├── .gimps.yaml ├── .github └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── .golangci.yml ├── .prow ├── e2e-features.yaml ├── postsubmits.yaml ├── provider-alibaba.yaml ├── provider-anexia.yaml ├── provider-aws.yaml ├── provider-azure.yaml ├── provider-digitalocean.yaml ├── provider-equinix-metal.yaml ├── provider-gcp.yaml ├── provider-hetzner.yaml ├── provider-kubevirt.yaml ├── provider-linode.yaml ├── provider-nutanix.yaml ├── provider-openstack.yaml ├── provider-scaleway.yaml ├── provider-vmware-cloud-director.yaml ├── provider-vsphere.yaml └── verify.yaml ├── .wwhrd.yml ├── .yamllint.conf ├── CONTRIBUTING.md ├── DCO ├── Dockerfile ├── LICENSE ├── Makefile ├── NOTICE ├── OWNERS ├── OWNERS_ALIASES ├── README.md ├── cmd ├── machine-controller │ └── main.go └── webhook │ └── main.go ├── code-of-conduct.md ├── docs ├── anexia.md ├── cloud-provider.md ├── e2e-infra.md ├── howto-provider.md ├── kubevirt.md ├── network-restrictions.md ├── nutanix.md ├── openstack-images.md ├── operating-system.md ├── provisioning.md ├── registry-authentication.md ├── rhel-custom-image.md ├── vmware-cloud-director.md └── vsphere.md ├── examples ├── alerts.yaml ├── alibaba-machinedeployment.yaml ├── anexia-machinedeployment.yaml ├── aws-machinedeployment.yaml ├── azure-machinedeployment.yaml ├── baremetal-tinkerbell-machinedeployment.yaml ├── cdi-operator-cr.yaml ├── cdi-operator.yaml ├── digitalocean-machinedeployment.yaml ├── equinixmetal-machinedeployment.yaml ├── gce-machinedeployment.yaml ├── hetzner-machinedeployment.yaml ├── kubevirt-cr.yaml ├── kubevirt-local-mounter.yaml ├── kubevirt-local-provisioner.yaml ├── kubevirt-machinedeployment.yaml ├── kubevirt-operator-0.19.0.yaml ├── linode-machinedeployment.yaml ├── machine-controller.yaml ├── nutanix-machinedeployment.yaml ├── opennebula-machinedeployment.yaml ├── openstack-machinedeployment.yaml ├── operating-system-manager.yaml ├── scaleway-machinedeployment.yaml ├── vmware-cloud-director-machinedeployment.yaml ├── vsphere-datastore-cluster-machinedeployment.yaml ├── vsphere-machinedeployment.yaml ├── vultr-machinedeployment.yaml └── webhook-certificate.cnf ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── boilerplate │ ├── boilerplate.Dockerfile.txt │ ├── boilerplate.Makefile.txt │ ├── boilerplate.bzl.txt │ ├── boilerplate.generatego.txt │ ├── boilerplate.go.txt │ ├── boilerplate.py.txt │ └── boilerplate.sh.txt ├── build-kubevirt-images.sh ├── ci │ ├── calico.yaml │ ├── cleanup.sh │ ├── download-gocache.sh │ ├── run-e2e-tests.sh │ ├── setup-cni-in-kind.sh │ ├── setup-kind-cluster.sh │ ├── setup-machine-controller-in-kind.sh │ └── upload-gocache.sh ├── cleanup_machines.sh ├── e2e-setup-openstack-images.sh ├── header.txt ├── kubevirt_dockerfiles │ └── dockerfile.ubuntu ├── lib.sh ├── run-machine-controller.sh ├── setup-openstack-images.sh ├── update-fixtures.sh ├── verify-boilerplate.sh └── verify-licenses.sh ├── image-builder ├── .gitignore ├── README.md ├── RPM-GPG-KEY-CentOS-7 ├── build.sh ├── coreos_signing_key.asc └── download_kubernetes.sh ├── pkg ├── admission │ ├── admission.go │ ├── machinedeployments.go │ ├── machinedeployments_test.go │ ├── machinedeployments_validation.go │ ├── machines.go │ ├── machines_test.go │ └── util.go ├── cloudprovider │ ├── cache │ │ ├── cloudprovidercache.go │ │ └── cloudprovidercache_test.go │ ├── common │ │ └── ssh │ │ │ └── ssh.go │ ├── errors │ │ └── errors.go │ ├── instance │ │ └── instance.go │ ├── provider.go │ ├── provider │ │ ├── alibaba │ │ │ └── provider.go │ │ ├── anexia │ │ │ ├── helper_test.go │ │ │ ├── instance.go │ │ │ ├── instance_test.go │ │ │ ├── network_provisioning.go │ │ │ ├── provider.go │ │ │ ├── provider_test.go │ │ │ ├── reconcile_context.go │ │ │ └── resolve_config.go │ │ ├── aws │ │ │ ├── gzip.go │ │ │ └── provider.go │ │ ├── azure │ │ │ ├── create_delete_resources.go │ │ │ ├── get_client.go │ │ │ └── provider.go │ │ ├── baremetal │ │ │ ├── plugins │ │ │ │ ├── driver.go │ │ │ │ └── tinkerbell │ │ │ │ │ ├── client │ │ │ │ │ ├── hardware.go │ │ │ │ │ ├── template.go │ │ │ │ │ ├── utils.go │ │ │ │ │ └── workflow.go │ │ │ │ │ ├── driver.go │ │ │ │ │ └── types │ │ │ │ │ └── hardware.go │ │ │ └── provider.go │ │ ├── digitalocean │ │ │ └── provider.go │ │ ├── edge │ │ │ └── provider.go │ │ ├── equinixmetal │ │ │ └── provider.go │ │ ├── external │ │ │ └── provider.go │ │ ├── fake │ │ │ └── provider.go │ │ ├── gce │ │ │ ├── config.go │ │ │ ├── instance.go │ │ │ ├── provider.go │ │ │ ├── provider_test.go │ │ │ └── service.go │ │ ├── hetzner │ │ │ └── provider.go │ │ ├── kubevirt │ │ │ ├── provider.go │ │ │ ├── provider_test.go │ │ │ └── testdata │ │ │ │ ├── affinity-no-values.yaml │ │ │ │ ├── affinity.yaml │ │ │ │ ├── custom-local-disk.yaml │ │ │ │ ├── dedicated-vcpus.yaml │ │ │ │ ├── eviction-strategy-live-migrate.yaml │ │ │ │ ├── extra-headers-set.yaml │ │ │ │ ├── http-image-source.yaml │ │ │ │ ├── instancetype-preference-custom.yaml │ │ │ │ ├── instancetype-preference-standard.yaml │ │ │ │ ├── kubeovn-provider-network.yaml │ │ │ │ ├── nominal-case.yaml │ │ │ │ ├── pvc-image-source.yaml │ │ │ │ ├── registry-image-source-pod.yaml │ │ │ │ ├── registry-image-source.yaml │ │ │ │ ├── secondary-disks.yaml │ │ │ │ ├── topologyspreadconstraints.yaml │ │ │ │ └── use-storage-as-storage-target.yaml │ │ ├── linode │ │ │ └── provider.go │ │ ├── nutanix │ │ │ ├── client.go │ │ │ └── provider.go │ │ ├── opennebula │ │ │ └── provider.go │ │ ├── openstack │ │ │ ├── helper.go │ │ │ ├── provider.go │ │ │ └── provider_test.go │ │ ├── scaleway │ │ │ └── provider.go │ │ ├── vmwareclouddirector │ │ │ ├── client.go │ │ │ ├── helper.go │ │ │ └── provider.go │ │ ├── vsphere │ │ │ ├── client.go │ │ │ ├── helper.go │ │ │ ├── helper_test.go │ │ │ ├── network.go │ │ │ ├── provider.go │ │ │ ├── provider_test.go │ │ │ ├── rule.go │ │ │ └── vmgroup.go │ │ └── vultr │ │ │ └── provider.go │ ├── testing │ │ └── testing.go │ ├── types │ │ └── types.go │ ├── util │ │ ├── cloud_init_settings.go │ │ ├── cloud_init_settings_test.go │ │ ├── http.go │ │ ├── net.go │ │ ├── testdata │ │ │ └── userdata.yaml │ │ ├── util.go │ │ └── util_test.go │ └── validationwrapper.go ├── clusterinfo │ ├── configmap.go │ └── configmap_test.go ├── controller │ ├── machine │ │ ├── bootstrap.go │ │ ├── controller.go │ │ ├── controller_test.go │ │ └── metrics.go │ ├── machinedeployment │ │ ├── controller.go │ │ ├── metrics.go │ │ ├── rolling.go │ │ └── sync.go │ ├── machineset │ │ ├── controller.go │ │ ├── delete_policy.go │ │ ├── machine.go │ │ └── status.go │ ├── nodecsrapprover │ │ ├── controller.go │ │ ├── controller_test.go │ │ └── doc.go │ └── util │ │ ├── machine.go │ │ └── machine_deployment.go ├── health │ └── readiness.go ├── kubernetes │ └── helper.go ├── log │ └── zap.go ├── migrations │ └── migrations.go ├── node │ ├── eviction │ │ ├── eviction.go │ │ └── eviction_test.go │ ├── flags.go │ ├── nodemanager │ │ └── node_manager.go │ └── poddeletion │ │ └── pod_deletion.go └── rhsm │ ├── satellite_subscription_manager.go │ ├── satellite_subscription_manager_test.go │ ├── subscription_manager.go │ ├── subscription_manager_test.go │ └── util.go ├── sdk ├── .golangci.yml ├── LICENSE ├── Makefile ├── README.md ├── apis │ ├── cluster │ │ ├── common │ │ │ ├── consts.go │ │ │ └── plugins.go │ │ └── v1alpha1 │ │ │ ├── common_types.go │ │ │ ├── conversions │ │ │ ├── conversions.go │ │ │ ├── conversions_test.go │ │ │ ├── providerconfig_to_providerspec.go │ │ │ ├── providerconfig_to_providerspec_test.go │ │ │ └── testdata │ │ │ │ ├── clusterv1alpha1machineDeploymentWithProviderConfig │ │ │ │ └── hetzner.yaml │ │ │ │ ├── clusterv1alpha1machineSetWithProviderConfig │ │ │ │ └── hetzner.yaml │ │ │ │ ├── clusterv1alpha1machineWithProviderConfig │ │ │ │ ├── aws.yaml │ │ │ │ └── hetzner.yaml │ │ │ │ ├── machinesv1alpha1machine │ │ │ │ ├── aws.yaml │ │ │ │ ├── azure.yaml │ │ │ │ ├── digitalocean.yaml │ │ │ │ ├── hetzner.yaml │ │ │ │ ├── linode.yaml │ │ │ │ ├── openstack.yaml │ │ │ │ ├── vsphere-static-ip.yaml │ │ │ │ └── vsphere.yaml │ │ │ │ ├── migrated_clusterv1alpha1machine │ │ │ │ ├── aws.yaml │ │ │ │ ├── azure.yaml │ │ │ │ ├── digitalocean.yaml │ │ │ │ ├── hetzner.yaml │ │ │ │ ├── linode.yaml │ │ │ │ ├── openstack.yaml │ │ │ │ ├── vsphere-static-ip.yaml │ │ │ │ └── vsphere.yaml │ │ │ │ ├── migrated_clusterv1alpha1machineDeploymentWithProviderConfig │ │ │ │ └── hetzner.yaml │ │ │ │ ├── migrated_clusterv1alpha1machineSetWithProviderConfig │ │ │ │ └── hetzner.yaml │ │ │ │ └── migrated_clusterv1alpha1machineWithProviderConfig │ │ │ │ ├── aws.yaml │ │ │ │ └── hetzner.yaml │ │ │ ├── defaults.go │ │ │ ├── doc.go │ │ │ ├── machine_types.go │ │ │ ├── machineclass_types.go │ │ │ ├── machinedeployment_types.go │ │ │ ├── machineset_types.go │ │ │ ├── register.go │ │ │ └── zz_generated.deepcopy.go │ └── machines │ │ ├── register.go │ │ └── v1alpha1 │ │ ├── defaults.go │ │ ├── doc.go │ │ ├── register.go │ │ ├── types.go │ │ └── zz_generated.deepcopy.go ├── bootstrap │ ├── doc.go │ └── types.go ├── cloudprovider │ ├── alibaba │ │ └── types.go │ ├── anexia │ │ └── types.go │ ├── aws │ │ └── types.go │ ├── azure │ │ └── types.go │ ├── baremetal │ │ ├── plugins │ │ │ ├── plugins.go │ │ │ └── tinkerbell │ │ │ │ └── types.go │ │ └── types.go │ ├── digitalocean │ │ └── types.go │ ├── equinixmetal │ │ └── types.go │ ├── gce │ │ └── types.go │ ├── hetzner │ │ └── types.go │ ├── kubevirt │ │ └── types.go │ ├── linode │ │ └── types.go │ ├── nutanix │ │ └── types.go │ ├── opennebula │ │ └── types.go │ ├── openstack │ │ └── types.go │ ├── scaleway │ │ └── types.go │ ├── vmwareclouddirector │ │ └── types.go │ ├── vsphere │ │ └── types.go │ └── vultr │ │ └── types.go ├── go.mod ├── go.sum ├── internal │ └── test │ │ └── helper.go ├── jsonutil │ └── strict.go ├── net │ └── net.go ├── node │ └── eviction.go ├── providerconfig │ ├── configvar │ │ └── resolver.go │ ├── resolver.go │ ├── types.go │ └── types_test.go └── userdata │ ├── amzn2 │ └── config.go │ ├── default.go │ ├── default_test.go │ ├── flatcar │ └── config.go │ ├── rhel │ └── config.go │ ├── rockylinux │ └── config.go │ └── ubuntu │ └── config.go └── test └── e2e └── provisioning ├── all_e2e_test.go ├── deploymentscenario.go ├── helper.go ├── migrateuidscenario.go ├── testdata ├── machine-invalid.yaml ├── machine-openstack.yaml ├── machinedeployment-alibaba.yaml ├── machinedeployment-anexia.yaml ├── machinedeployment-aws-arm-machines.yaml ├── machinedeployment-aws-ebs-encryption-enabled.yaml ├── machinedeployment-aws-spot-instances.yaml ├── machinedeployment-aws.yaml ├── machinedeployment-azure-custom-image-reference.yaml ├── machinedeployment-azure-redhat-satellite.yaml ├── machinedeployment-azure.yaml ├── machinedeployment-baremetal-tinkerbell.yaml ├── machinedeployment-digitalocean.yaml ├── machinedeployment-equinixmetal.yaml ├── machinedeployment-gce.yaml ├── machinedeployment-hetzner.yaml ├── machinedeployment-kubevirt.yaml ├── machinedeployment-linode.yaml ├── machinedeployment-nutanix.yaml ├── machinedeployment-opennebula.yaml ├── machinedeployment-openstack-project-auth.yaml ├── machinedeployment-openstack-upgrade.yml ├── machinedeployment-openstack.yaml ├── machinedeployment-scaleway.yaml ├── machinedeployment-vmware-cloud-director.yaml ├── machinedeployment-vsphere-anti-affinity.yaml ├── machinedeployment-vsphere-datastore-cluster.yaml ├── machinedeployment-vsphere-multiple-nic.yaml ├── machinedeployment-vsphere-resource-pool.yaml ├── machinedeployment-vsphere-static-ip.yaml ├── machinedeployment-vsphere.yaml └── machinedeployment-vultr.yaml └── verify.go /.gimps.