func() { - var ( - infrastructureConfig *apisazure.InfrastructureConfig - nodes string - resourceGroup = "shoot--test--foo" - - pods = "100.96.0.0/11" - services = "100.64.0.0/13" - vnetCIDR = "10.0.0.0/8" - invalidCIDR = "invalid-cidr" - ) - - BeforeEach(func() { - nodes = "10.250.0.0/16" - infrastructureConfig = &apisazure.InfrastructureConfig{ - Networks: apisazure.NetworkConfig{ - Workers: "10.250.3.0/24", - VNet: apisazure.VNet{ - CIDR: &vnetCIDR, - }, - }, - } - }) - - Describe("#ValidateInfrastructureConfig", func() { - It("should forbid specifying a resource group configuration", func() { - infrastructureConfig.ResourceGroup = &apisazure.ResourceGroup{} - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("resourceGroup"), - })) - }) - - Context("vnet", func() { - It("should forbid specifying a vnet name without resource group", func() { - vnetName := "existing-vnet" - infrastructureConfig.Networks.VNet = apisazure.VNet{ - Name: &vnetName, - } - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.vnet"), - "Detail": Equal("specifying an existing vnet name require a vnet name and vnet resource group"), - })) - }) - - It("should forbid specifying a vnet resource group without name", func() { - vnetGroup := "existing-vnet-rg" - infrastructureConfig.Networks.VNet = apisazure.VNet{ - ResourceGroup: &vnetGroup, - } - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.vnet"), - "Detail": Equal("specifying an existing vnet name require a vnet name and vnet resource group"), - })) - }) - - It("should forbid specifying existing vnet plus a vnet cidr", func() { - name := "existing-vnet" - vnetGroup := "existing-vnet-rg" - infrastructureConfig.Networks.VNet = apisazure.VNet{ - Name: &name, - ResourceGroup: &vnetGroup, - CIDR: &vnetCIDR, - } - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.vnet.cidr"), - "Detail": Equal("specifying a cidr for an existing vnet is not possible"), - })) - }) - - It("should forbid specifying existing vnet in same resource group", func() { - name := "existing-vnet" - infrastructureConfig.Networks.VNet = apisazure.VNet{ - Name: &name, - ResourceGroup: &resourceGroup, - } - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.vnet.resourceGroup"), - "Detail": Equal("specifying an existing vnet is the cluster resource group is not supported"), - })) - }) - - It("should pass if no vnet cidr is specified and default is applied", func() { - nodes = "10.250.3.0/24" - infrastructureConfig.Networks = apisazure.NetworkConfig{ - Workers: "10.250.3.0/24", - } - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - Expect(errorList).To(HaveLen(0)) - }) - }) - - Context("CIDR", func() { - It("should forbid invalid VNet CIDRs", func() { - infrastructureConfig.Networks.VNet.CIDR = &invalidCIDR - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.vnet.cidr"), - "Detail": Equal("invalid CIDR address: invalid-cidr"), - })) - }) - - It("should forbid invalid workers CIDR", func() { - infrastructureConfig.Networks.Workers = invalidCIDR - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.workers"), - "Detail": Equal("invalid CIDR address: invalid-cidr"), - })) - }) - - It("should forbid workers which are not in VNet and Nodes CIDR", func() { - notOverlappingCIDR := "1.1.1.1/32" - infrastructureConfig.Networks.Workers = notOverlappingCIDR - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.workers"), - "Detail": Equal(`must be a subset of "" ("10.250.0.0/16")`), - }, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.workers"), - "Detail": Equal(`must be a subset of "networks.vnet.cidr" ("10.0.0.0/8")`), - })) - }) - - It("should forbid Pod CIDR to overlap with VNet CIDR", func() { - podCIDR := "10.0.0.1/32" - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &podCIDR, &services) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal(""), - "Detail": Equal(`must not be a subset of "networks.vnet.cidr" ("10.0.0.0/8")`), - })) - }) - - It("should forbid Services CIDR to overlap with VNet CIDR", func() { - servicesCIDR := "10.0.0.1/32" - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodes, &pods, &servicesCIDR) - - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal(""), - "Detail": Equal(`must not be a subset of "networks.vnet.cidr" ("10.0.0.0/8")`), - })) - }) - - It("should forbid non canonical CIDRs", func() { - vpcCIDR := "10.0.0.3/8" - nodeCIDR := "10.250.0.3/16" - podCIDR := "100.96.0.4/11" - serviceCIDR := "100.64.0.5/13" - workers := "10.250.3.8/24" - - infrastructureConfig.Networks.Workers = workers - infrastructureConfig.Networks.VNet = apisazure.VNet{CIDR: &vpcCIDR} - - errorList := ValidateInfrastructureConfig(infrastructureConfig, &resourceGroup, &nodeCIDR, &podCIDR, &serviceCIDR) - - Expect(errorList).To(HaveLen(2)) - Expect(errorList).To(ConsistOfFields(Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.vnet.cidr"), - "Detail": Equal("must be valid canonical CIDR"), - }, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks.workers"), - "Detail": Equal("must be valid canonical CIDR"), - })) - }) - }) - }) - - Describe("#ValidateInfrastructureConfigUpdate", func() { - It("should return no errors for an unchanged config", func() { - Expect(ValidateInfrastructureConfigUpdate(infrastructureConfig, infrastructureConfig, &nodes, &pods, &services)).To(BeEmpty()) - }) - - It("should forbid changing the resource group section", func() { - newInfrastructureConfig := infrastructureConfig.DeepCopy() - newInfrastructureConfig.ResourceGroup = &apisazure.ResourceGroup{} - - errorList := ValidateInfrastructureConfigUpdate(infrastructureConfig, newInfrastructureConfig, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("resourceGroup"), - })))) - }) - - It("should forbid changing the network section", func() { - newInfrastructureConfig := infrastructureConfig.DeepCopy() - newCIDR := "1.2.3.4/5" - newInfrastructureConfig.Networks.VNet.CIDR = &newCIDR - - errorList := ValidateInfrastructureConfigUpdate(infrastructureConfig, newInfrastructureConfig, &nodes, &pods, &services) - - Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{ - "Type": Equal(field.ErrorTypeInvalid), - "Field": Equal("networks"), - })))) - }) - }) -}) diff --git a/controllers/provider-azure/pkg/apis/azure/validation/validation_suite_test.go b/controllers/provider-azure/pkg/apis/azure/validation/validation_suite_test.go deleted file mode 100644 index 548fa607e..000000000 --- a/controllers/provider-azure/pkg/apis/azure/validation/validation_suite_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package validation_test - -import ( - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func TestValidation(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure API Validation Suite") -} diff --git a/controllers/provider-azure/pkg/apis/azure/zz_generated.deepcopy.go b/controllers/provider-azure/pkg/apis/azure/zz_generated.deepcopy.go deleted file mode 100644 index a2f9d45ef..000000000 --- a/controllers/provider-azure/pkg/apis/azure/zz_generated.deepcopy.go +++ /dev/null @@ -1,475 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package azure - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AvailabilitySet) DeepCopyInto(out *AvailabilitySet) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvailabilitySet. -func (in *AvailabilitySet) DeepCopy() *AvailabilitySet { - if in == nil { - return nil - } - out := new(AvailabilitySet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CloudControllerManagerConfig) DeepCopyInto(out *CloudControllerManagerConfig) { - *out = *in - if in.FeatureGates != nil { - in, out := &in.FeatureGates, &out.FeatureGates - *out = make(map[string]bool, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudControllerManagerConfig. -func (in *CloudControllerManagerConfig) DeepCopy() *CloudControllerManagerConfig { - if in == nil { - return nil - } - out := new(CloudControllerManagerConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CloudProfileConfig) DeepCopyInto(out *CloudProfileConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.CountUpdateDomains != nil { - in, out := &in.CountUpdateDomains, &out.CountUpdateDomains - *out = make([]DomainCount, len(*in)) - copy(*out, *in) - } - if in.CountFaultDomains != nil { - in, out := &in.CountFaultDomains, &out.CountFaultDomains - *out = make([]DomainCount, len(*in)) - copy(*out, *in) - } - if in.MachineImages != nil { - in, out := &in.MachineImages, &out.MachineImages - *out = make([]MachineImages, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudProfileConfig. -func (in *CloudProfileConfig) DeepCopy() *CloudProfileConfig { - if in == nil { - return nil - } - out := new(CloudProfileConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CloudProfileConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControlPlaneConfig) DeepCopyInto(out *ControlPlaneConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.CloudControllerManager != nil { - in, out := &in.CloudControllerManager, &out.CloudControllerManager - *out = new(CloudControllerManagerConfig) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneConfig. -func (in *ControlPlaneConfig) DeepCopy() *ControlPlaneConfig { - if in == nil { - return nil - } - out := new(ControlPlaneConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ControlPlaneConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DomainCount) DeepCopyInto(out *DomainCount) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainCount. -func (in *DomainCount) DeepCopy() *DomainCount { - if in == nil { - return nil - } - out := new(DomainCount) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureConfig) DeepCopyInto(out *InfrastructureConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(ResourceGroup) - **out = **in - } - in.Networks.DeepCopyInto(&out.Networks) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureConfig. -func (in *InfrastructureConfig) DeepCopy() *InfrastructureConfig { - if in == nil { - return nil - } - out := new(InfrastructureConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InfrastructureConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureStatus) DeepCopyInto(out *InfrastructureStatus) { - *out = *in - out.TypeMeta = in.TypeMeta - in.Networks.DeepCopyInto(&out.Networks) - out.ResourceGroup = in.ResourceGroup - if in.AvailabilitySets != nil { - in, out := &in.AvailabilitySets, &out.AvailabilitySets - *out = make([]AvailabilitySet, len(*in)) - copy(*out, *in) - } - if in.RouteTables != nil { - in, out := &in.RouteTables, &out.RouteTables - *out = make([]RouteTable, len(*in)) - copy(*out, *in) - } - if in.SecurityGroups != nil { - in, out := &in.SecurityGroups, &out.SecurityGroups - *out = make([]SecurityGroup, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureStatus. -func (in *InfrastructureStatus) DeepCopy() *InfrastructureStatus { - if in == nil { - return nil - } - out := new(InfrastructureStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InfrastructureStatus) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineImage) DeepCopyInto(out *MachineImage) { - *out = *in - if in.URN != nil { - in, out := &in.URN, &out.URN - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImage. -func (in *MachineImage) DeepCopy() *MachineImage { - if in == nil { - return nil - } - out := new(MachineImage) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImageVersion. -func (in *MachineImageVersion) DeepCopy() *MachineImageVersion { - if in == nil { - return nil - } - out := new(MachineImageVersion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineImages) DeepCopyInto(out *MachineImages) { - *out = *in - if in.Versions != nil { - in, out := &in.Versions, &out.Versions - *out = make([]MachineImageVersion, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineImages. -func (in *MachineImages) DeepCopy() *MachineImages { - if in == nil { - return nil - } - out := new(MachineImages) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkConfig) DeepCopyInto(out *NetworkConfig) { - *out = *in - in.VNet.DeepCopyInto(&out.VNet) - if in.ServiceEndpoints != nil { - in, out := &in.ServiceEndpoints, &out.ServiceEndpoints - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfig. -func (in *NetworkConfig) DeepCopy() *NetworkConfig { - if in == nil { - return nil - } - out := new(NetworkConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { - *out = *in - in.VNet.DeepCopyInto(&out.VNet) - if in.Subnets != nil { - in, out := &in.Subnets, &out.Subnets - *out = make([]Subnet, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. -func (in *NetworkStatus) DeepCopy() *NetworkStatus { - if in == nil { - return nil - } - out := new(NetworkStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceGroup) DeepCopyInto(out *ResourceGroup) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceGroup. -func (in *ResourceGroup) DeepCopy() *ResourceGroup { - if in == nil { - return nil - } - out := new(ResourceGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RouteTable) DeepCopyInto(out *RouteTable) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteTable. -func (in *RouteTable) DeepCopy() *RouteTable { - if in == nil { - return nil - } - out := new(RouteTable) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityGroup) DeepCopyInto(out *SecurityGroup) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroup. -func (in *SecurityGroup) DeepCopy() *SecurityGroup { - if in == nil { - return nil - } - out := new(SecurityGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Subnet) DeepCopyInto(out *Subnet) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subnet. -func (in *Subnet) DeepCopy() *Subnet { - if in == nil { - return nil - } - out := new(Subnet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VNet) DeepCopyInto(out *VNet) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(string) - **out = **in - } - if in.CIDR != nil { - in, out := &in.CIDR, &out.CIDR - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VNet. -func (in *VNet) DeepCopy() *VNet { - if in == nil { - return nil - } - out := new(VNet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VNetStatus) DeepCopyInto(out *VNetStatus) { - *out = *in - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VNetStatus. -func (in *VNetStatus) DeepCopy() *VNetStatus { - if in == nil { - return nil - } - out := new(VNetStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WorkerStatus) DeepCopyInto(out *WorkerStatus) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.MachineImages != nil { - in, out := &in.MachineImages, &out.MachineImages - *out = make([]MachineImage, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkerStatus. -func (in *WorkerStatus) DeepCopy() *WorkerStatus { - if in == nil { - return nil - } - out := new(WorkerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WorkerStatus) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/controllers/provider-azure/pkg/apis/config/doc.go b/controllers/provider-azure/pkg/apis/config/doc.go deleted file mode 100644 index ed1b41ee9..000000000 --- a/controllers/provider-azure/pkg/apis/config/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +k8s:deepcopy-gen=package -// +groupName="azure.provider.extensions.config.gardener.cloud" - -package config // import "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" diff --git a/controllers/provider-azure/pkg/apis/config/install/install.go b/controllers/provider-azure/pkg/apis/config/install/install.go deleted file mode 100644 index de34b1113..000000000 --- a/controllers/provider-azure/pkg/apis/config/install/install.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package install - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config/v1alpha1" - - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var ( - schemeBuilder = runtime.NewSchemeBuilder( - v1alpha1.AddToScheme, - config.AddToScheme, - setVersionPriority, - ) - - // AddToScheme adds all APIs to the scheme. - AddToScheme = schemeBuilder.AddToScheme -) - -func setVersionPriority(scheme *runtime.Scheme) error { - return scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion) -} - -// Install installs all APIs in the scheme. -func Install(scheme *runtime.Scheme) { - utilruntime.Must(AddToScheme(scheme)) -} diff --git a/controllers/provider-azure/pkg/apis/config/loader/loader.go b/controllers/provider-azure/pkg/apis/config/loader/loader.go deleted file mode 100644 index dbabd21a5..000000000 --- a/controllers/provider-azure/pkg/apis/config/loader/loader.go +++ /dev/null @@ -1,72 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package loader - -import ( - "io/ioutil" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config/install" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer/json" - "k8s.io/apimachinery/pkg/runtime/serializer/versioning" -) - -var ( - Codec runtime.Codec - Scheme *runtime.Scheme -) - -func init() { - Scheme = runtime.NewScheme() - install.Install(Scheme) - yamlSerializer := json.NewYAMLSerializer(json.DefaultMetaFactory, Scheme, Scheme) - Codec = versioning.NewDefaultingCodecForScheme( - Scheme, - yamlSerializer, - yamlSerializer, - schema.GroupVersion{Version: "v1alpha1"}, - runtime.InternalGroupVersioner, - ) -} - -// LoadFromFile takes a filename and de-serializes the contents into ControllerConfiguration object. -func LoadFromFile(filename string) (*config.ControllerConfiguration, error) { - bytes, err := ioutil.ReadFile(filename) - if err != nil { - return nil, err - } - - return Load(bytes) -} - -// Load takes a byte slice and de-serializes the contents into ControllerConfiguration object. -// Encapsulates de-serialization without assuming the source is a file. -func Load(data []byte) (*config.ControllerConfiguration, error) { - cfg := &config.ControllerConfiguration{} - - if len(data) == 0 { - return cfg, nil - } - - decoded, _, err := Codec.Decode(data, &schema.GroupVersionKind{Version: "v1alpha1", Kind: "Config"}, cfg) - if err != nil { - return nil, err - } - - return decoded.(*config.ControllerConfiguration), nil -} diff --git a/controllers/provider-azure/pkg/apis/config/register.go b/controllers/provider-azure/pkg/apis/config/register.go deleted file mode 100644 index 149b07d0d..000000000 --- a/controllers/provider-azure/pkg/apis/config/register.go +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package config - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "azure.provider.extensions.config.gardener.cloud" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder used to register the Shoot resource. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a pointer to SchemeBuilder.AddToScheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to api.Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ControllerConfiguration{}, - ) - return nil -} diff --git a/controllers/provider-azure/pkg/apis/config/types.go b/controllers/provider-azure/pkg/apis/config/types.go deleted file mode 100644 index 599c22205..000000000 --- a/controllers/provider-azure/pkg/apis/config/types.go +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package config - -import ( - healthcheckconfig "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config" - - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - componentbaseconfig "k8s.io/component-base/config" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControllerConfiguration defines the configuration for the Azure provider. -type ControllerConfiguration struct { - metav1.TypeMeta - - // ClientConnection specifies the kubeconfig file and client connection - // settings for the proxy server to use when communicating with the apiserver. - ClientConnection *componentbaseconfig.ClientConnectionConfiguration - // ETCD is the etcd configuration. - ETCD ETCD - // HealthCheckConfig is the config for the health check controller - HealthCheckConfig *healthcheckconfig.HealthCheckConfig -} - -// ETCD is an etcd configuration. -type ETCD struct { - // ETCDStorage is the etcd storage configuration. - Storage ETCDStorage - // ETCDBackup is the etcd backup configuration. - Backup ETCDBackup -} - -// ETCDStorage is an etcd storage configuration. -type ETCDStorage struct { - // ClassName is the name of the storage class used in etcd-main volume claims. - ClassName *string - // Capacity is the storage capacity used in etcd-main volume claims. - Capacity *resource.Quantity -} - -// ETCDBackup is an etcd backup configuration. -type ETCDBackup struct { - // Schedule is the etcd backup schedule. - Schedule *string -} diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/defaults.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/defaults.go deleted file mode 100644 index fd79168fd..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/defaults.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/doc.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/doc.go deleted file mode 100644 index 74395d6c5..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -//go:generate gen-crd-api-reference-docs -api-dir . -config ../../../../hack/api-reference/config.json -template-dir ../../../../../../hack/api-reference/template -out-file ../../../../hack/api-reference/config.md - -// Package v1alpha1 contains the Azure provider configuration API resources. -// +groupName=azure.provider.extensions.config.gardener.cloud -package v1alpha1 // import "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config/v1alpha1" diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/register.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/register.go deleted file mode 100644 index 7584e069b..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/register.go +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "azure.provider.extensions.config.gardener.cloud" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder used to register the Shoot resource. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is a pointer to SchemeBuilder.AddToScheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addKnownTypes) -} - -// Adds the list of known types to api.Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ControllerConfiguration{}, - ) - return nil -} diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/types.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/types.go deleted file mode 100644 index 00f84a2c3..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/types.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - healthcheckconfigv1alpha1 "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config/v1alpha1" - - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - componentbaseconfigv1alpha1 "k8s.io/component-base/config/v1alpha1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControllerConfiguration defines the configuration for the Azure provider. -type ControllerConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // ClientConnection specifies the kubeconfig file and client connection - // settings for the proxy server to use when communicating with the apiserver. - // +optional - ClientConnection *componentbaseconfigv1alpha1.ClientConnectionConfiguration `json:"clientConnection,omitempty"` - // ETCD is the etcd configuration. - ETCD ETCD `json:"etcd"` - // HealthCheckConfig is the config for the health check controller - // +optional - HealthCheckConfig *healthcheckconfigv1alpha1.HealthCheckConfig `json:"healthCheckConfig,omitempty"` -} - -// ETCD is an etcd configuration. -type ETCD struct { - // ETCDStorage is the etcd storage configuration. - Storage ETCDStorage `json:"storage"` - // ETCDBackup is the etcd backup configuration. - Backup ETCDBackup `json:"backup"` -} - -// ETCDStorage is an etcd storage configuration. -type ETCDStorage struct { - // ClassName is the name of the storage class used in etcd-main volume claims. - // +optional - ClassName *string `json:"className,omitempty"` - // Capacity is the storage capacity used in etcd-main volume claims. - // +optional - Capacity *resource.Quantity `json:"capacity,omitempty"` -} - -// ETCDBackup is an etcd backup configuration. -type ETCDBackup struct { - // Schedule is the etcd backup schedule. - // +optional - Schedule *string `json:"schedule,omitempty"` -} diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.conversion.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 656f1d737..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,184 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - config "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - healthcheckconfig "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config" - healthcheckconfigv1alpha1 "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config/v1alpha1" - resource "k8s.io/apimachinery/pkg/api/resource" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - componentbaseconfig "k8s.io/component-base/config" - configv1alpha1 "k8s.io/component-base/config/v1alpha1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*ControllerConfiguration)(nil), (*config.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ControllerConfiguration_To_config_ControllerConfiguration(a.(*ControllerConfiguration), b.(*config.ControllerConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ControllerConfiguration)(nil), (*ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(a.(*config.ControllerConfiguration), b.(*ControllerConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ETCD)(nil), (*config.ETCD)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ETCD_To_config_ETCD(a.(*ETCD), b.(*config.ETCD), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ETCD)(nil), (*ETCD)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ETCD_To_v1alpha1_ETCD(a.(*config.ETCD), b.(*ETCD), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ETCDBackup)(nil), (*config.ETCDBackup)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ETCDBackup_To_config_ETCDBackup(a.(*ETCDBackup), b.(*config.ETCDBackup), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ETCDBackup)(nil), (*ETCDBackup)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ETCDBackup_To_v1alpha1_ETCDBackup(a.(*config.ETCDBackup), b.(*ETCDBackup), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ETCDStorage)(nil), (*config.ETCDStorage)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ETCDStorage_To_config_ETCDStorage(a.(*ETCDStorage), b.(*config.ETCDStorage), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ETCDStorage)(nil), (*ETCDStorage)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ETCDStorage_To_v1alpha1_ETCDStorage(a.(*config.ETCDStorage), b.(*ETCDStorage), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_ControllerConfiguration_To_config_ControllerConfiguration(in *ControllerConfiguration, out *config.ControllerConfiguration, s conversion.Scope) error { - out.ClientConnection = (*componentbaseconfig.ClientConnectionConfiguration)(unsafe.Pointer(in.ClientConnection)) - if err := Convert_v1alpha1_ETCD_To_config_ETCD(&in.ETCD, &out.ETCD, s); err != nil { - return err - } - out.HealthCheckConfig = (*healthcheckconfig.HealthCheckConfig)(unsafe.Pointer(in.HealthCheckConfig)) - return nil -} - -// Convert_v1alpha1_ControllerConfiguration_To_config_ControllerConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_ControllerConfiguration_To_config_ControllerConfiguration(in *ControllerConfiguration, out *config.ControllerConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_ControllerConfiguration_To_config_ControllerConfiguration(in, out, s) -} - -func autoConvert_config_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *config.ControllerConfiguration, out *ControllerConfiguration, s conversion.Scope) error { - out.ClientConnection = (*configv1alpha1.ClientConnectionConfiguration)(unsafe.Pointer(in.ClientConnection)) - if err := Convert_config_ETCD_To_v1alpha1_ETCD(&in.ETCD, &out.ETCD, s); err != nil { - return err - } - out.HealthCheckConfig = (*healthcheckconfigv1alpha1.HealthCheckConfig)(unsafe.Pointer(in.HealthCheckConfig)) - return nil -} - -// Convert_config_ControllerConfiguration_To_v1alpha1_ControllerConfiguration is an autogenerated conversion function. -func Convert_config_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *config.ControllerConfiguration, out *ControllerConfiguration, s conversion.Scope) error { - return autoConvert_config_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_ETCD_To_config_ETCD(in *ETCD, out *config.ETCD, s conversion.Scope) error { - if err := Convert_v1alpha1_ETCDStorage_To_config_ETCDStorage(&in.Storage, &out.Storage, s); err != nil { - return err - } - if err := Convert_v1alpha1_ETCDBackup_To_config_ETCDBackup(&in.Backup, &out.Backup, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ETCD_To_config_ETCD is an autogenerated conversion function. -func Convert_v1alpha1_ETCD_To_config_ETCD(in *ETCD, out *config.ETCD, s conversion.Scope) error { - return autoConvert_v1alpha1_ETCD_To_config_ETCD(in, out, s) -} - -func autoConvert_config_ETCD_To_v1alpha1_ETCD(in *config.ETCD, out *ETCD, s conversion.Scope) error { - if err := Convert_config_ETCDStorage_To_v1alpha1_ETCDStorage(&in.Storage, &out.Storage, s); err != nil { - return err - } - if err := Convert_config_ETCDBackup_To_v1alpha1_ETCDBackup(&in.Backup, &out.Backup, s); err != nil { - return err - } - return nil -} - -// Convert_config_ETCD_To_v1alpha1_ETCD is an autogenerated conversion function. -func Convert_config_ETCD_To_v1alpha1_ETCD(in *config.ETCD, out *ETCD, s conversion.Scope) error { - return autoConvert_config_ETCD_To_v1alpha1_ETCD(in, out, s) -} - -func autoConvert_v1alpha1_ETCDBackup_To_config_ETCDBackup(in *ETCDBackup, out *config.ETCDBackup, s conversion.Scope) error { - out.Schedule = (*string)(unsafe.Pointer(in.Schedule)) - return nil -} - -// Convert_v1alpha1_ETCDBackup_To_config_ETCDBackup is an autogenerated conversion function. -func Convert_v1alpha1_ETCDBackup_To_config_ETCDBackup(in *ETCDBackup, out *config.ETCDBackup, s conversion.Scope) error { - return autoConvert_v1alpha1_ETCDBackup_To_config_ETCDBackup(in, out, s) -} - -func autoConvert_config_ETCDBackup_To_v1alpha1_ETCDBackup(in *config.ETCDBackup, out *ETCDBackup, s conversion.Scope) error { - out.Schedule = (*string)(unsafe.Pointer(in.Schedule)) - return nil -} - -// Convert_config_ETCDBackup_To_v1alpha1_ETCDBackup is an autogenerated conversion function. -func Convert_config_ETCDBackup_To_v1alpha1_ETCDBackup(in *config.ETCDBackup, out *ETCDBackup, s conversion.Scope) error { - return autoConvert_config_ETCDBackup_To_v1alpha1_ETCDBackup(in, out, s) -} - -func autoConvert_v1alpha1_ETCDStorage_To_config_ETCDStorage(in *ETCDStorage, out *config.ETCDStorage, s conversion.Scope) error { - out.ClassName = (*string)(unsafe.Pointer(in.ClassName)) - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - return nil -} - -// Convert_v1alpha1_ETCDStorage_To_config_ETCDStorage is an autogenerated conversion function. -func Convert_v1alpha1_ETCDStorage_To_config_ETCDStorage(in *ETCDStorage, out *config.ETCDStorage, s conversion.Scope) error { - return autoConvert_v1alpha1_ETCDStorage_To_config_ETCDStorage(in, out, s) -} - -func autoConvert_config_ETCDStorage_To_v1alpha1_ETCDStorage(in *config.ETCDStorage, out *ETCDStorage, s conversion.Scope) error { - out.ClassName = (*string)(unsafe.Pointer(in.ClassName)) - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - return nil -} - -// Convert_config_ETCDStorage_To_v1alpha1_ETCDStorage is an autogenerated conversion function. -func Convert_config_ETCDStorage_To_v1alpha1_ETCDStorage(in *config.ETCDStorage, out *ETCDStorage, s conversion.Scope) error { - return autoConvert_config_ETCDStorage_To_v1alpha1_ETCDStorage(in, out, s) -} diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.deepcopy.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 8895cf740..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,128 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - healthcheckconfigv1alpha1 "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" - configv1alpha1 "k8s.io/component-base/config/v1alpha1" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.ClientConnection != nil { - in, out := &in.ClientConnection, &out.ClientConnection - *out = new(configv1alpha1.ClientConnectionConfiguration) - **out = **in - } - in.ETCD.DeepCopyInto(&out.ETCD) - if in.HealthCheckConfig != nil { - in, out := &in.HealthCheckConfig, &out.HealthCheckConfig - *out = new(healthcheckconfigv1alpha1.HealthCheckConfig) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfiguration. -func (in *ControllerConfiguration) DeepCopy() *ControllerConfiguration { - if in == nil { - return nil - } - out := new(ControllerConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ControllerConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ETCD) DeepCopyInto(out *ETCD) { - *out = *in - in.Storage.DeepCopyInto(&out.Storage) - in.Backup.DeepCopyInto(&out.Backup) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCD. -func (in *ETCD) DeepCopy() *ETCD { - if in == nil { - return nil - } - out := new(ETCD) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ETCDBackup) DeepCopyInto(out *ETCDBackup) { - *out = *in - if in.Schedule != nil { - in, out := &in.Schedule, &out.Schedule - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCDBackup. -func (in *ETCDBackup) DeepCopy() *ETCDBackup { - if in == nil { - return nil - } - out := new(ETCDBackup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ETCDStorage) DeepCopyInto(out *ETCDStorage) { - *out = *in - if in.ClassName != nil { - in, out := &in.ClassName, &out.ClassName - *out = new(string) - **out = **in - } - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - x := (*in).DeepCopy() - *out = &x - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCDStorage. -func (in *ETCDStorage) DeepCopy() *ETCDStorage { - if in == nil { - return nil - } - out := new(ETCDStorage) - in.DeepCopyInto(out) - return out -} diff --git a/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.defaults.go b/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5db2b64b0..000000000 --- a/controllers/provider-azure/pkg/apis/config/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,32 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/controllers/provider-azure/pkg/apis/config/zz_generated.deepcopy.go b/controllers/provider-azure/pkg/apis/config/zz_generated.deepcopy.go deleted file mode 100644 index 10606b41a..000000000 --- a/controllers/provider-azure/pkg/apis/config/zz_generated.deepcopy.go +++ /dev/null @@ -1,128 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package config - -import ( - healthcheckconfig "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config" - runtime "k8s.io/apimachinery/pkg/runtime" - componentbaseconfig "k8s.io/component-base/config" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.ClientConnection != nil { - in, out := &in.ClientConnection, &out.ClientConnection - *out = new(componentbaseconfig.ClientConnectionConfiguration) - **out = **in - } - in.ETCD.DeepCopyInto(&out.ETCD) - if in.HealthCheckConfig != nil { - in, out := &in.HealthCheckConfig, &out.HealthCheckConfig - *out = new(healthcheckconfig.HealthCheckConfig) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfiguration. -func (in *ControllerConfiguration) DeepCopy() *ControllerConfiguration { - if in == nil { - return nil - } - out := new(ControllerConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ControllerConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ETCD) DeepCopyInto(out *ETCD) { - *out = *in - in.Storage.DeepCopyInto(&out.Storage) - in.Backup.DeepCopyInto(&out.Backup) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCD. -func (in *ETCD) DeepCopy() *ETCD { - if in == nil { - return nil - } - out := new(ETCD) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ETCDBackup) DeepCopyInto(out *ETCDBackup) { - *out = *in - if in.Schedule != nil { - in, out := &in.Schedule, &out.Schedule - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCDBackup. -func (in *ETCDBackup) DeepCopy() *ETCDBackup { - if in == nil { - return nil - } - out := new(ETCDBackup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ETCDStorage) DeepCopyInto(out *ETCDStorage) { - *out = *in - if in.ClassName != nil { - in, out := &in.ClassName, &out.ClassName - *out = new(string) - **out = **in - } - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - x := (*in).DeepCopy() - *out = &x - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCDStorage. -func (in *ETCDStorage) DeepCopy() *ETCDStorage { - if in == nil { - return nil - } - out := new(ETCDStorage) - in.DeepCopyInto(out) - return out -} diff --git a/controllers/provider-azure/pkg/azure/client/storage.go b/controllers/provider-azure/pkg/azure/client/storage.go deleted file mode 100644 index a80df0cd7..000000000 --- a/controllers/provider-azure/pkg/azure/client/storage.go +++ /dev/null @@ -1,241 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package client - -import ( - "context" - "fmt" - "net/url" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources" - "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-04-01/storage" - "github.com/Azure/azure-storage-blob-go/azblob" - "github.com/Azure/go-autorest/autorest/azure/auth" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// NewStorageClientAuthFromSubscriptionSecretRef retrieves the azure storage client auth from specified by the secret reference. -func NewStorageClientAuthFromSubscriptionSecretRef(ctx context.Context, c client.Client, secretRef *corev1.SecretReference, resourceGroupName, accountName, region string) (*StorageAuth, error) { - // Reference : https://github.com/Azure-Samples/azure-sdk-for-go-samples/blob/master/storage/account.go - clientAuth, err := internal.GetClientAuthData(ctx, c, *secretRef) - if err != nil { - return nil, err - } - - groupsClient := resources.NewGroupsClient(clientAuth.SubscriptionID) - clientCredConfig := auth.NewClientCredentialsConfig(clientAuth.ClientID, clientAuth.ClientSecret, clientAuth.TenantID) - authorizer, err := clientCredConfig.Authorizer() - if err != nil { - return nil, err - } - groupsClient.Authorizer = authorizer - if _, err := groupsClient.CreateOrUpdate(ctx, resourceGroupName, resources.Group{ - Location: ®ion, - }); err != nil { - return nil, err - } - - storageAccountClient := storage.NewAccountsClient(clientAuth.SubscriptionID) - storageAccountClient.Authorizer = authorizer - future, err := storageAccountClient.Create(ctx, resourceGroupName, accountName, storage.AccountCreateParameters{ - Sku: &storage.Sku{ - Name: storage.StandardLRS, - }, - Kind: storage.BlobStorage, - Location: ®ion, - AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{ - AccessTier: storage.Cool, - }, - }) - if err != nil { - return nil, err - } - - if err := future.WaitForCompletionRef(ctx, storageAccountClient.Client); err != nil { - return nil, err - } - - keysResponse, err := storageAccountClient.ListKeys(ctx, resourceGroupName, accountName) - if err != nil { - return nil, err - } - - key := (*keysResponse.Keys)[0] - - return &StorageAuth{ - StorageAccount: []byte(accountName), - StorageKey: []byte(*key.Value), - }, nil -} - -// DeleteResourceGroupFromSubscriptionSecretRef deletes the resource group using subscription details from secretRef . -func DeleteResourceGroupFromSubscriptionSecretRef(ctx context.Context, c client.Client, secretRef *corev1.SecretReference, resourceGroupName string) error { - clientAuth, err := internal.GetClientAuthData(ctx, c, *secretRef) - if err != nil { - return err - } - - groupsClient := resources.NewGroupsClient(clientAuth.SubscriptionID) - clientCredConfig := auth.NewClientCredentialsConfig(clientAuth.ClientID, clientAuth.ClientSecret, clientAuth.TenantID) - authorizer, err := clientCredConfig.Authorizer() - if err != nil { - return err - } - groupsClient.Authorizer = authorizer - - _, err = groupsClient.Delete(ctx, resourceGroupName) - return err -} - -// NewStorageClientFromSecretRef retrieves the azure client from specified by the secret reference. -func NewStorageClientFromSecretRef(ctx context.Context, c client.Client, secretRef *corev1.SecretReference) (*StorageClient, error) { - secret, err := extensionscontroller.GetSecretByReference(ctx, c, secretRef) - if err != nil { - return nil, err - } - - storageAuth, err := ReadStorageClientAuthDataFromSecret(secret) - if err != nil { - return nil, err - } - - return NewStorageClientFromStorageAuth(storageAuth) -} - -// ReadStorageClientAuthDataFromSecret reads the storage client auth details from the given secret. -func ReadStorageClientAuthDataFromSecret(secret *corev1.Secret) (*StorageAuth, error) { - storageAccount, ok := secret.Data[azure.StorageAccount] - if !ok { - return nil, fmt.Errorf("secret %s/%s doesn't have a storage account", secret.Namespace, secret.Name) - } - - storageKey, ok := secret.Data[azure.StorageKey] - if !ok { - return nil, fmt.Errorf("secret %s/%s doesn't have a storage key", secret.Namespace, secret.Name) - } - - return &StorageAuth{ - StorageAccount: storageAccount, - StorageKey: storageKey, - }, nil -} - -// NewStorageClientFromStorageAuth create the storage client from storage auth. -func NewStorageClientFromStorageAuth(storageAuth *StorageAuth) (*StorageClient, error) { - credentials, err := azblob.NewSharedKeyCredential(string(storageAuth.StorageAccount), string(storageAuth.StorageKey)) - if err != nil { - return nil, fmt.Errorf("failed to create shared key credentials: %v", err) - } - - p := azblob.NewPipeline(credentials, azblob.PipelineOptions{ - Retry: azblob.RetryOptions{ - Policy: azblob.RetryPolicyExponential, - }, - }) - - u, err := url.Parse(fmt.Sprintf("https://%s.%s", storageAuth.StorageAccount, azure.AzureBlobStorageHostName)) - if err != nil { - return nil, fmt.Errorf("failed to parse service url: %v", err) - } - - serviceURL := azblob.NewServiceURL(*u, p) - - return &StorageClient{ - serviceURL: serviceURL, - }, nil -} - -// DeleteObjectsWithPrefix deletes the blob objects with the specific from . If it does not exist, -// no error is returned. -func (c *StorageClient) DeleteObjectsWithPrefix(ctx context.Context, container, prefix string) error { - containerURL := c.serviceURL.NewContainerURL(container) - opts := azblob.ListBlobsSegmentOptions{ - Details: azblob.BlobListingDetails{ - Deleted: true, - }, - Prefix: prefix, - } - for marker := (azblob.Marker{}); marker.NotDone(); { - // Get a result segment starting with the blob indicated by the current Marker. - listBlob, err := containerURL.ListBlobsFlatSegment(ctx, marker, opts) - if err != nil { - return fmt.Errorf("failed to list the blobs, error: %v", err) - } - marker = listBlob.NextMarker - - // Process the blobs returned in this result segment - for _, blob := range listBlob.Segment.BlobItems { - if err := c.deleteBlobIfExists(ctx, container, blob.Name); err != nil { - return err - } - } - } - return nil -} - -// deleteBlobIfExists deletes the azure blob with name from . If it does not exist, -// no error is returned. -func (c *StorageClient) deleteBlobIfExists(ctx context.Context, container, blobName string) error { - blockBlobURL := c.serviceURL.NewContainerURL(container).NewBlockBlobURL(blobName) - if _, err := blockBlobURL.Delete(ctx, azblob.DeleteSnapshotsOptionInclude, azblob.BlobAccessConditions{}); err != nil { - if stgErr, ok := err.(azblob.StorageError); ok { - switch stgErr.ServiceCode() { - case azblob.ServiceCodeBlobNotFound: - return nil - } - } - return err - } - return nil -} - -// CreateContainerIfNotExists creates the azure blob container with name . If it already exist, -// no error is returned. -func (c *StorageClient) CreateContainerIfNotExists(ctx context.Context, container string) error { - containerURL := c.serviceURL.NewContainerURL(container) - if _, err := containerURL.Create(ctx, nil, azblob.PublicAccessNone); err != nil { - if stgErr, ok := err.(azblob.StorageError); ok { - switch stgErr.ServiceCode() { - case azblob.ServiceCodeContainerAlreadyExists: - return nil - } - } - return err - } - return nil -} - -// DeleteContainerIfExists deletes the azure blob container with name . If it does not exist, -// no error is returned. -func (c *StorageClient) DeleteContainerIfExists(ctx context.Context, container string) error { - containerURL := c.serviceURL.NewContainerURL(container) - if _, err := containerURL.Delete(ctx, azblob.ContainerAccessConditions{}); err != nil { - if stgErr, ok := err.(azblob.StorageError); ok { - switch stgErr.ServiceCode() { - case azblob.ServiceCodeContainerNotFound: - return nil - case azblob.ServiceCodeContainerBeingDeleted: - return nil - } - } - return err - } - return nil -} diff --git a/controllers/provider-azure/pkg/azure/client/types.go b/controllers/provider-azure/pkg/azure/client/types.go deleted file mode 100644 index f688292bf..000000000 --- a/controllers/provider-azure/pkg/azure/client/types.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package client - -import ( - "context" - - "github.com/Azure/azure-storage-blob-go/azblob" -) - -// StorageAuth represents a Azure storage auth. -type StorageAuth struct { - // StorageAccount is the data field in a secret where the storage account is stored at. - StorageAccount []byte - // StorageKey is the data field in a secret where the storage key is stored at. - StorageKey []byte -} - -// StorageClient represents a Azure storage client. -type StorageClient struct { - // serviceURL is azure storage serviceURL object configured with storage credentials and pipeline. - serviceURL azblob.ServiceURL -} - -// Storage represents a Azure storage client. -type Storage interface { - DeleteObjectsWithPrefix(ctx context.Context, container, prefix string) error - CreateContainerIfNotExists(ctx context.Context, container string) error - DeleteContainerIfExists(ctx context.Context, container string) error -} diff --git a/controllers/provider-azure/pkg/azure/predicate.go b/controllers/provider-azure/pkg/azure/predicate.go deleted file mode 100644 index 451145859..000000000 --- a/controllers/provider-azure/pkg/azure/predicate.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -// Type is the type of resources managed by the Azure actuator. -const Type = "azure" diff --git a/controllers/provider-azure/pkg/azure/types.go b/controllers/provider-azure/pkg/azure/types.go deleted file mode 100644 index 0e5266213..000000000 --- a/controllers/provider-azure/pkg/azure/types.go +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package azure - -import "path/filepath" - -const ( - // Name is the name of the Azure provider. - Name = "provider-azure" - // StorageProviderName is the name of the Azure storage provider. - StorageProviderName = "ABS" - - // TerraformerImageName is the name of the Terraformer image. - TerraformerImageName = "terraformer" - // MachineControllerManagerImageName is the name of the MachineControllerManager image. - MachineControllerManagerImageName = "machine-controller-manager" - // ETCDBackupRestoreImageName is the name of the etcd backup and restore image. - ETCDBackupRestoreImageName = "etcd-backup-restore" - - // MachineControllerManagerName is a constant for the name of the machine-controller-manager. - MachineControllerManagerName = "machine-controller-manager" - // CloudControllerManagerImageName is the name of the cloud-controller-manager image. - CloudControllerManagerImageName = "cloud-controller-manager" - - // SubscriptionIDKey is the key for the subscription ID. - SubscriptionIDKey = "subscriptionID" - // TenantIDKey is the key for the tenant ID. - TenantIDKey = "tenantID" - // ClientIDKey is the key for the client ID. - ClientIDKey = "clientID" - // ClientSecretKey is the key for the client secret. - ClientSecretKey = "clientSecret" - - // StorageAccount is a constant for the key in a cloud provider secret and backup secret that holds the Azure account name. - StorageAccount = "storageAccount" - // StorageKey is a constant for the key in a cloud provider secret and backup secret that holds the Azure secret storage access key. - StorageKey = "storageKey" - - // AzureBlobStorageHostName is the host name for azure blob storage service. - AzureBlobStorageHostName = "blob.core.windows.net" - - // BucketName is a constant for the key in a backup secret that holds the bucket name. - // The bucket name is written to the backup secret by Gardener as a temporary solution. - // TODO In the future, the bucket name should come from a BackupBucket resource (see https://github.com/gardener/gardener/blob/master/docs/proposals/02-backupinfra.md) - BucketName = "bucketName" - - // CloudProviderConfigName is the name of the configmap containing the cloud provider config. - CloudProviderConfigName = "cloud-provider-config" - // CloudProviderKubeletConfigName is the name of the configmap containing the cloud provider config for the shoot nodes. - CloudProviderKubeletConfigName = "cloud-provider-kubelet-config" - // CloudProviderConfigMapKey is the key storing the cloud provider config as value in the cloud provider configmap. - CloudProviderConfigMapKey = "cloudprovider.conf" - // BackupSecretName is the name of the secret containing the credentials for storing the backups of Shoot clusters. - BackupSecretName = "etcd-backup" - // MachineControllerManagerVpaName is the name of the VerticalPodAutoscaler of the machine-controller-manager deployment. - MachineControllerManagerVpaName = "machine-controller-manager-vpa" - // MachineControllerManagerMonitoringConfigName is the name of the ConfigMap containing monitoring stack configurations for machine-controller-manager. - MachineControllerManagerMonitoringConfigName = "machine-controller-manager-monitoring-config" - // CloudControllerManagerName is a constant for the name of the CloudController deployed by the worker controller. - CloudControllerManagerName = "cloud-controller-manager" -) - -var ( - // ChartsPath is the path to the charts - ChartsPath = filepath.Join("controllers", Name, "charts") - // InternalChartsPath is the path to the internal charts - InternalChartsPath = filepath.Join(ChartsPath, "internal") -) diff --git a/controllers/provider-azure/pkg/cmd/config.go b/controllers/provider-azure/pkg/cmd/config.go deleted file mode 100644 index e94f4b7c2..000000000 --- a/controllers/provider-azure/pkg/cmd/config.go +++ /dev/null @@ -1,96 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - "fmt" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - configloader "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config/loader" - healthcheckconfig "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config" - - "github.com/spf13/pflag" -) - -// ConfigOptions are command line options that can be set for config.ControllerConfiguration. -type ConfigOptions struct { - // Kubeconfig is the path to a kubeconfig. - ConfigFilePath string - - config *Config -} - -// Config is a completed controller configuration. -type Config struct { - // Config is the controller configuration. - Config *config.ControllerConfiguration -} - -func (c *ConfigOptions) buildConfig() (*config.ControllerConfiguration, error) { - if len(c.ConfigFilePath) == 0 { - return nil, fmt.Errorf("config file path not set") - } - return configloader.LoadFromFile(c.ConfigFilePath) -} - -// Complete implements RESTCompleter.Complete. -func (c *ConfigOptions) Complete() error { - config, err := c.buildConfig() - if err != nil { - return err - } - - c.config = &Config{config} - return nil -} - -// Completed returns the completed Config. Only call this if `Complete` was successful. -func (c *ConfigOptions) Completed() *Config { - return c.config -} - -// AddFlags implements Flagger.AddFlags. -func (c *ConfigOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringVar(&c.ConfigFilePath, "config-file", "", "path to the controller manager configuration file") -} - -// Apply sets the values of this Config in the given config.ControllerConfiguration. -func (c *Config) Apply(cfg *config.ControllerConfiguration) { - *cfg = *c.Config -} - -// ApplyETCDStorage sets the given etcd storage configuration to that of this Config. -func (c *Config) ApplyETCDStorage(etcdStorage *config.ETCDStorage) { - *etcdStorage = c.Config.ETCD.Storage -} - -// ApplyETCDBackup sets the given etcd backup configuration to that of this Config. -func (c *Config) ApplyETCDBackup(etcdBackup *config.ETCDBackup) { - *etcdBackup = c.Config.ETCD.Backup -} - -// Options initializes empty config.ControllerConfiguration, applies the set values and returns it. -func (c *Config) Options() config.ControllerConfiguration { - var cfg config.ControllerConfiguration - c.Apply(&cfg) - return cfg -} - -// ApplyHealthCheckConfig applies the HealthCheckConfig to the config -func (c *Config) ApplyHealthCheckConfig(config *healthcheckconfig.HealthCheckConfig) { - if c.Config.HealthCheckConfig != nil { - *config = *c.Config.HealthCheckConfig - } -} diff --git a/controllers/provider-azure/pkg/cmd/options.go b/controllers/provider-azure/pkg/cmd/options.go deleted file mode 100644 index a1148c137..000000000 --- a/controllers/provider-azure/pkg/cmd/options.go +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package cmd - -import ( - backupbucketcontroller "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/backupbucket" - backupentrycontroller "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/backupentry" - controlplanecontroller "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/controlplane" - healthcheckcontroller "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/healthcheck" - infrastructurecontroller "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/infrastructure" - workercontroller "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/worker" - controlplanewebhook "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/webhook/controlplane" - controlplanebackupwebhook "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/webhook/controlplanebackup" - controlplaneexposurewebhook "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/webhook/controlplaneexposure" - networkwebhook "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/webhook/network" - extensionsbackupbucketcontroller "github.com/gardener/gardener-extensions/pkg/controller/backupbucket" - extensionsbackupentrycontroller "github.com/gardener/gardener-extensions/pkg/controller/backupentry" - controllercmd "github.com/gardener/gardener-extensions/pkg/controller/cmd" - extensionscontrolplanecontroller "github.com/gardener/gardener-extensions/pkg/controller/controlplane" - extensionshealthcheckcontroller "github.com/gardener/gardener-extensions/pkg/controller/healthcheck" - extensionsinfrastructurecontroller "github.com/gardener/gardener-extensions/pkg/controller/infrastructure" - extensionsworkercontroller "github.com/gardener/gardener-extensions/pkg/controller/worker" - webhookcmd "github.com/gardener/gardener-extensions/pkg/webhook/cmd" - extensioncontrolplanewebhook "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - extensionnetworkwebhook "github.com/gardener/gardener-extensions/pkg/webhook/network" -) - -// ControllerSwitchOptions are the controllercmd.SwitchOptions for the provider controllers. -func ControllerSwitchOptions() *controllercmd.SwitchOptions { - return controllercmd.NewSwitchOptions( - controllercmd.Switch(extensionsbackupbucketcontroller.ControllerName, backupbucketcontroller.AddToManager), - controllercmd.Switch(extensionsbackupentrycontroller.ControllerName, backupentrycontroller.AddToManager), - controllercmd.Switch(extensionscontrolplanecontroller.ControllerName, controlplanecontroller.AddToManager), - controllercmd.Switch(extensionsinfrastructurecontroller.ControllerName, infrastructurecontroller.AddToManager), - controllercmd.Switch(extensionsworkercontroller.ControllerName, workercontroller.AddToManager), - controllercmd.Switch(extensionshealthcheckcontroller.ControllerName, healthcheckcontroller.AddToManager), - ) -} - -// WebhookSwitchOptions are the webhookcmd.SwitchOptions for the provider webhooks. -func WebhookSwitchOptions() *webhookcmd.SwitchOptions { - return webhookcmd.NewSwitchOptions( - webhookcmd.Switch(extensionnetworkwebhook.WebhookName, networkwebhook.AddToManager), - webhookcmd.Switch(extensioncontrolplanewebhook.WebhookName, controlplanewebhook.AddToManager), - webhookcmd.Switch(extensioncontrolplanewebhook.ExposureWebhookName, controlplaneexposurewebhook.AddToManager), - webhookcmd.Switch(extensioncontrolplanewebhook.BackupWebhookName, controlplanebackupwebhook.AddToManager), - ) -} diff --git a/controllers/provider-azure/pkg/controller/backupbucket/actuator.go b/controllers/provider-azure/pkg/controller/backupbucket/actuator.go deleted file mode 100644 index e7df86f7b..000000000 --- a/controllers/provider-azure/pkg/controller/backupbucket/actuator.go +++ /dev/null @@ -1,135 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package backupbucket - -import ( - "context" - "fmt" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - azureclient "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure/client" - extensioncontroller "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/controller/backupbucket" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/gardener/gardener/pkg/utils" - "github.com/go-logr/logr" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/util/retry" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - "sigs.k8s.io/controller-runtime/pkg/log" -) - -type actuator struct { - backupbucket.Actuator - client client.Client - logger logr.Logger -} - -func newActuator() backupbucket.Actuator { - return &actuator{ - logger: log.Log.WithName("azure-backupbucket-actuator"), - } -} - -func (a *actuator) InjectClient(client client.Client) error { - a.client = client - return nil -} - -func (a *actuator) Reconcile(ctx context.Context, bb *extensionsv1alpha1.BackupBucket) error { - azureClient, err := a.getAzureClient(ctx, bb) - if err != nil { - return err - } - - return azureClient.CreateContainerIfNotExists(ctx, bb.Name) -} - -func (a *actuator) Delete(ctx context.Context, bb *extensionsv1alpha1.BackupBucket) error { - azureClient, err := a.getAzureClient(ctx, bb) - if err != nil { - return err - } - - if err := azureClient.DeleteContainerIfExists(ctx, bb.Name); err != nil { - return err - } - - return a.deleteGenerateBackupBucketSecret(ctx, bb) -} - -func (a *actuator) getAzureClient(ctx context.Context, bb *extensionsv1alpha1.BackupBucket) (*azureclient.StorageClient, error) { - if bb.Status.GeneratedSecretRef != nil { - return azureclient.NewStorageClientFromSecretRef(ctx, a.client, bb.Status.GeneratedSecretRef) - } - backupBucketNameSha := utils.ComputeSHA1Hex([]byte(bb.Name)) - storageAccountName := fmt.Sprintf("bkp%s", backupBucketNameSha[:15]) - storageAuth, err := azureclient.NewStorageClientAuthFromSubscriptionSecretRef(ctx, a.client, &bb.Spec.SecretRef, bb.Name, storageAccountName, bb.Spec.Region) - if err != nil { - return nil, err - } - generatedSecret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: generateGeneratedBackupBucketSecretName(bb.Name), - Namespace: "garden", - }, - } - - if _, err := controllerutil.CreateOrUpdate(ctx, a.client, generatedSecret, func() error { - generatedSecret.Data = map[string][]byte{ - azure.StorageAccount: storageAuth.StorageAccount, - azure.StorageKey: storageAuth.StorageKey, - } - return nil - }); err != nil { - return nil, err - } - - if err := extensioncontroller.TryUpdateStatus(ctx, retry.DefaultBackoff, a.client, bb, func() error { - bb.Status.GeneratedSecretRef = &corev1.SecretReference{ - Name: generatedSecret.Name, - Namespace: generatedSecret.Namespace, - } - return nil - }); err != nil { - return nil, err - } - - return azureclient.NewStorageClientFromStorageAuth(storageAuth) -} - -func generateGeneratedBackupBucketSecretName(backupBucketName string) string { - return fmt.Sprintf("generated-bucket-%s", backupBucketName) -} - -// deleteGenerateBackupBucketSecret deletes generated secret referred by core BackupBucket resource in garden. -func (a *actuator) deleteGenerateBackupBucketSecret(ctx context.Context, bb *extensionsv1alpha1.BackupBucket) error { - if bb.Status.GeneratedSecretRef != nil { - if err := azureclient.DeleteResourceGroupFromSubscriptionSecretRef(ctx, a.client, &bb.Spec.SecretRef, bb.Name); err != nil { - return err - } - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: bb.Status.GeneratedSecretRef.Name, - Namespace: bb.Status.GeneratedSecretRef.Namespace, - }, - } - return client.IgnoreNotFound(a.client.Delete(ctx, secret)) - } - return nil -} diff --git a/controllers/provider-azure/pkg/controller/backupbucket/add.go b/controllers/provider-azure/pkg/controller/backupbucket/add.go deleted file mode 100644 index 90d700f90..000000000 --- a/controllers/provider-azure/pkg/controller/backupbucket/add.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package backupbucket - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/pkg/controller/backupbucket" - - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} -) - -// AddOptions are options to apply when adding the Azure backupbucket controller to the manager. -type AddOptions struct { - // Controller are the controller.Options. - Controller controller.Options - // IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not. - IgnoreOperationAnnotation bool -} - -// AddToManagerWithOptions adds a controller with the given Options to the given manager. -// The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - return backupbucket.Add(mgr, backupbucket.AddArgs{ - Actuator: newActuator(), - ControllerOptions: opts.Controller, - Predicates: backupbucket.DefaultPredicates(opts.IgnoreOperationAnnotation), - Type: azure.Type, - }) -} - -// AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/controller/backupentry/actuator.go b/controllers/provider-azure/pkg/controller/backupentry/actuator.go deleted file mode 100644 index 7973cca06..000000000 --- a/controllers/provider-azure/pkg/controller/backupentry/actuator.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package backupentry - -import ( - "context" - "fmt" - - azureclient "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure/client" - "github.com/gardener/gardener-extensions/pkg/controller/backupentry/genericactuator" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/go-logr/logr" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -type actuator struct { - client client.Client - logger logr.Logger -} - -func newActuator() genericactuator.BackupEntryDelegate { - return &actuator{ - logger: logger, - } -} - -func (a *actuator) InjectClient(client client.Client) error { - a.client = client - return nil -} - -func (a *actuator) GetETCDSecretData(ctx context.Context, be *extensionsv1alpha1.BackupEntry, backupSecretData map[string][]byte) (map[string][]byte, error) { - return backupSecretData, nil -} - -func (a *actuator) Delete(ctx context.Context, be *extensionsv1alpha1.BackupEntry) error { - azureClient, err := azureclient.NewStorageClientFromSecretRef(ctx, a.client, &be.Spec.SecretRef) - if err != nil { - return err - } - - return azureClient.DeleteObjectsWithPrefix(ctx, be.Spec.BucketName, fmt.Sprintf("%s/", be.Name)) -} diff --git a/controllers/provider-azure/pkg/controller/backupentry/add.go b/controllers/provider-azure/pkg/controller/backupentry/add.go deleted file mode 100644 index 2005247b9..000000000 --- a/controllers/provider-azure/pkg/controller/backupentry/add.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package backupentry - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/pkg/controller/backupentry" - "github.com/gardener/gardener-extensions/pkg/controller/backupentry/genericactuator" - - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} - - logger = log.Log.WithName("azure-backupentry-actuator") -) - -// AddOptions are options to apply when adding the Azure backupentry controller to the manager. -type AddOptions struct { - // Controller are the controller.Options. - Controller controller.Options - // IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not. - IgnoreOperationAnnotation bool -} - -// AddToManagerWithOptions adds a controller with the given Options to the given manager. -// The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - return backupentry.Add(mgr, backupentry.AddArgs{ - Actuator: genericactuator.NewActuator(newActuator(), logger), - ControllerOptions: opts.Controller, - Predicates: backupentry.DefaultPredicates(opts.IgnoreOperationAnnotation), - Type: azure.Type, - }) -} - -// AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/controller/controlplane/add.go b/controllers/provider-azure/pkg/controller/controlplane/add.go deleted file mode 100644 index 4d9427d17..000000000 --- a/controllers/provider-azure/pkg/controller/controlplane/add.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/imagevector" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/controller/controlplane" - "github.com/gardener/gardener-extensions/pkg/controller/controlplane/genericactuator" - "github.com/gardener/gardener-extensions/pkg/util" - - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} - - logger = log.Log.WithName("azure-controlplane-controller") -) - -// AddOptions are options to apply when adding the Azure controlplane controller to the manager. -type AddOptions struct { - // Controller are the controller.Options. - Controller controller.Options - // IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not. - IgnoreOperationAnnotation bool -} - -// AddToManagerWithOptions adds a controller with the given Options to the given manager. -// The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - return controlplane.Add(mgr, controlplane.AddArgs{ - Actuator: genericactuator.NewActuator(azure.Name, controlPlaneSecrets, nil, configChart, ccmChart, ccmShootChart, - storageClassChart, nil, NewValuesProvider(logger), extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), - imagevector.ImageVector(), azure.CloudProviderConfigName, nil, mgr.GetWebhookServer().Port, logger), - ControllerOptions: opts.Controller, - Predicates: controlplane.DefaultPredicates(opts.IgnoreOperationAnnotation), - Type: azure.Type, - }) -} - -// AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/controller/controlplane/controlplane_suite_test.go b/controllers/provider-azure/pkg/controller/controlplane/controlplane_suite_test.go deleted file mode 100644 index d49aa4eff..000000000 --- a/controllers/provider-azure/pkg/controller/controlplane/controlplane_suite_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane_test - -import ( - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func TestControlplane(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Controlplane Suite") -} diff --git a/controllers/provider-azure/pkg/controller/controlplane/valuesprovider.go b/controllers/provider-azure/pkg/controller/controlplane/valuesprovider.go deleted file mode 100644 index 1f3c326ae..000000000 --- a/controllers/provider-azure/pkg/controller/controlplane/valuesprovider.go +++ /dev/null @@ -1,280 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -import ( - "context" - "path/filepath" - - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - azureapihelper "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/controller/controlplane" - "github.com/gardener/gardener-extensions/pkg/controller/controlplane/genericactuator" - "github.com/gardener/gardener-extensions/pkg/util" - - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/gardener/gardener/pkg/utils/chart" - "github.com/gardener/gardener/pkg/utils/secrets" - "github.com/go-logr/logr" - "github.com/pkg/errors" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apiserver/pkg/authentication/user" -) - -// Object names -const ( - cloudControllerManagerDeploymentName = "cloud-controller-manager" - cloudControllerManagerServerName = "cloud-controller-manager-server" -) - -var controlPlaneSecrets = &secrets.Secrets{ - CertificateSecretConfigs: map[string]*secrets.CertificateSecretConfig{ - v1beta1constants.SecretNameCACluster: { - Name: v1beta1constants.SecretNameCACluster, - CommonName: "kubernetes", - CertType: secrets.CACert, - }, - }, - SecretConfigsFunc: func(cas map[string]*secrets.Certificate, clusterName string) []secrets.ConfigInterface { - return []secrets.ConfigInterface{ - &secrets.ControlPlaneSecretConfig{ - CertificateSecretConfig: &secrets.CertificateSecretConfig{ - Name: cloudControllerManagerDeploymentName, - CommonName: "system:cloud-controller-manager", - Organization: []string{user.SystemPrivilegedGroup}, - CertType: secrets.ClientCert, - SigningCA: cas[v1beta1constants.SecretNameCACluster], - }, - KubeConfigRequest: &secrets.KubeConfigRequest{ - ClusterName: clusterName, - APIServerURL: v1beta1constants.DeploymentNameKubeAPIServer, - }, - }, - &secrets.ControlPlaneSecretConfig{ - CertificateSecretConfig: &secrets.CertificateSecretConfig{ - Name: cloudControllerManagerServerName, - CommonName: cloudControllerManagerDeploymentName, - DNSNames: controlplane.DNSNamesForService(cloudControllerManagerDeploymentName, clusterName), - CertType: secrets.ServerCert, - SigningCA: cas[v1beta1constants.SecretNameCACluster], - }, - }, - } - }, -} - -var configChart = &chart.Chart{ - Name: "cloud-provider-config", - Path: filepath.Join(internal.InternalChartsPath, "cloud-provider-config"), - Objects: []*chart.Object{ - { - Type: &corev1.ConfigMap{}, - Name: azure.CloudProviderConfigName, - }, - { - Type: &corev1.ConfigMap{}, - Name: azure.CloudProviderKubeletConfigName, - }, - }, -} - -var ccmChart = &chart.Chart{ - Name: "cloud-controller-manager", - Path: filepath.Join(internal.InternalChartsPath, "cloud-controller-manager"), - Images: []string{azure.CloudControllerManagerImageName}, - Objects: []*chart.Object{ - {Type: &corev1.Service{}, Name: "cloud-controller-manager"}, - {Type: &appsv1.Deployment{}, Name: "cloud-controller-manager"}, - {Type: &corev1.ConfigMap{}, Name: "cloud-controller-manager-monitoring-config"}, - }, -} - -var ccmShootChart = &chart.Chart{ - Name: "cloud-controller-manager-shoot", - Path: filepath.Join(internal.InternalChartsPath, "cloud-controller-manager-shoot"), - Objects: []*chart.Object{ - {Type: &rbacv1.ClusterRole{}, Name: "system:controller:cloud-node-controller"}, - {Type: &rbacv1.ClusterRoleBinding{}, Name: "system:controller:cloud-node-controller"}, - }, -} - -var storageClassChart = &chart.Chart{ - Name: "shoot-storageclasses", - Path: filepath.Join(internal.InternalChartsPath, "shoot-storageclasses"), -} - -// NewValuesProvider creates a new ValuesProvider for the generic actuator. -func NewValuesProvider(logger logr.Logger) genericactuator.ValuesProvider { - return &valuesProvider{ - logger: logger.WithName("azure-values-provider"), - } -} - -// valuesProvider is a ValuesProvider that provides azure-specific values for the 2 charts applied by the generic actuator. -type valuesProvider struct { - genericactuator.NoopValuesProvider - logger logr.Logger -} - -// GetConfigChartValues returns the values for the config chart applied by the generic actuator. -func (vp *valuesProvider) GetConfigChartValues( - ctx context.Context, - cp *extensionsv1alpha1.ControlPlane, - cluster *extensionscontroller.Cluster, -) (map[string]interface{}, error) { - // Decode providerConfig - cpConfig := &apisazure.ControlPlaneConfig{} - if cp.Spec.ProviderConfig != nil { - if _, _, err := vp.Decoder().Decode(cp.Spec.ProviderConfig.Raw, nil, cpConfig); err != nil { - return nil, errors.Wrapf(err, "could not decode providerConfig of controlplane '%s'", util.ObjectName(cp)) - } - } - - // Decode infrastructureProviderStatus - infraStatus := &apisazure.InfrastructureStatus{} - if _, _, err := vp.Decoder().Decode(cp.Spec.InfrastructureProviderStatus.Raw, nil, infraStatus); err != nil { - return nil, errors.Wrapf(err, "could not decode infrastructureProviderStatus of controlplane '%s'", util.ObjectName(cp)) - } - - // Get client auth - auth, err := internal.GetClientAuthData(ctx, vp.Client(), cp.Spec.SecretRef) - if err != nil { - return nil, errors.Wrapf(err, "could not get service account from secret '%s/%s'", cp.Spec.SecretRef.Namespace, cp.Spec.SecretRef.Name) - } - - // Get config chart values - return getConfigChartValues(infraStatus, cp, cluster, auth) -} - -// GetControlPlaneChartValues returns the values for the control plane chart applied by the generic actuator. -func (vp *valuesProvider) GetControlPlaneChartValues( - ctx context.Context, - cp *extensionsv1alpha1.ControlPlane, - cluster *extensionscontroller.Cluster, - checksums map[string]string, - scaledDown bool, -) (map[string]interface{}, error) { - // Decode providerConfig - cpConfig := &apisazure.ControlPlaneConfig{} - if cp.Spec.ProviderConfig != nil { - if _, _, err := vp.Decoder().Decode(cp.Spec.ProviderConfig.Raw, nil, cpConfig); err != nil { - return nil, errors.Wrapf(err, "could not decode providerConfig of controlplane '%s'", util.ObjectName(cp)) - } - } - - // Get CCM chart values - return getCCMChartValues(cpConfig, cp, cluster, checksums, scaledDown) -} - -// getConfigChartValues collects and returns the configuration chart values. -func getConfigChartValues( - infraStatus *apisazure.InfrastructureStatus, - cp *extensionsv1alpha1.ControlPlane, - cluster *extensionscontroller.Cluster, - ca *internal.ClientAuth, -) (map[string]interface{}, error) { - subnetName, routeTableName, securityGroupName, err := getInfraNames(infraStatus) - if err != nil { - return nil, errors.Wrapf(err, "could not determine subnet, availability set, route table or security group name from infrastructureStatus of controlplane '%s'", util.ObjectName(cp)) - } - - var maxNodes int32 - for _, worker := range cluster.Shoot.Spec.Provider.Workers { - maxNodes = maxNodes + worker.Maximum - } - - // Collect config chart values. - values := map[string]interface{}{ - "kubernetesVersion": cluster.Shoot.Spec.Kubernetes.Version, - "tenantId": ca.TenantID, - "subscriptionId": ca.SubscriptionID, - "aadClientId": ca.ClientID, - "aadClientSecret": ca.ClientSecret, - "resourceGroup": infraStatus.ResourceGroup.Name, - "vnetName": infraStatus.Networks.VNet.Name, - "subnetName": subnetName, - "routeTableName": routeTableName, - "securityGroupName": securityGroupName, - "region": cp.Spec.Region, - "maxNodes": maxNodes, - } - - if infraStatus.Networks.VNet.ResourceGroup != nil { - values["vnetResourceGroup"] = *infraStatus.Networks.VNet.ResourceGroup - } - - // Add AvailabilitySet config if the cluster is not zoned. - if !infraStatus.Zoned { - nodesAvailabilitySet, err := azureapihelper.FindAvailabilitySetByPurpose(infraStatus.AvailabilitySets, apisazure.PurposeNodes) - if err != nil { - return nil, errors.Wrapf(err, "could not determine availability set for purpose 'nodes'") - } - values["availabilitySetName"] = nodesAvailabilitySet.Name - } - - return values, nil -} - -// getCCMChartValues collects and returns the CCM chart values. -func getCCMChartValues( - cpConfig *apisazure.ControlPlaneConfig, - cp *extensionsv1alpha1.ControlPlane, - cluster *extensionscontroller.Cluster, - checksums map[string]string, - scaledDown bool, -) (map[string]interface{}, error) { - values := map[string]interface{}{ - "replicas": extensionscontroller.GetControlPlaneReplicas(cluster, scaledDown, 1), - "clusterName": cp.Namespace, - "kubernetesVersion": cluster.Shoot.Spec.Kubernetes.Version, - "podNetwork": extensionscontroller.GetPodNetwork(cluster), - "podAnnotations": map[string]interface{}{ - "checksum/secret-cloud-controller-manager": checksums[cloudControllerManagerDeploymentName], - "checksum/secret-cloud-controller-manager-server": checksums[cloudControllerManagerServerName], - "checksum/secret-cloudprovider": checksums[v1beta1constants.SecretNameCloudProvider], - "checksum/configmap-cloud-provider-config": checksums[azure.CloudProviderConfigName], - }, - } - - if cpConfig.CloudControllerManager != nil { - values["featureGates"] = cpConfig.CloudControllerManager.FeatureGates - } - - return values, nil -} - -// getInfraNames determines the subnet, availability set, route table and security group names from the given infrastructure status. -func getInfraNames(infraStatus *apisazure.InfrastructureStatus) (string, string, string, error) { - nodesSubnet, err := azureapihelper.FindSubnetByPurpose(infraStatus.Networks.Subnets, apisazure.PurposeNodes) - if err != nil { - return "", "", "", errors.Wrapf(err, "could not determine subnet for purpose 'nodes'") - } - nodesRouteTable, err := azureapihelper.FindRouteTableByPurpose(infraStatus.RouteTables, apisazure.PurposeNodes) - if err != nil { - return "", "", "", errors.Wrapf(err, "could not determine route table for purpose 'nodes'") - } - nodesSecurityGroup, err := azureapihelper.FindSecurityGroupByPurpose(infraStatus.SecurityGroups, apisazure.PurposeNodes) - if err != nil { - return "", "", "", errors.Wrapf(err, "could not determine security group for purpose 'nodes'") - } - - return nodesSubnet.Name, nodesRouteTable.Name, nodesSecurityGroup.Name, nil -} diff --git a/controllers/provider-azure/pkg/controller/controlplane/valuesprovider_test.go b/controllers/provider-azure/pkg/controller/controlplane/valuesprovider_test.go deleted file mode 100644 index 3c12548c9..000000000 --- a/controllers/provider-azure/pkg/controller/controlplane/valuesprovider_test.go +++ /dev/null @@ -1,649 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -import ( - "context" - "encoding/json" - - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - mockclient "github.com/gardener/gardener-extensions/pkg/mock/controller-runtime/client" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/runtime/inject" -) - -const ( - namespace = "test" - maxNodes int32 = 0 -) - -var _ = Describe("ValuesProvider", func() { - var ( - ctrl *gomock.Controller - - // Build scheme - scheme = runtime.NewScheme() - _ = apisazure.AddToScheme(scheme) - - cp = &extensionsv1alpha1.ControlPlane{ - ObjectMeta: metav1.ObjectMeta{ - Name: "control-plane", - Namespace: namespace, - }, - Spec: extensionsv1alpha1.ControlPlaneSpec{ - Region: "eu-west-1a", - SecretRef: corev1.SecretReference{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - ProviderConfig: &runtime.RawExtension{ - Raw: encode(&apisazure.ControlPlaneConfig{ - CloudControllerManager: &apisazure.CloudControllerManagerConfig{ - FeatureGates: map[string]bool{ - "CustomResourceValidation": true, - }, - }, - }), - }, - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: "rg-abcd1234", - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: "vnet-abcd1234", - }, - Subnets: []apisazure.Subnet{ - { - Name: "subnet-abcd1234-nodes", - Purpose: "nodes", - }, - }, - }, - SecurityGroups: []apisazure.SecurityGroup{ - { - Purpose: "nodes", - Name: "security-group-name-workers", - }, - }, - RouteTables: []apisazure.RouteTable{ - { - Purpose: "nodes", - Name: "route-table-name", - }, - }, - AvailabilitySets: []apisazure.AvailabilitySet{ - { - Name: "availability-set-name", - Purpose: "nodes", - ID: "/my/azure/id", - }, - }, - Zoned: false, - }), - }, - }, - } - - cpNoSubnet = &extensionsv1alpha1.ControlPlane{ - ObjectMeta: metav1.ObjectMeta{ - Name: "control-plane", - Namespace: namespace, - }, - Spec: extensionsv1alpha1.ControlPlaneSpec{ - Region: "eu-west-1a", - SecretRef: corev1.SecretReference{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - ProviderConfig: &runtime.RawExtension{ - Raw: encode(&apisazure.ControlPlaneConfig{ - CloudControllerManager: &apisazure.CloudControllerManagerConfig{ - FeatureGates: map[string]bool{ - "CustomResourceValidation": true, - }, - }, - }), - }, - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: "rg-abcd1234", - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: "vnet-abcd1234", - }, - Subnets: []apisazure.Subnet{ - { - Name: "subnet-abcd1234-nodes", - Purpose: "internal", - }, - }, - }, - SecurityGroups: []apisazure.SecurityGroup{ - { - Purpose: "nodes", - Name: "security-group-name-workers", - }, - }, - RouteTables: []apisazure.RouteTable{ - { - Purpose: "nodes", - Name: "route-table-name", - }, - }, - AvailabilitySets: []apisazure.AvailabilitySet{ - { - Name: "availability-set-name", - Purpose: "nodes", - ID: "/my/azure/id", - }, - }, - Zoned: false, - }), - }, - }, - } - - cpNoAvailabilitySet = &extensionsv1alpha1.ControlPlane{ - ObjectMeta: metav1.ObjectMeta{ - Name: "control-plane", - Namespace: namespace, - }, - Spec: extensionsv1alpha1.ControlPlaneSpec{ - Region: "eu-west-1a", - SecretRef: corev1.SecretReference{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - ProviderConfig: &runtime.RawExtension{ - Raw: encode(&apisazure.ControlPlaneConfig{ - CloudControllerManager: &apisazure.CloudControllerManagerConfig{ - FeatureGates: map[string]bool{ - "CustomResourceValidation": true, - }, - }, - }), - }, - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: "rg-abcd1234", - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: "vnet-abcd1234", - }, - Subnets: []apisazure.Subnet{ - { - Name: "subnet-abcd1234-nodes", - Purpose: "nodes", - }, - }, - }, - SecurityGroups: []apisazure.SecurityGroup{ - { - Purpose: "nodes", - Name: "security-group-name-workers", - }, - }, - RouteTables: []apisazure.RouteTable{ - { - Purpose: "nodes", - Name: "route-table-name", - }, - }, - Zoned: false, - }), - }, - }, - } - - cpNoSecurityGroups = &extensionsv1alpha1.ControlPlane{ - ObjectMeta: metav1.ObjectMeta{ - Name: "control-plane", - Namespace: namespace, - }, - Spec: extensionsv1alpha1.ControlPlaneSpec{ - Region: "eu-west-1a", - SecretRef: corev1.SecretReference{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - ProviderConfig: &runtime.RawExtension{ - Raw: encode(&apisazure.ControlPlaneConfig{ - CloudControllerManager: &apisazure.CloudControllerManagerConfig{ - FeatureGates: map[string]bool{ - "CustomResourceValidation": true, - }, - }, - }), - }, - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: "rg-abcd1234", - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: "vnet-abcd1234", - }, - Subnets: []apisazure.Subnet{ - { - Name: "subnet-abcd1234-nodes", - Purpose: "nodes", - }, - }, - }, - SecurityGroups: []apisazure.SecurityGroup{ - { - Purpose: "internal", - Name: "security-group-name-workers", - }, - }, - RouteTables: []apisazure.RouteTable{ - { - Purpose: "nodes", - Name: "route-table-name", - }, - }, - AvailabilitySets: []apisazure.AvailabilitySet{ - { - Name: "availability-set-name", - Purpose: "nodes", - ID: "/my/azure/id", - }, - }, - Zoned: false, - }), - }, - }, - } - - cpNoRouteTables = &extensionsv1alpha1.ControlPlane{ - ObjectMeta: metav1.ObjectMeta{ - Name: "control-plane", - Namespace: namespace, - }, - Spec: extensionsv1alpha1.ControlPlaneSpec{ - Region: "eu-west-1a", - SecretRef: corev1.SecretReference{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - ProviderConfig: &runtime.RawExtension{ - Raw: encode(&apisazure.ControlPlaneConfig{ - CloudControllerManager: &apisazure.CloudControllerManagerConfig{ - FeatureGates: map[string]bool{ - "CustomResourceValidation": true, - }, - }, - }), - }, - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: "rg-abcd1234", - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: "vnet-abcd1234", - }, - Subnets: []apisazure.Subnet{ - { - Name: "subnet-abcd1234-nodes", - Purpose: "nodes", - }, - }, - }, - SecurityGroups: []apisazure.SecurityGroup{ - { - Purpose: "nodes", - Name: "security-group-name-workers", - }, - }, - RouteTables: []apisazure.RouteTable{ - { - Purpose: "internal", - Name: "route-table-name", - }, - }, - AvailabilitySets: []apisazure.AvailabilitySet{ - { - Name: "availability-set-name", - Purpose: "nodes", - ID: "/my/azure/id", - }, - }, - Zoned: false, - }), - }, - }, - } - - cpZoned = &extensionsv1alpha1.ControlPlane{ - ObjectMeta: metav1.ObjectMeta{ - Name: "control-plane", - Namespace: namespace, - }, - Spec: extensionsv1alpha1.ControlPlaneSpec{ - Region: "eu-west-1a", - SecretRef: corev1.SecretReference{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - ProviderConfig: &runtime.RawExtension{ - Raw: encode(&apisazure.ControlPlaneConfig{ - CloudControllerManager: &apisazure.CloudControllerManagerConfig{ - FeatureGates: map[string]bool{ - "CustomResourceValidation": true, - }, - }, - }), - }, - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: "rg-abcd1234", - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: "vnet-abcd1234", - }, - Subnets: []apisazure.Subnet{ - { - Name: "subnet-abcd1234-nodes", - Purpose: "nodes", - }, - }, - }, - SecurityGroups: []apisazure.SecurityGroup{ - { - Purpose: "nodes", - Name: "security-group-name-workers", - }, - }, - RouteTables: []apisazure.RouteTable{ - { - Purpose: "nodes", - Name: "route-table-name", - }, - }, - Zoned: true, - }), - }, - }, - } - - cidr = "10.250.0.0/19" - cluster = &extensionscontroller.Cluster{ - Shoot: &gardencorev1beta1.Shoot{ - Spec: gardencorev1beta1.ShootSpec{ - Networking: gardencorev1beta1.Networking{ - Pods: &cidr, - }, - Kubernetes: gardencorev1beta1.Kubernetes{ - Version: "1.13.4", - }, - }, - }, - } - - cpSecretKey = client.ObjectKey{Namespace: namespace, Name: v1beta1constants.SecretNameCloudProvider} - cpSecret = &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: v1beta1constants.SecretNameCloudProvider, - Namespace: namespace, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ - "clientID": []byte(`ClientID`), - "clientSecret": []byte(`ClientSecret`), - "subscriptionID": []byte(`SubscriptionID`), - "tenantID": []byte(`TenantID`), - }, - } - - checksums = map[string]string{ - v1beta1constants.SecretNameCloudProvider: "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432", - azure.CloudProviderConfigName: "08a7bc7fe8f59b055f173145e211760a83f02cf89635cef26ebb351378635606", - "cloud-controller-manager": "3d791b164a808638da9a8df03924be2a41e34cd664e42231c00fe369e3588272", - "cloud-controller-manager-server": "6dff2a2e6f14444b66d8e4a351c049f7e89ee24ba3eaab95dbec40ba6bdebb52", - } - - configNonZonedClusterChartValues = map[string]interface{}{ - "tenantId": "TenantID", - "subscriptionId": "SubscriptionID", - "aadClientId": "ClientID", - "aadClientSecret": "ClientSecret", - "resourceGroup": "rg-abcd1234", - "vnetName": "vnet-abcd1234", - "subnetName": "subnet-abcd1234-nodes", - "region": "eu-west-1a", - "availabilitySetName": "availability-set-name", - "routeTableName": "route-table-name", - "securityGroupName": "security-group-name-workers", - "kubernetesVersion": "1.13.4", - "maxNodes": maxNodes, - } - - configZonedClusterChartValues = map[string]interface{}{ - "tenantId": "TenantID", - "subscriptionId": "SubscriptionID", - "aadClientId": "ClientID", - "aadClientSecret": "ClientSecret", - "resourceGroup": "rg-abcd1234", - "vnetName": "vnet-abcd1234", - "subnetName": "subnet-abcd1234-nodes", - "region": "eu-west-1a", - "routeTableName": "route-table-name", - "securityGroupName": "security-group-name-workers", - "kubernetesVersion": "1.13.4", - "maxNodes": maxNodes, - } - - ccmChartValues = map[string]interface{}{ - "replicas": 1, - "clusterName": namespace, - "kubernetesVersion": "1.13.4", - "podNetwork": cidr, - "podAnnotations": map[string]interface{}{ - "checksum/secret-cloud-controller-manager": "3d791b164a808638da9a8df03924be2a41e34cd664e42231c00fe369e3588272", - "checksum/secret-cloud-controller-manager-server": "6dff2a2e6f14444b66d8e4a351c049f7e89ee24ba3eaab95dbec40ba6bdebb52", - "checksum/secret-cloudprovider": "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432", - "checksum/configmap-cloud-provider-config": "08a7bc7fe8f59b055f173145e211760a83f02cf89635cef26ebb351378635606", - }, - "featureGates": map[string]bool{ - "CustomResourceValidation": true, - }, - } - - logger = log.Log.WithName("test") - ) - - BeforeEach(func() { - ctrl = gomock.NewController(GinkgoT()) - }) - - AfterEach(func() { - ctrl.Finish() - }) - - Describe("#GetConfigChartValues", func() { - It("should return correct config chart values for non zoned cluster", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)) - - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - err = vp.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call GetConfigChartValues method and check the result - values, err := vp.GetConfigChartValues(context.TODO(), cp, cluster) - - Expect(err).NotTo(HaveOccurred()) - Expect(values).To(Equal(configNonZonedClusterChartValues)) - }) - }) - - It("should return correct config chart values for zoned cluster", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)) - - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - err = vp.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call GetConfigChartValues method and check the result - values, err := vp.GetConfigChartValues(context.TODO(), cpZoned, cluster) - - Expect(err).NotTo(HaveOccurred()) - Expect(values).To(Equal(configZonedClusterChartValues)) - }) - - Describe("#GetConfigChartValuesNoSubnet", func() { - It("should return error, missing subnet", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)) - - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - err = vp.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call GetConfigChartValues method and check the result - _, err = vp.GetConfigChartValues(context.TODO(), cpNoSubnet, cluster) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("could not determine subnet for purpose 'nodes'")) - }) - }) - - Describe("#GetConfigChartValuesNoAvailabilitySet", func() { - It("should return error, missing availability set", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)) - - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - err = vp.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call GetConfigChartValues method and check the result - _, err = vp.GetConfigChartValues(context.TODO(), cpNoAvailabilitySet, cluster) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("could not determine availability set for purpose 'nodes'")) - }) - }) - - Describe("#GetConfigChartValuesNoRouteTable", func() { - It("should return error, missing route tables", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)) - - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - err = vp.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call GetConfigChartValues method and check the result - _, err = vp.GetConfigChartValues(context.TODO(), cpNoRouteTables, cluster) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("could not determine route table for purpose 'nodes'")) - }) - }) - - Describe("#GetConfigChartValuesNoSecurityGroups", func() { - It("should return error, missing security groups", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)) - - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - err = vp.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call GetConfigChartValues method and check the result - _, err = vp.GetConfigChartValues(context.TODO(), cpNoSecurityGroups, cluster) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("could not determine security group for purpose 'nodes'")) - }) - }) - - Describe("#GetControlPlaneChartValues", func() { - It("should return correct control plane chart values", func() { - // Create valuesProvider - vp := NewValuesProvider(logger) - err := vp.(inject.Scheme).InjectScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - - // Call GetControlPlaneChartValues method and check the result - values, err := vp.GetControlPlaneChartValues(context.TODO(), cp, cluster, checksums, false) - Expect(err).NotTo(HaveOccurred()) - Expect(values).To(Equal(ccmChartValues)) - }) - }) -}) - -func encode(obj runtime.Object) []byte { - data, _ := json.Marshal(obj) - return data -} - -func clientGet(result runtime.Object) interface{} { - return func(ctx context.Context, key client.ObjectKey, obj runtime.Object) error { - switch obj.(type) { - case *corev1.Secret: - *obj.(*corev1.Secret) = *result.(*corev1.Secret) - case *corev1.ConfigMap: - *obj.(*corev1.ConfigMap) = *result.(*corev1.ConfigMap) - } - return nil - } -} diff --git a/controllers/provider-azure/pkg/controller/healthcheck/add.go b/controllers/provider-azure/pkg/controller/healthcheck/add.go deleted file mode 100644 index 7d9a45c1b..000000000 --- a/controllers/provider-azure/pkg/controller/healthcheck/add.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package healthcheck - -import ( - "time" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - genericcontrolplaneactuator "github.com/gardener/gardener-extensions/pkg/controller/controlplane/genericactuator" - "github.com/gardener/gardener-extensions/pkg/controller/healthcheck" - healthcheckconfig "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/config" - "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/general" - "github.com/gardener/gardener-extensions/pkg/controller/healthcheck/worker" - genericworkeractuator "github.com/gardener/gardener-extensions/pkg/controller/worker/genericactuator" - extensionspredicate "github.com/gardener/gardener-extensions/pkg/predicate" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" -) - -var ( - defaultSyncPeriod = time.Second * 30 - // DefaultAddOptions are the default DefaultAddArgs for AddToManager. - DefaultAddOptions = healthcheck.DefaultAddArgs{ - HealthCheckConfig: healthcheckconfig.HealthCheckConfig{SyncPeriod: metav1.Duration{Duration: defaultSyncPeriod}}, - } -) - -// RegisterHealthChecks registers health checks for each extension resource -// HealthChecks are grouped by extension (e.g worker), extension.type (e.g azure) and Health Check Type (e.g SystemComponentsHealthy) -func RegisterHealthChecks(mgr manager.Manager, opts healthcheck.DefaultAddArgs) error { - normalPredicates := []predicate.Predicate{extensionspredicate.HasPurpose(extensionsv1alpha1.Normal)} - if err := healthcheck.DefaultRegistration( - azure.Type, - extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.ControlPlaneResource), - func() runtime.Object { return &extensionsv1alpha1.ControlPlane{} }, - mgr, - opts, - normalPredicates, - map[healthcheck.HealthCheck]string{ - general.NewSeedDeploymentHealthChecker(azure.CloudControllerManagerName): string(gardencorev1beta1.ShootControlPlaneHealthy), - general.CheckManagedResource(genericcontrolplaneactuator.ControlPlaneShootChartResourceName): string(gardencorev1beta1.ShootSystemComponentsHealthy), - general.CheckManagedResource(genericcontrolplaneactuator.StorageClassesChartResourceName): string(gardencorev1beta1.ShootSystemComponentsHealthy), - }); err != nil { - return err - } - - return healthcheck.DefaultRegistration( - azure.Type, - extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.WorkerResource), - func() runtime.Object { return &extensionsv1alpha1.Worker{} }, - mgr, - opts, - nil, - map[healthcheck.HealthCheck]string{ - general.CheckManagedResource(genericworkeractuator.McmShootResourceName): string(gardencorev1beta1.ShootSystemComponentsHealthy), - general.NewSeedDeploymentHealthChecker(azure.MachineControllerManagerName): string(gardencorev1beta1.ShootControlPlaneHealthy), - worker.NewSufficientNodesChecker(): string(gardencorev1beta1.ShootEveryNodeReady), - }) -} - -// AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return RegisterHealthChecks(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/controller/infrastructure/actuator.go b/controllers/provider-azure/pkg/controller/infrastructure/actuator.go deleted file mode 100644 index d89c49402..000000000 --- a/controllers/provider-azure/pkg/controller/infrastructure/actuator.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "context" - "github.com/gardener/gardener-extensions/pkg/controller/common" - "github.com/go-logr/logr" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - infrainternal "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/infrastructure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/controller/infrastructure" - "github.com/gardener/gardener-extensions/pkg/terraformer" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/util/retry" - "sigs.k8s.io/controller-runtime/pkg/log" -) - -type actuator struct { - logger logr.Logger - common.ChartRendererContext -} - -// NewActuator creates a new infrastructure.Actuator. -func NewActuator() infrastructure.Actuator { - return &actuator{ - logger: log.Log.WithName("infrastructure-actuator"), - } -} - -func (a *actuator) updateProviderStatus( - ctx context.Context, - tf terraformer.Terraformer, - infra *extensionsv1alpha1.Infrastructure, - config *api.InfrastructureConfig, -) error { - status, err := infrainternal.ComputeStatus(tf, config) - if err != nil { - return err - } - - state, err := tf.GetRawState(ctx) - if err != nil { - return err - } - - stateByte, err := state.Marshal() - if err != nil { - return err - } - - return extensionscontroller.TryUpdateStatus(ctx, retry.DefaultBackoff, a.Client(), infra, func() error { - infra.Status.ProviderStatus = &runtime.RawExtension{Object: status} - infra.Status.State = &runtime.RawExtension{Raw: stateByte} - return nil - }) -} diff --git a/controllers/provider-azure/pkg/controller/infrastructure/actuator_delete.go b/controllers/provider-azure/pkg/controller/infrastructure/actuator_delete.go deleted file mode 100644 index 3027c7be1..000000000 --- a/controllers/provider-azure/pkg/controller/infrastructure/actuator_delete.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "context" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/infrastructure" - "github.com/gardener/gardener-extensions/pkg/controller" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" -) - -// Delete implements infrastructure.Actuator. -func (a *actuator) Delete(ctx context.Context, infra *extensionsv1alpha1.Infrastructure, cluster *controller.Cluster) error { - clientAuth, err := internal.GetClientAuthData(ctx, a.Client(), infra.Spec.SecretRef) - if err != nil { - return err - } - - tf, err := internal.NewTerraformer(a.RESTConfig(), clientAuth, infrastructure.TerraformerPurpose, infra.Namespace, infra.Name) - if err != nil { - return err - } - - return tf.Destroy() -} diff --git a/controllers/provider-azure/pkg/controller/infrastructure/actuator_reconcile.go b/controllers/provider-azure/pkg/controller/infrastructure/actuator_reconcile.go deleted file mode 100644 index c62ed6ccb..000000000 --- a/controllers/provider-azure/pkg/controller/infrastructure/actuator_reconcile.go +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "context" - "time" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/infrastructure" - "github.com/gardener/gardener-extensions/pkg/controller" - controllererrors "github.com/gardener/gardener-extensions/pkg/controller/error" - "github.com/gardener/gardener-extensions/pkg/terraformer" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" -) - -// Reconcile implements infrastructure.Actuator. -func (a *actuator) Reconcile(ctx context.Context, infra *extensionsv1alpha1.Infrastructure, cluster *controller.Cluster) error { - config, err := helper.InfrastructureConfigFromInfrastructure(infra) - if err != nil { - return err - } - - clientAuth, err := infrastructure.GetClientAuthFromInfrastructure(ctx, a.Client(), infra) - if err != nil { - return err - } - - terraformState, err := terraformer.UnmarshalRawState(infra.Status.State) - if err != nil { - return err - } - - terraformFiles, err := infrastructure.RenderTerraformerChart(a.ChartRenderer(), infra, clientAuth, config, cluster) - if err != nil { - return err - } - - tf, err := internal.NewTerraformer(a.RESTConfig(), clientAuth, infrastructure.TerraformerPurpose, infra.Namespace, infra.Name) - if err != nil { - return err - } - - if err := tf. - InitializeWith(terraformer.DefaultInitializer(a.Client(), terraformFiles.Main, terraformFiles.Variables, terraformFiles.TFVars, terraformState.Data)). - Apply(); err != nil { - - a.logger.Error(err, "failed to apply the terraform config", "infrastructure", infra.Name) - return &controllererrors.RequeueAfterError{ - Cause: err, - RequeueAfter: 30 * time.Second, - } - } - - return a.updateProviderStatus(ctx, tf, infra, config) -} diff --git a/controllers/provider-azure/pkg/controller/infrastructure/add.go b/controllers/provider-azure/pkg/controller/infrastructure/add.go deleted file mode 100644 index 24d32030f..000000000 --- a/controllers/provider-azure/pkg/controller/infrastructure/add.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/pkg/controller/infrastructure" - - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} -) - -// AddOptions are options to apply when adding the Azure infrastructure controller to the manager. -type AddOptions struct { - // Controller are the controller.Options. - Controller controller.Options - // IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not. - IgnoreOperationAnnotation bool -} - -// AddToManagerWithOptions adds a controller with the given AddOptions to the given manager. -// The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, options AddOptions) error { - return infrastructure.Add(mgr, infrastructure.AddArgs{ - Actuator: NewActuator(), - ControllerOptions: options.Controller, - Predicates: infrastructure.DefaultPredicates(options.IgnoreOperationAnnotation), - Type: azure.Type, - }) -} - -// AddToManager adds a controller with the default AddOptions. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/controller/worker/actuator.go b/controllers/provider-azure/pkg/controller/worker/actuator.go deleted file mode 100644 index b0da6b500..000000000 --- a/controllers/provider-azure/pkg/controller/worker/actuator.go +++ /dev/null @@ -1,125 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker - -import ( - "context" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/imagevector" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/controller/common" - "github.com/gardener/gardener-extensions/pkg/controller/worker" - "github.com/gardener/gardener-extensions/pkg/controller/worker/genericactuator" - "github.com/gardener/gardener-extensions/pkg/util" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - gardener "github.com/gardener/gardener/pkg/client/kubernetes" - "github.com/go-logr/logr" - "k8s.io/client-go/kubernetes" - "sigs.k8s.io/controller-runtime/pkg/log" -) - -type delegateFactory struct { - logger logr.Logger - common.RESTConfigContext -} - -// NewActuator creates a new Actuator that updates the status of the handled WorkerPoolConfigs. -func NewActuator() worker.Actuator { - delegateFactory := &delegateFactory{ - logger: log.Log.WithName("worker-actuator"), - } - - return genericactuator.NewActuator( - log.Log.WithName("azure-worker-actuator"), - delegateFactory, - azure.MachineControllerManagerName, - mcmChart, - mcmShootChart, - imagevector.ImageVector(), - extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), - ) -} - -func (d *delegateFactory) WorkerDelegate(ctx context.Context, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) (genericactuator.WorkerDelegate, error) { - clientset, err := kubernetes.NewForConfig(d.RESTConfig()) - if err != nil { - return nil, err - } - - serverVersion, err := clientset.Discovery().ServerVersion() - if err != nil { - return nil, err - } - - seedChartApplier, err := gardener.NewChartApplierForConfig(d.RESTConfig()) - if err != nil { - return nil, err - } - - return NewWorkerDelegate( - d.ClientContext, - - seedChartApplier, - serverVersion.GitVersion, - - worker, - cluster, - ) -} - -type workerDelegate struct { - common.ClientContext - - seedChartApplier gardener.ChartApplier - serverVersion string - - cloudProfileConfig *api.CloudProfileConfig - cluster *extensionscontroller.Cluster - worker *extensionsv1alpha1.Worker - - machineClasses []map[string]interface{} - machineDeployments worker.MachineDeployments - machineImages []api.MachineImage -} - -// NewWorkerDelegate creates a new context for a worker reconciliation. -func NewWorkerDelegate( - clientContext common.ClientContext, - - seedChartApplier gardener.ChartApplier, - serverVersion string, - - worker *extensionsv1alpha1.Worker, - cluster *extensionscontroller.Cluster, -) (genericactuator.WorkerDelegate, error) { - config, err := helper.CloudProfileConfigFromCluster(cluster) - if err != nil { - return nil, err - } - return &workerDelegate{ - ClientContext: clientContext, - - seedChartApplier: seedChartApplier, - serverVersion: serverVersion, - - cloudProfileConfig: config, - cluster: cluster, - worker: worker, - }, nil -} diff --git a/controllers/provider-azure/pkg/controller/worker/add.go b/controllers/provider-azure/pkg/controller/worker/add.go deleted file mode 100644 index 7e5222c89..000000000 --- a/controllers/provider-azure/pkg/controller/worker/add.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/pkg/controller/worker" - - machinescheme "github.com/gardener/machine-controller-manager/pkg/client/clientset/versioned/scheme" - apiextensionsscheme "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} -) - -// AddOptions are options to apply when adding the Azure worker controller to the manager. -type AddOptions struct { - // Controller are the controller.Options. - Controller controller.Options - // IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not. - IgnoreOperationAnnotation bool -} - -// AddToManagerWithOptions adds a controller with the given Options to the given manager. -// The opts.Reconciler is being set with a newly instantiated actuator. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error { - scheme := mgr.GetScheme() - if err := apiextensionsscheme.AddToScheme(scheme); err != nil { - return err - } - if err := machinescheme.AddToScheme(scheme); err != nil { - return err - } - - return worker.Add(mgr, worker.AddArgs{ - Actuator: NewActuator(), - ControllerOptions: opts.Controller, - Predicates: worker.DefaultPredicates(opts.IgnoreOperationAnnotation), - Type: azure.Type, - }) -} - -// AddToManager adds a controller with the default Options. -func AddToManager(mgr manager.Manager) error { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/controller/worker/machine_controller_manager.go b/controllers/provider-azure/pkg/controller/worker/machine_controller_manager.go deleted file mode 100644 index 3ac550934..000000000 --- a/controllers/provider-azure/pkg/controller/worker/machine_controller_manager.