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # This is the configuration for https://codeberg.org/xrstf/gimps. 16 | 17 | importOrder: [std, external, kubermatic, kubernetes] 18 | sets: 19 | - name: kubermatic 20 | patterns: 21 | - 'k8c.io/**' 22 | - 'github.com/kubermatic/**' 23 | - name: kubernetes 24 | patterns: 25 | - 'k8s.io/**' 26 | - '*.k8s.io/**' 27 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | **What this PR does / why we need it**: 2 | 3 | **Which issue(s) this PR fixes**: 4 | 5 | Fixes # 6 | 7 | **What type of PR is this?** 8 | 24 | 25 | **Special notes for your reviewer**: 26 | 27 | **Does this PR introduce a user-facing change? Then add your Release Note here**: 28 | 33 | ```release-note 34 | 35 | ``` 36 | 37 | **Documentation**: 38 | 46 | ```documentation 47 | 48 | ``` 49 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | /machine-controller* 3 | .terraform 4 | terraform.tfstate 5 | terraform.tfstate.backup 6 | test/tools/verify/verify 7 | .buildcache 8 | terraform 9 | terraform-provider-hcloud 10 | .kubeconfig 11 | examples/*.pem 12 | examples/*.csr 13 | examples/*.srl 14 | /webhook 15 | /vendor 16 | .vscode 17 | .gitpod.yml 18 | cmd/machine-controller/__debug_bin* 19 | !pkg 20 | -------------------------------------------------------------------------------- /.prow/provider-alibaba.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-alibaba 17 | optional: true 18 | always_run: false 19 | decorate: true 20 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 21 | path_alias: k8c.io/machine-controller 22 | max_concurrency: 1 23 | labels: 24 | preset-alibaba: "true" 25 | preset-hetzner: "true" 26 | preset-e2e-ssh: "true" 27 | preset-goproxy: "true" 28 | preset-kind-volume-mounts: "true" 29 | preset-docker-mirror: "true" 30 | preset-kubeconfig-ci: "true" 31 | spec: 32 | containers: 33 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 34 | command: 35 | - "./hack/ci/run-e2e-tests.sh" 36 | args: 37 | - "TestAlibabaProvisioningE2E" 38 | env: 39 | - name: CLOUD_PROVIDER 40 | value: alibaba 41 | securityContext: 42 | privileged: true 43 | resources: 44 | requests: 45 | memory: 7Gi 46 | cpu: 2 47 | limits: 48 | memory: 7Gi 49 | -------------------------------------------------------------------------------- /.prow/provider-anexia.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-anexia 17 | # We've made the E2E tests for Anexia optional since it doesn't support k8s v1.26 at the moment. 18 | # the tests on k8s v1.26+ will fail. 19 | # TODO: These tests shouldn't be marked as optional. 20 | optional: true 21 | always_run: false 22 | decorate: true 23 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 24 | path_alias: k8c.io/machine-controller 25 | labels: 26 | preset-hetzner: "true" 27 | preset-e2e-ssh: "true" 28 | preset-anexia: "true" 29 | preset-goproxy: "true" 30 | preset-kind-volume-mounts: "true" 31 | preset-docker-mirror: "true" 32 | preset-kubeconfig-ci: "true" 33 | spec: 34 | containers: 35 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 36 | command: 37 | - "./hack/ci/run-e2e-tests.sh" 38 | args: 39 | - "TestAnexiaProvisioningE2E" 40 | env: 41 | - name: CLOUD_PROVIDER 42 | value: anexia 43 | securityContext: 44 | privileged: true 45 | resources: 46 | requests: 47 | memory: 7Gi 48 | cpu: 2 49 | limits: 50 | memory: 7Gi 51 | -------------------------------------------------------------------------------- /.prow/provider-digitalocean.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-digitalocean 17 | run_if_changed: "(pkg/cloudprovider/provider/digitalocean/|pkg/userdata)" 18 | decorate: true 19 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 20 | path_alias: k8c.io/machine-controller 21 | labels: 22 | preset-digitalocean: "true" 23 | preset-hetzner: "true" 24 | preset-e2e-ssh: "true" 25 | preset-goproxy: "true" 26 | preset-kind-volume-mounts: "true" 27 | preset-docker-mirror: "true" 28 | preset-kubeconfig-ci: "true" 29 | spec: 30 | containers: 31 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 32 | command: 33 | - "./hack/ci/run-e2e-tests.sh" 34 | args: 35 | - "TestDigitalOceanProvisioningE2E" 36 | env: 37 | - name: CLOUD_PROVIDER 38 | value: digitalocean 39 | securityContext: 40 | privileged: true 41 | resources: 42 | requests: 43 | memory: 7Gi 44 | cpu: 2 45 | limits: 46 | memory: 7Gi 47 | -------------------------------------------------------------------------------- /.prow/provider-equinix-metal.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-equinix-metal 17 | optional: true 18 | run_if_changed: "(pkg/cloudprovider/provider/equinixmetal/|pkg/userdata)" 19 | decorate: true 20 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 21 | path_alias: k8c.io/machine-controller 22 | labels: 23 | preset-hetzner: "true" 24 | preset-e2e-ssh: "true" 25 | preset-equinix-metal: "true" 26 | preset-goproxy: "true" 27 | preset-kind-volume-mounts: "true" 28 | preset-docker-mirror: "true" 29 | preset-kubeconfig-ci: "true" 30 | spec: 31 | containers: 32 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 33 | command: 34 | - "./hack/ci/run-e2e-tests.sh" 35 | args: 36 | - "TestEquinixMetalProvisioningE2E" 37 | env: 38 | - name: CLOUD_PROVIDER 39 | value: metal 40 | securityContext: 41 | privileged: true 42 | resources: 43 | requests: 44 | memory: 7Gi 45 | cpu: 2 46 | limits: 47 | memory: 7Gi 48 | -------------------------------------------------------------------------------- /.prow/provider-gcp.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-gce 17 | always_run: true 18 | decorate: true 19 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 20 | path_alias: k8c.io/machine-controller 21 | labels: 22 | preset-gce: "true" 23 | preset-hetzner: "true" 24 | preset-e2e-ssh: "true" 25 | preset-rhel: "true" 26 | preset-goproxy: "true" 27 | preset-kind-volume-mounts: "true" 28 | preset-docker-mirror: "true" 29 | preset-kubeconfig-ci: "true" 30 | spec: 31 | containers: 32 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 33 | command: 34 | - "./hack/ci/run-e2e-tests.sh" 35 | args: 36 | - "TestGCEProvisioningE2E" 37 | env: 38 | - name: CLOUD_PROVIDER 39 | value: gce 40 | securityContext: 41 | privileged: true 42 | resources: 43 | requests: 44 | memory: 7Gi 45 | cpu: 2 46 | limits: 47 | memory: 7Gi 48 | -------------------------------------------------------------------------------- /.prow/provider-hetzner.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-hetzner 17 | run_if_changed: "(pkg/cloudprovider/provider/hetzner/|pkg/userdata)" 18 | decorate: true 19 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 20 | path_alias: k8c.io/machine-controller 21 | labels: 22 | preset-hetzner: "true" 23 | preset-e2e-ssh: "true" 24 | preset-goproxy: "true" 25 | preset-kind-volume-mounts: "true" 26 | preset-docker-mirror: "true" 27 | preset-kubeconfig-ci: "true" 28 | spec: 29 | containers: 30 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 31 | command: 32 | - "./hack/ci/run-e2e-tests.sh" 33 | args: 34 | - "TestHetznerProvisioningE2E" 35 | env: 36 | - name: CLOUD_PROVIDER 37 | value: hetzner 38 | securityContext: 39 | privileged: true 40 | resources: 41 | requests: 42 | memory: 7Gi 43 | cpu: 2 44 | limits: 45 | memory: 7Gi 46 | -------------------------------------------------------------------------------- /.prow/provider-kubevirt.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-kubevirt 17 | # run_if_changed: "(pkg/cloudprovider/provider/kubevirt/|pkg/userdata)" 18 | always_run: false 19 | decorate: true 20 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 21 | path_alias: k8c.io/machine-controller 22 | max_concurrency: 1 23 | labels: 24 | preset-kubevirt: "true" 25 | preset-hetzner: "true" 26 | preset-e2e-ssh: "true" 27 | preset-rhel: "true" 28 | preset-goproxy: "true" 29 | preset-kind-volume-mounts: "true" 30 | preset-docker-mirror: "true" 31 | preset-kubeconfig-ci: "true" 32 | spec: 33 | containers: 34 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 35 | command: 36 | - "./hack/ci/run-e2e-tests.sh" 37 | args: 38 | - "TestKubevirtProvisioningE2E" 39 | env: 40 | - name: CLOUD_PROVIDER 41 | value: kubevirt 42 | securityContext: 43 | privileged: true 44 | resources: 45 | requests: 46 | memory: 7Gi 47 | cpu: 2 48 | limits: 49 | memory: 7Gi 50 | -------------------------------------------------------------------------------- /.prow/provider-linode.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-linode 17 | always_run: false 18 | optional: true 19 | decorate: true 20 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 21 | path_alias: k8c.io/machine-controller 22 | labels: 23 | preset-hetzner: "true" 24 | preset-e2e-ssh: "true" 25 | preset-linode: "true" 26 | preset-goproxy: "true" 27 | preset-kind-volume-mounts: "true" 28 | preset-docker-mirror: "true" 29 | preset-kubeconfig-ci: "true" 30 | spec: 31 | containers: 32 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 33 | command: 34 | - "./hack/ci/run-e2e-tests.sh" 35 | args: 36 | - "TestLinodeProvisioningE2E" 37 | env: 38 | - name: CLOUD_PROVIDER 39 | value: linode 40 | securityContext: 41 | privileged: true 42 | resources: 43 | requests: 44 | memory: 7Gi 45 | cpu: 2 46 | limits: 47 | memory: 7Gi 48 | -------------------------------------------------------------------------------- /.prow/provider-nutanix.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-nutanix 17 | run_if_changed: "(pkg/cloudprovider/provider/nutanix/)" 18 | decorate: true 19 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 20 | path_alias: k8c.io/machine-controller 21 | labels: 22 | preset-hetzner: "true" 23 | preset-e2e-ssh: "true" 24 | preset-nutanix: "true" 25 | preset-goproxy: "true" 26 | preset-kind-volume-mounts: "true" 27 | preset-docker-mirror: "true" 28 | preset-kubeconfig-ci: "true" 29 | spec: 30 | containers: 31 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 32 | command: 33 | - "./hack/ci/run-e2e-tests.sh" 34 | args: 35 | - "TestNutanixProvisioningE2E" 36 | env: 37 | - name: CLOUD_PROVIDER 38 | value: nutanix 39 | securityContext: 40 | privileged: true 41 | resources: 42 | requests: 43 | memory: 7Gi 44 | cpu: 2 45 | limits: 46 | memory: 7Gi 47 | -------------------------------------------------------------------------------- /.prow/provider-scaleway.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-scaleway 17 | always_run: false 18 | decorate: true 19 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 20 | path_alias: k8c.io/machine-controller 21 | labels: 22 | preset-scaleway: "true" 23 | preset-hetzner: "true" 24 | preset-e2e-ssh: "true" 25 | preset-goproxy: "true" 26 | preset-kind-volume-mounts: "true" 27 | preset-docker-mirror: "true" 28 | preset-kubeconfig-ci: "true" 29 | spec: 30 | containers: 31 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 32 | command: 33 | - "./hack/ci/run-e2e-tests.sh" 34 | args: 35 | - "TestScalewayProvisioningE2E" 36 | env: 37 | - name: CLOUD_PROVIDER 38 | value: scaleway 39 | securityContext: 40 | privileged: true 41 | resources: 42 | requests: 43 | memory: 7Gi 44 | cpu: 2 45 | limits: 46 | memory: 7Gi 47 | -------------------------------------------------------------------------------- /.prow/provider-vmware-cloud-director.