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker - -import ( - "context" - "fmt" - "path/filepath" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - - "github.com/gardener/gardener/pkg/utils/chart" - kutil "github.com/gardener/gardener/pkg/utils/kubernetes" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" -) - -var ( - mcmChart = &chart.Chart{ - Name: azure.MachineControllerManagerName, - Path: filepath.Join(azure.InternalChartsPath, azure.MachineControllerManagerName, "seed"), - Images: []string{azure.MachineControllerManagerImageName}, - Objects: []*chart.Object{ - {Type: &appsv1.Deployment{}, Name: azure.MachineControllerManagerName}, - {Type: &corev1.Service{}, Name: azure.MachineControllerManagerName}, - {Type: &corev1.ServiceAccount{}, Name: azure.MachineControllerManagerName}, - {Type: &corev1.Secret{}, Name: azure.MachineControllerManagerName}, - {Type: extensionscontroller.GetVerticalPodAutoscalerObject(), Name: azure.MachineControllerManagerVpaName}, - {Type: &corev1.ConfigMap{}, Name: azure.MachineControllerManagerMonitoringConfigName}, - }, - } - - mcmShootChart = &chart.Chart{ - Name: azure.MachineControllerManagerName, - Path: filepath.Join(azure.InternalChartsPath, azure.MachineControllerManagerName, "shoot"), - Objects: []*chart.Object{ - {Type: &rbacv1.ClusterRole{}, Name: fmt.Sprintf("extensions.gardener.cloud:%s:%s", azure.Name, azure.MachineControllerManagerName)}, - {Type: &rbacv1.ClusterRoleBinding{}, Name: fmt.Sprintf("extensions.gardener.cloud:%s:%s", azure.Name, azure.MachineControllerManagerName)}, - }, - } -) - -func (w *workerDelegate) GetMachineControllerManagerChartValues(ctx context.Context) (map[string]interface{}, error) { - namespace := &corev1.Namespace{} - if err := w.Client().Get(ctx, kutil.Key(w.worker.Namespace), namespace); err != nil { - return nil, err - } - - return map[string]interface{}{ - "providerName": azure.Name, - "namespace": map[string]interface{}{ - "uid": namespace.UID, - }, - }, nil -} - -func (w *workerDelegate) GetMachineControllerManagerShootChartValues(ctx context.Context) (map[string]interface{}, error) { - return map[string]interface{}{ - "providerName": azure.Name, - }, nil -} diff --git a/controllers/provider-azure/pkg/controller/worker/machine_images.go b/controllers/provider-azure/pkg/controller/worker/machine_images.go deleted file mode 100644 index 2c9ec67f7..000000000 --- a/controllers/provider-azure/pkg/controller/worker/machine_images.go +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker - -import ( - "context" - "github.com/gardener/gardener-extensions/pkg/controller/worker" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" - - "github.com/gardener/gardener-extensions/pkg/util" - - "github.com/pkg/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// GetMachineImages returns the used machine images for the `Worker` resource. -func (w *workerDelegate) GetMachineImages(ctx context.Context) (runtime.Object, error) { - if w.machineImages == nil { - if err := w.generateMachineConfig(ctx); err != nil { - return nil, err - } - } - - var ( - workerStatus = &api.WorkerStatus{ - TypeMeta: metav1.TypeMeta{ - APIVersion: api.SchemeGroupVersion.String(), - Kind: "WorkerStatus", - }, - MachineImages: w.machineImages, - } - - workerStatusV1alpha1 = &v1alpha1.WorkerStatus{ - TypeMeta: metav1.TypeMeta{ - APIVersion: v1alpha1.SchemeGroupVersion.String(), - Kind: "WorkerStatus", - }, - } - ) - - if err := w.Scheme().Convert(workerStatus, workerStatusV1alpha1, nil); err != nil { - return nil, err - } - - return workerStatusV1alpha1, nil -} - -func (w *workerDelegate) findMachineImage(name, version string) (urn *string, err error) { - machineImage, err := helper.FindImageFromCloudProfile(w.cloudProfileConfig, name, version) - if err == nil { - return machineImage.URN, nil - } - - // Try to look up machine image in worker provider status as it was not found in componentconfig. - if providerStatus := w.worker.Status.ProviderStatus; providerStatus != nil { - workerStatus := &api.WorkerStatus{} - if _, _, err := w.Decoder().Decode(providerStatus.Raw, nil, workerStatus); err != nil { - return nil, errors.Wrapf(err, "could not decode worker status of worker '%s'", util.ObjectName(w.worker)) - } - - machineImage, err := helper.FindMachineImage(workerStatus.MachineImages, name, version) - if err != nil { - return nil, worker.ErrorMachineImageNotFound(name, version) - } - - return machineImage.URN, nil - } - - return nil, worker.ErrorMachineImageNotFound(name, version) -} - -func appendMachineImage(machineImages []api.MachineImage, machineImage api.MachineImage) []api.MachineImage { - if _, err := helper.FindMachineImage(machineImages, machineImage.Name, machineImage.Version); err != nil { - return append(machineImages, machineImage) - } - return machineImages -} diff --git a/controllers/provider-azure/pkg/controller/worker/machines.go b/controllers/provider-azure/pkg/controller/worker/machines.go deleted file mode 100644 index fa17d686d..000000000 --- a/controllers/provider-azure/pkg/controller/worker/machines.go +++ /dev/null @@ -1,257 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker - -import ( - "context" - "fmt" - "path/filepath" - - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - azureapi "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - azureapihelper "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - "github.com/gardener/gardener-extensions/pkg/controller/worker" - genericworkeractuator "github.com/gardener/gardener-extensions/pkg/controller/worker/genericactuator" - - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" - "k8s.io/apimachinery/pkg/runtime" -) - -// MachineClassKind yields the name of the AWS machine class. -func (w *workerDelegate) MachineClassKind() string { - return "AzureMachineClass" -} - -// MachineClassList yields a newly initialized AzureMachineClassList object. -func (w *workerDelegate) MachineClassList() runtime.Object { - return &machinev1alpha1.AzureMachineClassList{} -} - -// DeployMachineClasses generates and creates the Azure specific machine classes. -func (w *workerDelegate) DeployMachineClasses(ctx context.Context) error { - if w.machineClasses == nil { - if err := w.generateMachineConfig(ctx); err != nil { - return err - } - } - return w.seedChartApplier.ApplyChart(ctx, filepath.Join(azure.InternalChartsPath, "machineclass"), w.worker.Namespace, "machineclass", map[string]interface{}{"machineClasses": w.machineClasses}, nil) -} - -// GenerateMachineDeployments generates the configuration for the desired machine deployments. -func (w *workerDelegate) GenerateMachineDeployments(ctx context.Context) (worker.MachineDeployments, error) { - if w.machineDeployments == nil { - if err := w.generateMachineConfig(ctx); err != nil { - return nil, err - } - } - return w.machineDeployments, nil -} - -func (w *workerDelegate) generateMachineClassSecretData(ctx context.Context) (map[string][]byte, error) { - credentials, err := internal.GetClientAuthData(ctx, w.Client(), w.worker.Spec.SecretRef) - if err != nil { - return nil, err - } - - return map[string][]byte{ - machinev1alpha1.AzureClientID: []byte(credentials.ClientID), - machinev1alpha1.AzureClientSecret: []byte(credentials.ClientSecret), - machinev1alpha1.AzureSubscriptionID: []byte(credentials.SubscriptionID), - machinev1alpha1.AzureTenantID: []byte(credentials.TenantID), - }, nil -} - -type zoneInfo struct { - name string - index int - count int -} - -func (w *workerDelegate) generateMachineConfig(ctx context.Context) error { - var ( - machineDeployments = worker.MachineDeployments{} - machineClasses []map[string]interface{} - machineImages []apisazure.MachineImage - nodesAvailabilitySet *azureapi.AvailabilitySet - ) - - machineClassSecretData, err := w.generateMachineClassSecretData(ctx) - if err != nil { - return err - } - - infrastructureStatus := &azureapi.InfrastructureStatus{} - if _, _, err := w.Decoder().Decode(w.worker.Spec.InfrastructureProviderStatus.Raw, nil, infrastructureStatus); err != nil { - return err - } - - nodesSubnet, err := azureapihelper.FindSubnetByPurpose(infrastructureStatus.Networks.Subnets, azureapi.PurposeNodes) - if err != nil { - return err - } - - // The AvailabilitySet will be only used for non zoned Shoots. - if !infrastructureStatus.Zoned { - nodesAvailabilitySet, err = azureapihelper.FindAvailabilitySetByPurpose(infrastructureStatus.AvailabilitySets, azureapi.PurposeNodes) - if err != nil { - return err - } - } - - for _, pool := range w.worker.Spec.Pools { - workerPoolHash, err := worker.WorkerPoolHash(pool, w.cluster) - if err != nil { - return err - } - - urn, err := w.findMachineImage(pool.MachineImage.Name, pool.MachineImage.Version) - if err != nil { - return err - } - machineImages = appendMachineImage(machineImages, apisazure.MachineImage{ - Name: pool.MachineImage.Name, - Version: pool.MachineImage.Version, - URN: urn, - }) - - volumeSize, err := worker.DiskSize(pool.Volume.Size) - if err != nil { - return err - } - osDisk := map[string]interface{}{ - "size": volumeSize, - } - - // In the past the volume type information was not passed to the machineclass. - // In consequence the Machine controller manager has created machines always - // with the default volume type of the requested machine type. Existing clusters - // respectively their worker pools could have an invalid volume configuration - // which was not applied. To do not damage exisiting cluster we will set for - // now the volume type only if it's a valid Azure volume type. - // Otherwise we will still use the default volume of the machine type. - if pool.Volume.Type != nil { - if *pool.Volume.Type == "Standard_LRS" || *pool.Volume.Type == "StandardSSD_LRS" || *pool.Volume.Type == "Premium_LRS" { - osDisk["type"] = *pool.Volume.Type - } - } - - image := map[string]interface{}{ - "urn": *urn, - } - - generateMachineClassAndDeployment := func(zone *zoneInfo, availabilitySetID *string) (worker.MachineDeployment, map[string]interface{}) { - var ( - machineDeployment = worker.MachineDeployment{ - Minimum: pool.Minimum, - Maximum: pool.Maximum, - MaxSurge: pool.MaxSurge, - MaxUnavailable: pool.MaxUnavailable, - Labels: pool.Labels, - Annotations: pool.Annotations, - Taints: pool.Taints, - } - - machineClassSpec = map[string]interface{}{ - "region": w.worker.Spec.Region, - "resourceGroup": infrastructureStatus.ResourceGroup.Name, - "vnetName": infrastructureStatus.Networks.VNet.Name, - "subnetName": nodesSubnet.Name, - "tags": map[string]interface{}{ - "Name": w.worker.Namespace, - fmt.Sprintf("kubernetes.io-cluster-%s", w.worker.Namespace): "1", - "kubernetes.io-role-node": "1", - }, - "secret": map[string]interface{}{ - "cloudConfig": string(pool.UserData), - }, - "machineType": pool.MachineType, - "image": image, - "osDisk": osDisk, - "sshPublicKey": string(w.worker.Spec.SSHPublicKey), - } - ) - if infrastructureStatus.Networks.VNet.ResourceGroup != nil { - machineClassSpec["vnetResourceGroup"] = *infrastructureStatus.Networks.VNet.ResourceGroup - } - - if zone != nil { - machineDeployment.Minimum = worker.DistributeOverZones(zone.index, pool.Minimum, zone.count) - machineDeployment.Maximum = worker.DistributeOverZones(zone.index, pool.Maximum, zone.count) - machineDeployment.MaxSurge = worker.DistributePositiveIntOrPercent(zone.index, pool.MaxSurge, zone.count, pool.Maximum) - machineDeployment.MaxUnavailable = worker.DistributePositiveIntOrPercent(zone.index, pool.MaxUnavailable, zone.count, pool.Minimum) - - machineClassSpec["zone"] = zone.name - } - if availabilitySetID != nil { - machineClassSpec["availabilitySetID"] = *availabilitySetID - } - - var ( - deploymentName = fmt.Sprintf("%s-%s", w.worker.Namespace, pool.Name) - className = fmt.Sprintf("%s-%s", deploymentName, workerPoolHash) - ) - if zone != nil { - deploymentName = fmt.Sprintf("%s-z%s", deploymentName, zone.name) - className = fmt.Sprintf("%s-z%s", className, zone.name) - } - - machineDeployment.Name = deploymentName - machineDeployment.ClassName = className - machineDeployment.SecretName = className - - machineClassSpec["name"] = className - machineClassSpec["labels"] = map[string]string{ - v1beta1constants.GardenPurpose: genericworkeractuator.GardenPurposeMachineClass, - } - machineClassSpec["secret"].(map[string]interface{})[azure.ClientIDKey] = string(machineClassSecretData[machinev1alpha1.AzureClientID]) - machineClassSpec["secret"].(map[string]interface{})[azure.ClientSecretKey] = string(machineClassSecretData[machinev1alpha1.AzureClientSecret]) - machineClassSpec["secret"].(map[string]interface{})[azure.SubscriptionIDKey] = string(machineClassSecretData[machinev1alpha1.AzureSubscriptionID]) - machineClassSpec["secret"].(map[string]interface{})[azure.TenantIDKey] = string(machineClassSecretData[machinev1alpha1.AzureTenantID]) - - return machineDeployment, machineClassSpec - } - - // Availability Set - if !infrastructureStatus.Zoned { - machineDeployment, machineClassSpec := generateMachineClassAndDeployment(nil, &nodesAvailabilitySet.ID) - machineDeployments = append(machineDeployments, machineDeployment) - machineClasses = append(machineClasses, machineClassSpec) - continue - } - - // Availability Zones - zoneCount := len(pool.Zones) - for zoneIndex, zone := range pool.Zones { - info := &zoneInfo{ - name: zone, - index: zoneIndex, - count: zoneCount, - } - - machineDeployment, machineClassSpec := generateMachineClassAndDeployment(info, nil) - machineDeployments = append(machineDeployments, machineDeployment) - machineClasses = append(machineClasses, machineClassSpec) - } - } - - w.machineDeployments = machineDeployments - w.machineClasses = machineClasses - w.machineImages = machineImages - - return nil -} diff --git a/controllers/provider-azure/pkg/controller/worker/machines_test.go b/controllers/provider-azure/pkg/controller/worker/machines_test.go deleted file mode 100644 index d2c925a16..000000000 --- a/controllers/provider-azure/pkg/controller/worker/machines_test.go +++ /dev/null @@ -1,548 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker_test - -import ( - "context" - "encoding/json" - "fmt" - "path/filepath" - - apisazure "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - apiv1alpha1 "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - . "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/controller/worker" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/controller/common" - "github.com/gardener/gardener-extensions/pkg/controller/worker" - genericworkeractuator "github.com/gardener/gardener-extensions/pkg/controller/worker/genericactuator" - mockclient "github.com/gardener/gardener-extensions/pkg/mock/controller-runtime/client" - mockkubernetes "github.com/gardener/gardener-extensions/pkg/mock/gardener/client/kubernetes" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" - "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -var _ = Describe("Machines", func() { - var ( - ctrl *gomock.Controller - c *mockclient.MockClient - chartApplier *mockkubernetes.MockChartApplier - ) - - BeforeEach(func() { - ctrl = gomock.NewController(GinkgoT()) - - c = mockclient.NewMockClient(ctrl) - chartApplier = mockkubernetes.NewMockChartApplier(ctrl) - }) - - AfterEach(func() { - ctrl.Finish() - }) - - Context("workerDelegate", func() { - workerDelegate, _ := NewWorkerDelegate(common.NewClientContext(nil, nil, nil), nil, "", nil, nil) - - Describe("#MachineClassKind", func() { - It("should return the correct kind of the machine class", func() { - Expect(workerDelegate.MachineClassKind()).To(Equal("AzureMachineClass")) - }) - }) - - Describe("#MachineClassList", func() { - It("should return the correct type for the machine class list", func() { - Expect(workerDelegate.MachineClassList()).To(Equal(&machinev1alpha1.AzureMachineClassList{})) - }) - }) - - Describe("#GenerateMachineDeployments, #DeployMachineClasses", func() { - var ( - namespace string - cloudProfileName string - - azureClientID string - azureClientSecret string - azureSubscriptionID string - azureTenantID string - region string - - machineImageName string - machineImageVersion string - machineImageURN string - - resourceGroupName string - vnetName string - subnetName string - availabilitySetID string - machineType string - userData []byte - volumeSize int - sshKey string - - namePool1 string - minPool1 int - maxPool1 int - maxSurgePool1 intstr.IntOrString - maxUnavailablePool1 intstr.IntOrString - - namePool2 string - minPool2 int - maxPool2 int - maxSurgePool2 intstr.IntOrString - maxUnavailablePool2 intstr.IntOrString - - workerPoolHash1 string - workerPoolHash2 string - - shootVersionMajorMinor string - shootVersion string - scheme *runtime.Scheme - decoder runtime.Decoder - clusterWithoutImages *extensionscontroller.Cluster - cluster *extensionscontroller.Cluster - w *extensionsv1alpha1.Worker - ) - - BeforeEach(func() { - namespace = "shoot--foobar--azure" - cloudProfileName = "azure" - - region = "westeurope" - azureClientID = "client-id" - azureClientSecret = "client-secret" - azureSubscriptionID = "1234" - azureTenantID = "1234" - - machineImageName = "my-os" - machineImageVersion = "1" - machineImageURN = "bar:baz:foo:123" - - resourceGroupName = "my-rg" - vnetName = "my-vnet" - subnetName = "subnet-1234" - availabilitySetID = "av-1234" - machineType = "large" - userData = []byte("some-user-data") - volumeSize = 20 - sshKey = "public-key" - - namePool1 = "pool-1" - minPool1 = 5 - maxPool1 = 10 - maxSurgePool1 = intstr.FromInt(3) - maxUnavailablePool1 = intstr.FromInt(2) - - namePool2 = "pool-2" - minPool2 = 30 - maxPool2 = 45 - maxSurgePool2 = intstr.FromInt(10) - maxUnavailablePool2 = intstr.FromInt(15) - - shootVersionMajorMinor = "1.2" - shootVersion = shootVersionMajorMinor + ".3" - - clusterWithoutImages = &extensionscontroller.Cluster{ - Shoot: &gardencorev1beta1.Shoot{ - Spec: gardencorev1beta1.ShootSpec{ - Kubernetes: gardencorev1beta1.Kubernetes{ - Version: shootVersion, - }, - }, - }, - } - - cloudProfileConfig := &apiv1alpha1.CloudProfileConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: apiv1alpha1.SchemeGroupVersion.String(), - Kind: "CloudProfileConfig", - }, - MachineImages: []apiv1alpha1.MachineImages{ - apiv1alpha1.MachineImages{ - Name: machineImageName, - Versions: []apiv1alpha1.MachineImageVersion{ - apiv1alpha1.MachineImageVersion{ - Version: machineImageVersion, - URN: machineImageURN, - }, - }, - }, - }, - } - cloudProfileConfigJSON, _ := json.Marshal(cloudProfileConfig) - cluster = &extensionscontroller.Cluster{ - CloudProfile: &gardencorev1beta1.CloudProfile{ - ObjectMeta: metav1.ObjectMeta{ - Name: cloudProfileName, - }, - Spec: gardencorev1beta1.CloudProfileSpec{ - ProviderConfig: &gardencorev1beta1.ProviderConfig{ - RawExtension: runtime.RawExtension{ - Raw: cloudProfileConfigJSON, - }, - }, - }, - }, - Shoot: clusterWithoutImages.Shoot, - } - - w = &extensionsv1alpha1.Worker{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: namespace, - }, - Spec: extensionsv1alpha1.WorkerSpec{ - SecretRef: corev1.SecretReference{ - Name: "secret", - Namespace: namespace, - }, - Region: region, - SSHPublicKey: []byte(sshKey), - InfrastructureProviderStatus: &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - ResourceGroup: apisazure.ResourceGroup{ - Name: resourceGroupName, - }, - Networks: apisazure.NetworkStatus{ - VNet: apisazure.VNetStatus{ - Name: vnetName, - }, - Subnets: []apisazure.Subnet{ - { - Purpose: apisazure.PurposeNodes, - Name: subnetName, - }, - }, - }, - AvailabilitySets: []apisazure.AvailabilitySet{ - { - Purpose: apisazure.PurposeNodes, - ID: availabilitySetID, - }, - }, - }), - }, - Pools: []extensionsv1alpha1.WorkerPool{ - { - Name: namePool1, - Minimum: minPool1, - Maximum: maxPool1, - MaxSurge: maxSurgePool1, - MaxUnavailable: maxUnavailablePool1, - MachineType: machineType, - MachineImage: extensionsv1alpha1.MachineImage{ - Name: machineImageName, - Version: machineImageVersion, - }, - UserData: userData, - Volume: &extensionsv1alpha1.Volume{ - Size: fmt.Sprintf("%dGi", volumeSize), - }, - }, - { - Name: namePool2, - Minimum: minPool2, - Maximum: maxPool2, - MaxSurge: maxSurgePool2, - MaxUnavailable: maxUnavailablePool2, - MachineType: machineType, - MachineImage: extensionsv1alpha1.MachineImage{ - Name: machineImageName, - Version: machineImageVersion, - }, - UserData: userData, - Volume: &extensionsv1alpha1.Volume{ - Size: fmt.Sprintf("%dGi", volumeSize), - }, - }, - }, - }, - } - - scheme = runtime.NewScheme() - _ = apisazure.AddToScheme(scheme) - _ = apiv1alpha1.AddToScheme(scheme) - decoder = serializer.NewCodecFactory(scheme).UniversalDecoder() - - workerPoolHash1, _ = worker.WorkerPoolHash(w.Spec.Pools[0], cluster) - workerPoolHash2, _ = worker.WorkerPoolHash(w.Spec.Pools[1], cluster) - - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, clusterWithoutImages) - }) - - Describe("machine images", func() { - var ( - defaultMachineClass map[string]interface{} - machineDeployments worker.MachineDeployments - machineClasses map[string]interface{} - ) - - BeforeEach(func() { - defaultMachineClass = map[string]interface{}{ - "region": region, - "resourceGroup": resourceGroupName, - "vnetName": vnetName, - "subnetName": subnetName, - "availabilitySetID": availabilitySetID, - "tags": map[string]interface{}{ - "Name": namespace, - fmt.Sprintf("kubernetes.io-cluster-%s", namespace): "1", - "kubernetes.io-role-node": "1", - }, - "secret": map[string]interface{}{ - "cloudConfig": string(userData), - }, - "machineType": machineType, - "image": map[string]interface{}{ - "urn": machineImageURN, - }, - "osDisk": map[string]interface{}{ - "size": volumeSize, - }, - "sshPublicKey": sshKey, - } - - var ( - machineClassPool1 = copyMachineClass(defaultMachineClass) - machineClassPool2 = copyMachineClass(defaultMachineClass) - - machineClassNamePool1 = fmt.Sprintf("%s-%s", namespace, namePool1) - machineClassNamePool2 = fmt.Sprintf("%s-%s", namespace, namePool2) - - machineClassWithHashPool1 = fmt.Sprintf("%s-%s", machineClassNamePool1, workerPoolHash1) - machineClassWithHashPool2 = fmt.Sprintf("%s-%s", machineClassNamePool2, workerPoolHash2) - ) - - addNameAndSecretsToMachineClass(machineClassPool1, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID, machineClassWithHashPool1) - addNameAndSecretsToMachineClass(machineClassPool2, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID, machineClassWithHashPool2) - - machineClasses = map[string]interface{}{"machineClasses": []map[string]interface{}{ - machineClassPool1, - machineClassPool2, - }} - - machineDeployments = worker.MachineDeployments{ - { - Name: machineClassNamePool1, - ClassName: machineClassWithHashPool1, - SecretName: machineClassWithHashPool1, - Minimum: minPool1, - Maximum: maxPool1, - MaxSurge: maxSurgePool1, - MaxUnavailable: maxUnavailablePool1, - }, - { - Name: machineClassNamePool2, - ClassName: machineClassWithHashPool2, - SecretName: machineClassWithHashPool2, - Minimum: minPool2, - Maximum: maxPool2, - MaxSurge: maxSurgePool2, - MaxUnavailable: maxUnavailablePool2, - }, - } - - }) - - It("should return the expected machine deployments for profile image types", func() { - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, cluster) - - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - // Test workerDelegate.DeployMachineClasses() - chartApplier. - EXPECT(). - ApplyChart( - context.TODO(), - filepath.Join(azure.InternalChartsPath, "machineclass"), - namespace, - "machineclass", - machineClasses, - nil, - ). - Return(nil) - - err := workerDelegate.DeployMachineClasses(context.TODO()) - Expect(err).NotTo(HaveOccurred()) - - // Test workerDelegate.GetMachineImages() - machineImages, err := workerDelegate.GetMachineImages(context.TODO()) - Expect(machineImages).To(Equal(&apiv1alpha1.WorkerStatus{ - TypeMeta: metav1.TypeMeta{ - APIVersion: apiv1alpha1.SchemeGroupVersion.String(), - Kind: "WorkerStatus", - }, - MachineImages: []apiv1alpha1.MachineImage{ - { - Name: machineImageName, - Version: machineImageVersion, - URN: &machineImageURN, - }, - }, - })) - Expect(err).NotTo(HaveOccurred()) - - // Test workerDelegate.GenerateMachineDeployments() - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).NotTo(HaveOccurred()) - Expect(result).To(Equal(machineDeployments)) - }) - }) - - It("should fail because the secret cannot be read", func() { - c.EXPECT(). - Get(context.TODO(), gomock.Any(), gomock.AssignableToTypeOf(&corev1.Secret{})). - Return(fmt.Errorf("error")) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - - It("should fail because the version is invalid", func() { - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - clusterWithoutImages.Shoot.Spec.Kubernetes.Version = "invalid" - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, cluster) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - - It("should fail because the infrastructure status cannot be decoded", func() { - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - w.Spec.InfrastructureProviderStatus = &runtime.RawExtension{} - - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, cluster) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - - It("should fail because the nodes subnet cannot be found", func() { - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - w.Spec.InfrastructureProviderStatus = &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{}), - } - - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, cluster) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - - It("should fail because the nodes availability set cannot be found", func() { - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - w.Spec.InfrastructureProviderStatus = &runtime.RawExtension{ - Raw: encode(&apisazure.InfrastructureStatus{ - Networks: apisazure.NetworkStatus{ - Subnets: []apisazure.Subnet{ - { - Purpose: apisazure.PurposeNodes, - Name: subnetName, - }, - }, - }, - }), - } - - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, cluster) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - - It("should fail because the machine image information cannot be found", func() { - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, clusterWithoutImages) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - - It("should fail because the volume size cannot be decoded", func() { - expectGetSecretCallToWork(c, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID) - - w.Spec.Pools[0].Volume.Size = "not-decodeable" - - workerDelegate, _ = NewWorkerDelegate(common.NewClientContext(c, scheme, decoder), chartApplier, "", w, cluster) - - result, err := workerDelegate.GenerateMachineDeployments(context.TODO()) - Expect(err).To(HaveOccurred()) - Expect(result).To(BeNil()) - }) - }) - }) -}) - -func encode(obj runtime.Object) []byte { - data, _ := json.Marshal(obj) - return data -} - -func copyMachineClass(def map[string]interface{}) map[string]interface{} { - out := make(map[string]interface{}, len(def)) - - for k, v := range def { - out[k] = v - } - - return out -} - -func expectGetSecretCallToWork(c *mockclient.MockClient, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID string) { - c.EXPECT(). - Get(context.TODO(), gomock.Any(), gomock.AssignableToTypeOf(&corev1.Secret{})). - DoAndReturn(func(_ context.Context, _ client.ObjectKey, secret *corev1.Secret) error { - secret.Data = map[string][]byte{ - azure.ClientIDKey: []byte(azureClientID), - azure.ClientSecretKey: []byte(azureClientSecret), - azure.SubscriptionIDKey: []byte(azureSubscriptionID), - azure.TenantIDKey: []byte(azureTenantID), - } - return nil - }) -} - -func addNameAndSecretsToMachineClass(class map[string]interface{}, azureClientID, azureClientSecret, azureSubscriptionID, azureTenantID, name string) { - class["name"] = name - class["labels"] = map[string]string{ - v1beta1constants.GardenPurpose: genericworkeractuator.GardenPurposeMachineClass, - } - class["secret"].(map[string]interface{})[azure.ClientIDKey] = azureClientID - class["secret"].(map[string]interface{})[azure.ClientSecretKey] = azureClientSecret - class["secret"].(map[string]interface{})[azure.SubscriptionIDKey] = azureSubscriptionID - class["secret"].(map[string]interface{})[azure.TenantIDKey] = azureTenantID -} diff --git a/controllers/provider-azure/pkg/controller/worker/worker_suite_test.go b/controllers/provider-azure/pkg/controller/worker/worker_suite_test.go deleted file mode 100644 index cb9b75658..000000000 --- a/controllers/provider-azure/pkg/controller/worker/worker_suite_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package worker_test - -import ( - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func TestWorker(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Worker Suite") -} diff --git a/controllers/provider-azure/pkg/internal/auth.go b/controllers/provider-azure/pkg/internal/auth.go deleted file mode 100644 index 619add3a3..000000000 --- a/controllers/provider-azure/pkg/internal/auth.go +++ /dev/null @@ -1,78 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package internal - -import ( - "context" - "fmt" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// ClientAuth represents a Azure Client Auth credentials. -type ClientAuth struct { - // SubscriptionID is the azure subscription ID. - SubscriptionID string - // TenantID is the azure tenant id. - TenantID string - // ClientID is the azure client id - ClientID string - // ClientSecret is the client secret - ClientSecret string -} - -// GetClientAuthData retrieves the client auth data specified by the secret reference. -func GetClientAuthData(ctx context.Context, c client.Client, secretRef corev1.SecretReference) (*ClientAuth, error) { - secret, err := extensionscontroller.GetSecretByReference(ctx, c, &secretRef) - if err != nil { - return nil, err - } - - return ReadClientAuthDataFromSecret(secret) -} - -// ReadClientAuthDataFromSecret reads the client auth details from the given secret. -func ReadClientAuthDataFromSecret(secret *corev1.Secret) (*ClientAuth, error) { - subscriptionID, ok := secret.Data[azure.SubscriptionIDKey] - if !ok { - return nil, fmt.Errorf("secret %s/%s doesn't have a subscription ID", secret.Namespace, secret.Name) - } - - clientID, ok := secret.Data[azure.ClientIDKey] - if !ok { - return nil, fmt.Errorf("secret %s/%s doesn't have a client ID", secret.Namespace, secret.Name) - } - - tenantID, ok := secret.Data[azure.TenantIDKey] - if !ok { - return nil, fmt.Errorf("secret %s/%s doesn't have a tenant ID", secret.Namespace, secret.Name) - } - - clientSecret, ok := secret.Data[azure.ClientSecretKey] - if !ok { - return nil, fmt.Errorf("secret %s/%s doesn't have a Client Secret", secret.Namespace, secret.Name) - } - - return &ClientAuth{ - SubscriptionID: string(subscriptionID), - ClientID: string(clientID), - TenantID: string(tenantID), - ClientSecret: string(clientSecret), - }, nil -} diff --git a/controllers/provider-azure/pkg/internal/auth_test.go b/controllers/provider-azure/pkg/internal/auth_test.go deleted file mode 100644 index 449a691ce..000000000 --- a/controllers/provider-azure/pkg/internal/auth_test.go +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package internal - -import ( - "context" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - mockclient "github.com/gardener/gardener-extensions/pkg/mock/controller-runtime/client" - - kutil "github.com/gardener/gardener/pkg/utils/kubernetes" - "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -var _ = Describe("Service Account", func() { - var ( - ctrl *gomock.Controller - - clientAuth *ClientAuth - secret *corev1.Secret - ) - - BeforeEach(func() { - ctrl = gomock.NewController(GinkgoT()) - clientSecret, clientID, tenantID, subscriptionID := "secret", "client_id", "tenant_id", "subscription_id" - clientAuth = &ClientAuth{ - ClientSecret: clientSecret, - ClientID: clientID, - TenantID: tenantID, - SubscriptionID: subscriptionID, - } - secret = &corev1.Secret{ - Data: map[string][]byte{ - azure.ClientSecretKey: []byte(clientSecret), - azure.ClientIDKey: []byte(clientID), - azure.TenantIDKey: []byte(tenantID), - azure.SubscriptionIDKey: []byte(subscriptionID), - }, - } - }) - - AfterEach(func() { - ctrl.Finish() - }) - - Describe("#ReadClientAuthDataFromSecret", func() { - It("should read the client auth data from the secret", func() { - actual, err := ReadClientAuthDataFromSecret(secret) - Expect(err).NotTo(HaveOccurred()) - Expect(actual).To(Equal(clientAuth)) - }) - }) - - Describe("#GetClientAuthData", func() { - It("should retrieve the client auth data", func() { - var ( - c = mockclient.NewMockClient(ctrl) - namespace = "foo" - name = "bar" - secretRef = corev1.SecretReference{ - Namespace: namespace, - Name: name, - } - ctx = context.TODO() - ) - c.EXPECT().Get(ctx, kutil.Key(namespace, name), gomock.AssignableToTypeOf(&corev1.Secret{})). - DoAndReturn(func(_ context.Context, _ client.ObjectKey, actual *corev1.Secret) error { - *actual = *secret - return nil - }) - - actual, err := GetClientAuthData(ctx, c, secretRef) - - Expect(err).NotTo(HaveOccurred()) - Expect(actual).To(Equal(clientAuth)) - }) - }) -}) diff --git a/controllers/provider-azure/pkg/internal/imagevector/imagevector.go b/controllers/provider-azure/pkg/internal/imagevector/imagevector.go deleted file mode 100644 index 943b279ff..000000000 --- a/controllers/provider-azure/pkg/internal/imagevector/imagevector.go +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:generate packr2 - -package imagevector - -import ( - "strings" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - - "github.com/gardener/gardener/pkg/utils/imagevector" - "github.com/gobuffalo/packr/v2" - "k8s.io/apimachinery/pkg/util/runtime" -) - -var imageVector imagevector.ImageVector - -func init() { - box := packr.New("charts", "../../../charts") - - imagesYaml, err := box.FindString("images.yaml") - runtime.Must(err) - - imageVector, err = imagevector.Read(strings.NewReader(imagesYaml)) - runtime.Must(err) - - imageVector, err = imagevector.WithEnvOverride(imageVector) - runtime.Must(err) -} - -// ImageVector is the image vector that contains all the needed images. -func ImageVector() imagevector.ImageVector { - return imageVector -} - -// TerraformerImage returns the Terraformer image. -func TerraformerImage() string { - image, err := imageVector.FindImage(azure.TerraformerImageName) - runtime.Must(err) - return image.String() -} diff --git a/controllers/provider-azure/pkg/internal/infrastructure/infrastructure.go b/controllers/provider-azure/pkg/internal/infrastructure/infrastructure.go deleted file mode 100644 index 6977e060c..000000000 --- a/controllers/provider-azure/pkg/internal/infrastructure/infrastructure.go +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "context" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// GetClientAuthFromInfrastructure retrieves the ServiceAccount from the Secret referenced in the given Infrastructure. -func GetClientAuthFromInfrastructure(ctx context.Context, c client.Client, config *extensionsv1alpha1.Infrastructure) (*internal.ClientAuth, error) { - return internal.GetClientAuthData(ctx, c, config.Spec.SecretRef) -} diff --git a/controllers/provider-azure/pkg/internal/infrastructure/infrastructure_suite_test.go b/controllers/provider-azure/pkg/internal/infrastructure/infrastructure_suite_test.go deleted file mode 100644 index 9374ce1ae..000000000 --- a/controllers/provider-azure/pkg/internal/infrastructure/infrastructure_suite_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure_test - -import ( - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func TestInfrastructure(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Infrastructure Suite") -} diff --git a/controllers/provider-azure/pkg/internal/infrastructure/terraform.go b/controllers/provider-azure/pkg/internal/infrastructure/terraform.go deleted file mode 100644 index f211ef429..000000000 --- a/controllers/provider-azure/pkg/internal/infrastructure/terraform.go +++ /dev/null @@ -1,302 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "path/filepath" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/helper" - apiv1alpha1 "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - "github.com/gardener/gardener-extensions/pkg/controller" - "github.com/gardener/gardener-extensions/pkg/terraformer" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "github.com/gardener/gardener/pkg/chartrenderer" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - // TerraformerPurpose is the terraformer infrastructure purpose. - TerraformerPurpose = "infra" - - // TerraformerOutputKeyResourceGroupName is the key for the resourceGroupName output - TerraformerOutputKeyResourceGroupName = "resourceGroupName" - // TerraformerOutputKeyVNetName is the key for the vnetName output - TerraformerOutputKeyVNetName = "vnetName" - // TerraformerOutputKeyVNetResourceGroup is the key for the vnetResourceGroup output - TerraformerOutputKeyVNetResourceGroup = "vnetResourceGroup" - // TerraformerOutputKeySubnetName is the key for the subnetName output - TerraformerOutputKeySubnetName = "subnetName" - // TerraformerOutputKeyAvailabilitySetID is the key for the availabilitySetID output - TerraformerOutputKeyAvailabilitySetID = "availabilitySetID" - // TerraformerOutputKeyAvailabilitySetName is the key for the availabilitySetName output - TerraformerOutputKeyAvailabilitySetName = "availabilitySetName" - // TerraformerOutputKeyRouteTableName is the key for the routeTableName output - TerraformerOutputKeyRouteTableName = "routeTableName" - // TerraformerOutputKeySecurityGroupName is the key for the securityGroupName output - TerraformerOutputKeySecurityGroupName = "securityGroupName" -) - -var ( - // ChartsPath is the path to the charts - ChartsPath = filepath.Join("controllers", "provider-azure", "charts") - // InternalChartsPath is the path to the internal charts - InternalChartsPath = filepath.Join(ChartsPath, "internal") - - // StatusTypeMeta is the TypeMeta of the Azure InfrastructureStatus - StatusTypeMeta = metav1.TypeMeta{ - APIVersion: apiv1alpha1.SchemeGroupVersion.String(), - Kind: "InfrastructureStatus", - } -) - -// ComputeTerraformerChartValues computes the values for the Azure Terraformer chart. -func ComputeTerraformerChartValues(infra *extensionsv1alpha1.Infrastructure, clientAuth *internal.ClientAuth, - config *api.InfrastructureConfig, cluster *controller.Cluster) (map[string]interface{}, error) { - var ( - createResourceGroup = true - createVNet = true - createAvailabilitySet = false - resourceGroupName = infra.Namespace - - azure = map[string]interface{}{ - "subscriptionID": clientAuth.SubscriptionID, - "tenantID": clientAuth.TenantID, - "region": infra.Spec.Region, - } - vnetConfig = map[string]interface{}{ - "name": infra.Namespace, - } - outputKeys = map[string]interface{}{ - "resourceGroupName": TerraformerOutputKeyResourceGroupName, - "vnetName": TerraformerOutputKeyVNetName, - "subnetName": TerraformerOutputKeySubnetName, - "routeTableName": TerraformerOutputKeyRouteTableName, - "securityGroupName": TerraformerOutputKeySecurityGroupName, - } - ) - // check if we should use an existing ResourceGroup or create a new one - if config.ResourceGroup != nil { - createResourceGroup = false - resourceGroupName = config.ResourceGroup.Name - } - - // VNet settings. - if config.Networks.VNet.Name != nil && config.Networks.VNet.ResourceGroup != nil { - // Deploy in existing vNet. - createVNet = false - vnetConfig["name"] = *config.Networks.VNet.Name - vnetConfig["resourceGroup"] = *config.Networks.VNet.ResourceGroup - outputKeys["vnetResourceGroup"] = TerraformerOutputKeyVNetResourceGroup - } else if config.Networks.VNet.CIDR != nil { - // Apply a custom cidr for the vNet. - vnetConfig["cidr"] = *config.Networks.VNet.CIDR - } else { - // Use worker cidr as default for the vNet. - vnetConfig["cidr"] = config.Networks.Workers - } - - // If the cluster is zoned, then we don't need to create an AvailabilitySet. - if !config.Zoned { - createAvailabilitySet = true - outputKeys["availabilitySetID"] = TerraformerOutputKeyAvailabilitySetID - outputKeys["availabilitySetName"] = TerraformerOutputKeyAvailabilitySetName - - cloudProfileConfig, err := helper.CloudProfileConfigFromCluster(cluster) - if err != nil { - return nil, err - } - - updateDomainCount, err := helper.FindDomainCountByRegion(cloudProfileConfig.CountUpdateDomains, infra.Spec.Region) - if err != nil { - return nil, err - } - azure["countUpdateDomains"] = updateDomainCount - - countFaultDomains, err := helper.FindDomainCountByRegion(cloudProfileConfig.CountFaultDomains, infra.Spec.Region) - if err != nil { - return nil, err - } - azure["countFaultDomains"] = countFaultDomains - } - - return map[string]interface{}{ - "azure": azure, - "create": map[string]interface{}{ - "resourceGroup": createResourceGroup, - "vnet": createVNet, - "availabilitySet": createAvailabilitySet, - }, - "resourceGroup": map[string]interface{}{ - "name": resourceGroupName, - "vnet": vnetConfig, - "subnet": map[string]interface{}{ - "serviceEndpoints": config.Networks.ServiceEndpoints, - }, - }, - "clusterName": infra.Namespace, - "networks": map[string]interface{}{ - "worker": config.Networks.Workers, - }, - "outputKeys": outputKeys, - }, nil -} - -// RenderTerraformerChart renders the azure-infra chart with the given values. -func RenderTerraformerChart(renderer chartrenderer.Interface, infra *extensionsv1alpha1.Infrastructure, clientAuth *internal.ClientAuth, - config *api.InfrastructureConfig, cluster *controller.Cluster) (*TerraformFiles, error) { - values, err := ComputeTerraformerChartValues(infra, clientAuth, config, cluster) - if err != nil { - return nil, err - } - - release, err := renderer.Render(filepath.Join(InternalChartsPath, "azure-infra"), "azure-infra", infra.Namespace, values) - if err != nil { - return nil, err - } - - return &TerraformFiles{ - Main: release.FileContent("main.tf"), - Variables: release.FileContent("variables.tf"), - TFVars: []byte(release.FileContent("terraform.tfvars")), - }, nil -} - -// TerraformFiles are the files that have been rendered from the infrastructure chart. -type TerraformFiles struct { - Main string - Variables string - TFVars []byte -} - -// TerraformState is the Terraform state for an infrastructure. -type TerraformState struct { - // VPCName is the name of the VNet created for an infrastructure. - VNetName string - // VNetResourceGroupName is the name of the resource group where the vnet is deployed to. - VNetResourceGroupName string - // ResourceGroupName is the name of the resource group. - ResourceGroupName string - // AvailabilitySetID is the ID for the created availability set. - AvailabilitySetID string - // AvailabilitySetName the ID for the created availability set . - AvailabilitySetName string - // SubnetName is the name of the created subnet. - SubnetName string - // RouteTableName is the name of the route table. - RouteTableName string - // SecurityGroupName is the name of the security group. - SecurityGroupName string -} - -// ExtractTerraformState extracts the TerraformState from the given Terraformer. -func ExtractTerraformState(tf terraformer.Terraformer, config *api.InfrastructureConfig) (*TerraformState, error) { - var outputKeys = []string{ - TerraformerOutputKeyResourceGroupName, - TerraformerOutputKeyRouteTableName, - TerraformerOutputKeySecurityGroupName, - TerraformerOutputKeySubnetName, - TerraformerOutputKeyVNetName, - } - - if config.Networks.VNet.Name != nil && config.Networks.VNet.ResourceGroup != nil { - outputKeys = append(outputKeys, TerraformerOutputKeyVNetResourceGroup) - } - - if !config.Zoned { - outputKeys = append(outputKeys, TerraformerOutputKeyAvailabilitySetID, TerraformerOutputKeyAvailabilitySetName) - } - - vars, err := tf.GetStateOutputVariables(outputKeys...) - if err != nil { - return nil, err - } - - var tfState = TerraformState{ - VNetName: vars[TerraformerOutputKeyVNetName], - ResourceGroupName: vars[TerraformerOutputKeyResourceGroupName], - RouteTableName: vars[TerraformerOutputKeyRouteTableName], - SecurityGroupName: vars[TerraformerOutputKeySecurityGroupName], - SubnetName: vars[TerraformerOutputKeySubnetName], - } - - if config.Networks.VNet.Name != nil && config.Networks.VNet.ResourceGroup != nil { - tfState.VNetResourceGroupName = vars[TerraformerOutputKeyVNetResourceGroup] - } - - if !config.Zoned { - tfState.AvailabilitySetID = vars[TerraformerOutputKeyAvailabilitySetID] - tfState.AvailabilitySetName = vars[TerraformerOutputKeyAvailabilitySetName] - } - return &tfState, nil -} - -// StatusFromTerraformState computes an InfrastructureStatus from the given -// Terraform variables. -func StatusFromTerraformState(state *TerraformState) *apiv1alpha1.InfrastructureStatus { - var tfState = apiv1alpha1.InfrastructureStatus{ - TypeMeta: StatusTypeMeta, - ResourceGroup: apiv1alpha1.ResourceGroup{ - Name: state.ResourceGroupName, - }, - Networks: apiv1alpha1.NetworkStatus{ - VNet: apiv1alpha1.VNetStatus{ - Name: state.VNetName, - }, - Subnets: []apiv1alpha1.Subnet{ - { - Purpose: apiv1alpha1.PurposeNodes, - Name: state.SubnetName, - }, - }, - }, - AvailabilitySets: []apiv1alpha1.AvailabilitySet{}, - RouteTables: []apiv1alpha1.RouteTable{ - {Purpose: apiv1alpha1.PurposeNodes, Name: state.RouteTableName}, - }, - SecurityGroups: []apiv1alpha1.SecurityGroup{ - {Name: state.SecurityGroupName, Purpose: apiv1alpha1.PurposeNodes}, - }, - } - - if state.VNetResourceGroupName != "" { - tfState.Networks.VNet.ResourceGroup = &state.VNetResourceGroupName - } - - // If no AvailabilitySet was created then the Shoot uses zones. - if state.AvailabilitySetID == "" && state.AvailabilitySetName == "" { - tfState.Zoned = true - } else { - tfState.AvailabilitySets = append(tfState.AvailabilitySets, apiv1alpha1.AvailabilitySet{ - Name: state.AvailabilitySetName, - ID: state.AvailabilitySetID, - Purpose: apiv1alpha1.PurposeNodes, - }) - } - - return &tfState -} - -// ComputeStatus computes the status based on the Terraformer and the given InfrastructureConfig. -func ComputeStatus(tf terraformer.Terraformer, config *api.InfrastructureConfig) (*apiv1alpha1.InfrastructureStatus, error) { - state, err := ExtractTerraformState(tf, config) - if err != nil { - return nil, err - } - - return StatusFromTerraformState(state), nil -} diff --git a/controllers/provider-azure/pkg/internal/infrastructure/terraform_test.go b/controllers/provider-azure/pkg/internal/infrastructure/terraform_test.go deleted file mode 100644 index d47650af3..000000000 --- a/controllers/provider-azure/pkg/internal/infrastructure/terraform_test.go +++ /dev/null @@ -1,363 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package infrastructure - -import ( - "encoding/json" - - api "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure" - apiv1alpha1 "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal" - "github.com/gardener/gardener-extensions/pkg/controller" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -func makeCluster(pods, services string, region string, countFaultDomain, countUpdateDomain int) *controller.Cluster { - var ( - shoot = gardencorev1beta1.Shoot{ - Spec: gardencorev1beta1.ShootSpec{ - Networking: gardencorev1beta1.Networking{ - Pods: &pods, - Services: &services, - }, - }, - } - cloudProfileConfig = apiv1alpha1.CloudProfileConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: apiv1alpha1.SchemeGroupVersion.String(), - Kind: "CloudProfileConfig", - }, - CountFaultDomains: []apiv1alpha1.DomainCount{ - {Region: region, Count: countFaultDomain}, - }, - CountUpdateDomains: []apiv1alpha1.DomainCount{ - {Region: region, Count: countUpdateDomain}, - }, - } - cloudProfileConfigJSON, _ = json.Marshal(cloudProfileConfig) - cloudProfile = gardencorev1beta1.CloudProfile{ - Spec: gardencorev1beta1.CloudProfileSpec{ - ProviderConfig: &gardencorev1beta1.ProviderConfig{ - RawExtension: runtime.RawExtension{ - Raw: cloudProfileConfigJSON, - }, - }, - }, - } - ) - - return &controller.Cluster{ - Shoot: &shoot, - CloudProfile: &cloudProfile, - } -} - -var _ = Describe("Terraform", func() { - var ( - infra *extensionsv1alpha1.Infrastructure - config *api.InfrastructureConfig - cluster *controller.Cluster - clientAuth *internal.ClientAuth - - testServiceEndpoint = "Microsoft.Test" - countFaultDomain = 1 - countUpdateDomain = 2 - ) - - BeforeEach(func() { - var ( - VNetName = "vnet" - TestCIDR = "10.1.0.0/16" - VNetCIDR = TestCIDR - ) - config = &api.InfrastructureConfig{ - Networks: api.NetworkConfig{ - VNet: api.VNet{ - Name: &VNetName, - CIDR: &VNetCIDR, - }, - Workers: TestCIDR, - ServiceEndpoints: []string{testServiceEndpoint}, - }, - Zoned: true, - } - - rawconfig := &apiv1alpha1.InfrastructureConfig{ - Networks: apiv1alpha1.NetworkConfig{ - VNet: apiv1alpha1.VNet{ - Name: &VNetName, - CIDR: &VNetCIDR, - }, - Workers: TestCIDR, - ServiceEndpoints: []string{testServiceEndpoint}, - }, - } - - infra = &extensionsv1alpha1.Infrastructure{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: "foo", - Name: "bar", - }, - - Spec: extensionsv1alpha1.InfrastructureSpec{ - Region: "eu-west-1", - SecretRef: corev1.SecretReference{ - Namespace: "foo", - Name: "azure-credentials", - }, - ProviderConfig: &runtime.RawExtension{ - Object: rawconfig, - }, - }, - } - - cluster = makeCluster("11.0.0.0/16", "12.0.0.0/16", infra.Spec.Region, countFaultDomain, countUpdateDomain) - clientAuth = &internal.ClientAuth{ - TenantID: "tenant_id", - ClientSecret: "client_secret", - ClientID: "client_id", - SubscriptionID: "subscription_id", - } - }) - - Describe("#ComputeTerraformerChartValues", func() { - It("should correctly compute the terraformer chart values for a zoned cluster", func() { - values, err := ComputeTerraformerChartValues(infra, clientAuth, config, cluster) - expectedValues := map[string]interface{}{ - "azure": map[string]interface{}{ - "subscriptionID": clientAuth.SubscriptionID, - "tenantID": clientAuth.TenantID, - "region": infra.Spec.Region, - }, - "create": map[string]interface{}{ - "resourceGroup": true, - "vnet": true, - "availabilitySet": false, - }, - "resourceGroup": map[string]interface{}{ - "name": infra.Namespace, - "vnet": map[string]interface{}{ - "name": infra.Namespace, - "cidr": config.Networks.Workers, - }, - "subnet": map[string]interface{}{ - "serviceEndpoints": []string{testServiceEndpoint}, - }, - }, - "clusterName": infra.Namespace, - "networks": map[string]interface{}{ - "worker": config.Networks.Workers, - }, - "outputKeys": map[string]interface{}{ - "resourceGroupName": TerraformerOutputKeyResourceGroupName, - "vnetName": TerraformerOutputKeyVNetName, - "subnetName": TerraformerOutputKeySubnetName, - "routeTableName": TerraformerOutputKeyRouteTableName, - "securityGroupName": TerraformerOutputKeySecurityGroupName, - }, - } - Expect(err).To(Not(HaveOccurred())) - Expect(values).To(BeEquivalentTo(expectedValues)) - }) - - It("should correctly compute the terraformer chart values for a non zoned cluster", func() { - config.Zoned = false - values, err := ComputeTerraformerChartValues(infra, clientAuth, config, cluster) - Expect(err).To(Not(HaveOccurred())) - expectedValues := map[string]interface{}{ - "azure": map[string]interface{}{ - "subscriptionID": clientAuth.SubscriptionID, - "tenantID": clientAuth.TenantID, - "region": infra.Spec.Region, - "countUpdateDomains": countUpdateDomain, - "countFaultDomains": countFaultDomain, - }, - "create": map[string]interface{}{ - "resourceGroup": true, - "vnet": true, - "availabilitySet": true, - }, - "resourceGroup": map[string]interface{}{ - "name": infra.Namespace, - "vnet": map[string]interface{}{ - "name": infra.Namespace, - "cidr": config.Networks.Workers, - }, - "subnet": map[string]interface{}{ - "serviceEndpoints": []string{testServiceEndpoint}, - }, - }, - "clusterName": infra.Namespace, - "networks": map[string]interface{}{ - "worker": config.Networks.Workers, - }, - "outputKeys": map[string]interface{}{ - "resourceGroupName": TerraformerOutputKeyResourceGroupName, - "vnetName": TerraformerOutputKeyVNetName, - "subnetName": TerraformerOutputKeySubnetName, - "routeTableName": TerraformerOutputKeyRouteTableName, - "securityGroupName": TerraformerOutputKeySecurityGroupName, - "availabilitySetID": TerraformerOutputKeyAvailabilitySetID, - "availabilitySetName": TerraformerOutputKeyAvailabilitySetName, - }, - } - Expect(values).To(BeEquivalentTo(expectedValues)) - }) - - It("should correctly compute the terraformer chart values for a cluster deployed in an existing vnet", func() { - var ( - existingVnetName = "test" - existingVnetResourceGroup = "test-rg" - ) - - config.Networks.VNet = api.VNet{ - Name: &existingVnetName, - ResourceGroup: &existingVnetResourceGroup, - } - values, err := ComputeTerraformerChartValues(infra, clientAuth, config, cluster) - expectedValues := map[string]interface{}{ - "azure": map[string]interface{}{ - "subscriptionID": clientAuth.SubscriptionID, - "tenantID": clientAuth.TenantID, - "region": infra.Spec.Region, - }, - "create": map[string]interface{}{ - "resourceGroup": true, - "vnet": false, - "availabilitySet": false, - }, - "resourceGroup": map[string]interface{}{ - "name": infra.Namespace, - "vnet": map[string]interface{}{ - "name": existingVnetName, - "resourceGroup": existingVnetResourceGroup, - }, - "subnet": map[string]interface{}{ - "serviceEndpoints": []string{testServiceEndpoint}, - }, - }, - "clusterName": infra.Namespace, - "networks": map[string]interface{}{ - "worker": config.Networks.Workers, - }, - "outputKeys": map[string]interface{}{ - "resourceGroupName": TerraformerOutputKeyResourceGroupName, - "vnetName": TerraformerOutputKeyVNetName, - "vnetResourceGroup": TerraformerOutputKeyVNetResourceGroup, - "subnetName": TerraformerOutputKeySubnetName, - "routeTableName": TerraformerOutputKeyRouteTableName, - "securityGroupName": TerraformerOutputKeySecurityGroupName, - }, - } - Expect(err).To(Not(HaveOccurred())) - Expect(values).To(BeEquivalentTo(expectedValues)) - }) - }) - - Describe("#StatusFromTerraformState", func() { - var ( - vnetName, subnetName, routeTableName, availabilitySetID, availabilitySetName, securityGroupName, resourceGroupName string - state *TerraformState - ) - - BeforeEach(func() { - vnetName = "vnet_name" - subnetName = "subnet_name" - routeTableName = "routTable_name" - availabilitySetID, availabilitySetName = "as_id", "as_name" - securityGroupName = "sg_name" - resourceGroupName = "rg_name" - state = &TerraformState{ - VNetName: vnetName, - SubnetName: subnetName, - RouteTableName: routeTableName, - AvailabilitySetID: "", - AvailabilitySetName: "", - SecurityGroupName: securityGroupName, - ResourceGroupName: resourceGroupName, - } - }) - - It("should correctly compute the status for zoned cluster", func() { - status := StatusFromTerraformState(state) - Expect(status).To(Equal(&apiv1alpha1.InfrastructureStatus{ - TypeMeta: StatusTypeMeta, - ResourceGroup: apiv1alpha1.ResourceGroup{ - Name: resourceGroupName, - }, - RouteTables: []apiv1alpha1.RouteTable{ - {Name: routeTableName, Purpose: apiv1alpha1.PurposeNodes}, - }, - SecurityGroups: []apiv1alpha1.SecurityGroup{ - {Name: securityGroupName, Purpose: apiv1alpha1.PurposeNodes}, - }, - AvailabilitySets: []apiv1alpha1.AvailabilitySet{}, - Networks: apiv1alpha1.NetworkStatus{ - VNet: apiv1alpha1.VNetStatus{ - Name: vnetName, - }, - Subnets: []apiv1alpha1.Subnet{ - { - Purpose: apiv1alpha1.PurposeNodes, - Name: subnetName, - }, - }, - }, - Zoned: true, - })) - }) - - It("should correctly compute the status for non zoned cluster", func() { - state.AvailabilitySetID = availabilitySetID - state.AvailabilitySetName = availabilitySetName - status := StatusFromTerraformState(state) - Expect(status).To(Equal(&apiv1alpha1.InfrastructureStatus{ - TypeMeta: StatusTypeMeta, - ResourceGroup: apiv1alpha1.ResourceGroup{ - Name: resourceGroupName, - }, - RouteTables: []apiv1alpha1.RouteTable{ - {Name: routeTableName, Purpose: apiv1alpha1.PurposeNodes}, - }, - AvailabilitySets: []apiv1alpha1.AvailabilitySet{ - {Name: availabilitySetName, ID: availabilitySetID, Purpose: apiv1alpha1.PurposeNodes}, - }, - SecurityGroups: []apiv1alpha1.SecurityGroup{ - {Name: securityGroupName, Purpose: apiv1alpha1.PurposeNodes}, - }, - Networks: apiv1alpha1.NetworkStatus{ - VNet: apiv1alpha1.VNetStatus{ - Name: vnetName, - }, - Subnets: []apiv1alpha1.Subnet{ - { - Purpose: apiv1alpha1.PurposeNodes, - Name: subnetName, - }, - }, - }, - Zoned: false, - })) - }) - - }) -}) diff --git a/controllers/provider-azure/pkg/internal/internal_test.go b/controllers/provider-azure/pkg/internal/internal_test.go deleted file mode 100644 index 9e00abf77..000000000 --- a/controllers/provider-azure/pkg/internal/internal_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package internal - -import ( - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func TestInternal(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Internal Suite") -} diff --git a/controllers/provider-azure/pkg/internal/terraform.go b/controllers/provider-azure/pkg/internal/terraform.go deleted file mode 100644 index 226c2bb83..000000000 --- a/controllers/provider-azure/pkg/internal/terraform.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package internal - -import ( - "time" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/imagevector" - "github.com/gardener/gardener-extensions/pkg/terraformer" - - "github.com/gardener/gardener/pkg/logger" - "k8s.io/client-go/rest" -) - -const ( - // TerraformVarClientID is the name of the terraform client id environment variable. - TerraformVarClientID = "TF_VAR_CLIENT_ID" - //TerraformVarClientSecret is the name of the client secret environment variable. - TerraformVarClientSecret = "TF_VAR_CLIENT_SECRET" -) - -// TerraformVariablesEnvironmentFromClientAuth computes the Terraformer variables environment from the -// given ServiceAccount. -func TerraformVariablesEnvironmentFromClientAuth(auth *ClientAuth) (map[string]string, error) { - return map[string]string{ - TerraformVarClientID: auth.ClientID, - TerraformVarClientSecret: auth.ClientSecret, - }, nil -} - -// NewTerraformer initializes a new Terraformer that has the azure auth credentials. -func NewTerraformer( - restConfig *rest.Config, - clientAuth *ClientAuth, - purpose, - namespace, - name string, -) (terraformer.Terraformer, error) { - tf, err := terraformer.NewForConfig(logger.NewLogger("info"), restConfig, purpose, namespace, name, imagevector.TerraformerImage()) - if err != nil { - return nil, err - } - - variables, err := TerraformVariablesEnvironmentFromClientAuth(clientAuth) - if err != nil { - return nil, err - } - - return tf. - SetVariablesEnvironment(variables). - SetActiveDeadlineSeconds(630). - SetDeadlineCleaning(5 * time.Minute). - SetDeadlinePod(15 * time.Minute), nil -} diff --git a/controllers/provider-azure/pkg/internal/terraform_test.go b/controllers/provider-azure/pkg/internal/terraform_test.go deleted file mode 100644 index 885ad193d..000000000 --- a/controllers/provider-azure/pkg/internal/terraform_test.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package internal - -import ( - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Terraform", func() { - var ( - clientAuth *ClientAuth - clientSecret, clientID = "secret", "client_id" - ) - - BeforeEach(func() { - clientAuth = &ClientAuth{ - ClientSecret: clientSecret, - ClientID: clientID, - } - }) - - Describe("#TerraformerVariablesEnvironmentFromServiceAccount", func() { - It("should correctly create the variables environment", func() { - variables, err := TerraformVariablesEnvironmentFromClientAuth(clientAuth) - Expect(err).NotTo(HaveOccurred()) - Expect(variables).To(Equal(map[string]string{ - TerraformVarClientID: clientID, - TerraformVarClientSecret: clientSecret, - })) - }) - }) -}) diff --git a/controllers/provider-azure/pkg/internal/types.go b/controllers/provider-azure/pkg/internal/types.go deleted file mode 100644 index e8d4f85ec..000000000 --- a/controllers/provider-azure/pkg/internal/types.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package internal - -import "path/filepath" - -var ( - // ChartsPath is the path to the charts - ChartsPath = filepath.Join("controllers", "provider-azure", "charts") - // InternalChartsPath is the path to the internal charts - InternalChartsPath = filepath.Join(ChartsPath, "internal") -) diff --git a/controllers/provider-azure/pkg/webhook/controlplane/add.go b/controllers/provider-azure/pkg/webhook/controlplane/add.go deleted file mode 100644 index 4b65bedcf..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplane/add.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var logger = log.Log.WithName("azure-controlplane-webhook") - -// AddToManager creates a webhook and adds it to the manager. -func AddToManager(mgr manager.Manager) (*extensionswebhook.Webhook, error) { - logger.Info("Adding webhook to manager") - fciCodec := controlplane.NewFileContentInlineCodec() - return controlplane.Add(mgr, controlplane.AddArgs{ - Kind: controlplane.KindShoot, - Provider: azure.Type, - Types: []runtime.Object{&appsv1.Deployment{}, &extensionsv1alpha1.OperatingSystemConfig{}}, - Mutator: genericmutator.NewMutator(NewEnsurer(logger), controlplane.NewUnitSerializer(), - controlplane.NewKubeletConfigCodec(fciCodec), fciCodec, logger), - }) -} diff --git a/controllers/provider-azure/pkg/webhook/controlplane/ensurer.go b/controllers/provider-azure/pkg/webhook/controlplane/ensurer.go deleted file mode 100644 index b5a7bec80..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplane/ensurer.go +++ /dev/null @@ -1,231 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -import ( - "context" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - "github.com/coreos/go-systemd/unit" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - kutil "github.com/gardener/gardener/pkg/utils/kubernetes" - versionutils "github.com/gardener/gardener/pkg/utils/version" - "github.com/go-logr/logr" - "github.com/pkg/errors" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// NewEnsurer creates a new controlplane ensurer. -func NewEnsurer(logger logr.Logger) genericmutator.Ensurer { - return &ensurer{ - logger: logger.WithName("azure-controlplane-ensurer"), - } -} - -type ensurer struct { - genericmutator.NoopEnsurer - client client.Client - logger logr.Logger -} - -// InjectClient injects the given client into the ensurer. -func (e *ensurer) InjectClient(client client.Client) error { - e.client = client - return nil -} - -// EnsureKubeAPIServerDeployment ensures that the kube-apiserver deployment conforms to the provider requirements. -func (e *ensurer) EnsureKubeAPIServerDeployment(ctx context.Context, ectx genericmutator.EnsurerContext, dep *appsv1.Deployment) error { - template := &dep.Spec.Template - ps := &template.Spec - - cluster, err := ectx.GetCluster(ctx) - if err != nil { - return err - } - - if c := extensionswebhook.ContainerWithName(ps.Containers, "kube-apiserver"); c != nil { - ensureKubeAPIServerCommandLineArgs(c) - ensureVolumeMounts(c, cluster.Shoot.Spec.Kubernetes.Version) - } - ensureVolumes(ps, cluster.Shoot.Spec.Kubernetes.Version) - return e.ensureChecksumAnnotations(ctx, &dep.Spec.Template, dep.Namespace) -} - -// EnsureKubeControllerManagerDeployment ensures that the kube-controller-manager deployment conforms to the provider requirements. -func (e *ensurer) EnsureKubeControllerManagerDeployment(ctx context.Context, ectx genericmutator.EnsurerContext, dep *appsv1.Deployment) error { - template := &dep.Spec.Template - ps := &template.Spec - - cluster, err := ectx.GetCluster(ctx) - if err != nil { - return err - } - - if c := extensionswebhook.ContainerWithName(ps.Containers, "kube-controller-manager"); c != nil { - ensureKubeControllerManagerCommandLineArgs(c) - ensureVolumeMounts(c, cluster.Shoot.Spec.Kubernetes.Version) - } - ensureKubeControllerManagerAnnotations(template) - ensureVolumes(ps, cluster.Shoot.Spec.Kubernetes.Version) - return e.ensureChecksumAnnotations(ctx, &dep.Spec.Template, dep.Namespace) -} - -func ensureKubeAPIServerCommandLineArgs(c *corev1.Container) { - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--cloud-provider=", "azure") - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--cloud-config=", - "/etc/kubernetes/cloudprovider/cloudprovider.conf") - c.Command = extensionswebhook.EnsureStringWithPrefixContains(c.Command, "--enable-admission-plugins=", - "PersistentVolumeLabel", ",") - c.Command = extensionswebhook.EnsureNoStringWithPrefixContains(c.Command, "--disable-admission-plugins=", - "PersistentVolumeLabel", ",") -} - -func ensureKubeControllerManagerCommandLineArgs(c *corev1.Container) { - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--cloud-provider=", "external") - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--cloud-config=", - "/etc/kubernetes/cloudprovider/cloudprovider.conf") - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--external-cloud-volume-plugin=", "azure") -} - -func ensureKubeControllerManagerAnnotations(t *corev1.PodTemplateSpec) { - t.Labels = extensionswebhook.EnsureAnnotationOrLabel(t.Labels, v1beta1constants.LabelNetworkPolicyToPublicNetworks, v1beta1constants.LabelNetworkPolicyAllowed) - t.Labels = extensionswebhook.EnsureAnnotationOrLabel(t.Labels, v1beta1constants.LabelNetworkPolicyToPrivateNetworks, v1beta1constants.LabelNetworkPolicyAllowed) - t.Labels = extensionswebhook.EnsureAnnotationOrLabel(t.Labels, v1beta1constants.LabelNetworkPolicyToBlockedCIDRs, v1beta1constants.LabelNetworkPolicyAllowed) -} - -var ( - etcSSLName = "etc-ssl" - etcSSLVolumeMount = corev1.VolumeMount{ - Name: etcSSLName, - MountPath: "/etc/ssl", - ReadOnly: true, - } - etcSSLVolume = corev1.Volume{ - Name: etcSSLName, - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/etc/ssl", - }, - }, - } - - cloudProviderConfigVolumeMount = corev1.VolumeMount{ - Name: azure.CloudProviderConfigName, - MountPath: "/etc/kubernetes/cloudprovider", - } - cloudProviderConfigVolume = corev1.Volume{ - Name: azure.CloudProviderConfigName, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{Name: azure.CloudProviderConfigName}, - }, - }, - } -) - -func ensureVolumeMounts(c *corev1.Container, version string) { - c.VolumeMounts = extensionswebhook.EnsureVolumeMountWithName(c.VolumeMounts, cloudProviderConfigVolumeMount) - - if mustMountEtcSSLFolder(version) { - c.VolumeMounts = extensionswebhook.EnsureVolumeMountWithName(c.VolumeMounts, etcSSLVolumeMount) - } -} - -func ensureVolumes(ps *corev1.PodSpec, version string) { - ps.Volumes = extensionswebhook.EnsureVolumeWithName(ps.Volumes, cloudProviderConfigVolume) - - if mustMountEtcSSLFolder(version) { - ps.Volumes = extensionswebhook.EnsureVolumeWithName(ps.Volumes, etcSSLVolume) - } -} - -// Beginning with 1.17 Gardener no longer uses the hyperkube image for the Kubernetes control plane components. -// The hyperkube image contained all the well-known root CAs, but the dedicated images don't. This is why we -// mount the /etc/ssl folder from the host here. -// TODO: This can be remove again once we have migrated to CSI. -func mustMountEtcSSLFolder(version string) bool { - k8sVersionAtLeast117, err := versionutils.CompareVersions(version, ">=", "1.17") - if err != nil { - return false - } - return k8sVersionAtLeast117 -} - -func (e *ensurer) ensureChecksumAnnotations(ctx context.Context, template *corev1.PodTemplateSpec, namespace string) error { - return controlplane.EnsureConfigMapChecksumAnnotation(ctx, template, e.client, namespace, azure.CloudProviderConfigName) -} - -// EnsureKubeletServiceUnitOptions ensures that the kubelet.service unit options conform to the provider requirements. -func (e *ensurer) EnsureKubeletServiceUnitOptions(ctx context.Context, ectx genericmutator.EnsurerContext, opts []*unit.UnitOption) ([]*unit.UnitOption, error) { - if opt := extensionswebhook.UnitOptionWithSectionAndName(opts, "Service", "ExecStart"); opt != nil { - command := extensionswebhook.DeserializeCommandLine(opt.Value) - command = ensureKubeletCommandLineArgs(command) - opt.Value = extensionswebhook.SerializeCommandLine(command, 1, " \\\n ") - } - return opts, nil -} - -func ensureKubeletCommandLineArgs(command []string) []string { - command = extensionswebhook.EnsureStringWithPrefix(command, "--cloud-provider=", "azure") - command = extensionswebhook.EnsureStringWithPrefix(command, "--cloud-config=", "/var/lib/kubelet/cloudprovider.conf") - return command -} - -// EnsureKubeletConfiguration ensures that the kubelet configuration conforms to the provider requirements. -func (e *ensurer) EnsureKubeletConfiguration(ctx context.Context, ectx genericmutator.EnsurerContext, kubeletConfig *kubeletconfigv1beta1.KubeletConfiguration) error { - // Make sure CSI-related feature gates are not enabled - // TODO Leaving these enabled shouldn't do any harm, perhaps remove this code when properly tested? - delete(kubeletConfig.FeatureGates, "VolumeSnapshotDataSource") - delete(kubeletConfig.FeatureGates, "CSINodeInfo") - delete(kubeletConfig.FeatureGates, "CSIDriverRegistry") - return nil -} - -// ShouldProvisionKubeletCloudProviderConfig returns true if the cloud provider config file should be added to the kubelet configuration. -func (e *ensurer) ShouldProvisionKubeletCloudProviderConfig() bool { - return true -} - -// EnsureKubeletCloudProviderConfig ensures that the cloud provider config file conforms to the provider requirements. -func (e *ensurer) EnsureKubeletCloudProviderConfig(ctx context.Context, ectx genericmutator.EnsurerContext, data *string, namespace string) error { - // Get `cloud-provider-config` ConfigMap - var cm corev1.ConfigMap - err := e.client.Get(ctx, kutil.Key(namespace, azure.CloudProviderKubeletConfigName), &cm) - if err != nil { - if apierrors.IsNotFound(err) { - e.logger.Info("configmap not found", "name", azure.CloudProviderKubeletConfigName, "namespace", namespace) - return nil - } - return errors.Wrapf(err, "could not get configmap '%s/%s'", namespace, azure.CloudProviderKubeletConfigName) - } - - // Check if the data has "cloudprovider.conf" key - if cm.Data == nil || cm.Data[azure.CloudProviderConfigMapKey] == "" { - return nil - } - - // Overwrite data variable - *data = cm.Data[azure.CloudProviderConfigMapKey] - return nil -} diff --git a/controllers/provider-azure/pkg/webhook/controlplane/ensurer_test.go b/controllers/provider-azure/pkg/webhook/controlplane/ensurer_test.go deleted file mode 100644 index 46c49d8db..