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | presubmits: 16 | - name: pull-machine-controller-e2e-vmware-cloud-director 17 | always_run: false 18 | decorate: true 19 | # Please check: https://github.com/kubermatic/machine-controller/issues/1619 20 | optional: true 21 | clone_uri: "ssh://git@github.com/kubermatic/machine-controller.git" 22 | path_alias: k8c.io/machine-controller 23 | run_if_changed: "(pkg/cloudprovider/provider/vmwareclouddirector/)" 24 | labels: 25 | preset-vcloud-director: "true" 26 | preset-hetzner: "true" 27 | preset-e2e-ssh: "true" 28 | preset-rhel: "true" 29 | preset-goproxy: "true" 30 | preset-kind-volume-mounts: "true" 31 | preset-docker-mirror: "true" 32 | preset-kubeconfig-ci: "true" 33 | spec: 34 | containers: 35 | - image: quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 36 | command: 37 | - "./hack/ci/run-e2e-tests.sh" 38 | args: 39 | - "TestVMwareCloudDirectorProvisioningE2E" 40 | env: 41 | - name: CLOUD_PROVIDER 42 | value: vcd 43 | securityContext: 44 | privileged: true 45 | resources: 46 | requests: 47 | memory: 7Gi 48 | cpu: 2 49 | limits: 50 | memory: 7Gi 51 | -------------------------------------------------------------------------------- /.wwhrd.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | denylist: 16 | - GPL-2.0 17 | - LGPL-3.0 18 | 19 | allowlist: 20 | - Apache-2.0 21 | - MIT 22 | - BSD-2-Clause 23 | - BSD-2-Clause-FreeBSD 24 | - BSD-3-Clause 25 | - ISC 26 | 27 | exceptions: 28 | - github.com/hashicorp/golang-lru # MPL-2.0 29 | - github.com/hashicorp/golang-lru/simplelru # MPL-2.0 30 | - github.com/hashicorp/go-version # MPL-2.0 31 | - github.com/hashicorp/go-cleanhttp # MPL-2.0 32 | - github.com/hashicorp/go-retryablehttp # MPL-2.0 33 | -------------------------------------------------------------------------------- /.yamllint.conf: -------------------------------------------------------------------------------- 1 | extends: default 2 | 3 | rules: 4 | indentation: disable 5 | document-start: disable 6 | comments: disable 7 | line-length: disable 8 | 9 | ignore: | 10 | .golangci.yml -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 6 | Everyone is permitted to copy and distribute verbatim copies of this 7 | license document, but changing it is not allowed. 8 | 9 | 10 | Developer's Certificate of Origin 1.1 11 | 12 | By making a contribution to this project, I certify that: 13 | 14 | (a) The contribution was created in whole or in part by me and I 15 | have the right to submit it under the open source license 16 | indicated in the file; or 17 | 18 | (b) The contribution is based upon previous work that, to the best 19 | of my knowledge, is covered under an appropriate open source 20 | license and I have the right under that license to submit that 21 | work with modifications, whether created in whole or in part 22 | by me, under the same open source license (unless I am 23 | permitted to submit under a different license), as indicated 24 | in the file; or 25 | 26 | (c) The contribution was provided directly to me by some other 27 | person who certified (a), (b) or (c) and I have not modified 28 | it. 29 | 30 | (d) I understand and agree that this project and the contribution 31 | are public and that a record of the contribution (including all 32 | personal information I submit with it, including my sign-off) is 33 | maintained indefinitely and may be redistributed consistent with 34 | this project or the open source license(s) involved. 35 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG GO_VERSION=1.24.2 16 | FROM docker.io/golang:${GO_VERSION} AS builder 17 | WORKDIR /go/src/k8c.io/machine-controller 18 | COPY . . 19 | RUN make all 20 | 21 | FROM alpine:3.19 22 | 23 | RUN apk add --no-cache ca-certificates cdrkit 24 | 25 | COPY --from=builder \ 26 | /go/src/k8c.io/machine-controller/machine-controller \ 27 | /go/src/k8c.io/machine-controller/webhook \ 28 | /usr/local/bin/ 29 | USER nobody 30 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Kubermatic Project 2 | Copyright 2019 Kubermatic GmbH 3 | 4 | This product includes software developed at Kubermatic GmbH. 5 | (http://www.kubermatic.com/). 6 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - sig-cluster-management 5 | 6 | reviewers: 7 | - sig-cluster-management 8 | 9 | labels: 10 | - sig/cluster-management 11 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # This file was automatically generated by prow-aliases-syncer. DO NOT EDIT. 2 | # To change team associations, update the GitHub teams via https://github.com/kubermatic/access. 3 | 4 | aliases: 5 | sig-cluster-management: 6 | - ahmedwaleedmalik 7 | - cnvergence 8 | - embik 9 | - julioc-p 10 | - kron4eg 11 | - moadqassem 12 | - moelsayed 13 | - mohamed-rafraf 14 | - soer3n 15 | - xmudrii 16 | - xrstf 17 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubermatic Community Code of Conduct 2 | 3 | ## Contributor Code of Conduct 4 | 5 | As contributors and maintainers of this project, and in the interest of fostering 6 | an open and welcoming community, we pledge to respect all people who contribute 7 | through reporting issues, posting feature requests, updating documentation, 8 | submitting pull requests or patches, and other activities. 9 | 10 | We are committed to making participation in this project a harassment-free experience for 11 | everyone, regardless of level of experience, gender, gender identity and expression, 12 | sexual orientation, disability, personal appearance, body size, race, ethnicity, age, 13 | religion, or nationality. 14 | 15 | Examples of unacceptable behavior by participants include: 16 | 17 | * The use of sexualized language or imagery 18 | * Personal attacks 19 | * Trolling or insulting/derogatory comments 20 | * Public or private harassment 21 | * Publishing other's private information, such as physical or electronic addresses, 22 | without explicit permission 23 | * Other unethical or unprofessional conduct. 24 | 25 | Project maintainers have the right and responsibility to remove, edit, or reject 26 | comments, commits, code, wiki edits, issues, and other contributions that are not 27 | aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers 28 | commit themselves to fairly and consistently applying these principles to every aspect 29 | of managing this project. Project maintainers who do not follow or enforce the Code of 30 | Conduct may be permanently removed from the project team. 31 | 32 | This code of conduct applies both within project spaces and in public spaces 33 | when an individual is representing the project or its community. 34 | 35 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Kubermatic Conduct Committee via coc@kubermatic.com. 36 | 37 | This Code of Conduct is adapted from the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) and [Contributor Covenant](http://contributor-covenant.org/version/1/2/0/), version 1.2.0. 38 | -------------------------------------------------------------------------------- /docs/anexia.md: -------------------------------------------------------------------------------- 1 | # Anexia Engine 2 | 3 | This provider implementation is currently in **alpha** state. 4 | 5 | ## Supported Operating Systems 6 | 7 | Only flatcar linux is currently supported and you explicitly have to set the provisioning mechanism to cloud-init by setting `machine.spec.providerSpec.value.operatingSystemSpec.provisioningUtility` to "cloud-init". 8 | 9 | An example machine deployment can be found here: [examples/anexia-machinedeployment.yaml](../examples/anexia-machinedeployment.yaml) 10 | 11 | ## Templates 12 | 13 | You can configure the template to use by its name (using the attribute `template`) or its identifier (using the attribute `templateID`). 14 | 15 | When specifying the template by its name, the template build to use can optionally be set (attribute `templateBuild`). Omitting `templateBuild` will yield the latest available build (at time the time of creating the `Machine`) for the specified named template. 16 | 17 | Template identifiers (attribute `templateID`) always link to a given `template`-`templateBuild` combination, so using the identifier in configuration has the same drawback as specifying an exact build to use. 18 | 19 | Templates are rotated pretty often to include security patches and other updates. Outdated versions of templates are not retained and get removed after some time. Because of this, we do not recommend using the `templateID` attribute or pinning to a fixed build unless really required. 20 | 21 | To retrieve all available templates against a given location: 22 | 23 | ``` 24 | https://engine.anexia-it.com/api/vsphere/v1/provisioning/templates.json//templates?page=1&limit=50&api_key= 25 | ``` 26 | -------------------------------------------------------------------------------- /docs/e2e-infra.md: -------------------------------------------------------------------------------- 1 | # E2E infrastructure 2 | 3 | ## OpenStack 4 | 5 | ### Create all required images 6 | 7 | ```bash 8 | # This will create all required images on OpenStack 9 | ./hack/e2e-setup-openstack-images.sh 10 | ``` 11 | -------------------------------------------------------------------------------- /docs/network-restrictions.md: -------------------------------------------------------------------------------- 1 | # Running behind a proxy 2 | 3 | If nodes only have access via a HTTP proxy, you can let the machine-controller configure all new nodes to use this proxy. 4 | For this the following flag must be set on the machine-controller side: 5 | ```bash 6 | -node-http-proxy="http://192.168.1.1:3128" 7 | ``` 8 | This will set the following environment variables via /etc/environment on all nodes (lower & uppercase): 9 | - `HTTP_PROXY` 10 | - `HTTPS_PROXY` 11 | 12 | `NO_PROXY` can be configured using a dedicated flag: 13 | ```bash 14 | -node-no-proxy="10.0.0.1" 15 | ``` 16 | 17 | `-node-http-proxy` & `-node-no-proxy` must only contain IP addresses and/or domain names. 18 | 19 | # Using a custom image registry 20 | 21 | Except for custom workload, the kubelet requires access to the "pause" container. 22 | This container is being used to keep the network namespace for each Pod alive. 23 | 24 | By default the image `k8s.gcr.io/pause:3.1`* will be used. 25 | If that image won't be accessible from the node, a custom image can be specified on the machine-controller: 26 | ```bash 27 | -node-pause-image="192.168.1.1:5000/kubernetes/pause:3.1" 28 | ``` 29 | 30 | 31 | ## Kubelet images 32 | 33 | ### Flatcar Linux 34 | For Flatcar Linux nodes, [kubelet][3] image must be accessible as well. This is due to the fact 35 | that kubelet is running as a docker container. 36 | 37 | By default the image `quay.io/kubermatic/kubelet` will be used. If that image won't be accessible from the node, a custom 38 | image can be specified on the machine-controller: 39 | 40 | ```bash 41 | # Do not set a tag. The tag depends on the used Kubernetes version of a machine. 