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplane/ensurer_test.go +++ /dev/null @@ -1,507 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -import ( - "context" - "testing" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - mockclient "github.com/gardener/gardener-extensions/pkg/mock/controller-runtime/client" - "github.com/gardener/gardener-extensions/pkg/util" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/test" - - "github.com/coreos/go-systemd/unit" - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/runtime/inject" -) - -const ( - namespace = "test" - cloudProviderConfigContent = "[Global]\nsome: content\n" -) - -func TestController(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Controlplane Webhook Suite") -} - -var _ = Describe("Ensurer", func() { - var ( - ctrl *gomock.Controller - dummyContext = genericmutator.NewEnsurerContext(nil, nil) - eContextK8s116 = genericmutator.NewInternalEnsurerContext( - &extensionscontroller.Cluster{ - Shoot: &gardencorev1beta1.Shoot{ - Spec: gardencorev1beta1.ShootSpec{ - Kubernetes: gardencorev1beta1.Kubernetes{ - Version: "1.16.0", - }, - }, - }, - }, - ) - eContextK8s117 = genericmutator.NewInternalEnsurerContext( - &extensionscontroller.Cluster{ - Shoot: &gardencorev1beta1.Shoot{ - Spec: gardencorev1beta1.ShootSpec{ - Kubernetes: gardencorev1beta1.Kubernetes{ - Version: "1.17.0", - }, - }, - }, - }, - ) - - cmKey = client.ObjectKey{Namespace: namespace, Name: azure.CloudProviderConfigName} - cm = &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: azure.CloudProviderConfigName}, - Data: map[string]string{"abc": "xyz", azure.CloudProviderConfigMapKey: cloudProviderConfigContent}, - } - - annotations = map[string]string{ - "checksum/configmap-" + azure.CloudProviderConfigName: "31d2e116fbf854a590e84ab9176f299af6ff86aeea61bcee6bd705de78da9bf3", - } - - kubeControllerManagerLabels = map[string]string{ - v1beta1constants.LabelNetworkPolicyToPublicNetworks: v1beta1constants.LabelNetworkPolicyAllowed, - v1beta1constants.LabelNetworkPolicyToPrivateNetworks: v1beta1constants.LabelNetworkPolicyAllowed, - v1beta1constants.LabelNetworkPolicyToBlockedCIDRs: v1beta1constants.LabelNetworkPolicyAllowed, - } - ) - - BeforeEach(func() { - ctrl = gomock.NewController(GinkgoT()) - }) - - AfterEach(func() { - ctrl.Finish() - }) - - Describe("#EnsureKubeAPIServerDeployment", func() { - It("should add missing elements to kube-apiserver deployment (k8s < 1.17)", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeAPIServer}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-apiserver", - }, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeAPIServerDeployment method and check the result - err = ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContextK8s116, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeAPIServerDeployment(dep, annotations, true) - }) - - It("should add missing elements to kube-apiserver deployment (k8s >= 1.17)", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeAPIServer}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-apiserver", - }, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeAPIServerDeployment method and check the result - err = ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContextK8s117, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeAPIServerDeployment(dep, annotations, false) - }) - - It("should modify existing elements of kube-apiserver deployment", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeAPIServer}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-apiserver", - Command: []string{ - "--cloud-provider=?", - "--cloud-config=?", - "--enable-admission-plugins=Priority,NamespaceLifecycle", - "--disable-admission-plugins=PersistentVolumeLabel", - }, - VolumeMounts: []corev1.VolumeMount{ - {Name: azure.CloudProviderConfigName, MountPath: "?"}, - }, - }, - }, - Volumes: []corev1.Volume{ - {Name: azure.CloudProviderConfigName}, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeAPIServerDeployment method and check the result - err = ensurer.EnsureKubeAPIServerDeployment(context.TODO(), eContextK8s116, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeAPIServerDeployment(dep, annotations, true) - }) - }) - - Describe("#EnsureKubeControllerManagerDeployment", func() { - It("should add missing elements to kube-controller-manager deployment (k8s < 1.17)", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeControllerManager}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-controller-manager", - }, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeControllerManagerDeployment method and check the result - err = ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContextK8s116, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeControllerManagerDeployment(dep, annotations, kubeControllerManagerLabels, true) - }) - - It("should add missing elements to kube-controller-manager deployment (k8s >= 1.17)", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeControllerManager}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-controller-manager", - }, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeControllerManagerDeployment method and check the result - err = ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContextK8s117, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeControllerManagerDeployment(dep, annotations, kubeControllerManagerLabels, false) - }) - - It("should modify existing elements of kube-controller-manager deployment", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeControllerManager}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-controller-manager", - Command: []string{ - "--cloud-provider=?", - "--cloud-config=?", - "--external-cloud-volume-plugin=?", - }, - VolumeMounts: []corev1.VolumeMount{ - {Name: azure.CloudProviderConfigName, MountPath: "?"}, - }, - }, - }, - Volumes: []corev1.Volume{ - {Name: azure.CloudProviderConfigName}, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeControllerManagerDeployment method and check the result - err = ensurer.EnsureKubeControllerManagerDeployment(context.TODO(), eContextK8s116, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeControllerManagerDeployment(dep, annotations, kubeControllerManagerLabels, true) - }) - }) - - Describe("#EnsureKubeletServiceUnitOptions", func() { - It("should modify existing elements of kubelet.service unit options", func() { - var ( - oldUnitOptions = []*unit.UnitOption{ - { - Section: "Service", - Name: "ExecStart", - Value: `/opt/bin/hyperkube kubelet \ - --config=/var/lib/kubelet/config/kubelet`, - }, - } - newUnitOptions = []*unit.UnitOption{ - { - Section: "Service", - Name: "ExecStart", - Value: `/opt/bin/hyperkube kubelet \ - --config=/var/lib/kubelet/config/kubelet \ - --cloud-provider=azure \ - --cloud-config=/var/lib/kubelet/cloudprovider.conf`, - }, - } - ) - - // Create ensurer - ensurer := NewEnsurer(logger) - - // Call EnsureKubeletServiceUnitOptions method and check the result - opts, err := ensurer.EnsureKubeletServiceUnitOptions(context.TODO(), dummyContext, oldUnitOptions) - Expect(err).To(Not(HaveOccurred())) - Expect(opts).To(Equal(newUnitOptions)) - }) - }) - - Describe("#EnsureKubeletConfiguration", func() { - It("should modify existing elements of kubelet configuration", func() { - var ( - oldKubeletConfig = &kubeletconfigv1beta1.KubeletConfiguration{ - FeatureGates: map[string]bool{ - "Foo": true, - "VolumeSnapshotDataSource": true, - "CSINodeInfo": true, - }, - } - newKubeletConfig = &kubeletconfigv1beta1.KubeletConfiguration{ - FeatureGates: map[string]bool{ - "Foo": true, - }, - } - ) - - // Create ensurer - ensurer := NewEnsurer(logger) - - // Call EnsureKubeletConfiguration method and check the result - kubeletConfig := *oldKubeletConfig - err := ensurer.EnsureKubeletConfiguration(context.TODO(), dummyContext, &kubeletConfig) - Expect(err).To(Not(HaveOccurred())) - Expect(&kubeletConfig).To(Equal(newKubeletConfig)) - }) - }) - - Describe("#EnsureKubeletCloudProviderConfig", func() { - var ( - cmKey = client.ObjectKey{Namespace: namespace, Name: azure.CloudProviderKubeletConfigName} - cm = &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: azure.CloudProviderKubeletConfigName}, - Data: map[string]string{"abc": "xyz", azure.CloudProviderConfigMapKey: cloudProviderConfigContent}, - } - - existingData = util.StringPtr("[LoadBalancer]\nlb-version=v2\nlb-provider:\n") - emptydata = util.StringPtr("") - ) - It("cloud provider configmap do not exist", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).Return(errors.NewNotFound(schema.GroupResource{}, cm.Name)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call EnsureKubeletConfiguration method and check the result - err = ensurer.EnsureKubeletCloudProviderConfig(context.TODO(), dummyContext, emptydata, namespace) - Expect(err).To(Not(HaveOccurred())) - Expect(*emptydata).To(Equal("")) - }) - It("should create element containing cloud provider config content", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call EnsureKubeletConfiguration method and check the result - err = ensurer.EnsureKubeletCloudProviderConfig(context.TODO(), dummyContext, emptydata, namespace) - Expect(err).To(Not(HaveOccurred())) - Expect(*emptydata).To(Equal(cloudProviderConfigContent)) - }) - It("should modify existing element containing cloud provider config content", func() { - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), cmKey, &corev1.ConfigMap{}).DoAndReturn(clientGet(cm)) - - // Create ensurer - ensurer := NewEnsurer(logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).NotTo(HaveOccurred()) - - // Call EnsureKubeletConfiguration method and check the result - err = ensurer.EnsureKubeletCloudProviderConfig(context.TODO(), dummyContext, existingData, namespace) - Expect(err).To(Not(HaveOccurred())) - Expect(*existingData).To(Equal(cloudProviderConfigContent)) - }) - }) -}) - -func checkKubeAPIServerDeployment(dep *appsv1.Deployment, annotations map[string]string, k8sVersionLessThan117 bool) { - // Check that the kube-apiserver container still exists and contains all needed command line args, - // env vars, and volume mounts - c := extensionswebhook.ContainerWithName(dep.Spec.Template.Spec.Containers, "kube-apiserver") - Expect(c).To(Not(BeNil())) - Expect(c.Command).To(ContainElement("--cloud-provider=azure")) - Expect(c.Command).To(ContainElement("--cloud-config=/etc/kubernetes/cloudprovider/cloudprovider.conf")) - Expect(c.Command).To(test.ContainElementWithPrefixContaining("--enable-admission-plugins=", "PersistentVolumeLabel", ",")) - Expect(c.Command).To(Not(test.ContainElementWithPrefixContaining("--disable-admission-plugins=", "PersistentVolumeLabel", ","))) - Expect(c.VolumeMounts).To(ContainElement(cloudProviderConfigVolumeMount)) - Expect(dep.Spec.Template.Spec.Volumes).To(ContainElement(cloudProviderConfigVolume)) - - if !k8sVersionLessThan117 { - Expect(c.VolumeMounts).To(ContainElement(etcSSLVolumeMount)) - Expect(dep.Spec.Template.Spec.Volumes).To(ContainElement(etcSSLVolume)) - } - - // Check that the Pod template contains all needed checksum annotations - Expect(dep.Spec.Template.Annotations).To(Equal(annotations)) -} - -func checkKubeControllerManagerDeployment(dep *appsv1.Deployment, annotations, labels map[string]string, k8sVersionLessThan117 bool) { - // Check that the kube-controller-manager container still exists and contains all needed command line args, - // env vars, and volume mounts - c := extensionswebhook.ContainerWithName(dep.Spec.Template.Spec.Containers, "kube-controller-manager") - Expect(c).To(Not(BeNil())) - Expect(c.Command).To(ContainElement("--cloud-provider=external")) - Expect(c.Command).To(ContainElement("--cloud-config=/etc/kubernetes/cloudprovider/cloudprovider.conf")) - Expect(c.Command).To(ContainElement("--external-cloud-volume-plugin=azure")) - Expect(c.VolumeMounts).To(ContainElement(cloudProviderConfigVolumeMount)) - Expect(dep.Spec.Template.Spec.Volumes).To(ContainElement(cloudProviderConfigVolume)) - - if !k8sVersionLessThan117 { - Expect(c.VolumeMounts).To(ContainElement(etcSSLVolumeMount)) - Expect(dep.Spec.Template.Spec.Volumes).To(ContainElement(etcSSLVolume)) - } - - // Check that the Pod template contains all needed checksum annotations - Expect(dep.Spec.Template.Annotations).To(Equal(annotations)) - - // Check that the labels for network policies are added - Expect(dep.Spec.Template.Labels).To(Equal(labels)) -} - -func clientGet(result runtime.Object) interface{} { - return func(ctx context.Context, key client.ObjectKey, obj runtime.Object) error { - switch obj.(type) { - case *corev1.Secret: - *obj.(*corev1.Secret) = *result.(*corev1.Secret) - case *corev1.ConfigMap: - *obj.(*corev1.ConfigMap) = *result.(*corev1.ConfigMap) - } - return nil - } -} diff --git a/controllers/provider-azure/pkg/webhook/controlplanebackup/add.go b/controllers/provider-azure/pkg/webhook/controlplanebackup/add.go deleted file mode 100644 index e2889b3de..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplanebackup/add.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplanebackup - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/internal/imagevector" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - appsv1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} -) - -// AddOptions are options to apply when adding the AWS backup webhook to the manager. -type AddOptions struct { - // ETCDBackup is the etcd backup configuration. - ETCDBackup config.ETCDBackup -} - -var logger = log.Log.WithName("azure-controlplanebackup-webhook") - -// AddToManagerWithOptions creates a webhook with the given options and adds it to the manager. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionswebhook.Webhook, error) { - logger.Info("Adding webhook to manager") - return controlplane.Add(mgr, controlplane.AddArgs{ - Kind: controlplane.KindBackup, - Provider: azure.Type, - Types: []runtime.Object{&appsv1.StatefulSet{}}, - Mutator: genericmutator.NewMutator(NewEnsurer(&opts.ETCDBackup, imagevector.ImageVector(), logger), nil, nil, nil, logger), - }) -} - -// AddToManager creates a webhook with the default options and adds it to the manager. -func AddToManager(mgr manager.Manager) (*extensionswebhook.Webhook, error) { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/webhook/controlplanebackup/ensurer.go b/controllers/provider-azure/pkg/webhook/controlplanebackup/ensurer.go deleted file mode 100644 index 86364c271..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplanebackup/ensurer.go +++ /dev/null @@ -1,158 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplanebackup - -import ( - "context" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/gardener/gardener/pkg/operation/common" - "github.com/gardener/gardener/pkg/utils/imagevector" - "github.com/go-logr/logr" - "github.com/pkg/errors" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// NewEnsurer creates a new controlplaneexposure ensurer. -func NewEnsurer(etcdBackup *config.ETCDBackup, imageVector imagevector.ImageVector, logger logr.Logger) genericmutator.Ensurer { - return &ensurer{ - etcdBackup: etcdBackup, - imageVector: imageVector, - logger: logger.WithName("azure-controlplanebackup-ensurer"), - } -} - -type ensurer struct { - genericmutator.NoopEnsurer - etcdBackup *config.ETCDBackup - imageVector imagevector.ImageVector - client client.Client - logger logr.Logger -} - -// InjectClient injects the given client into the ensurer. -func (e *ensurer) InjectClient(client client.Client) error { - e.client = client - return nil -} - -// EnsureETCDStatefulSet ensures that the etcd stateful sets conform to the provider requirements. -func (e *ensurer) EnsureETCDStatefulSet(ctx context.Context, ectx genericmutator.EnsurerContext, ss *appsv1.StatefulSet) error { - cluster, err := ectx.GetCluster(ctx) - if err != nil { - return err - } - if err := e.ensureContainers(&ss.Spec.Template.Spec, ss.Name, cluster); err != nil { - return err - } - return e.ensureChecksumAnnotations(ctx, &ss.Spec.Template, ss.Namespace, ss.Name, cluster.Seed.Spec.Backup != nil) -} - -func (e *ensurer) ensureContainers(ps *corev1.PodSpec, name string, cluster *extensionscontroller.Cluster) error { - backupRestoreContainer := extensionswebhook.ContainerWithName(ps.Containers, controlplane.BackupRestoreContainerName) - c, err := e.ensureBackupRestoreContainer(backupRestoreContainer, name, cluster) - if err != nil { - return err - } - ps.Containers = extensionswebhook.EnsureContainerWithName(ps.Containers, *c) - return nil -} - -func (e *ensurer) ensureChecksumAnnotations(ctx context.Context, template *corev1.PodTemplateSpec, namespace, name string, backupConfigured bool) error { - if name == v1beta1constants.ETCDMain && backupConfigured { - return controlplane.EnsureSecretChecksumAnnotation(ctx, template, e.client, namespace, azure.BackupSecretName) - } - return nil -} - -func (e *ensurer) ensureBackupRestoreContainer(existingContainer *corev1.Container, name string, cluster *extensionscontroller.Cluster) (*corev1.Container, error) { - // Find etcd-backup-restore image - // TODO Get seed version from clientset when it's possible to inject it - image, err := e.imageVector.FindImage(azure.ETCDBackupRestoreImageName, imagevector.TargetVersion(cluster.Shoot.Spec.Kubernetes.Version)) - if err != nil { - return nil, errors.Wrapf(err, "could not find image %s", azure.ETCDBackupRestoreImageName) - } - - // Determine provider, container env variables, and volume mounts - // They are only specified for the etcd-main stateful set (backup is enabled) - var ( - provider string - prefix string - env []corev1.EnvVar - volumeClaimTemplateName = name - ) - if name == v1beta1constants.ETCDMain { - if cluster.Seed.Spec.Backup == nil { - e.logger.Info("Backup profile is not configured; backup will not be taken for etcd-main") - } else { - prefix = common.GenerateBackupEntryName(cluster.Shoot.Status.TechnicalID, cluster.Shoot.Status.UID) - - provider = azure.StorageProviderName - env = []corev1.EnvVar{ - { - Name: "STORAGE_CONTAINER", - // The bucket name is written to the backup secret by Gardener as a temporary solution. - // TODO In the future, the bucket name should come from a BackupBucket resource (see https://github.com/gardener/gardener/blob/master/docs/proposals/02-backupinfra.md) - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: azure.BucketName, - LocalObjectReference: corev1.LocalObjectReference{Name: azure.BackupSecretName}, - }, - }, - }, - { - Name: "STORAGE_ACCOUNT", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{Name: azure.BackupSecretName}, - Key: azure.StorageAccount, - }, - }, - }, - { - Name: "STORAGE_KEY", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{Name: azure.BackupSecretName}, - Key: azure.StorageKey, - }, - }, - }, - } - } - volumeClaimTemplateName = controlplane.EtcdMainVolumeClaimTemplateName - } - - var schedule string - if e.etcdBackup != nil && e.etcdBackup.Schedule != nil { - schedule = *e.etcdBackup.Schedule - } else { - schedule, err = controlplane.DetermineBackupSchedule(existingContainer, cluster) - if err != nil { - return nil, err - } - } - - return controlplane.GetBackupRestoreContainer(name, volumeClaimTemplateName, schedule, provider, prefix, image.String(), nil, env, nil), nil -} diff --git a/controllers/provider-azure/pkg/webhook/controlplanebackup/ensurer_test.go b/controllers/provider-azure/pkg/webhook/controlplanebackup/ensurer_test.go deleted file mode 100644 index 6b0d74466..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplanebackup/ensurer_test.go +++ /dev/null @@ -1,363 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplanebackup - -import ( - "context" - "testing" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionscontroller "github.com/gardener/gardener-extensions/pkg/controller" - mockclient "github.com/gardener/gardener-extensions/pkg/mock/controller-runtime/client" - "github.com/gardener/gardener-extensions/pkg/util" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/gardener/gardener/pkg/utils/imagevector" - "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/runtime/inject" -) - -const ( - namespace = "test" -) - -func TestController(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Controlplane Backup Webhook Suite") -} - -var _ = Describe("Ensurer", func() { - Describe("#EnsureETCDStatefulSet", func() { - var ( - ctrl *gomock.Controller - - etcdBackup = &config.ETCDBackup{ - Schedule: util.StringPtr("0 */24 * * *"), - } - - imageVector = imagevector.ImageVector{ - { - Name: azure.ETCDBackupRestoreImageName, - Repository: "test-repository", - Tag: util.StringPtr("test-tag"), - }, - } - - cluster = &extensionscontroller.Cluster{ - Shoot: &gardencorev1beta1.Shoot{ - Spec: gardencorev1beta1.ShootSpec{ - Kubernetes: gardencorev1beta1.Kubernetes{ - Version: "1.13.4", - }, - }, - Status: gardencorev1beta1.ShootStatus{ - TechnicalID: "shoot--test--sample", - UID: types.UID("test-uid"), - }, - }, - Seed: &gardencorev1beta1.Seed{ - Spec: gardencorev1beta1.SeedSpec{ - Backup: &gardencorev1beta1.SeedBackup{}, - }, - }, - } - - dummyContext = genericmutator.NewInternalEnsurerContext(cluster) - - secretKey = client.ObjectKey{Namespace: namespace, Name: azure.BackupSecretName} - secret = &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Name: azure.BackupSecretName, Namespace: namespace}, - Data: map[string][]byte{"foo": []byte("bar")}, - } - - annotations = map[string]string{ - "checksum/secret-" + azure.BackupSecretName: "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432", - } - ) - - BeforeEach(func() { - ctrl = gomock.NewController(GinkgoT()) - }) - - AfterEach(func() { - ctrl.Finish() - }) - - It("should add or modify elements to etcd-main statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDMain}, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), secretKey, &corev1.Secret{}).DoAndReturn(clientGet(secret)) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureETCDStatefulSet method and check the result - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDMainStatefulSet(ss, annotations) - }) - - It("should modify existing elements of etcd-main statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDMain}, - Spec: appsv1.StatefulSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "backup-restore", - }, - }, - }, - }, - }, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - client.EXPECT().Get(context.TODO(), secretKey, &corev1.Secret{}).DoAndReturn(clientGet(secret)) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureETCDStatefulSet method and check the result - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDMainStatefulSet(ss, annotations) - }) - - It("should not configure backup to etcd-main statefulset if backup profile is missing", func() { - ss := &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDMain}, - } - cluster.Seed.Spec.Backup = nil - - // Create mock client - client := mockclient.NewMockClient(ctrl) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureETCDStatefulSet method and check the result - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDMainStatefulSetWithoutBackup(ss, annotations) - }) - - It("should not modify elements to same etcd-main statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDMain}, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureETCDStatefulSet method and check the result - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - oldSS := ss.DeepCopy() - - // Re-ensure on existing statefulset - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - - Expect(err).To(Not(HaveOccurred())) - Expect(ss).Should(Equal(oldSS)) - - // Re-ensure on new statefulset request - newSS := &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDEvents}, - } - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, newSS) - - Expect(err).To(Not(HaveOccurred())) - Expect(ss).Should(Equal(oldSS)) - }) - - It("should add or modify elements to etcd-events statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.ETCDEvents}, - } - ) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - - // Call EnsureETCDStatefulSet method and check the result - err := ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDEventsStatefulSet(ss) - }) - - It("should modify existing elements of etcd-events statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.ETCDEvents}, - Spec: appsv1.StatefulSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "backup-restore", - }, - }, - }, - }, - }, - } - ) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - - // Call EnsureETCDStatefulSet method and check the result - err := ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDEventsStatefulSet(ss) - }) - - It("should not modify elements to same etcd-events statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDEvents}, - } - ) - - // Create mock client - client := mockclient.NewMockClient(ctrl) - - // Create ensurer - ensurer := NewEnsurer(etcdBackup, imageVector, logger) - err := ensurer.(inject.Client).InjectClient(client) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureETCDStatefulSet method and check the result - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - oldSS := ss.DeepCopy() - - // Re-ensure on existing statefulset - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - - Expect(err).To(Not(HaveOccurred())) - Expect(ss).Should(Equal(oldSS)) - - // Re-ensure on new statefulset request - newSS := &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: v1beta1constants.ETCDEvents}, - } - err = ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, newSS) - - Expect(err).To(Not(HaveOccurred())) - Expect(ss).Should(Equal(oldSS)) - }) - }) -}) - -func checkETCDMainStatefulSet(ss *appsv1.StatefulSet, annotations map[string]string) { - var ( - env = []corev1.EnvVar{ - { - Name: "STORAGE_CONTAINER", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: azure.BucketName, - LocalObjectReference: corev1.LocalObjectReference{Name: azure.BackupSecretName}, - }, - }, - }, - { - Name: "STORAGE_ACCOUNT", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: azure.StorageAccount, - LocalObjectReference: corev1.LocalObjectReference{Name: azure.BackupSecretName}, - }, - }, - }, - { - Name: "STORAGE_KEY", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: azure.StorageKey, - LocalObjectReference: corev1.LocalObjectReference{Name: azure.BackupSecretName}, - }, - }, - }, - } - ) - - c := extensionswebhook.ContainerWithName(ss.Spec.Template.Spec.Containers, "backup-restore") - Expect(c).To(Equal(controlplane.GetBackupRestoreContainer(v1beta1constants.ETCDMain, controlplane.EtcdMainVolumeClaimTemplateName, "0 */24 * * *", azure.StorageProviderName, "shoot--test--sample--test-uid", - "test-repository:test-tag", nil, env, nil))) - Expect(ss.Spec.Template.Annotations).To(Equal(annotations)) -} - -func checkETCDMainStatefulSetWithoutBackup(ss *appsv1.StatefulSet, annotations map[string]string) { - c := extensionswebhook.ContainerWithName(ss.Spec.Template.Spec.Containers, "backup-restore") - Expect(c).To(Equal(controlplane.GetBackupRestoreContainer(v1beta1constants.ETCDMain, controlplane.EtcdMainVolumeClaimTemplateName, "0 */24 * * *", "", "", - "test-repository:test-tag", nil, nil, nil))) - Expect(ss.Spec.Template.Annotations).To(BeNil()) -} - -func checkETCDEventsStatefulSet(ss *appsv1.StatefulSet) { - c := extensionswebhook.ContainerWithName(ss.Spec.Template.Spec.Containers, "backup-restore") - Expect(c).To(Equal(controlplane.GetBackupRestoreContainer(v1beta1constants.ETCDEvents, v1beta1constants.ETCDEvents, "0 */24 * * *", "", "", - "test-repository:test-tag", nil, nil, nil))) -} - -func clientGet(result runtime.Object) interface{} { - return func(ctx context.Context, key client.ObjectKey, obj runtime.Object) error { - switch obj.(type) { - case *corev1.Secret: - *obj.(*corev1.Secret) = *result.(*corev1.Secret) - } - return nil - } -} diff --git a/controllers/provider-azure/pkg/webhook/controlplaneexposure/add.go b/controllers/provider-azure/pkg/webhook/controlplaneexposure/add.go deleted file mode 100644 index 834ccc59a..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplaneexposure/add.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplaneexposure - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ( - // DefaultAddOptions are the default AddOptions for AddToManager. - DefaultAddOptions = AddOptions{} -) - -// AddOptions are options to apply when adding the AWS exposure webhook to the manager. -type AddOptions struct { - // ETCDStorage is the etcd storage configuration. - ETCDStorage config.ETCDStorage -} - -var logger = log.Log.WithName("azure-controlplaneexposure-webhook") - -// AddToManagerWithOptions creates a webhook with the given options and adds it to the manager. -func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionswebhook.Webhook, error) { - logger.Info("Adding webhook to manager") - return controlplane.Add(mgr, controlplane.AddArgs{ - Kind: controlplane.KindSeed, - Provider: azure.Type, - Types: []runtime.Object{&appsv1.Deployment{}, &corev1.Service{}, &appsv1.StatefulSet{}}, - Mutator: genericmutator.NewMutator(NewEnsurer(&opts.ETCDStorage, logger), nil, nil, nil, logger), - }) -} - -// AddToManager creates a webhook with the default options and adds it to the manager. -func AddToManager(mgr manager.Manager) (*extensionswebhook.Webhook, error) { - return AddToManagerWithOptions(mgr, DefaultAddOptions) -} diff --git a/controllers/provider-azure/pkg/webhook/controlplaneexposure/ensurer.go b/controllers/provider-azure/pkg/webhook/controlplaneexposure/ensurer.go deleted file mode 100644 index 978daab8f..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplaneexposure/ensurer.go +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplaneexposure - -import ( - "context" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - "github.com/gardener/gardener-extensions/pkg/controller" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - kutil "github.com/gardener/gardener/pkg/utils/kubernetes" - "github.com/go-logr/logr" - "github.com/pkg/errors" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// NewEnsurer creates a new controlplaneexposure ensurer. -func NewEnsurer(etcdStorage *config.ETCDStorage, logger logr.Logger) genericmutator.Ensurer { - return &ensurer{ - etcdStorage: etcdStorage, - logger: logger.WithName("ensurer"), - } -} - -type ensurer struct { - genericmutator.NoopEnsurer - etcdStorage *config.ETCDStorage - client client.Client - logger logr.Logger -} - -// InjectClient injects the given client into the ensurer. -func (e *ensurer) InjectClient(client client.Client) error { - e.client = client - return nil -} - -// EnsureKubeAPIServerService ensures that the kube-apiserver service conforms to the provider requirements. -func (e *ensurer) EnsureKubeAPIServerService(ctx context.Context, ectx genericmutator.EnsurerContext, svc *corev1.Service) error { - // TODO: Assuming seed kubernetes version is >= 1.12. Validate it correctly - if svc.Annotations == nil { - svc.Annotations = make(map[string]string) - } - svc.Annotations["service.beta.kubernetes.io/azure-load-balancer-tcp-idle-timeout"] = "30" - return nil -} - -// EnsureKubeAPIServerDeployment ensures that the kube-apiserver deployment conforms to the provider requirements. -func (e *ensurer) EnsureKubeAPIServerDeployment(ctx context.Context, ectx genericmutator.EnsurerContext, dep *appsv1.Deployment) error { - cluster, err := controller.GetCluster(ctx, e.client, dep.Namespace) - if err != nil { - return err - } - - if controller.IsHibernated(cluster) { - return nil - } - - // Get load balancer address of the kube-apiserver service - address, err := kutil.GetLoadBalancerIngress(ctx, e.client, dep.Namespace, v1beta1constants.DeploymentNameKubeAPIServer) - if err != nil { - return errors.Wrap(err, "could not get kube-apiserver service load balancer address") - } - - if c := extensionswebhook.ContainerWithName(dep.Spec.Template.Spec.Containers, "kube-apiserver"); c != nil { - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--advertise-address=", address) - c.Command = extensionswebhook.EnsureStringWithPrefix(c.Command, "--external-hostname=", address) - } - return nil -} - -// EnsureETCDStatefulSet ensures that the etcd stateful sets conform to the provider requirements. -func (e *ensurer) EnsureETCDStatefulSet(ctx context.Context, ectx genericmutator.EnsurerContext, ss *appsv1.StatefulSet) error { - e.ensureVolumeClaimTemplates(&ss.Spec, ss.Name) - return nil -} - -func (e *ensurer) ensureVolumeClaimTemplates(spec *appsv1.StatefulSetSpec, name string) { - t := e.getVolumeClaimTemplate(name) - spec.VolumeClaimTemplates = extensionswebhook.EnsurePVCWithName(spec.VolumeClaimTemplates, *t) -} - -func (e *ensurer) getVolumeClaimTemplate(name string) *corev1.PersistentVolumeClaim { - var ( - etcdStorage config.ETCDStorage - volumeClaimTemplateName = name - ) - - if name == v1beta1constants.ETCDMain { - etcdStorage = *e.etcdStorage - volumeClaimTemplateName = controlplane.EtcdMainVolumeClaimTemplateName - } - - return controlplane.GetETCDVolumeClaimTemplate(volumeClaimTemplateName, etcdStorage.ClassName, etcdStorage.Capacity) -} diff --git a/controllers/provider-azure/pkg/webhook/controlplaneexposure/ensurer_test.go b/controllers/provider-azure/pkg/webhook/controlplaneexposure/ensurer_test.go deleted file mode 100644 index f1c7c5d84..000000000 --- a/controllers/provider-azure/pkg/webhook/controlplaneexposure/ensurer_test.go +++ /dev/null @@ -1,295 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplaneexposure - -import ( - "context" - "encoding/json" - "testing" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/config" - mockclient "github.com/gardener/gardener-extensions/pkg/mock/controller-runtime/client" - "github.com/gardener/gardener-extensions/pkg/util" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane" - "github.com/gardener/gardener-extensions/pkg/webhook/controlplane/genericmutator" - - v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" - "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/runtime/inject" -) - -const ( - namespace = "test" -) - -func TestController(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Azure Controlplane Exposure Webhook Suite") -} - -var _ = Describe("Ensurer", func() { - var ( - dummyContext = genericmutator.NewEnsurerContext(nil, nil) - - etcdStorage = &config.ETCDStorage{ - ClassName: util.StringPtr("gardener.cloud-fast"), - Capacity: util.QuantityPtr(resource.MustParse("25Gi")), - } - - ctrl *gomock.Controller - - svcKey = client.ObjectKey{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeAPIServer} - svc = &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameKubeAPIServer, Namespace: namespace}, - Status: corev1.ServiceStatus{ - LoadBalancer: corev1.LoadBalancerStatus{ - Ingress: []corev1.LoadBalancerIngress{ - {IP: "1.2.3.4"}, - }, - }, - }, - } - cluster = &extensionsv1alpha1.Cluster{ - Spec: extensionsv1alpha1.ClusterSpec{ - Shoot: runtime.RawExtension{ - Raw: encode(&gardencorev1beta1.Shoot{}), - }, - }, - } - ) - - BeforeEach(func() { - ctrl = gomock.NewController(GinkgoT()) - }) - - AfterEach(func() { - ctrl.Finish() - }) - - Describe("#EnsureKubeAPIServerDeployment", func() { - It("should add missing elements to kube-apiserver deployment", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameKubeAPIServer, Namespace: namespace}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-apiserver", - }, - }, - }, - }, - }, - } - ) - - // Create mock client - c := mockclient.NewMockClient(ctrl) - c.EXPECT().Get(context.TODO(), client.ObjectKey{Name: namespace}, &extensionsv1alpha1.Cluster{}).DoAndReturn(clientGet(cluster)) - c.EXPECT().Get(context.TODO(), svcKey, &corev1.Service{}).DoAndReturn(clientGet(svc)) - - // Create ensurer - ensurer := NewEnsurer(etcdStorage, logger) - err := ensurer.(inject.Client).InjectClient(c) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeAPIServerDeployment method and check the result - err = ensurer.EnsureKubeAPIServerDeployment(context.TODO(), dummyContext, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeAPIServerDeployment(dep) - }) - - It("should modify existing elements of kube-apiserver deployment", func() { - var ( - dep = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameKubeAPIServer, Namespace: namespace}, - Spec: appsv1.DeploymentSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "kube-apiserver", - Command: []string{"--advertise-address=?", "--external-hostname=?"}, - }, - }, - }, - }, - }, - } - ) - - // Create mock client - c := mockclient.NewMockClient(ctrl) - c.EXPECT().Get(context.TODO(), client.ObjectKey{Name: namespace}, &extensionsv1alpha1.Cluster{}).DoAndReturn(clientGet(cluster)) - c.EXPECT().Get(context.TODO(), svcKey, &corev1.Service{}).DoAndReturn(clientGet(svc)) - - // Create ensurer - ensurer := NewEnsurer(etcdStorage, logger) - err := ensurer.