42 | -node-kubelet-image="192.168.1.1:5000/my-custom/kubelet-amd64" 43 | ``` 44 | 45 | # Insecure registries 46 | 47 | If nodes require access to insecure registries, all registries must be specified via a flag: 48 | ```bash 49 | -node-insecure-registries="192.168.1.1:5000,10.0.0.1:5000" 50 | ``` 51 | 52 | [1]: https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/hyperkube 53 | [2]: https://github.com/coreos/coreos-kubernetes/blob/master/Documentation/kubelet-wrapper.md 54 | [3]: https://quay.io/kubermatic/kubelet 55 | -------------------------------------------------------------------------------- /docs/nutanix.md: -------------------------------------------------------------------------------- 1 | # Nutanix Prism Central 2 | 3 | Currently the `machine-controller` implementation of Nutanix supports the [Prism v3 API](https://www.nutanix.dev/reference/prism_central/v3/) to create `Machines`. 4 | 5 | ## Prerequisites 6 | 7 | The `nutanix` provider assumes several things to be preexisting. You need: 8 | 9 | - Credentials and access information for a Nutanix Prism Central instance (endpoint, port, username and password). 10 | - The name of a Nutanix cluster to create the VMs for Machines on. 11 | - The name of a subnet on the given Nutanix cluster that the VMs' network interfaces will be created on. 12 | - An image name that will be used to create the VM for (must match the configured operating system). 13 | - **Optional**: The name of a project that the given credentials have access to, to create the VMs in. If none is provided, the VMs are created without a project. 14 | 15 | ## Configuration Options 16 | 17 | An example `MachineDeployment` can be found [here](../examples/nutanix-machinedeployment.yaml). 18 | -------------------------------------------------------------------------------- /docs/openstack-images.md: -------------------------------------------------------------------------------- 1 | # Images 2 | 3 | ## Upload supported images to OpenStack 4 | 5 | There is a script to upload all supported image to OpenStack. 6 | ```bash 7 | ./hack/setup-openstack-images.sh 8 | ``` 9 | 10 | By default all images will be named `machine-controller-${OS_NAME}`. 11 | The image names can be overwritten using environment variables: 12 | ```bash 13 | UBUNTU_IMAGE_NAME="ubuntu" ./hack/setup-openstack-images.sh 14 | ``` 15 | -------------------------------------------------------------------------------- /docs/operating-system.md: -------------------------------------------------------------------------------- 1 | # Operating system 2 | 3 | ## Support matrix 4 | 5 | ### Cloud provider 6 | 7 | | | Ubuntu | Flatcar | RHEL | Amazon Linux 2 | Rocky Linux | 8 | |---|---|---|---|---|---| 9 | | AWS | ✓ | ✓ | ✓ | ✓ | ✓ | 10 | | Azure | ✓ | ✓ | ✓ | x | ✓ | 11 | | Digitalocean | ✓ | x | x | x | ✓ | 12 | | Equinix Metal | ✓ | ✓ | x | x | ✓ | 13 | | Google Cloud Platform | ✓ | ✓ | x | x | x | 14 | | Hetzner | ✓ | x | x | x | ✓ | 15 | | KubeVirt | ✓ | ✓ | ✓ | x | ✓ | 16 | | Nutanix | ✓ | x | x | x | x | 17 | | Openstack | ✓ | ✓ | ✓ | x | ✓ | 18 | | VMware Cloud Director | ✓ | x | x | x | x | 19 | | VSphere | ✓ | ✓ | ✓ | x | ✓ | 20 | 21 | ## Configuring a operating system 22 | 23 | The operating system to use can be set via `machine.spec.providerConfig.operatingSystem`. 24 | Allowed values: 25 | 26 | - `amzn2` 27 | - `flatcar` 28 | - `rhel` 29 | - `rockylinux` 30 | - `ubuntu` 31 | 32 | OS specific settings can be set via `machine.spec.providerConfig.operatingSystemSpec`. 33 | 34 | ### Supported OS versions 35 | 36 | Note that the table below lists the OS versions that we are validating in our automated tests. 37 | Machine controller may work with other OS versions that are not listed in the table but support won’t be provided. 38 | 39 | | | Versions | 40 | |---|---| 41 | | AmazonLinux2 | 2.x | 42 | | RHEL | 8.x | 43 | | Rocky Linux | 8.5 | 44 | | Ubuntu | 20.04 LTS, 22.04 LTS | 45 | -------------------------------------------------------------------------------- /docs/provisioning.md: -------------------------------------------------------------------------------- 1 | # provisioning 2 | 3 | Every node gets bootstrapped via cloud-init. 4 | 5 | ## Ubuntu 6 | 7 | We use https://cloud-init.io/ -------------------------------------------------------------------------------- /docs/registry-authentication.md: -------------------------------------------------------------------------------- 1 | # Registry Authentication 2 | 3 | Machine-controller supports configuring container runtime with authentication 4 | information. Flag `-node-registry-credentials-secret` can take a secret 5 | reference in form `namespace/secret-name` where authentication info will be 6 | stored. During the VM creation this info will be used to configure container 7 | runtime. 8 | 9 | There are two options for the type of the secret that can be passed on this 10 | flag. 11 | 12 | ## Custom secret 13 | 14 | Secret format is serialized 15 | `map[string]github.com/containerd/containerd/pkg/cri/config.AuthConfig`, where 16 | `AuthConfig` is defined as 17 | 18 | ```go 19 | type AuthConfig struct { 20 | // Username is the username to login the registry. 21 | Username string `toml:"username" json:"username"` 22 | // Password is the password to login the registry. 23 | Password string `toml:"password" json:"password"` 24 | // Auth is a base64 encoded string from the concatenation of the username, 25 | // a colon, and the password. 26 | Auth string `toml:"auth" json:"auth"` 27 | // IdentityToken is used to authenticate the user and get 28 | // an access token for the registry. 29 | IdentityToken string `toml:"identitytoken" json:"identitytoken"` 30 | } 31 | ``` 32 | 33 | Original source: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/config/config.go#L126-L137 34 | 35 | Example: 36 | ```yaml 37 | apiVersion: v1 38 | kind: Secret 39 | metadata: 40 | name: my-registries 41 | namespace: kube-system 42 | data: 43 | gcr.io: | 44 | eyJ1c2VybmFtZSI6ImwwZzFuIiwicGFzc3dvcmQiOiJjMDBscDQ1NXc 45 | wcmQiLCJhdXRoIjoiIiwiaWRlbnRpdHl0b2tlbiI6IiJ9Cg== 46 | 47 | ``` 48 | 49 | Now having this saved in the Kubernetes API, launch machine-controller with 50 | `-node-registry-credentials-secret=kube-system/my-registries` flag. 51 | 52 | ## `kubernetes.io/dockerconfigjson` 53 | 54 | This type stores a serialized `~/.docker/config.json` and can directly be 55 | created via `kubectl` by either passing such file directly or by providing 56 | the necessary data. 57 | 58 | See also: 59 | https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets 60 | -------------------------------------------------------------------------------- /docs/vmware-cloud-director.md: -------------------------------------------------------------------------------- 1 | # VMware Cloud Director 2 | 3 | ## Prerequisites 4 | 5 | The following things should be configured before managing machines on VMware Cloud Director: 6 | 7 | - Dedicated Organization VDC has been created. 8 | - Required catalog and templates for creating VMs have been added to the organization VDC. 9 | - VApp has been created that will be used to encapsulate all the VMs. 10 | - Direct, routed or isolated network has been created. And the virtual machines within the vApp can communicate over that network. 11 | 12 | ## Configuration Options 13 | 14 | An example `MachineDeployment` can be found [here](../examples/vmware-cloud-director-machinedeployment.yaml). 15 | -------------------------------------------------------------------------------- /examples/alerts.yaml: -------------------------------------------------------------------------------- 1 | groups: 2 | - name: machine-controller 3 | rules: 4 | - alert: MachineControllerDown 5 | expr: absent(up{job="machine-controller"} == 1) 6 | for: 5m 7 | labels: 8 | severity: critical 9 | annotations: 10 | message: "Machine Controller in namespace {{ $labels.namespace }} is down for more than 5 minutes." 11 | - alert: MachineControllerTooManyErrors 12 | expr: sum(rate(machine_controller_errors_total[5m])) by (namespace) > 0.01 13 | for: 10m 14 | labels: 15 | severity: warning 16 | annotations: 17 | message: "Machine Controller in {{ $labels.namespace }} has too many errors in its loop." 18 | - alert: MachineControllerDeleting 19 | expr: machine_controller_machine_deleted > 0 20 | for: 10m 21 | labels: 22 | severity: critical 23 | annotations: 24 | message: "Unable to delete machine {{ $labels.machine }}" 25 | -------------------------------------------------------------------------------- /examples/alibaba-machinedeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # If you change the namespace/name, you must also 5 | # adjust the rbac rules 6 | name: machine-controller-alibaba 7 | namespace: kube-system 8 | type: Opaque 9 | stringData: 10 | accessKeyID: << ALIBABA_ACCESS_KEY_ID >> 11 | accessKeySecret: << ALIBABA_ACCESS_SECRET >> 12 | --- 13 | apiVersion: "cluster.k8s.io/v1alpha1" 14 | kind: MachineDeployment 15 | metadata: 16 | name: alibaba-machinedeployment 17 | namespace: kube-system 18 | spec: 19 | paused: false 20 | replicas: 1 21 | strategy: 22 | type: RollingUpdate 23 | rollingUpdate: 24 | maxSurge: 1 25 | maxUnavailable: 0 26 | minReadySeconds: 0 27 | selector: 28 | matchLabels: 29 | foo: bar 30 | template: 31 | metadata: 32 | labels: 33 | foo: bar 34 | spec: 35 | providerSpec: 36 | value: 37 | sshPublicKeys: 38 | - "<< YOUR_PUBLIC_KEY >>" 39 | cloudProvider: "alibaba" 40 | cloudProviderSpec: 41 | # If empty, can be set via ALIBABA_ACCESS_KEY_ID env var 42 | accessKeyID: 43 | secretKeyRef: 44 | namespace: kube-system 45 | name: machine-controller-alibaba 46 | key: accessKeyID 47 | accessKeySecret: 48 | secretKeyRef: 49 | namespace: kube-system 50 | name: machine-controller-alibaba 51 | key: accessKeySecret 52 | instanceType: "ecs.t1.xsmall" 53 | instanceName: "alibaba-instance" 54 | internetMaxBandwidthOut: 10 55 | regionID: eu-central-1 56 | vSwitchID: "vswitchID" 57 | zoneID: eu-central-1a 58 | diskType: "cloud_efficiency" 59 | diskSize: "40" 60 | operatingSystem: "ubuntu" 61 | operatingSystemSpec: 62 | distUpgradeOnBoot: false 63 | disableAutoUpdate: true 64 | versions: 65 | kubelet: 1.30.5 66 | -------------------------------------------------------------------------------- /examples/baremetal-tinkerbell-machinedeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | spec: 7 | replicas: 1 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxSurge: 1 12 | maxUnavailable: 0 13 | selector: 14 | matchLabels: 15 | name: << MACHINE_NAME >> 16 | template: 17 | metadata: 18 | labels: 19 | name: << MACHINE_NAME >> 20 | spec: 21 | providerSpec: 22 | value: 23 | sshPublicKeys: 24 | - "<< YOUR_PUBLIC_KEY >>" 25 | cloudProvider: "baremetal" 26 | cloudProviderSpec: 27 | driver: "tinkerbell" 28 | driverSpec: 29 | clusterName: "<< CLUSTER_NAME >>" 30 | osImageUrl: "<< OS_IMAGE_URL >>" 31 | auth: 32 | kubeconfig: 33 | value: "<< KUBECONFIG_BASE64 >>" 34 | hardwareRef: 35 | name: hardware-1 36 | namespace: "default" 37 | operatingSystem: "<< OS_NAME >>" 38 | operatingSystemSpec: 39 | distUpgradeOnBoot: false 40 | disableAutoUpdate: true 41 | versions: 42 | kubelet: "<< KUBERNETES_VERSION >>" 43 | -------------------------------------------------------------------------------- /examples/cdi-operator-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cdi.kubevirt.io/v1alpha1 