(inject.Client).InjectClient(c) - Expect(err).To(Not(HaveOccurred())) - - // Call EnsureKubeAPIServerDeployment method and check the result - err = ensurer.EnsureKubeAPIServerDeployment(context.TODO(), dummyContext, dep) - Expect(err).To(Not(HaveOccurred())) - checkKubeAPIServerDeployment(dep) - }) - }) - - Describe("#EnsureETCDStatefulSet", func() { - It("should add or modify elements to etcd-main statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.ETCDMain}, - } - ) - - // Create ensurer - ensurer := NewEnsurer(etcdStorage, logger) - - // Call EnsureETCDStatefulSet method and check the result - err := ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDMainStatefulSet(ss) - }) - - It("should modify existing elements of etcd-main statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.ETCDMain}, - Spec: appsv1.StatefulSetSpec{ - VolumeClaimTemplates: []corev1.PersistentVolumeClaim{ - { - ObjectMeta: metav1.ObjectMeta{Name: "etcd-main"}, - Spec: corev1.PersistentVolumeClaimSpec{ - AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce}, - Resources: corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ - corev1.ResourceStorage: resource.MustParse("10Gi"), - }, - }, - }, - }, - }, - }, - } - ) - - // Create ensurer - ensurer := NewEnsurer(etcdStorage, logger) - - // Call EnsureETCDStatefulSet method and check the result - err := ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDMainStatefulSet(ss) - }) - - It("should add or modify elements to etcd-events statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.ETCDEvents}, - } - ) - - // Create ensurer - ensurer := NewEnsurer(etcdStorage, logger) - - // Call EnsureETCDStatefulSet method and check the result - err := ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDEventsStatefulSet(ss) - }) - - It("should modify existing elements of etcd-events statefulset", func() { - var ( - ss = &appsv1.StatefulSet{ - ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.ETCDEvents}, - Spec: appsv1.StatefulSetSpec{ - VolumeClaimTemplates: []corev1.PersistentVolumeClaim{ - { - ObjectMeta: metav1.ObjectMeta{Name: "etcd-events"}, - Spec: corev1.PersistentVolumeClaimSpec{ - AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce}, - Resources: corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ - corev1.ResourceStorage: resource.MustParse("20Gi"), - }, - }, - }, - }, - }, - }, - } - ) - - // Create ensurer - ensurer := NewEnsurer(etcdStorage, logger) - - // Call EnsureETCDStatefulSet method and check the result - err := ensurer.EnsureETCDStatefulSet(context.TODO(), dummyContext, ss) - Expect(err).To(Not(HaveOccurred())) - checkETCDEventsStatefulSet(ss) - }) - }) -}) - -func checkKubeAPIServerDeployment(dep *appsv1.Deployment) { - // Check that the kube-apiserver container still exists and contains all needed command line args - c := extensionswebhook.ContainerWithName(dep.Spec.Template.Spec.Containers, "kube-apiserver") - Expect(c).To(Not(BeNil())) - Expect(c.Command).To(ContainElement("--advertise-address=1.2.3.4")) - Expect(c.Command).To(ContainElement("--external-hostname=1.2.3.4")) -} - -func checkETCDMainStatefulSet(ss *appsv1.StatefulSet) { - pvc := extensionswebhook.PVCWithName(ss.Spec.VolumeClaimTemplates, controlplane.EtcdMainVolumeClaimTemplateName) - Expect(pvc).To(Equal(controlplane.GetETCDVolumeClaimTemplate(controlplane.EtcdMainVolumeClaimTemplateName, util.StringPtr("gardener.cloud-fast"), - util.QuantityPtr(resource.MustParse("25Gi"))))) -} - -func checkETCDEventsStatefulSet(ss *appsv1.StatefulSet) { - pvc := extensionswebhook.PVCWithName(ss.Spec.VolumeClaimTemplates, v1beta1constants.ETCDEvents) - Expect(pvc).To(Equal(controlplane.GetETCDVolumeClaimTemplate(v1beta1constants.ETCDEvents, nil, nil))) -} - -func clientGet(result runtime.Object) interface{} { - return func(ctx context.Context, key client.ObjectKey, obj runtime.Object) error { - switch obj.(type) { - case *corev1.Service: - *obj.(*corev1.Service) = *result.(*corev1.Service) - case *extensionsv1alpha1.Cluster: - *obj.(*extensionsv1alpha1.Cluster) = *result.(*extensionsv1alpha1.Cluster) - } - return nil - } -} - -func encode(obj runtime.Object) []byte { - data, _ := json.Marshal(obj) - return data -} diff --git a/controllers/provider-azure/pkg/webhook/network/add.go b/controllers/provider-azure/pkg/webhook/network/add.go deleted file mode 100644 index 477cad001..000000000 --- a/controllers/provider-azure/pkg/webhook/network/add.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package network - -import ( - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - "github.com/gardener/gardener-extensions/pkg/webhook/network" - - "github.com/gardener/gardener-extension-networking-calico/pkg/calico" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var logger = log.Log.WithName("networking-calico-webhook") - -// AddToManager creates a webhook and adds it to the manager. -func AddToManager(mgr manager.Manager) (*extensionswebhook.Webhook, error) { - logger.Info("Adding webhook to manager") - return network.Add(mgr, network.AddArgs{ - CloudProvider: azure.Type, - NetworkProvider: calico.Type, - Types: []runtime.Object{&extensionsv1alpha1.Network{}}, - Mutator: network.NewMutator(logger, mutateNetworkConfig), - }) -} diff --git a/controllers/provider-azure/pkg/webhook/network/mutate.go b/controllers/provider-azure/pkg/webhook/network/mutate.go deleted file mode 100644 index cefc425ab..000000000 --- a/controllers/provider-azure/pkg/webhook/network/mutate.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package network - -import ( - extensionswebhook "github.com/gardener/gardener-extensions/pkg/webhook" - - calicov1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1" - "github.com/gardener/gardener-extension-networking-calico/pkg/controller" - extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -func mutateNetworkConfig(network *extensionsv1alpha1.Network) error { - extensionswebhook.LogMutation(logger, "Network", network.Namespace, network.Name) - - var ( - networkConfig *calicov1alpha1.NetworkConfig - backendNone = calicov1alpha1.None - err error - ) - - if network.Spec.ProviderConfig != nil { - networkConfig, err = controller.CalicoNetworkConfigFromNetworkResource(network) - if err != nil { - return err - } - } else { - networkConfig = &calicov1alpha1.NetworkConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: calicov1alpha1.SchemeGroupVersion.String(), - Kind: "NetworkConfig", - }, - } - } - - networkConfig.Backend = &backendNone - network.Spec.ProviderConfig = &runtime.RawExtension{ - Object: networkConfig, - } - - return nil -} diff --git a/controllers/provider-azure/test/e2e/doc.go b/controllers/provider-azure/test/e2e/doc.go deleted file mode 100644 index bba9c937a..000000000 --- a/controllers/provider-azure/test/e2e/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:generate go run netpol-gen/netpol-gen.go --go-header-file ../../../../hack/LICENSE_BOILERPLATE.txt --input-dirs ./netpol-gen/app --output-base networkpolicies - -// Package e2e contain all network policies for Azure. -package e2e diff --git a/controllers/provider-azure/test/e2e/netpol-gen/app/azure.go b/controllers/provider-azure/test/e2e/netpol-gen/app/azure.go deleted file mode 100644 index 936ef3abc..000000000 --- a/controllers/provider-azure/test/e2e/netpol-gen/app/azure.go +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package app - -import ( - np "github.com/gardener/gardener-extensions/test/e2e/framework/networkpolicies" -) - -// azureNetworkPolicy holds Azure-specific network policy settings. -type azureNetworkPolicy struct { - np.Agnostic - - // metadata points to Azure-specific Metadata service. - metadata *np.Host -} - -// NewCloudAware returns Azure-specific policies. -func NewCloudAware() np.CloudAware { - return &azureNetworkPolicy{ - metadata: &np.Host{ - Description: "Metadata service", - HostName: "169.254.169.254", - Port: 80, - }, - } -} - -// Sources returns list of all Azure-specific sources and targets. -func (a *azureNetworkPolicy) Rules() []np.Rule { - ag := a.Agnostic - return []np.Rule{ - a.newSource(ag.KubeAPIServer()).AllowPod(ag.EtcdMain(), ag.EtcdEvents()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.EtcdMain()).AllowHost(ag.External()).Build(), - a.newSource(ag.EtcdEvents()).AllowHost(ag.External()).Build(), - a.newSource(ag.CloudControllerManagerNotSecured()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.External()).Build(), - a.newSource(ag.CloudControllerManagerSecured()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.External()).Build(), - a.newSource(ag.DependencyWatchdog()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.ElasticSearch()).Build(), - a.newSource(ag.Grafana()).AllowPod(ag.Prometheus()).Build(), - a.newSource(ag.Kibana()).AllowTargetPod(ag.ElasticSearch().FromPort("http")).Build(), - a.newSource(ag.AddonManager()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.KubeControllerManagerNotSecured()).AllowPod(ag.KubeAPIServer()).AllowHost(a.metadata, ag.External()).Build(), - a.newSource(ag.KubeControllerManagerSecured()).AllowPod(ag.KubeAPIServer()).AllowHost(a.metadata, ag.External()).Build(), - a.newSource(ag.KubeSchedulerNotSecured()).AllowPod(ag.KubeAPIServer()).Build(), - a.newSource(ag.KubeSchedulerSecured()).AllowPod(ag.KubeAPIServer()).Build(), - a.newSource(ag.KubeStateMetricsShoot()).AllowPod(ag.KubeAPIServer()).Build(), - a.newSource(ag.KubeStateMetricsSeed()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.MachineControllerManager()).AllowPod(ag.KubeAPIServer()).AllowHost(ag.SeedKubeAPIServer(), ag.External()).Build(), - a.newSource(ag.Prometheus()).AllowPod( - ag.CloudControllerManagerNotSecured(), - ag.CloudControllerManagerSecured(), - ag.EtcdEvents(), - ag.EtcdMain(), - ag.KubeAPIServer(), - ag.KubeControllerManagerNotSecured(), - ag.KubeControllerManagerSecured(), - ag.KubeSchedulerNotSecured(), - ag.KubeSchedulerSecured(), - ag.KubeStateMetricsSeed(), - ag.KubeStateMetricsShoot(), - ag.MachineControllerManager(), - ).AllowTargetPod(ag.ElasticSearch().FromPort("metrics")).AllowHost(ag.SeedKubeAPIServer(), ag.External(), ag.GardenPrometheus()).Build(), - } -} - -// EgressFromOtherNamespaces returns list of all azure-specific sources and targets. -func (a *azureNetworkPolicy) EgressFromOtherNamespaces(sourcePod *np.SourcePod) np.Rule { - return np.NewSource(sourcePod).DenyPod(a.Sources()...).AllowPod(a.Agnostic.KubeAPIServer()).Build() -} - -func (a *azureNetworkPolicy) newSource(sourcePod *np.SourcePod) *np.RuleBuilder { - return np.NewSource(sourcePod).DenyPod(a.Sources()...).DenyHost(a.metadata, a.Agnostic.External(), a.Agnostic.GardenPrometheus()) -} - -// Sources returns a list of SourcePods of Azure. -func (a *azureNetworkPolicy) Sources() []*np.SourcePod { - ag := a.Agnostic - return []*np.SourcePod{ - ag.AddonManager(), - ag.CloudControllerManagerNotSecured(), - ag.CloudControllerManagerSecured(), - ag.DependencyWatchdog(), - ag.ElasticSearch(), - ag.EtcdEvents(), - ag.EtcdMain(), - ag.Grafana(), - ag.Kibana(), - ag.KubeAPIServer(), - ag.KubeControllerManagerNotSecured(), - ag.KubeControllerManagerSecured(), - ag.KubeSchedulerNotSecured(), - ag.KubeSchedulerSecured(), - ag.KubeStateMetricsSeed(), - ag.KubeStateMetricsShoot(), - ag.MachineControllerManager(), - ag.Prometheus(), - } -} - -// Provider returns Azure cloud provider. -func (a *azureNetworkPolicy) Provider() string { - return "azure" -} diff --git a/controllers/provider-azure/test/e2e/netpol-gen/netpol-gen.go b/controllers/provider-azure/test/e2e/netpol-gen/netpol-gen.go deleted file mode 100644 index b2b0992c7..000000000 --- a/controllers/provider-azure/test/e2e/netpol-gen/netpol-gen.go +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package main - -import ( - "os" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/test/e2e/netpol-gen/app" - "github.com/gardener/gardener-extensions/test/e2e/framework/networkpolicies/generators" - - "k8s.io/gengo/args" - "k8s.io/klog" -) - -func main() { - klog.InitFlags(nil) - arguments := args.Default() - if err := arguments.Execute( - generators.NameSystems(), - generators.DefaultNameSystem(), - generators.NewPackages(app.NewCloudAware()), - ); err != nil { - klog.Errorf("Error: %v", err) - os.Exit(1) - } - klog.V(2).Info("Completed successfully.") -} diff --git a/controllers/provider-azure/test/e2e/networkpolicies/doc.go b/controllers/provider-azure/test/e2e/networkpolicies/doc.go deleted file mode 100644 index 541df1c59..000000000 --- a/controllers/provider-azure/test/e2e/networkpolicies/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by netpol-gen. DO NOT EDIT. - -// Package has auto-generated cloud-specific network policy tests. -package networkpolies diff --git a/controllers/provider-azure/test/e2e/networkpolicies/networkpolicies_suite_test.go b/controllers/provider-azure/test/e2e/networkpolicies/networkpolicies_suite_test.go deleted file mode 100644 index ea958df87..000000000 --- a/controllers/provider-azure/test/e2e/networkpolicies/networkpolicies_suite_test.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by netpol-gen. DO NOT EDIT. - -package networkpolies - -import ( - "testing" - - "github.com/onsi/ginkgo" - "github.com/onsi/gomega" -) - -func TestNetworkPolicies(t *testing.T) { - gomega.RegisterFailHandler(ginkgo.Fail) - ginkgo.RunSpecs(t, "Network Policies e2e Test Suite") -} diff --git a/controllers/provider-azure/test/e2e/networkpolicies/networkpolicy_test.go b/controllers/provider-azure/test/e2e/networkpolicies/networkpolicy_test.go deleted file mode 100644 index a370e7951..000000000 --- a/controllers/provider-azure/test/e2e/networkpolicies/networkpolicy_test.go +++ /dev/null @@ -1,1700 +0,0 @@ -/* -Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by netpol-gen. DO NOT EDIT. - -package networkpolies - -import ( - "context" - "encoding/json" - "flag" - "fmt" - "strings" - "sync" - "time" - - "github.com/gardener/gardener-extensions/test/e2e/framework/executor" - networkpolicies "github.com/gardener/gardener-extensions/test/e2e/framework/networkpolicies" - "github.com/gardener/gardener/pkg/apis/core/v1beta1" - "github.com/gardener/gardener/pkg/client/kubernetes" - "github.com/gardener/gardener/pkg/logger" - utilclient "github.com/gardener/gardener/pkg/utils/kubernetes/client" - gardenerframework "github.com/gardener/gardener/test/integration/framework" - shootsframework "github.com/gardener/gardener/test/integration/shoots" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -var ( - kubeconfig = flag.String("garden-kubeconfig", "", "the path to the kubeconfig of the garden cluster that will be used for integration tests") - shootName = flag.String("shootName", "", "the name of the shoot we want to test") - shootNamespace = flag.String("shootNamespace", "", "the namespace name that the shoot resides in") - logLevel = flag.String("verbose", "", "verbosity level, when set, logging level will be DEBUG") - cleanup = flag.Bool("cleanup", false, "deletes all created e2e resources after the test suite is done") -) - -const ( - InitializationTimeout = 10 * time.Minute - FinalizationTimeout = time.Minute - DefaultTestTimeout = 10 * time.Second -) - -func validateFlags() { - if !shootsframework.StringSet(*kubeconfig) { - Fail("you need to specify the correct path for the kubeconfig") - } - - if !shootsframework.FileExists(*kubeconfig) { - Fail("kubeconfig path does not exist") - } -} - -var _ = Describe("Network Policy Testing", func() { - - var ( - shootGardenerTest *gardenerframework.ShootGardenerTest - shootTestOperations *gardenerframework.GardenerTestOperation - shootAppTestLogger *logrus.Logger - sharedResources networkpolicies.SharedResources - - agnostic = &networkpolicies.Agnostic{} - DefaultCIt = func(text string, body func(ctx context.Context)) { - shootsframework.CIt(text, body, DefaultTestTimeout) - } - - setGlobals = func(ctx context.Context) { - - validateFlags() - shootAppTestLogger = logger.AddWriter(logger.NewLogger(*logLevel), GinkgoWriter) - - if shootsframework.StringSet(*shootName) { - var err error - shootGardenerTest, err = gardenerframework.NewShootGardenerTest(*kubeconfig, nil, shootAppTestLogger) - Expect(err).NotTo(HaveOccurred()) - - shoot := &v1beta1.Shoot{ObjectMeta: metav1.ObjectMeta{Namespace: *shootNamespace, Name: *shootName}} - shootTestOperations, err = gardenerframework.NewGardenTestOperationWithShoot(ctx, shootGardenerTest.GardenClient, shootAppTestLogger, shoot) - Expect(err).NotTo(HaveOccurred()) - } - } - - getTargetPod = func(ctx context.Context, targetPod *networkpolicies.NamespacedTargetPod) *corev1.Pod { - if !targetPod.Pod.CheckVersion(shootTestOperations.Shoot) { - Skip("Target pod doesn't match Shoot version constraints. Skipping.") - } - if !targetPod.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - By(fmt.Sprintf("Checking that target Pod: %s is running", targetPod.Pod.Name)) - err := shootTestOperations.WaitUntilPodIsRunningWithLabels(ctx, targetPod.Pod.Selector(), targetPod.Namespace, shootTestOperations.SeedClient) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - By(fmt.Sprintf("Get target pod: %s", targetPod.Pod.Name)) - trgPod, err := shootTestOperations.GetFirstRunningPodWithLabels(ctx, targetPod.Pod.Selector(), targetPod.Namespace, shootTestOperations.SeedClient) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - return trgPod - } - - establishConnectionToHost = func(ctx context.Context, nsp *networkpolicies.NamespacedSourcePod, host string, port int32) (stdout, stderr string, err error) { - if !nsp.Pod.CheckVersion(shootTestOperations.Shoot) { - Skip("Source pod doesn't match Shoot version constraints. Skipping.") - } - if !nsp.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - By(fmt.Sprintf("Checking for source Pod: %s is running", nsp.Pod.Name)) - ExpectWithOffset(1, shootTestOperations.WaitUntilPodIsRunningWithLabels(ctx, nsp.Pod.Selector(), nsp.Namespace, shootTestOperations.SeedClient)).NotTo(HaveOccurred()) - - command := []string{"nc", "-vznw", "3", host, fmt.Sprint(port)} - By(fmt.Sprintf("Executing connectivity command in %s/%s to %s", nsp.Namespace, nsp.Pod.Name, strings.Join(command, " "))) - - return executor.NewExecutor(shootTestOperations.SeedClient). - ExecCommandInContainerWithFullOutput(ctx, nsp.Namespace, nsp.Pod.Name, "busybox-0", command...) - } - - assertCannotConnectToHost = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, host string, port int32) { - _, stderr, err := establishConnectionToHost(ctx, sourcePod, host, port) - ExpectWithOffset(1, err).To(HaveOccurred()) - By("Connection message is timed out\n") - ExpectWithOffset(1, stderr).To(SatisfyAny(ContainSubstring("Connection timed out"), ContainSubstring("nc: bad address"))) - } - - assertConnectToHost = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetHost *networkpolicies.Host, allowed bool) { - _, stderr, err := establishConnectionToHost(ctx, sourcePod, targetHost.HostName, targetHost.Port) - if allowed { - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - } else { - ExpectWithOffset(1, err).To(HaveOccurred()) - ExpectWithOffset(1, stderr).To(SatisfyAny(BeEmpty(), ContainSubstring("Connection timed out"), ContainSubstring("nc: bad address")), "stderr has correct message") - } - } - - assertCannotConnectToPod = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetPod *networkpolicies.NamespacedTargetPod) { - pod := getTargetPod(ctx, targetPod) - assertCannotConnectToHost(ctx, sourcePod, pod.Status.PodIP, targetPod.Port.Port) - } - - assertConnectToPod = func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, targetPod *networkpolicies.NamespacedTargetPod, allowed bool) { - pod := getTargetPod(ctx, targetPod) - assertConnectToHost(ctx, sourcePod, &networkpolicies.Host{ - HostName: pod.Status.PodIP, - Port: targetPod.Port.Port, - }, allowed) - } - - // generated targets - CloudControllerManagerHttp = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "cloud-controller-manager-http", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "cloud-controller-manager"}, - ShootVersionConstraint: "< 1.13", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10253, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - CloudControllerManagerHttp10253 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "cloud-controller-manager-http", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "cloud-controller-manager"}, - ShootVersionConstraint: "< 1.13", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10253, - Name: ""}} - CloudControllerManagerHttps = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "cloud-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "cloud-controller-manager"}, - ShootVersionConstraint: ">= 1.13", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10258, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - CloudControllerManagerHttps10258 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "cloud-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "cloud-controller-manager"}, - ShootVersionConstraint: ">= 1.13", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10258, - Name: ""}} - DependencyWatchdog = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "dependency-watchdog", - Labels: labels.Set{ - "role": "dependency-watchdog"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port(nil), - ExpectedPolicies: sets.String{ - "allow-to-dns": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - DependencyWatchdog8080 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "dependency-watchdog", - Labels: labels.Set{ - "role": "dependency-watchdog"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 8080, - Name: "dummy"}} - ElasticsearchLogging = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "elasticsearch-logging", - Labels: labels.Set{ - "app": "elasticsearch-logging", - "garden.sapcloud.io/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 9200, - Name: "http"}, - networkpolicies.Port{ - Port: 9114, - Name: "metrics"}}, - ExpectedPolicies: sets.String{ - "allow-elasticsearch": sets.Empty{}, - "allow-from-prometheus": sets.Empty{}, - "deny-all": sets.Empty{}}} - ElasticsearchLogging9114 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "elasticsearch-logging", - Labels: labels.Set{ - "app": "elasticsearch-logging", - "garden.sapcloud.io/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 9114, - Name: "metrics"}} - ElasticsearchLogging9200 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "elasticsearch-logging", - Labels: labels.Set{ - "app": "elasticsearch-logging", - "garden.sapcloud.io/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 9200, - Name: "http"}} - EtcdEvents = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "etcd-events", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "events"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 2379, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-etcd": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - EtcdEvents2379 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "etcd-events", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "events"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 2379, - Name: ""}} - EtcdMain = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "etcd-main", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "main"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 2379, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-etcd": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - EtcdMain2379 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "etcd-main", - Labels: labels.Set{ - "app": "etcd-statefulset", - "garden.sapcloud.io/role": "controlplane", - "role": "main"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 2379, - Name: ""}} - ExternalhostPort53 = &networkpolicies.Host{ - Description: "External host", - HostName: "8.8.8.8", - Port: 53} - GardenPrometheusPort80 = &networkpolicies.Host{ - Description: "Garden Prometheus", - HostName: "prometheus-web.garden", - Port: 80} - GardenerResourceManager = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "gardener-resource-manager", - Labels: labels.Set{ - "app": "gardener-resource-manager", - "garden.sapcloud.io/role": "controlplane"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port(nil), - ExpectedPolicies: sets.String{ - "allow-to-dns": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - GardenerResourceManager8080 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "gardener-resource-manager", - Labels: labels.Set{ - "app": "gardener-resource-manager", - "garden.sapcloud.io/role": "controlplane"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 8080, - Name: "dummy"}} - Grafana = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "grafana", - Labels: labels.Set{ - "component": "grafana", - "garden.sapcloud.io/role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 3000, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-grafana": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "deny-all": sets.Empty{}}} - Grafana3000 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "grafana", - Labels: labels.Set{ - "component": "grafana", - "garden.sapcloud.io/role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 3000, - Name: ""}} - KibanaLogging = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kibana-logging", - Labels: labels.Set{ - "app": "kibana-logging", - "garden.sapcloud.io/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 5601, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-kibana": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-elasticsearch": sets.Empty{}, - "deny-all": sets.Empty{}}} - KibanaLogging5601 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kibana-logging", - Labels: labels.Set{ - "app": "kibana-logging", - "garden.sapcloud.io/role": "logging", - "role": "logging"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 5601, - Name: ""}} - KubeApiserver = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-apiserver", - Labels: labels.Set{ - "app": "kubernetes", - "role": "apiserver"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 443, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-kube-apiserver": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeApiserver443 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-apiserver", - Labels: labels.Set{ - "app": "kubernetes", - "role": "apiserver"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 443, - Name: ""}} - KubeControllerManagerHttp = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-controller-manager-http", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "controller-manager"}, - ShootVersionConstraint: "< 1.13", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10252, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-blocked-cidrs": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeControllerManagerHttp10252 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-controller-manager-http", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "controller-manager"}, - ShootVersionConstraint: "< 1.13", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10252, - Name: ""}} - KubeControllerManagerHttps = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "controller-manager"}, - ShootVersionConstraint: ">= 1.13", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10257, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-blocked-cidrs": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeControllerManagerHttps10257 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-controller-manager-https", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "controller-manager"}, - ShootVersionConstraint: ">= 1.13", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10257, - Name: ""}} - KubeSchedulerHttp = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-scheduler-http", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "scheduler"}, - ShootVersionConstraint: "< 1.13", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10251, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeSchedulerHttp10251 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-scheduler-http", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "scheduler"}, - ShootVersionConstraint: "< 1.13", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10251, - Name: ""}} - KubeSchedulerHttps = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-scheduler-https", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "scheduler"}, - ShootVersionConstraint: ">= 1.13", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10259, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeSchedulerHttps10259 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-scheduler-https", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "scheduler"}, - ShootVersionConstraint: ">= 1.13", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10259, - Name: ""}} - KubeStateMetricsSeed = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-state-metrics-seed", - Labels: labels.Set{ - "component": "kube-state-metrics", - "garden.sapcloud.io/role": "monitoring", - "type": "seed"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 8080, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeStateMetricsSeed8080 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-state-metrics-seed", - Labels: labels.Set{ - "component": "kube-state-metrics", - "garden.sapcloud.io/role": "monitoring", - "type": "seed"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 8080, - Name: ""}} - KubeStateMetricsShoot = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "kube-state-metrics-shoot", - Labels: labels.Set{ - "component": "kube-state-metrics", - "garden.sapcloud.io/role": "monitoring", - "type": "shoot"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 8080, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - KubeStateMetricsShoot8080 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "kube-state-metrics-shoot", - Labels: labels.Set{ - "component": "kube-state-metrics", - "garden.sapcloud.io/role": "monitoring", - "type": "shoot"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 8080, - Name: ""}} - MachineControllerManager = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "machine-controller-manager", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "machine-controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 10258, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-from-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-private-networks": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "deny-all": sets.Empty{}}} - MachineControllerManager10258 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "machine-controller-manager", - Labels: labels.Set{ - "app": "kubernetes", - "garden.sapcloud.io/role": "controlplane", - "role": "machine-controller-manager"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 10258, - Name: ""}} - MetadataservicePort80 = &networkpolicies.Host{ - Description: "Metadata service", - HostName: "169.254.169.254", - Port: 80} - Prometheus = &networkpolicies.SourcePod{ - Pod: networkpolicies.Pod{ - Name: "prometheus", - Labels: labels.Set{ - "app": "prometheus", - "garden.sapcloud.io/role": "monitoring", - "role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Ports: []networkpolicies.Port{ - networkpolicies.Port{ - Port: 9090, - Name: ""}}, - ExpectedPolicies: sets.String{ - "allow-prometheus": sets.Empty{}, - "allow-to-dns": sets.Empty{}, - "allow-to-public-networks": sets.Empty{}, - "allow-to-seed-apiserver": sets.Empty{}, - "allow-to-shoot-apiserver": sets.Empty{}, - "allow-to-shoot-networks": sets.Empty{}, - "deny-all": sets.Empty{}}} - Prometheus9090 = &networkpolicies.TargetPod{ - Pod: networkpolicies.Pod{ - Name: "prometheus", - Labels: labels.Set{ - "app": "prometheus", - "garden.sapcloud.io/role": "monitoring", - "role": "monitoring"}, - ShootVersionConstraint: "", - SeedClusterConstraints: sets.String(nil)}, - Port: networkpolicies.Port{ - Port: 9090, - Name: ""}} - SeedKubeAPIServerPort443 = &networkpolicies.Host{ - Description: "Seed Kube APIServer", - HostName: "kubernetes.default", - Port: 443} - ) - - SynchronizedBeforeSuite(func() []byte { - ctx, cancel := context.WithTimeout(context.TODO(), InitializationTimeout) - defer cancel() - - setGlobals(ctx) - var err error - - By("Getting Seed Cloud Provider") - sharedResources.SeedCloudProvider = shootTestOperations.Seed.Spec.Provider.Type - - By("Creating namespace for Ingress testing") - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "gardener-e2e-network-policies-", - Labels: map[string]string{ - "gardener-e2e-test": "networkpolicies", - }, - }, - } - err = shootTestOperations.SeedClient.Client().Create(ctx, ns) - Expect(err).NotTo(HaveOccurred()) - - sharedResources.External = ns.GetName() - - By("Creating mirror namespace for pod2pod network testing") - mirrorNamespace := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "gardener-e2e-mirror-network-policies-", - Labels: map[string]string{ - "gardener-e2e-test": "networkpolicies", - }, - }, - } - err = shootTestOperations.SeedClient.Client().Create(ctx, mirrorNamespace) - Expect(err).NotTo(HaveOccurred()) - - sharedResources.Mirror = mirrorNamespace.GetName() - - By(fmt.Sprintf("Getting all network policies in namespace %q", shootTestOperations.ShootSeedNamespace())) - list := &networkingv1.NetworkPolicyList{} - err = shootTestOperations.SeedClient.Client().List(ctx, list, client.InNamespace(shootTestOperations.ShootSeedNamespace())) - Expect(err).ToNot(HaveOccurred()) - - sharedResources.Policies = list.Items - - for _, netPol := range sharedResources.Policies { - cpy := &networkingv1.NetworkPolicy{} - cpy.Name = netPol.Name - cpy.Namespace = sharedResources.Mirror - cpy.Spec = *netPol.Spec.DeepCopy() - By(fmt.Sprintf("Copying network policy %s in namespace %q", netPol.Name, sharedResources.Mirror)) - err = shootTestOperations.SeedClient.Client().Create(ctx, cpy) - Expect(err).NotTo(HaveOccurred()) - } - - By("Getting the current CloudProvider") - currentProvider := shootTestOperations.Shoot.Spec.Provider.Type - - getFirstNodeInternalIP := func(ctx context.Context, cl kubernetes.Interface) (string, error) { - nodes := &corev1.NodeList{} - err := cl.Client().List(ctx, nodes, utilclient.Limit(1)) - if err != nil { - return "", err - } - - if len(nodes.Items) > 0 { - firstNode := nodes.Items[0] - for _, address := range firstNode.Status.Addresses { - if address.Type == corev1.NodeInternalIP { - return address.Address, nil - } - } - } - - return "", gardenerframework.ErrNoInternalIPsForNodeWasFound - } - - By("Getting fist running node") - sharedResources.SeedNodeIP, err = getFirstNodeInternalIP(ctx, shootTestOperations.SeedClient) - Expect(err).NotTo(HaveOccurred()) - - if currentProvider != "azure" { - Fail(fmt.Sprintf("Not supported cloud provider %s", currentProvider)) - } - - createBusyBox := func(ctx context.Context, sourcePod *networkpolicies.NamespacedSourcePod, ports ...corev1.ContainerPort) { - if len(ports) == 0 { - Fail(fmt.Sprintf("No ports found for SourcePod %+v", *sourcePod.SourcePod)) - } - containers := []corev1.Container{} - for i, port := range ports { - containers = append(containers, corev1.Container{ - Args: []string{"nc", "-lk", "-p", fmt.Sprint(port.ContainerPort), "-e", "/bin/echo", "-s", "0.0.0.0"}, - Image: "busybox", - Name: fmt.Sprintf("busybox-%d", i), - Ports: ports, - }) - } - pod := &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: sourcePod.Pod.Name, - Namespace: sourcePod.Namespace, - Labels: sourcePod.Pod.Labels, - }, - Spec: corev1.PodSpec{ - Containers: containers, - }, - } - - By(fmt.Sprintf("Creating Pod %s/%s", sourcePod.Namespace, sourcePod.Name)) - err := shootTestOperations.SeedClient.Client().Create(ctx, pod) - Expect(err).NotTo(HaveOccurred()) - - By(fmt.Sprintf("Waiting foo Pod %s/%s to be running", sourcePod.Namespace, sourcePod.Name)) - err = shootTestOperations.WaitUntilPodIsRunning(ctx, pod.GetName(), sourcePod.Namespace, shootTestOperations.SeedClient) - if err != nil { - Fail(fmt.Sprintf("Couldn't find running busybox %s/%s", sourcePod.Namespace, pod.GetName())) - } - } - - sources := []*networkpolicies.SourcePod{ - GardenerResourceManager, - CloudControllerManagerHttp, - CloudControllerManagerHttps, - DependencyWatchdog, - ElasticsearchLogging, - EtcdEvents, - EtcdMain, - Grafana, - KibanaLogging, - KubeApiserver, - KubeControllerManagerHttp, - KubeControllerManagerHttps, - KubeSchedulerHttp, - KubeSchedulerHttps, - KubeStateMetricsSeed, - KubeStateMetricsShoot, - MachineControllerManager, - Prometheus, - } - - var wg sync.WaitGroup - // one extra for the busybox Pod bellow. - wg.Add(len(sources) + 1) - - for _, s := range sources { - go func(pi *networkpolicies.SourcePod) { - defer GinkgoRecover() - defer wg.Done() - if !pi.Pod.CheckVersion(shootTestOperations.Shoot) || !pi.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - return - } - pod, err := shootTestOperations.GetFirstRunningPodWithLabels(ctx, pi.Pod.Selector(), shootTestOperations.ShootSeedNamespace(), shootTestOperations.SeedClient) - if err != nil { - Fail(fmt.Sprintf("Couldn't find running Pod %s/%s with labels: %+v", shootTestOperations.ShootSeedNamespace(), pi.Pod.Name, pi.Pod.Labels)) - } - cpy := *pi - - targetLabels := make(map[string]string) - - for k, v := range pod.Labels { - targetLabels[k] = v - } - - cpy.Pod.Labels = targetLabels - By(fmt.Sprintf("Mirroring Pod %s to namespace %s", cpy.Pod.Labels.String(), sharedResources.Mirror)) - - expectedPorts := sets.Int64{} - actualPorts := sets.Int64{} - for _, p := range pi.Ports { - expectedPorts.Insert(int64(p.Port)) - } - containerPorts := []corev1.ContainerPort{} - for _, container := range pod.Spec.Containers { - if len(container.Ports) > 0 { - for _, p := range container.Ports { - actualPorts.Insert(int64(p.ContainerPort)) - } - containerPorts = append(containerPorts, container.Ports...) - } - } - - if !actualPorts.HasAll(expectedPorts.List()...) { - Fail(fmt.Sprintf("Pod %s doesn't have all ports. Expected %+v, actual %+v", pi.Pod.Name, expectedPorts.List(), actualPorts.List())) - } - if len(containerPorts) == 0 { - // Dummy port for containers which don't have any ports. - containerPorts = append(containerPorts, corev1.ContainerPort{ContainerPort: 8080}) - } - createBusyBox(ctx, networkpolicies.NewNamespacedSourcePod(&cpy, sharedResources.Mirror), containerPorts...) - }(s) - } - go func() { - defer GinkgoRecover() - defer wg.Done() - createBusyBox(ctx, networkpolicies.NewNamespacedSourcePod(agnostic.Busybox(), ns.GetName()), corev1.ContainerPort{ContainerPort: 8080}) - }() - - wg.Wait() - - b, err := json.Marshal(sharedResources) - Expect(err).NotTo(HaveOccurred()) - - return b - }, func(data []byte) { - ctx, cancel := context.WithTimeout(context.TODO(), InitializationTimeout) - defer cancel() - - sr := &networkpolicies.SharedResources{} - err := json.Unmarshal(data, sr) - Expect(err).NotTo(HaveOccurred()) - - setGlobals(ctx) - - sharedResources = *sr - }) - - SynchronizedAfterSuite(func() { - if !*cleanup { - return - } - - ctx, cancel := context.WithTimeout(context.TODO(), FinalizationTimeout) - defer cancel() - - setGlobals(ctx) - - namespaces := &corev1.NamespaceList{} - selector := labels.SelectorFromSet(labels.Set{ - "gardener-e2e-test": "networkpolicies", - }) - err := shootTestOperations.SeedClient.Client().List(ctx, namespaces, client.MatchingLabelsSelector{Selector: selector}) - Expect(err).NotTo(HaveOccurred()) - - for _, ns := range namespaces.Items { - err = shootTestOperations.SeedClient.Client().Delete(ctx, &ns) - if err != nil && !errors.IsConflict(err) { - Expect(err).NotTo(HaveOccurred()) - } - } - }, func() {}) - - Context("Deprecated old policies are removed", func() { - - const ( - deprecatedKubeAPIServerPolicy = "kube-apiserver-default" - deprecatedMetadataAppPolicy = "cloud-metadata-service-deny-blacklist-app" - deprecatedMetadataRolePolicy = "cloud-metadata-service-deny-blacklist-role" - deprecatedKibanaLogging = "kibana-logging" - ) - - var ( - assertPolicyIsGone = func(policyName string) func(ctx context.Context) { - return func(ctx context.Context) { - By(fmt.Sprintf("Getting network policy %q in namespace %q", policyName, shootTestOperations.ShootSeedNamespace())) - getErr := shootTestOperations.SeedClient.Client().Get(ctx, types.NamespacedName{Name: policyName, Namespace: shootTestOperations.ShootSeedNamespace()}, &networkingv1.NetworkPolicy{}) - Expect(getErr).To(HaveOccurred()) - By("error is NotFound") - Expect(errors.IsNotFound(getErr)).To(BeTrue()) - } - } - ) - - DefaultCIt(deprecatedKubeAPIServerPolicy, assertPolicyIsGone(deprecatedKubeAPIServerPolicy)) - DefaultCIt(deprecatedMetadataAppPolicy, assertPolicyIsGone(deprecatedMetadataAppPolicy)) - DefaultCIt(deprecatedMetadataRolePolicy, assertPolicyIsGone(deprecatedMetadataRolePolicy)) - DefaultCIt(deprecatedMetadataRolePolicy, assertPolicyIsGone(deprecatedKibanaLogging)) - }) - - Context("components are selected by correct policies", func() { - var ( - assertHasNetworkPolicy = func(sourcePod *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - if !sourcePod.Pod.CheckVersion(shootTestOperations.Shoot) { - Skip("Component doesn't match Shoot version constraints. Skipping.") - } - if !sourcePod.Pod.CheckSeedCluster(sharedResources.SeedCloudProvider) { - Skip("Component doesn't match Seed Provider constraints. Skipping.") - } - - matched := sets.NewString() - var podLabelSet labels.Set - - By(fmt.Sprintf("Getting first running pod with selectors %q in namespace %q", sourcePod.Pod.Labels, shootTestOperations.ShootSeedNamespace())) - pod, err := shootTestOperations.GetFirstRunningPodWithLabels(ctx, sourcePod.Pod.Selector(), shootTestOperations.ShootSeedNamespace(), shootTestOperations.SeedClient) - podLabelSet = pod.GetLabels() - Expect(err).NotTo(HaveOccurred()) - - for _, netPol := range sharedResources.Policies { - netPolSelector, err := metav1.LabelSelectorAsSelector(&netPol.Spec.PodSelector) - Expect(err).NotTo(HaveOccurred()) - - if netPolSelector.Matches(podLabelSet) { - matched.Insert(netPol.GetName()) - } - } - By(fmt.Sprintf("Matching actual network policies against expected %s", sourcePod.ExpectedPolicies.List())) - Expect(matched.List()).Should(ConsistOf(sourcePod.ExpectedPolicies.List())) - } - } - ) - DefaultCIt(`kube-apiserver`, assertHasNetworkPolicy(KubeApiserver)) - DefaultCIt(`etcd-main`, assertHasNetworkPolicy(EtcdMain)) - DefaultCIt(`etcd-events`, assertHasNetworkPolicy(EtcdEvents)) - DefaultCIt(`cloud-controller-manager-http`, assertHasNetworkPolicy(CloudControllerManagerHttp)) - DefaultCIt(`cloud-controller-manager-https`, assertHasNetworkPolicy(CloudControllerManagerHttps)) - DefaultCIt(`dependency-watchdog`, assertHasNetworkPolicy(DependencyWatchdog)) - DefaultCIt(`elasticsearch-logging`, assertHasNetworkPolicy(ElasticsearchLogging)) - DefaultCIt(`grafana`, assertHasNetworkPolicy(Grafana)) - DefaultCIt(`kibana-logging`, assertHasNetworkPolicy(KibanaLogging)) - DefaultCIt(`gardener-resource-manager`, assertHasNetworkPolicy(GardenerResourceManager)) - DefaultCIt(`kube-controller-manager-http`, assertHasNetworkPolicy(KubeControllerManagerHttp)) - DefaultCIt(`kube-controller-manager-https`, assertHasNetworkPolicy(KubeControllerManagerHttps)) - DefaultCIt(`kube-scheduler-http`, assertHasNetworkPolicy(KubeSchedulerHttp)) - DefaultCIt(`kube-scheduler-https`, assertHasNetworkPolicy(KubeSchedulerHttps)) - DefaultCIt(`kube-state-metrics-shoot`, assertHasNetworkPolicy(KubeStateMetricsShoot)) - DefaultCIt(`kube-state-metrics-seed`, assertHasNetworkPolicy(KubeStateMetricsSeed)) - DefaultCIt(`machine-controller-manager`, assertHasNetworkPolicy(MachineControllerManager)) - DefaultCIt(`prometheus`, assertHasNetworkPolicy(Prometheus)) - }) - - Context("ingress from other namespaces", func() { - - var ( - assertBlockIngress = func(to *networkpolicies.TargetPod, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToPod(ctx, networkpolicies.NewNamespacedSourcePod(agnostic.Busybox(), sharedResources.External), networkpolicies.NewNamespacedTargetPod(to, shootTestOperations.ShootSeedNamespace()), allowed) - } - } - ) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertBlockIngress(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertBlockIngress(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertBlockIngress(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertBlockIngress(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertBlockIngress(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertBlockIngress(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertBlockIngress(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertBlockIngress(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertBlockIngress(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertBlockIngress(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertBlockIngress(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertBlockIngress(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertBlockIngress(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertBlockIngress(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertBlockIngress(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertBlockIngress(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertBlockIngress(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertBlockIngress(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertBlockIngress(Prometheus9090, false)) - }) - - Context("egress to other namespaces", func() { - - var ( - assertBlockEgresss = func(from *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - assertCannotConnectToPod(ctx, networkpolicies.NewNamespacedSourcePod(from, sharedResources.Mirror), networkpolicies.NewNamespacedTargetPod(agnostic.Busybox().DummyPort(), sharedResources.External)) - } - } - ) - - DefaultCIt(`should block connectivity from kube-apiserver to busybox`, assertBlockEgresss(KubeApiserver)) - DefaultCIt(`should block connectivity from etcd-main to busybox`, assertBlockEgresss(EtcdMain)) - DefaultCIt(`should block connectivity from etcd-events to busybox`, assertBlockEgresss(EtcdEvents)) - DefaultCIt(`should block connectivity from cloud-controller-manager-http to busybox`, assertBlockEgresss(CloudControllerManagerHttp)) - DefaultCIt(`should block connectivity from cloud-controller-manager-https to busybox`, assertBlockEgresss(CloudControllerManagerHttps)) - DefaultCIt(`should block connectivity from dependency-watchdog to busybox`, assertBlockEgresss(DependencyWatchdog)) - DefaultCIt(`should block connectivity from elasticsearch-logging to busybox`, assertBlockEgresss(ElasticsearchLogging)) - DefaultCIt(`should block connectivity from grafana to busybox`, assertBlockEgresss(Grafana)) - DefaultCIt(`should block connectivity from kibana-logging to busybox`, assertBlockEgresss(KibanaLogging)) - DefaultCIt(`should block connectivity from gardener-resource-manager to busybox`, assertBlockEgresss(GardenerResourceManager)) - DefaultCIt(`should block connectivity from kube-controller-manager-http to busybox`, assertBlockEgresss(KubeControllerManagerHttp)) - DefaultCIt(`should block connectivity from kube-controller-manager-https to busybox`, assertBlockEgresss(KubeControllerManagerHttps)) - DefaultCIt(`should block connectivity from kube-scheduler-http to busybox`, assertBlockEgresss(KubeSchedulerHttp)) - DefaultCIt(`should block connectivity from kube-scheduler-https to busybox`, assertBlockEgresss(KubeSchedulerHttps)) - DefaultCIt(`should block connectivity from kube-state-metrics-shoot to busybox`, assertBlockEgresss(KubeStateMetricsShoot)) - DefaultCIt(`should block connectivity from kube-state-metrics-seed to busybox`, assertBlockEgresss(KubeStateMetricsSeed)) - DefaultCIt(`should block connectivity from machine-controller-manager to busybox`, assertBlockEgresss(MachineControllerManager)) - DefaultCIt(`should block connectivity from prometheus to busybox`, assertBlockEgresss(Prometheus)) - }) - - Context("egress to Seed nodes", func() { - - var ( - assertBlockToSeedNodes = func(from *networkpolicies.SourcePod) func(context.Context) { - return func(ctx context.Context) { - assertCannotConnectToHost(ctx, networkpolicies.NewNamespacedSourcePod(from, sharedResources.Mirror), sharedResources.SeedNodeIP, 10250) - } - } - ) - - DefaultCIt(`should block connectivity from kube-apiserver`, assertBlockToSeedNodes(KubeApiserver)) - DefaultCIt(`should block connectivity from etcd-main`, assertBlockToSeedNodes(EtcdMain)) - DefaultCIt(`should block connectivity from etcd-events`, assertBlockToSeedNodes(EtcdEvents)) - DefaultCIt(`should block connectivity from cloud-controller-manager-http`, assertBlockToSeedNodes(CloudControllerManagerHttp)) - DefaultCIt(`should block connectivity from cloud-controller-manager-https`, assertBlockToSeedNodes(CloudControllerManagerHttps)) - DefaultCIt(`should block connectivity from dependency-watchdog`, assertBlockToSeedNodes(DependencyWatchdog)) - DefaultCIt(`should block connectivity from elasticsearch-logging`, assertBlockToSeedNodes(ElasticsearchLogging)) - DefaultCIt(`should block connectivity from grafana`, assertBlockToSeedNodes(Grafana)) - DefaultCIt(`should block connectivity from kibana-logging`, assertBlockToSeedNodes(KibanaLogging)) - DefaultCIt(`should block connectivity from gardener-resource-manager`, assertBlockToSeedNodes(GardenerResourceManager)) - DefaultCIt(`should block connectivity from kube-controller-manager-http`, assertBlockToSeedNodes(KubeControllerManagerHttp)) - DefaultCIt(`should block connectivity from kube-controller-manager-https`, assertBlockToSeedNodes(KubeControllerManagerHttps)) - DefaultCIt(`should block connectivity from kube-scheduler-http`, assertBlockToSeedNodes(KubeSchedulerHttp)) - DefaultCIt(`should block connectivity from kube-scheduler-https`, assertBlockToSeedNodes(KubeSchedulerHttps)) - DefaultCIt(`should block connectivity from kube-state-metrics-shoot`, assertBlockToSeedNodes(KubeStateMetricsShoot)) - DefaultCIt(`should block connectivity from kube-state-metrics-seed`, assertBlockToSeedNodes(KubeStateMetricsSeed)) - DefaultCIt(`should block connectivity from machine-controller-manager`, assertBlockToSeedNodes(MachineControllerManager)) - DefaultCIt(`should block connectivity from prometheus`, assertBlockToSeedNodes(Prometheus)) - }) - - Context("egress for mirrored pods", func() { - - var ( - from *networkpolicies.NamespacedSourcePod - - assertEgresssToMirroredPod = func(to *networkpolicies.TargetPod, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToPod(ctx, from, networkpolicies.NewNamespacedTargetPod(to, sharedResources.Mirror), allowed) - } - } - - assertEgresssToHost = func(to *networkpolicies.Host, allowed bool) func(context.Context) { - return func(ctx context.Context) { - assertConnectToHost(ctx, from, to, allowed) - } - } - ) - - Context("kube-apiserver", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeApiserver, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should allow connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, true)) - DefaultCIt(`should allow connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, true)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("etcd-main", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(EtcdMain, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("etcd-events", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(EtcdEvents, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("cloud-controller-manager-http", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(CloudControllerManagerHttp, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("cloud-controller-manager-https", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(CloudControllerManagerHttps, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("dependency-watchdog", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(DependencyWatchdog, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("elasticsearch-logging", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(ElasticsearchLogging, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("grafana", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(Grafana, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should allow connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, true)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kibana-logging", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KibanaLogging, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should allow connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, true)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("gardener-resource-manager", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(GardenerResourceManager, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("kube-controller-manager-http", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeControllerManagerHttp, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should allow connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, true)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-controller-manager-https", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeControllerManagerHttps, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should allow connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, true)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-scheduler-http", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeSchedulerHttp, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-scheduler-https", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeSchedulerHttps, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-state-metrics-shoot", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeStateMetricsShoot, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should block connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, false)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - }) - - Context("kube-state-metrics-seed", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(KubeStateMetricsSeed, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should block connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("machine-controller-manager", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(MachineControllerManager, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, false)) - DefaultCIt(`should block connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, false)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, false)) - DefaultCIt(`should block connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, false)) - DefaultCIt(`should block connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, false)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, false)) - DefaultCIt(`should block connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, false)) - DefaultCIt(`should block connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, false)) - DefaultCIt(`should block connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, false)) - DefaultCIt(`should block connection to Pod "prometheus" at port 9090`, assertEgresssToMirroredPod(Prometheus9090, false)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should block connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, false)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - - Context("prometheus", func() { - - BeforeEach(func() { - from = networkpolicies.NewNamespacedSourcePod(Prometheus, sharedResources.Mirror) - }) - - DefaultCIt(`should block connection to Pod "gardener-resource-manager" at port 8080`, assertEgresssToMirroredPod(GardenerResourceManager8080, false)) - DefaultCIt(`should allow connection to Pod "cloud-controller-manager-http" at port 10253`, assertEgresssToMirroredPod(CloudControllerManagerHttp10253, true)) - DefaultCIt(`should allow connection to Pod "cloud-controller-manager-https" at port 10258`, assertEgresssToMirroredPod(CloudControllerManagerHttps10258, true)) - DefaultCIt(`should block connection to Pod "dependency-watchdog" at port 8080`, assertEgresssToMirroredPod(DependencyWatchdog8080, false)) - DefaultCIt(`should block connection to Pod "elasticsearch-logging" at port 9200`, assertEgresssToMirroredPod(ElasticsearchLogging9200, false)) - DefaultCIt(`should allow connection to Pod "elasticsearch-logging" at port 9114`, assertEgresssToMirroredPod(ElasticsearchLogging9114, true)) - DefaultCIt(`should allow connection to Pod "etcd-events" at port 2379`, assertEgresssToMirroredPod(EtcdEvents2379, true)) - DefaultCIt(`should allow connection to Pod "etcd-main" at port 2379`, assertEgresssToMirroredPod(EtcdMain2379, true)) - DefaultCIt(`should block connection to Pod "grafana" at port 3000`, assertEgresssToMirroredPod(Grafana3000, false)) - DefaultCIt(`should block connection to Pod "kibana-logging" at port 5601`, assertEgresssToMirroredPod(KibanaLogging5601, false)) - DefaultCIt(`should allow connection to Pod "kube-apiserver" at port 443`, assertEgresssToMirroredPod(KubeApiserver443, true)) - DefaultCIt(`should allow connection to Pod "kube-controller-manager-http" at port 10252`, assertEgresssToMirroredPod(KubeControllerManagerHttp10252, true)) - DefaultCIt(`should allow connection to Pod "kube-controller-manager-https" at port 10257`, assertEgresssToMirroredPod(KubeControllerManagerHttps10257, true)) - DefaultCIt(`should allow connection to Pod "kube-scheduler-http" at port 10251`, assertEgresssToMirroredPod(KubeSchedulerHttp10251, true)) - DefaultCIt(`should allow connection to Pod "kube-scheduler-https" at port 10259`, assertEgresssToMirroredPod(KubeSchedulerHttps10259, true)) - DefaultCIt(`should allow connection to Pod "kube-state-metrics-seed" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsSeed8080, true)) - DefaultCIt(`should allow connection to Pod "kube-state-metrics-shoot" at port 8080`, assertEgresssToMirroredPod(KubeStateMetricsShoot8080, true)) - DefaultCIt(`should allow connection to Pod "machine-controller-manager" at port 10258`, assertEgresssToMirroredPod(MachineControllerManager10258, true)) - DefaultCIt(`should block connection to "Metadata service" 169.254.169.254:80`, assertEgresssToHost(MetadataservicePort80, false)) - DefaultCIt(`should allow connection to "External host" 8.8.8.8:53`, assertEgresssToHost(ExternalhostPort53, true)) - DefaultCIt(`should allow connection to "Garden Prometheus" prometheus-web.garden:80`, assertEgresssToHost(GardenPrometheusPort80, true)) - DefaultCIt(`should allow connection to "Seed Kube APIServer" kubernetes.default:443`, assertEgresssToHost(SeedKubeAPIServerPort443, true)) - }) - }) -}) diff --git a/controllers/provider-azure/test/integration/healthcheck/test.go b/controllers/provider-azure/test/integration/healthcheck/test.go deleted file mode 100644 index 099f79f03..000000000 --- a/controllers/provider-azure/test/integration/healthcheck/test.go +++ /dev/null @@ -1,119 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -/** - Overview - - Tests the health checks of the extension: provider-azure. - - Manipulates health check relevant resources and expects the extension-provider to properly report the results as conditions in the respective CRD (ControlPlane(Type Normal) & Worker CRD). - - Prerequisites - - A Shoot exists. - - Test-cases: - 1) ControlPlane - 1.1) HealthCondition Type: Shoot ControlPlaneHealthy - - delete the deployment 'cloud-controller-manager' and verify health check conditions in the ControlPlane status. - 1.2) HealthCondition Type: Shoot SystemComponentsHealthy - - update the ManagedResource 'extension-controlplane-shoot' with an unhealthy condition and verify health check conditions in the ControlPlane status. - 2) Worker - 2.1) HealthCondition Type: Shoot ControlPlaneHealthy - - delete the deployment 'machine-controller-manager' and verify health check conditions in the Worker status. - 2.2) HealthCondition Type: Shoot SystemComponentsHealthy - - update the ManagedResource 'extension-worker-mcm-shoot' with an unhealthy condition and verify health check conditions in the Worker status. - 2.3) HealthCondition Type: Shoot EveryNodeReady - - delete a machine of the shoot cluster and verify the health check conditions in the Worker status report a missing node. - **/ - -package healthcheck - -import ( - "context" - "fmt" - "time" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/azure" - genericcontrolplaneactuator "github.com/gardener/gardener-extensions/pkg/controller/controlplane/genericactuator" - genericworkeractuator "github.com/gardener/gardener-extensions/pkg/controller/worker/genericactuator" - healthcheckoperation "github.com/gardener/gardener-extensions/test/integration/healthcheck" - "github.com/gardener/gardener/pkg/client/kubernetes" - "k8s.io/apimachinery/pkg/runtime" - - gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" - "github.com/gardener/gardener/test/framework" - machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1" - "github.com/onsi/ginkgo" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -const ( - timeout = 10 * time.Minute - nodeRecreationTimeout = 20 * time.Minute - setupContextTimeout = 2 * time.Minute -) - -var _ = ginkgo.Describe("Provider-azure integration test: health checks", func() { - f := createShootFramework() - - ginkgo.Context("ControlPlane", func() { - - ginkgo.Context("Condition type: ShootControlPlaneHealthy", func() { - f.Serial().Release().CIt(fmt.Sprintf("ControlPlane CRD should contain unhealthy condition because the deployment '%s' cannot be found in the shoot namespace in the seed", azure.CloudControllerManagerName), func(ctx context.Context) { - err := healthcheckoperation.ControlPlaneHealthCheckDeleteSeedDeployment(ctx, f, f.Shoot.GetName(), azure.CloudControllerManagerName, gardencorev1beta1.ShootControlPlaneHealthy) - framework.ExpectNoError(err) - }, timeout) - }) - - ginkgo.Context("Condition type: ShootSystemComponentsHealthy", func() { - f.Serial().Release().CIt(fmt.Sprintf("ControlPlane CRD should contain unhealthy condition due to ManagedResource ('%s') unhealthy", genericcontrolplaneactuator.ControlPlaneShootChartResourceName), func(ctx context.Context) { - err := healthcheckoperation.ControlPlaneHealthCheckWithManagedResource(ctx, setupContextTimeout, f, genericcontrolplaneactuator.ControlPlaneShootChartResourceName, gardencorev1beta1.ShootSystemComponentsHealthy) - framework.ExpectNoError(err) - }, timeout) - }) - }) - - ginkgo.Context("Worker", func() { - - ginkgo.Context("Condition type: ShootControlPlaneHealthy", func() { - f.Serial().Release().CIt(fmt.Sprintf("Worker CRD should contain unhealthy condition because the deployment '%s' cannot be found in the shoot namespace in the seed", azure.MachineControllerManagerName), func(ctx context.Context) { - err := healthcheckoperation.WorkerHealthCheckDeleteSeedDeployment(ctx, f, f.Shoot.GetName(), azure.MachineControllerManagerName, gardencorev1beta1.ShootControlPlaneHealthy) - framework.ExpectNoError(err) - }, timeout) - }) - - ginkgo.Context("Condition type: ShootSystemComponentsHealthy", func() { - f.Serial().Release().CIt(fmt.Sprintf("Worker CRD should contain unhealthy condition due to ManagedResource ('%s') unhealthy", genericworkeractuator.McmShootResourceName), func(ctx context.Context) { - err := healthcheckoperation.WorkerHealthCheckWithManagedResource(ctx, setupContextTimeout, f, genericworkeractuator.McmShootResourceName, gardencorev1beta1.ShootSystemComponentsHealthy) - framework.ExpectNoError(err) - }, timeout) - }) - - ginkgo.Context("Condition type: ShootEveryNodeReady", func() { - f.Serial().Release().CIt("Worker CRD should contain unhealthy condition because not enough machines are available", func(ctx context.Context) { - err := healthcheckoperation.MachineDeletionHealthCheck(ctx, f) - framework.ExpectNoError(err) - }, nodeRecreationTimeout) - }) - }) -}) - -func createShootFramework() *framework.ShootFramework { - extensionSeedScheme := kubernetes.SeedScheme - seedSchemeBuilder := runtime.NewSchemeBuilder( - machinev1alpha1.AddToScheme, - ) - utilruntime.Must(seedSchemeBuilder.AddToScheme(extensionSeedScheme)) - return framework.NewShootFramework(&framework.ShootConfig{ - SeedScheme: nil, - }) -} diff --git a/controllers/provider-azure/test/integration/suites/run_suite_test.go b/controllers/provider-azure/test/integration/suites/run_suite_test.go deleted file mode 100644 index 28ef5432c..000000000 --- a/controllers/provider-azure/test/integration/suites/run_suite_test.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2019 Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package shoot_suite_test - -import ( - "flag" - "fmt" - "os" - "testing" - - _ "github.com/gardener/gardener-extensions/controllers/provider-azure/test/integration/healthcheck" - - "github.com/gardener/gardener/test/framework" - "github.com/gardener/gardener/test/framework/config" - "github.com/gardener/gardener/test/framework/reporter" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var ( - configFilePath = flag.String("config", "", "Specify the configuration file") - esIndex = flag.String("es-index", "gardener-testsuite", "Specify the elastic search index where the report should be ingested") - reportFilePath = flag.String("report-file", "/tmp/shoot_res.json", "Specify the file to write the test results") -) - -func TestMain(m *testing.M) { - framework.RegisterShootFrameworkFlags(nil) - flag.Parse() - - if err := config.ParseConfigForFlags(*configFilePath, flag.CommandLine); err != nil { - fmt.Fprintln(os.Stderr, err) - os.Exit(1) - } - - RegisterFailHandler(Fail) - - AfterSuite(func() { - framework.CommonAfterSuite() - }) - - os.Exit(m.Run()) -} - -func TestGardenerSuite(t *testing.T) { - RunSpecsWithDefaultAndCustomReporters(t, "Provider-azure Test Suite", []Reporter{reporter.NewGardenerESReporter(*reportFilePath, *esIndex)}) -} diff --git a/controllers/provider-azure/test/tm/generator.go b/controllers/provider-azure/test/tm/generator.go deleted file mode 100644 index 917965892..000000000 --- a/controllers/provider-azure/test/tm/generator.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// package contains the generators for provider specific shoot configuration -package main - -import ( - "flag" - "os" - "reflect" - - "github.com/gardener/gardener-extensions/controllers/provider-azure/pkg/apis/azure/v1alpha1" - "github.com/gardener/gardener-extensions/test/tm/generator" - - "github.com/pkg/errors" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - log "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" -) - -var ( - infrastructureProviderConfigPath = flag.String("infrastructure-provider-config-filepath", "", "filepath to the provider specific infrastructure config") - controlplaneProviderConfigPath = flag.String("controlplane-provider-config-filepath", "", "filepath to the provider specific controlplane config") - - networkVnetCidr = flag.String("network-vnet-cidr", "10.250.0.0/16", "vnet network cidr") - networkWorkerCidr = flag.String("network-worker-cidr", "10.250.0.0/19", "worker network cidr") - - zoned = flag.Bool("zoned", false, "shoot uses multiple zones") -) - -func main() { - log.SetLogger(zap.Logger(false)) - logger := log.Log.WithName("azure-generator") - flag.Parse() - if err := validate(); err != nil { - logger.Error(err, "error validating input flags") - os.Exit(1) - } - - infra := v1alpha1.InfrastructureConfig{ - TypeMeta: v1.TypeMeta{ - APIVersion: v1alpha1.SchemeGroupVersion.String(), - Kind: reflect.TypeOf(v1alpha1.InfrastructureConfig{}).Name(), - }, - Networks: v1alpha1.NetworkConfig{ - VNet: v1alpha1.VNet{ - CIDR: networkVnetCidr, - }, - Workers: *networkWorkerCidr, - }, - Zoned: *zoned, - } - - cp := v1alpha1.ControlPlaneConfig{ - TypeMeta: v1.TypeMeta{ - APIVersion: v1alpha1.SchemeGroupVersion.String(), - Kind: reflect.TypeOf(v1alpha1.ControlPlaneConfig{}).Name(), - }, - } - - if err := generator.MarshalAndWriteConfig(*infrastructureProviderConfigPath, infra); err != nil { - logger.Error(err, "unable to write infrastructure config") - os.Exit(1) - } - if err := generator.MarshalAndWriteConfig(*controlplaneProviderConfigPath, cp); err != nil { - logger.Error(err, "unable to write infrastructure config") - os.Exit(1) - } - logger.Info("successfully written azure provider configuration", "infra", *infrastructureProviderConfigPath, "controlplane", *controlplaneProviderConfigPath) -} - -func validate() error { - if err := generator.ValidateString(infrastructureProviderConfigPath); err != nil { - return errors.Wrap(err, "error validating infrastructure provider config path") - } - if err := generator.ValidateString(controlplaneProviderConfigPath); err != nil { - return errors.Wrap(err, "error validating controlplane provider config path") - } - if err := generator.ValidateString(networkVnetCidr); err != nil { - return errors.Wrap(err, "error validating vnet CIDR") - } - if err := generator.ValidateString(networkWorkerCidr); err != nil { - return errors.Wrap(err, "error validating worker CIDR") - } - return nil -} diff --git a/extensions.yaml b/extensions.yaml index 696d40082..2ce3c2816 100644 --- a/extensions.yaml +++ b/extensions.yaml @@ -24,8 +24,7 @@ extensions: gitHubRepo: https://github.com/gardener/gardener-extensions path: controllers/provider-aws - name: provider-azure - gitHubRepo: https://github.com/gardener/gardener-extensions - path: controllers/provider-azure + gitHubRepo: https://github.com/gardener/gardener-extension-provider-azure - name: provider-gcp gitHubRepo: https://github.com/gardener/gardener-extensions path: controllers/provider-gcp diff --git a/go.mod b/go.mod index dfee4a5b4..1af1c7f6a 100644 --- a/go.mod +++ b/go.mod @@ -4,9 +4,6 @@ go 1.13 require ( cloud.google.com/go v0.43.0 - github.com/Azure/azure-sdk-for-go v32.6.0+incompatible - github.com/Azure/azure-storage-blob-go v0.7.0 - github.com/Azure/go-autorest/autorest/azure/auth v0.3.0 github.com/Masterminds/semver v1.4.2 github.com/ahmetb/gen-crd-api-reference-docs v0.1.5 github.com/aliyun/alibaba-cloud-sdk-go v1.60.340 @@ -53,7 +50,6 @@ require ( ) replace ( - github.com/Azure/go-autorest => github.com/Azure/go-autorest v12.2.0+incompatible github.com/Sirupsen/logrus => github.com/sirupsen/logrus v1.4.2 k8s.io/api => k8s.io/api v0.0.0-20190918155943-95b840bb6a1f // kubernetes-1.16.0 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783 // kubernetes-1.16.0 diff --git a/hack/test.sh b/hack/test.sh index eb8a8fedc..77223170e 100755 --- a/hack/test.sh +++ b/hack/test.sh @@ -20,10 +20,10 @@ DIRNAME="$(echo "$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd source "$DIRNAME/common.sh" # Network policies tests must only be ran separately. -SKIP_NETWORKPOLICY_TESTS=$(echo controllers/provider-{alicloud,aws,azure,gcp,openstack}/test/e2e/networkpolicies | sed 's/ /,/g') +SKIP_NETWORKPOLICY_TESTS=$(echo controllers/provider-{alicloud,aws,gcp,openstack}/test/e2e/networkpolicies | sed 's/ /,/g') #skip integration tests -SKIP_INTEGRATION_TESTS+=$(echo controllers/provider-{alicloud,aws,azure,gcp,openstack}/test/integration | sed 's/ /,/g') +SKIP_INTEGRATION_TESTS+=$(echo controllers/provider-{alicloud,aws,gcp,openstack}/test/integration | sed 's/ /,/g') header_text "Test" echo ${SKIP_INTEGRATION_TESTS}