2 | kind: CDI 3 | metadata: 4 | name: cdi 5 | namespace: cdi 6 | spec: 7 | imagePullPolicy: IfNotPresent 8 | -------------------------------------------------------------------------------- /examples/digitalocean-machinedeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # If you change the namespace/name, you must also 5 | # adjust the rbac rules 6 | name: machine-controller-digitalocean 7 | namespace: kube-system 8 | type: Opaque 9 | stringData: 10 | token: << DIGITALOCEAN_TOKEN >> 11 | --- 12 | apiVersion: "cluster.k8s.io/v1alpha1" 13 | kind: MachineDeployment 14 | metadata: 15 | name: digitalocean-machinedeployment 16 | namespace: kube-system 17 | spec: 18 | paused: false 19 | replicas: 1 20 | strategy: 21 | type: RollingUpdate 22 | rollingUpdate: 23 | maxSurge: 1 24 | maxUnavailable: 0 25 | minReadySeconds: 0 26 | selector: 27 | matchLabels: 28 | foo: bar 29 | template: 30 | metadata: 31 | labels: 32 | foo: bar 33 | spec: 34 | providerSpec: 35 | value: 36 | sshPublicKeys: 37 | - "<< YOUR_PUBLIC_KEY >>" 38 | cloudProvider: "digitalocean" 39 | cloudProviderSpec: 40 | # If empty, can be set via DO_TOKEN env var 41 | token: 42 | secretKeyRef: 43 | namespace: kube-system 44 | name: machine-controller-digitalocean 45 | key: token 46 | region: fra1 47 | size: 2gb 48 | backups: false 49 | ipv6: false 50 | private_networking: true 51 | # Monitoring must be turned off for Flatcar Container Linux 52 | monitoring: false 53 | tags: 54 | - "machine-controller" 55 | operatingSystem: "ubuntu" 56 | operatingSystemSpec: 57 | disableAutoUpdate: true 58 | versions: 59 | kubelet: 1.30.5 60 | -------------------------------------------------------------------------------- /examples/equinixmetal-machinedeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # If you change the namespace/name, you must also 5 | # adjust the rbac rules 6 | name: machine-controller-equinixmetal 7 | namespace: kube-system 8 | type: Opaque 9 | stringData: 10 | token: << METAL_AUTH_TOKEN >> 11 | --- 12 | apiVersion: "cluster.k8s.io/v1alpha1" 13 | kind: MachineDeployment 14 | metadata: 15 | name: equinixmetal-machinedeployment 16 | namespace: kube-system 17 | spec: 18 | paused: false 19 | replicas: 1 20 | strategy: 21 | type: RollingUpdate 22 | rollingUpdate: 23 | maxSurge: 1 24 | maxUnavailable: 0 25 | minReadySeconds: 0 26 | selector: 27 | matchLabels: 28 | foo: bar 29 | template: 30 | metadata: 31 | labels: 32 | foo: bar 33 | spec: 34 | providerSpec: 35 | value: 36 | sshPublicKeys: 37 | - "<< YOUR_PUBLIC_KEY >>" 38 | cloudProvider: "equinixmetal" 39 | cloudProviderSpec: 40 | # If empty, can be set via METAL_TOKEN env var 41 | token: 42 | secretKeyRef: 43 | namespace: kube-system 44 | name: machine-controller-equinixmetal 45 | key: token 46 | instanceType: "t1.small.x86" 47 | projectID: "<< PROJECT_ID >>" 48 | facilities: 49 | - "ewr1" 50 | operatingSystem: "ubuntu" 51 | operatingSystemSpec: 52 | distUpgradeOnBoot: false 53 | versions: 54 | kubelet: 1.30.5 55 | -------------------------------------------------------------------------------- /examples/kubevirt-cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubevirt.io/v1alpha3 3 | kind: KubeVirt 4 | metadata: 5 | name: kubevirt 6 | namespace: kubevirt 7 | spec: 8 | imagePullPolicy: IfNotPresent 9 | -------------------------------------------------------------------------------- /examples/kubevirt-local-mounter.yaml: -------------------------------------------------------------------------------- 1 | kind: DaemonSet 2 | apiVersion: apps/v1 3 | metadata: 4 | name: create-bind-mounts 5 | namespace: kube-system 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: create-bind-mounts 10 | template: 11 | metadata: 12 | labels: 13 | app: create-bind-mounts 14 | spec: 15 | hostPID: true 16 | containers: 17 | - name: startup-script 18 | image: quay.io/kubermatic/startup-script:v0.2.1 19 | securityContext: 20 | privileged: true 21 | env: 22 | - name: STARTUP_SCRIPT 23 | value: | 24 | for ((i=1;i<=50;i++)); 25 | do 26 | mkdir -p /opt/kube-disks/${i} /mnt/local-volumes/${i} 27 | cat >/etc/systemd/system/mnt-local\\x2dvolumes-${i}.mount <> 11 | --- 12 | apiVersion: "cluster.k8s.io/v1alpha1" 13 | kind: MachineDeployment 14 | metadata: 15 | name: linode-machinedeployment 16 | namespace: kube-system 17 | spec: 18 | paused: false 19 | replicas: 1 20 | strategy: 21 | type: RollingUpdate 22 | rollingUpdate: 23 | maxSurge: 1 24 | maxUnavailable: 0 25 | minReadySeconds: 0 26 | selector: 27 | matchLabels: 28 | foo: bar 29 | template: 30 | metadata: 31 | labels: 32 | foo: bar 33 | spec: 34 | providerSpec: 35 | value: 36 | sshPublicKeys: 37 | - "<< YOUR_PUBLIC_KEY >>" 38 | cloudProvider: "linode" 39 | cloudProviderSpec: 40 | # If empty, can be set via LINODE_TOKEN env var 41 | token: 42 | secretKeyRef: 43 | namespace: kube-system 44 | name: machine-controller-linode 45 | key: token 46 | region: eu-west 47 | type: g6-standard-2 48 | backups: false 49 | private_networking: true 50 | tags: 51 | - "machine-controller" 52 | operatingSystem: "ubuntu" 53 | operatingSystemSpec: 54 | disableAutoUpdate: true 55 | versions: 56 | kubelet: 1.30.5 57 | -------------------------------------------------------------------------------- /examples/opennebula-machinedeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # If you change the namespace/name, you must also 5 | # adjust the rbac rules 6 | name: machine-controller-opennebula 7 | namespace: kube-system 8 | type: Opaque 9 | stringData: 10 | password: << ONE_PASSWORD >> 11 | --- 12 | apiVersion: "cluster.k8s.io/v1alpha1" 13 | kind: MachineDeployment 14 | metadata: 15 | name: opennebula-machinedeployment 16 | namespace: kube-system 17 | spec: 18 | paused: false 19 | replicas: 1 20 | strategy: 21 | type: RollingUpdate 22 | rollingUpdate: 23 | maxSurge: 1 24 | maxUnavailable: 0 25 | minReadySeconds: 0 26 | selector: 27 | matchLabels: 28 | foo: bar 29 | template: 30 | metadata: 31 | labels: 32 | foo: bar 33 | spec: 34 | providerSpec: 35 | value: 36 | sshPublicKeys: 37 | - "<< YOUR_PUBLIC_KEY >>" 38 | cloudProvider: "opennebula" 39 | cloudProviderSpec: 40 | endpoint: "<< ONE_ENDPOINT including '/RPC2' >>" 41 | username: "<< ONE_USERNAME >>" 42 | # If empty, can be set via ONE_PASSWORD env var 43 | password: 44 | secretKeyRef: 45 | namespace: kube-system 46 | name: machine-controller-opennebula 47 | key: password 48 | cpu: 1 49 | vcpu: 2 50 | memory: 1024 51 | 52 | image: "flatcar-stable" 53 | datastore: "<< YOUR_DATASTORE_NAME >>" 54 | diskSize: 51200 # MB 55 | 56 | network: "<< YOUR_NETWORK_NAME >>" 57 | 58 | enableVNC: true 59 | 60 | # if you want to have more control over e.g. placement of the VM you can do this: 61 | #vmTemplateExtra: 62 | # SCHED_REQUIREMENTS: 'RACK="G4"' 63 | operatingSystem: "flatcar" 64 | operatingSystemSpec: 65 | distUpgradeOnBoot: false 66 | 67 | # use cloud-init for flatcar as ignition doesn't know anything about OpenNebula yet 68 | provisioningUtility: "cloud-init" 69 | versions: 70 | kubelet: 1.30.5 71 | -------------------------------------------------------------------------------- /examples/scaleway-machinedeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # If you change the namespace/name, you must also 5 | # adjust the rbac rules 6 | name: machine-controller-scaleway 7 | namespace: kube-system 8 | type: Opaque 9 | stringData: 10 | access_key: << SCW_ACCESS_KEY >> 11 | secret_key: << SCW_SECRET_KEY >> 12 | --- 13 | apiVersion: "cluster.k8s.io/v1alpha1" 14 | kind: MachineDeployment 15 | metadata: 16 | name: scaleway-machinedeployment 17 | namespace: kube-system 18 | spec: 19 | paused: false 20 | replicas: 1 21 | strategy: 22 | type: RollingUpdate 23 | rollingUpdate: 24 | maxSurge: 1 25 | maxUnavailable: 0 26 | minReadySeconds: 0 27 | selector: 28 | matchLabels: 29 | foo: bar 30 | template: 31 | metadata: 32 | labels: 33 | foo: bar 34 | spec: 35 | providerSpec: 36 | value: 37 | sshPublicKeys: 38 | - "<< YOUR_PUBLIC_KEY >>" 39 | cloudProvider: "scaleway" 40 | cloudProviderSpec: 41 | # If empty, can be set via SCW_ACCESS_KEY env var 42 | accessKey: 43 | secretKeyRef: 44 | namespace: kube-system 45 | name: machine-controller-scaleway 46 | key: access_key 47 | # If empty, can be set via SCW_SECRET_KEY env var 48 | secretKey: 49 | secretKeyRef: 50 | namespace: kube-system 51 | name: machine-controller-scaleway 52 | key: secret_key 53 | projectId: << SCW_DEFAULT_PROJECT_ID >> 54 | zone: fr-par-1 55 | commercialType: DEV1-M 56 | ipv6: false 57 | tags: 58 | - "machine-controller" 59 | operatingSystem: "ubuntu" 60 | operatingSystemSpec: 61 | disableAutoUpdate: true 62 | versions: 63 | kubelet: 1.30.5 64 | -------------------------------------------------------------------------------- /examples/webhook-certificate.cnf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | prompt = no 3 | default_bits = 2048 4 | distinguished_name = req_distinguished_name 5 | req_extensions = v3_req 6 | [ req_distinguished_name ] 7 | countryName = EU 8 | stateOrProvinceName = FR 9 | localityName = Sophia-Antipolis 10 | organizationName = Kubermatic 11 | commonName = machine-controller-webhook.kube-system.svc 12 | [ v3_req ] 13 | keyUsage = keyEncipherment, dataEncipherment 14 | extendedKeyUsage = serverAuth 15 | subjectAltName = @alt_names 16 | [alt_names] 17 | DNS.1 = machine-controller-webhook.kube-system.svc 18 | DNS.2 = machine-controller-webhook.kube-system.svc.cluster.local 19 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright YEAR The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Dockerfile.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Makefile.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.bzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatego.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright YEAR The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.py.txt: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright YEAR The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.sh.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /hack/build-kubevirt-images.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euxo pipefail 18 | 19 | BUILD_NUM=2 20 | 21 | cd $(dirname $0)/kubevirt_dockerfiles 22 | 23 | for flavor in ubuntu; do 24 | docker build \ 25 | -t quay.io/kubermatic/machine-controller-kubevirt:$flavor-$BUILD_NUM \ 26 | -f dockerfile.$flavor . 27 | docker push quay.io/kubermatic/machine-controller-kubevirt:$flavor-$BUILD_NUM 28 | done 29 | -------------------------------------------------------------------------------- /hack/ci/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euo pipefail 18 | set -x 19 | 20 | source hack/lib.sh 21 | 22 | if [ ! -f ~/.kube/config ] && [ -n "${PROW_JOB_ID:-}" ]; then 23 | echodate "Kubeconfig for KIND cluster was not found while running in CI, nothing to delete." 24 | exit 0 25 | fi 26 | 27 | export KUBECONFIG=~/.kube/config 28 | 29 | kubectl annotate --all=true --overwrite node kubermatic.io/skip-eviction=true 30 | kubectl delete machinedeployment -n kube-system --all 31 | kubectl delete machineset -n kube-system --all 32 | kubectl delete machine -n kube-system --all 33 | for try in {1..30}; do 34 | if kubectl get machine -n kube-system 2>&1 | grep -q 'No resources found.'; then exit 0; fi 35 | sleep 10s 36 | done 37 | 38 | # Remove the cluster-exposer svc from CI cluster. 39 | kubectl --kubeconfig /etc/kubeconfig/kubeconfig delete services -l prow.k8s.io/id=$PROW_JOB_ID 40 | 41 | echo "Error: couldn't delete all machines!" 42 | exit 1 43 | -------------------------------------------------------------------------------- /hack/ci/setup-cni-in-kind.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | CNI_VERSION="${CNI_VERSION:-v1.2.0}" 18 | 19 | cni_bin_dir=/opt/cni/bin 20 | mkdir -p /etc/cni/net.d "$cni_bin_dir" 21 | arch=${HOST_ARCH-} 22 | if [ -z "$arch" ]; then 23 | case $(uname -m) in 24 | x86_64) 25 | arch="amd64" 26 | ;; 27 | aarch64) 28 | arch="arm64" 29 | ;; 30 | *) 31 | echo "unsupported CPU architecture, exiting" 32 | exit 1 33 | ;; 34 | esac 35 | fi 36 | cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" 37 | cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" 38 | curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" 39 | cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") 40 | cd "$cni_bin_dir" 41 | sha256sum -c <<< "$cni_sum" 42 | tar xvf "$cni_filename" 43 | rm -f "$cni_filename" 44 | -------------------------------------------------------------------------------- /hack/cleanup_machines.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euo pipefail 18 | set -x 19 | 20 | kubectl annotate --all=true --overwrite node kubermatic.io/skip-eviction=true 21 | kubectl delete machinedeployment -n kube-system --all 22 | kubectl delete machineset -n kube-system --all 23 | kubectl delete machine -n kube-system --all 24 | for try in {1..30}; do 25 | if kubectl get machine -n kube-system 2>&1 | grep -q 'No resources found.'; then exit 0; fi 26 | sleep 10s 27 | done 28 | 29 | echo "Error: couldn't delete all machines!" 30 | exit 1 31 | -------------------------------------------------------------------------------- /hack/e2e-setup-openstack-images.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2019 The Machine Controller Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -o errexit 17 | set -o nounset 18 | set -o pipefail 19 | 20 | cd $(dirname $0)/ 21 | 22 | export UBUNTU_IMAGE_NAME="machine-controller-e2e-ubuntu" 23 | 24 | ./setup-openstack-images.sh 25 | -------------------------------------------------------------------------------- /hack/header.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/kubevirt_dockerfiles/dockerfile.ubuntu: -------------------------------------------------------------------------------- 1 | FROM kubevirt/registry-disk-v1alpha:v0.10.0 2 | 3 | RUN curl -L -o /disk/bionic.img https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img && \ 4 | qemu-img resize /disk/bionic.img +10g 5 | -------------------------------------------------------------------------------- /hack/run-machine-controller.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -e 18 | 19 | # Use a special env variable for machine-controller only 20 | # This kubeconfig should point to the cluster where machinedeployments, machines are installed. 21 | MC_KUBECONFIG=${MC_KUBECONFIG:-$(dirname $0)/../.kubeconfig} 22 | # If you want to use the default kubeconfig `export MC_KUBECONFIG=$KUBECONFIG` 23 | 24 | make -C $(dirname $0)/.. build-machine-controller 25 | $(dirname $0)/../machine-controller \ 26 | -kubeconfig=$MC_KUBECONFIG \ 27 | -worker-count=50 \ 28 | -log-debug \ 29 | -cluster-dns=169.254.20.10 \ 30 | -enable-profiling \ 31 | -metrics-address=0.0.0.0:8080 \ 32 | -health-probe-address=0.0.0.0:8085 33 | -------------------------------------------------------------------------------- /hack/setup-openstack-images.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2019 The Machine Controller Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -o errexit 17 | set -o nounset 18 | set -o pipefail 19 | 20 | UBUNTU_IMAGE_NAME=${UBUNTU_IMAGE_NAME:-"machine-controller-ubuntu"} 21 | 22 | echo "Downloading Ubuntu 18.04 image from upstream..." 23 | curl -L -o ubuntu.img http://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img 24 | echo "Uploading Ubuntu 18.04 image to OpenStack..." 25 | openstack image create \ 26 | --container-format bare \ 27 | --disk-format qcow2 \ 28 | --file ubuntu.img \ 29 | ${UBUNTU_IMAGE_NAME} 30 | rm ubuntu.img 31 | echo "Successfully uploaded ${UBUNTU_IMAGE_NAME} to OpenStack..." 32 | -------------------------------------------------------------------------------- /hack/update-fixtures.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euo pipefail 18 | 19 | cd $(dirname $0)/.. 20 | source hack/lib.sh 21 | 22 | CONTAINERIZE_IMAGE=quay.io/kubermatic/build:go-1.24-node-20-3 containerize ./hack/update-fixtures.sh 23 | 24 | go test ./... -v -update || go test ./... 25 | 26 | if [[ $? -eq 0 ]]; then echo "Successfully updated fixtures"; else "Failed to update fixtures"; fi 27 | -------------------------------------------------------------------------------- /hack/verify-boilerplate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euo pipefail 18 | 19 | cd $(dirname $0)/.. 20 | 21 | boilerplate \ 22 | -boilerplates hack/boilerplate \ 23 | -exclude sdk/apis/machines/v1alpha1 24 | -------------------------------------------------------------------------------- /hack/verify-licenses.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Machine Controller Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euo pipefail 18 | 19 | cd $(dirname $0)/.. 20 | source hack/lib.sh 21 | 22 | CONTAINERIZE_IMAGE=quay.io/kubermatic/build:go-1.24-node-20-3 containerize ./hack/verify-licenses.sh 23 | 24 | go mod vendor 25 | 26 | echodate "Checking licenses..." 27 | wwhrd check -q 28 | echodate "Check successful." 29 | -------------------------------------------------------------------------------- /image-builder/.gitignore: -------------------------------------------------------------------------------- 1 | /downloads 2 | *.vmdk 3 | -------------------------------------------------------------------------------- /image-builder/README.md: -------------------------------------------------------------------------------- 1 | #### Image builder script 2 | 3 | The script `build.sh` automatically builds a custom OS image for a VSphere environment. The original image of a selected OS is enriched with Kubernetes binaries, as well as (in the future) other custom files. 4 | 5 | Currently supported operating systems: 6 | * RedHat CoreOS 7 | * Debian 9 8 | 9 | ### Usage 10 | 11 | `./build.sh --target-os debian9 [--release K8S-RELEASE]` 12 | 13 | Parameters: 14 | * `--target-os` is mandatory and specifies the Linux distribution image to be built. Possible values: 15 | * `debian9` 16 | * `--release` specifies the Kubernetes release to be added to the image, e.g. `v1.10.2`. If not provided, the script will look up the latest stable release and use that. 17 | 18 | ### Output 19 | 20 | The script will generate a VMDK disk image with the filename `TARGET_OS-output.vmdk`. 21 | -------------------------------------------------------------------------------- /image-builder/RPM-GPG-KEY-CentOS-7: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1.4.5 (GNU/Linux) 3 | 4 | mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9 5 | Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn 6 | 4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ 7 | 4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ 8 | Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj 9 | WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1 10 | x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO 11 | IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY 12 | 438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB 13 | JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j 14 | NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB 15 | tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8 16 | c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC 17 | CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG 18 | QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL 19 | F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw 20 | 4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4 21 | Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv 22 | hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO 23 | aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD 24 | 3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD 25 | ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137 26 | YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv 27 | pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3 28 | uPNL0eRx4S1G4Jn5 29 | =OGYX 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /pkg/admission/machinedeployments_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package admission 18 | 19 | import ( 20 | "testing" 21 | 22 | clusterv1alpha1 "k8c.io/machine-controller/sdk/apis/cluster/v1alpha1" 23 | 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | ) 26 | 27 | func TestMachineDeploymentDefaulting(t *testing.T) { 28 | tests := []struct { 29 | name string 30 | machineDeployment *clusterv1alpha1.MachineDeployment 31 | isValid bool 32 | }{ 33 | { 34 | name: "Empty MachineDeployment validation should fail", 35 | machineDeployment: &clusterv1alpha1.MachineDeployment{}, 36 | isValid: false, 37 | }, 38 | { 39 | name: "Minimal MachineDeployment validation should succeed", 40 | machineDeployment: &clusterv1alpha1.MachineDeployment{ 41 | Spec: clusterv1alpha1.MachineDeploymentSpec{ 42 | Selector: metav1.LabelSelector{ 43 | MatchLabels: map[string]string{"foo": "bar"}, 44 | }, 45 | Template: clusterv1alpha1.MachineTemplateSpec{ 46 | ObjectMeta: metav1.ObjectMeta{ 47 | Labels: map[string]string{"foo": "bar"}, 48 | }, 49 | }, 50 | }, 51 | }, 52 | isValid: true, 53 | }, 54 | } 55 | 56 | for _, test := range tests { 57 | t.Run(test.name, func(t *testing.T) { 58 | machineDeploymentDefaultingFunction(test.machineDeployment) 59 | errs := validateMachineDeployment(*test.machineDeployment) 60 | if test.isValid != (len(errs) == 0) { 61 | t.Errorf("Expected machine to be valid: %t but got %d errors: %v", test.isValid, len(errs), errs) 62 | } 63 | }) 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /pkg/admission/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package admission 18 | 19 | import ( 20 | "encoding/json" 21 | "fmt" 22 | 23 | providerconfigtypes "k8c.io/machine-controller/sdk/providerconfig" 24 | ) 25 | 26 | const cloudProviderPacket = "packet" 27 | 28 | func migrateToEquinixMetal(providerConfig *providerconfigtypes.Config) (err error) { 29 | providerConfig.CloudProvider = providerconfigtypes.CloudProviderEquinixMetal 30 | 31 | // Field .spec.providerSpec.cloudProviderSpec.apiKey has been replaced with .spec.providerSpec.cloudProviderSpec.token 32 | // We first need to perform in-place replacement for this field 33 | rawConfig := map[string]interface{}{} 34 | if err := json.Unmarshal(providerConfig.CloudProviderSpec.Raw, &rawConfig); err != nil { 35 | return fmt.Errorf("failed to unmarshal providerConfig.CloudProviderSpec.Raw: %w", err) 36 | } 37 | // NB: We have to set the token only if apiKey existed, otherwise, migrated 38 | // machines will not create at all (authentication errors). 39 | apiKey, ok := rawConfig["apiKey"] 40 | if ok { 41 | rawConfig["token"] = apiKey 42 | delete(rawConfig, "apiKey") 43 | } 44 | 45 | // Update original object 46 | providerConfig.CloudProviderSpec.Raw, err = json.Marshal(rawConfig) 47 | if err != nil { 48 | return fmt.Errorf("failed to json marshal providerConfig.CloudProviderSpec.Raw: %w", err) 49 | } 50 | return nil 51 | } 52 | -------------------------------------------------------------------------------- /pkg/cloudprovider/common/ssh/ssh.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package ssh 18 | 19 | import ( 20 | "crypto/rand" 21 | "crypto/rsa" 22 | "fmt" 23 | 24 | "github.com/pborman/uuid" 25 | "golang.org/x/crypto/ssh" 26 | ) 27 | 28 | const privateRSAKeyBitSize = 4096 29 | 30 | // Pubkey is only used to create temporary key pairs, thus we 31 | // do not need the Private key 32 | // The reason for not hardcoding a random public key is that 33 | // it would look like a backdoor. 34 | type Pubkey struct { 35 | Name string 36 | PublicKey string 37 | FingerprintMD5 string 38 | } 39 | 40 | func NewKey() (*Pubkey, error) { 41 | tmpRSAKeyPair, err := rsa.GenerateKey(rand.Reader, privateRSAKeyBitSize) 42 | if err != nil { 43 | return nil, fmt.Errorf("failed to create private RSA key: %w", err) 44 | } 45 | 46 | if err := tmpRSAKeyPair.Validate(); err != nil { 47 | return nil, fmt.Errorf("failed to validate private RSA key: %w", err) 48 | } 49 | 50 | pubKey, err := ssh.NewPublicKey(&tmpRSAKeyPair.PublicKey) 51 | if err != nil { 52 | return nil, fmt.Errorf("failed to generate ssh public key: %w", err) 53 | } 54 | 55 | return &Pubkey{ 56 | Name: uuid.New(), 57 | PublicKey: string(ssh.MarshalAuthorizedKey(pubKey)), 58 | FingerprintMD5: ssh.FingerprintLegacyMD5(pubKey), 59 | }, nil 60 | } 61 | -------------------------------------------------------------------------------- /pkg/cloudprovider/errors/errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package errors 18 | 19 | import ( 20 | "errors" 21 | "fmt" 22 | 23 | "k8c.io/machine-controller/sdk/apis/cluster/common" 24 | ) 25 | 26 | var ( 27 | // ErrInstanceNotFound tells that the requested instance was not found on the cloud provider. 28 | ErrInstanceNotFound = errors.New("instance not found") 29 | ) 30 | 31 | func IsNotFound(err error) bool { 32 | return errors.Is(err, ErrInstanceNotFound) 33 | } 34 | 35 | // TerminalError is a helper struct that holds errors of type "terminal". 36 | type TerminalError struct { 37 | Reason common.MachineStatusError 38 | Message string 39 | } 40 | 41 | func (te TerminalError) Error() string { 42 | return fmt.Sprintf("An error of type = %v, with message = %v occurred", te.Reason, te.Message) 43 | } 44 | 45 | // IsTerminalError is a helper function that helps to determine if a given error is terminal. 46 | func IsTerminalError(err error) (bool, common.MachineStatusError, string) { 47 | var tError TerminalError 48 | if !errors.As(err, &tError) { 49 | return false, "", "" 50 | } 51 | return true, tError.Reason, tError.Message 52 | } 53 | -------------------------------------------------------------------------------- /pkg/cloudprovider/instance/instance.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package instance 18 | 19 | import corev1 "k8s.io/api/core/v1" 20 | 21 | // Instance represents a instance on the cloud provider. 22 | type Instance interface { 23 | // Name returns the instance name. 24 | Name() string 25 | // ID returns the instance identifier. 26 | ID() string 27 | // ProviderID returns the expected providerID for the instance 28 | ProviderID() string 29 | // Addresses returns a list of addresses associated with the instance. 30 | Addresses() map[string]corev1.NodeAddressType 31 | // Status returns the instance status. 32 | Status() Status 33 | } 34 | 35 | // Status represents the instance status. 36 | type Status string 37 | 38 | const ( 39 | StatusRunning Status = "running" 40 | StatusDeleting Status = "deleting" 41 | StatusDeleted Status = "deleted" 42 | StatusCreating Status = "creating" 43 | StatusUnknown Status = "unknown" 44 | ) 45 | -------------------------------------------------------------------------------- /pkg/cloudprovider/provider/anexia/reconcile_context.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package anexia 18 | 19 | import ( 20 | "context" 21 | 22 | cloudprovidertypes "k8c.io/machine-controller/pkg/cloudprovider/types" 23 | clusterv1alpha1 "k8c.io/machine-controller/sdk/apis/cluster/v1alpha1" 24 | anxtypes "k8c.io/machine-controller/sdk/cloudprovider/anexia" 25 | providerconfigtypes "k8c.io/machine-controller/sdk/providerconfig" 26 | ) 27 | 28 | type contextKey byte 29 | 30 | const machineReconcileContextKey contextKey = 0 31 | 32 | type reconcileContext struct { 33 | Machine *clusterv1alpha1.Machine 34 | Status *anxtypes.ProviderStatus 35 | UserData string 36 | Config resolvedConfig 37 | ProviderData *cloudprovidertypes.ProviderData 38 | ProviderConfig *providerconfigtypes.Config 39 | } 40 | 41 | func createReconcileContext(ctx context.Context, cc reconcileContext) context.Context { 42 | return context.WithValue(ctx, machineReconcileContextKey, cc) 43 | } 44 | 45 | func getReconcileContext(ctx context.Context) reconcileContext { 46 | rawContext := ctx.Value(machineReconcileContextKey) 47 | if recContext, ok := rawContext.(reconcileContext); ok { 48 | return recContext 49 | } 50 | 51 | return reconcileContext{} 52 | } 53 | -------------------------------------------------------------------------------- /pkg/cloudprovider/provider/aws/gzip.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package aws 18 | 19 | import ( 20 | "bytes" 21 | "compress/gzip" 22 | ) 23 | 24 | func gzipString(s string) (string, error) { 25 | var b bytes.Buffer 26 | gz := gzip.NewWriter(&b) 27 | 28 | if _, err := gz.Write([]byte(s)); err != nil { 29 | return "", err 30 | } 31 | 32 | if err := gz.Flush(); err != nil { 33 | return "", err 34 | } 35 | 36 | if err := gz.Close(); err != nil { 37 | return "", err 38 | } 39 | 40 | return b.String(), nil 41 | } 42 | -------------------------------------------------------------------------------- /pkg/cloudprovider/provider/baremetal/plugins/driver.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package plugins 18 | 19 | import ( 20 | "context" 21 | 22 | "go.uber.org/zap" 23 | 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // PluginDriver manages the communications between the machine controller cloud provider and the bare metal env. 29 | type PluginDriver interface { 30 | GetServer(context.Context) (Server, error) 31 | Validate(runtime.RawExtension) error 32 | ProvisionServer(context.Context, *zap.SugaredLogger, metav1.ObjectMeta, runtime.RawExtension, string) (Server, error) 33 | DeprovisionServer(context.Context) error 34 | } 35 | 36 | // Server represents the server/instance which exists in the bare metal env. 37 | type Server interface { 38 | GetName() string 39 | GetID() string 40 | GetIPAddress() string 41 | GetMACAddress() string 42 | GetStatus() string 43 | } 44 | -------------------------------------------------------------------------------- /pkg/cloudprovider/provider/baremetal/plugins/tinkerbell/client/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package client 18 | 19 | import ( 20 | "fmt" 21 | "net" 22 | "strings" 23 | 24 | tinkv1alpha1 "github.com/tinkerbell/tink/api/v1alpha1" 25 | ) 26 | 27 | func convertNetmaskToCIDR(ip *tinkv1alpha1.IP) string { 28 | mask := net.IPMask(net.ParseIP(ip.Netmask).To4()) 29 | length, _ := mask.Size() 30 | 31 | cidr := "" 32 | parts := strings.Split(ip.Address, ".") 33 | for i := 0; i < len(parts); i++ { 34 | cidr += parts[i] + "." 35 | } 36 | cidr = strings.TrimSuffix(cidr, ".") 37 | 38 | return fmt.Sprintf("%s/%v", cidr, length) 39 | } 40 | -------------------------------------------------------------------------------- /pkg/cloudprovider/provider/baremetal/plugins/tinkerbell/types/hardware.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package types 18 | 19 | import ( 20 | tinkv1alpha1 "github.com/tinkerbell/tink/api/v1alpha1" 21 | 22 | "k8c.io/machine-controller/pkg/cloudprovider/provider/baremetal/plugins" 23 | ) 24 | 25 | const ( 26 | Unknown string = "Unknown" 27 | Staged string = "Staged" 28 | Provisioned string = "Provisioned" 29 | Decommissioned string = "Decommissioned" 30 | 31 | HardwareRefLabel = "app.kubernetes.io/hardware-reference" 32 | ) 33 | 34 | type Hardware struct { 35 | *tinkv1alpha1.Hardware `json:"hardware"` 36 | } 37 | 38 | var _ plugins.Server = &Hardware{} 39 | 40 | func (h *Hardware) GetName() string { 41 | return h.Name 42 | } 43 | 44 | func (h *Hardware) GetID() string { 45 | if h.Spec.Metadata != nil && 46 | h.Spec.Metadata.Instance != nil { 47 | return h.Spec.Metadata.Instance.ID 48 | } 49 | 50 | return "" 51 | } 52 | 53 | func (h *Hardware) GetIPAddress() string { 54 | if h.Spec.Metadata != nil && h.Spec.Metadata.State == Staged { 55 | interfaces := h.Spec.Interfaces 56 | if len(interfaces) > 0 && interfaces[0].DHCP.IP != nil { 57 | return interfaces[0].DHCP.IP.Address 58 | } 59 | } 60 | 61 | return "" 62 | } 63 | 64 | func (h *Hardware) GetMACAddress() string { 65 | if len(h.Spec.Interfaces) > 0 { 66 | return h.Spec.Interfaces[0].DHCP.MAC 67 | } 68 | 69 | return "" 70 | } 71 | 72 | func (h *Hardware) GetStatus() string { 73 | if h.Status.State != "" { 74 | return string(h.Status.State) 75 | } 76 | 77 | return Unknown 78 | } 79 | -------------------------------------------------------------------------------- /pkg/cloudprovider/testing/testing.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package testing 18 | 19 | import ( 20 | "testing" 21 | 22 | clusterv1alpha1 "k8c.io/machine-controller/sdk/apis/cluster/v1alpha1" 23 | 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // ProvProviderSpecGetter generates provider spec for testing purposes. 29 | type ProviderSpecGetter func(t *testing.T) []byte 30 | 31 | // Creator is used to generate test resources. 32 | type Creator struct { 33 | Name string 34 | Namespace string 35 | ProviderSpecGetter ProviderSpecGetter 36 | } 37 | 38 | func (c Creator) CreateMachine(t *testing.T) *clusterv1alpha1.Machine { 39 | return &clusterv1alpha1.Machine{ 40 | ObjectMeta: metav1.ObjectMeta{ 41 | Name: c.Name, 42 | Namespace: c.Namespace, 43 | }, 44 | Spec: clusterv1alpha1.MachineSpec{ 45 | ObjectMeta: metav1.ObjectMeta{ 46 | Name: c.Name, 47 | Namespace: c.Namespace, 48 | }, 49 | ProviderSpec: clusterv1alpha1.ProviderSpec{ 50 | Value: &runtime.RawExtension{ 51 | Raw: c.ProviderSpecGetter(t), 52 | }, 53 | }, 54 | }, 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /pkg/cloudprovider/util/net.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "crypto/rand" 21 | "errors" 22 | "fmt" 23 | "net" 24 | ) 25 | 26 | func CIDRToIPAndNetMask(ipv4 string) (string, string, int, error) { 27 | ip, ipNet, err := net.ParseCIDR(ipv4) 28 | if err != nil { 29 | return "", "", 0, fmt.Errorf("failed to parse CIDR prefix: %w", err) 30 | } 31 | 32 | if len(ipNet.Mask) != 4 { 33 | return "", "", 0, errors.New("inappropriate netmask length, netmask should be 4 bytes") 34 | } 35 | size, _ := ipNet.Mask.Size() 36 | 37 | netmask := fmt.Sprintf("%d.%d.%d.%d", ipNet.Mask[0], ipNet.Mask[1], ipNet.Mask[2], ipNet.Mask[3]) 38 | return ip.String(), netmask, size, nil 39 | } 40 | 41 | // GenerateRandMAC generates a random unicast and locally administered MAC address. 42 | func GenerateRandMAC() (net.HardwareAddr, error) { 43 | buf := make([]byte, 6) 44 | var mac net.HardwareAddr 45 | 46 | _, err := rand.Read(buf) 47 | if err != nil { 48 | return mac, err 49 | } 50 | 51 | // Set locally administered addresses bit and reset multicast bit 52 | buf[0] = (buf[0] | 0x02) & 0xfe 53 | mac = append(mac, buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]) 54 | 55 | return mac, nil 56 | } 57 | -------------------------------------------------------------------------------- /pkg/cloudprovider/util/testdata/userdata.yaml: -------------------------------------------------------------------------------- 1 | write_files: 2 | - path: "/etc/kubernetes/bootstrap-kubelet.conf" 3 | permissions: "0600" 4 | content: | 5 | apiVersion: v1 6 | clusters: 7 | - cluster: 8 | certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EUXdOakUyTURrME5Wb1hEVE14TURRd05ERTJNRGswTlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGpQCnBwUGRZZTM2eTM5SGRTRUdFODF4b1dqRGZSalI3Y096WUI5SXpHVTZ4d3YzUHVqT21hRzM4ZUFWV3VWOFRFWHYKYU80eHlDTGovenFPR25ua09xOVU5Umt1R3ZqOTV0M3VaeG5wbW5KMGR4VjQyL2tWSG1xcG1FakRrWTUrVkpLRQo2ek9vaUh4ZHF4KzNCd2NQZVZib0xJNTZQN0lLdGdqYWdWSEF6YURucW5zLzFoSVRpZHNGMXhWUno1M2hxRkdXClJsdkU0eFpnOHhMaHF1a1FYUDdZM09mV2hDREdIU21aT1lZUHJsYkxjb0lJcTdWVnRwQ1pqaWpWMUtTOG9LaDcKQ21LckNLbUcyT3BiVmRsdVpyaWZOODk1NTVpbCtQZTRlUHZOTHFQZngrK0tHVmVweGYwUFFoSEZEZmZYc0lLQQpDa0VmMnJMMmx3cmMvWWluMkhVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZObmxLS0xzY0lFd0N5UUVIaXREY1RUU3VyM2NNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDVGVUMGRBbmsyYWhHcTQ3MjY2YmI0QUFVQU10Zzl6Y0YwOEtDamdlalBjMVdkbFVKSAo3d29sL3F5cmdnRnN2cm5jQ2Uvb0JQY1BodUxWU3lYZGUvTmQ0UDVMZnZiUVBuZHdDTiszWHJ3Qnl1L1FXK0lkClFkaE5HWFl0S29UOEx5MGV5TjVoTU9iZ1d4OEZCRGNvY2dPdFArM1AyNHRaMzhkYXRocGIwM3lVeE1HYVNhQ3cKakllRnZvMkt4M3RKSmhuUVNVdHQvZWhWMXQvdmZMdUpsN3Rzd1RNOGNHc1ZDWnlpeHByQno2N0NCYUVWYklQMApVclorQWVlUDJJQktlc0QyZm5HK3lpY1F1b213UXR2anZDVjNCRUxNbXpYNGRSVU4zYkxhajZSWG9TMVBZVXFRCkUrKzdrMDJranNuUWZqTlh5Y2NMSWxsYXJsYTY2OC9hU3NkQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 9 | server: https://88.99.224.97:6443 10 | name: c 11 | contexts: 12 | - context: 13 | cluster: c 14 | user: c 15 | name: c 16 | current-context: c 17 | kind: Config 18 | preferences: {} 19 | users: 20 | - name: c 21 | user: 22 | token: fmcvq4.frz94dw6z7cv6w2b 23 | -------------------------------------------------------------------------------- /pkg/cloudprovider/util/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "fmt" 21 | 22 | cloudprovidertypes "k8c.io/machine-controller/pkg/cloudprovider/types" 23 | kuberneteshelper "k8c.io/machine-controller/pkg/kubernetes" 24 | clusterv1alpha1 "k8c.io/machine-controller/sdk/apis/cluster/v1alpha1" 25 | ) 26 | 27 | // RemoveFinalizerOnInstanceNotFound checks whether a finalizer exists and removes it on demand. 28 | func RemoveFinalizerOnInstanceNotFound(finalizer string, 29 | machine *clusterv1alpha1.Machine, 30 | provider *cloudprovidertypes.ProviderData) (bool, error) { 31 | if !kuberneteshelper.HasFinalizer(machine, finalizer) { 32 | return true, nil 33 | } 34 | 35 | if err := provider.Update(machine, func(updatedMachine *clusterv1alpha1.Machine) { 36 | updatedMachine.Finalizers = kuberneteshelper.RemoveFinalizer(updatedMachine.Finalizers, finalizer) 37 | }); err != nil { 38 | return false, fmt.Errorf("failed updating machine %v finzaliers: %w", machine.Name, err) 39 | } 40 | return true, nil 41 | } 42 | -------------------------------------------------------------------------------- /pkg/controller/machine/bootstrap.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "net/url" 21 | "regexp" 22 | "strings" 23 | 24 | corev1 "k8s.io/api/core/v1" 25 | ) 26 | 27 | const hostnamePlaceholder = "" 28 | 29 | func getOSMBootstrapUserdata(machineName string, bootstrapSecret corev1.Secret) string { 30 | bootstrapConfig := string(bootstrapSecret.Data["cloud-config"]) 31 | 32 | // We have to inject the hostname i.e. machine name. 33 | bootstrapConfig = strings.ReplaceAll(bootstrapConfig, hostnamePlaceholder, machineName) 34 | // Data is HTML Encoded for ignition. 35 | bootstrapConfig = strings.ReplaceAll(bootstrapConfig, url.QueryEscape(hostnamePlaceholder), url.QueryEscape(machineName)) 36 | return cleanupTemplateOutput(bootstrapConfig) 37 | } 38 | 39 | // cleanupTemplateOutput postprocesses the output of the template processing. Those 40 | // may exist due to the working of template functions like those of the sprig package 41 | // or template condition. 42 | func cleanupTemplateOutput(output string) string { 43 | // Valid YAML files are not allowed to have empty lines containing spaces or tabs. 44 | // So far only cleanup. 45 | woBlankLines := regexp.MustCompile(`(?m)^[ \t]+$`).ReplaceAllString(output, "") 46 | return woBlankLines 47 | } 48 | -------------------------------------------------------------------------------- /pkg/controller/nodecsrapprover/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | /* 18 | Package nodecsrapprover contains a controller responsible for autoapproving CSRs created by nodes 19 | for serving certificates. 20 | */ 21 | package nodecsrapprover 22 | -------------------------------------------------------------------------------- /pkg/controller/util/machine.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "context" 21 | "fmt" 22 | 23 | clusterv1alpha1 "k8c.io/machine-controller/sdk/apis/cluster/v1alpha1" 24 | 25 | "k8s.io/apimachinery/pkg/types" 26 | ctrlruntimeclient "sigs.k8s.io/controller-runtime/pkg/client" 27 | ) 28 | 29 | func GetMachineDeploymentNameAndRevisionForMachine(ctx context.Context, machine *clusterv1alpha1.Machine, c ctrlruntimeclient.Client) (string, string, error) { 30 | var ( 31 | machineSetName string 32 | machineDeploymentName string 33 | ) 34 | for _, ownerRef := range machine.OwnerReferences { 35 | if ownerRef.Kind == "MachineSet" { 36 | machineSetName = ownerRef.Name 37 | } 38 | } 39 | 40 | if machineSetName != "" { 41 | machineSet := &clusterv1alpha1.MachineSet{} 42 | if err := c.Get(ctx, types.NamespacedName{Name: machineSetName, Namespace: machine.Namespace}, machineSet); err != nil { 43 | return "", "", err 44 | } 45 | 46 | for _, ownerRef := range machineSet.OwnerReferences { 47 | if ownerRef.Kind == "MachineDeployment" { 48 | machineDeploymentName = ownerRef.Name 49 | } 50 | } 51 | 52 | revision := machineSet.Annotations[RevisionAnnotation] 53 | if machineDeploymentName != "" { 54 | return machineDeploymentName, revision, nil 55 | } 56 | } 57 | 58 | return "", "", fmt.Errorf("failed to find machine deployment reference for the machine %s", machine.Name) 59 | } 60 | -------------------------------------------------------------------------------- /pkg/health/readiness.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package health 18 | 19 | import ( 20 | "errors" 21 | "fmt" 22 | "net/http" 23 | 24 | "go.uber.org/zap" 25 | 26 | machinecontroller "k8c.io/machine-controller/pkg/controller/machine" 27 | 28 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 29 | "k8s.io/client-go/kubernetes" 30 | "sigs.k8s.io/controller-runtime/pkg/healthz" 31 | ) 32 | 33 | func ApiserverReachable(client kubernetes.Interface) healthz.Checker { 34 | return func(req *http.Request) error { 35 | _, err := client.CoreV1().Nodes().List(req.Context(), metav1.ListOptions{}) 36 | if err != nil { 37 | return fmt.Errorf("failed to list nodes check: %w", err) 38 | } 39 | 40 | return nil 41 | } 42 | } 43 | 44 | func KubeconfigAvailable(kubeconfigProvider machinecontroller.KubeconfigProvider, log *zap.SugaredLogger) healthz.Checker { 45 | return func(req *http.Request) error { 46 | cm, err := kubeconfigProvider.GetKubeconfig(req.Context(), log) 47 | if err != nil { 48 | return fmt.Errorf("failed to get kubeconfig: %w", err) 49 | } 50 | 51 | if len(cm.Clusters) != 1 { 52 | return errors.New("invalid kubeconfig: no clusters found") 53 | } 54 | 55 | for name, c := range cm.Clusters { 56 | if len(c.CertificateAuthorityData) == 0 { 57 | return fmt.Errorf("invalid kubeconfig: no certificate authority data was specified for kuberconfig.clusters.'%s'", name) 58 | } 59 | 60 | if len(c.Server) == 0 { 61 | return fmt.Errorf("invalid kubeconfig: no server was specified for kuberconfig.clusters.'%s'", name) 62 | } 63 | } 64 | 65 | return nil 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /pkg/kubernetes/helper.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package kubernetes 18 | 19 | import ( 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | "k8s.io/apimachinery/pkg/util/sets" 22 | ) 23 | 24 | // HasFinalizer tells if a object has the given finalizer. 25 | func HasFinalizer(o metav1.Object, name string) bool { 26 | return sets.NewString(o.GetFinalizers()...).Has(name) 27 | } 28 | 29 | // RemoveFinalizer removes the given finalizer and returns the cleaned list. 30 | func RemoveFinalizer(finalizers []string, toRemove string) []string { 31 | set := sets.NewString(finalizers...) 32 | set.Delete(toRemove) 33 | return set.List() 34 | } 35 | -------------------------------------------------------------------------------- /pkg/rhsm/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package rhsm 18 | 19 | import ( 20 | "k8c.io/machine-controller/pkg/cloudprovider/types" 21 | kuberneteshelper "k8c.io/machine-controller/pkg/kubernetes" 22 | clusterv1alpha1 "k8c.io/machine-controller/sdk/apis/cluster/v1alpha1" 23 | ) 24 | 25 | const ( 26 | RedhatSubscriptionFinalizer = "kubermatic.io/red-hat-subscription" 27 | ) 28 | 29 | // AddRHELSubscriptionFinalizer adds finalizer RedhatSubscriptionFinalizer to the machine object on rhel machine creation. 30 | func AddRHELSubscriptionFinalizer(machine *clusterv1alpha1.Machine, update types.MachineUpdater) error { 31 | if !kuberneteshelper.HasFinalizer(machine, RedhatSubscriptionFinalizer) { 32 | if err := update(machine, func(m *clusterv1alpha1.Machine) { 33 | m.Finalizers = append(m.Finalizers, RedhatSubscriptionFinalizer) 34 | }); err != nil { 35 | return err 36 | } 37 | } 38 | 39 | return nil 40 | } 41 | 42 | // RemoveRHELSubscriptionFinalizer removes finalizer RedhatSubscriptionFinalizer to the machine object on rhel machine deletion. 43 | func RemoveRHELSubscriptionFinalizer(machine *clusterv1alpha1.Machine, update types.MachineUpdater) error { 44 | if kuberneteshelper.HasFinalizer(machine, RedhatSubscriptionFinalizer) { 45 | if err := update(machine, func(m *clusterv1alpha1.Machine) { 46 | m.Finalizers = kuberneteshelper.RemoveFinalizer(m.Finalizers, RedhatSubscriptionFinalizer) 47 | }); err != nil { 48 | return err 49 | } 50 | } 51 | 52 | return nil 53 | } 54 | -------------------------------------------------------------------------------- /sdk/.golangci.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The Kubermatic Kubernetes Platform contributors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # 16 | # This file contains *additional* linting rules that just apply to the SDK. 17 | # When running `make lint`, the SDK is linted twice, once with the repository 18 | # root's .golangci.yml and once with the SDK's config file. 19 | # 20 | 21 | version: "2" 22 | run: 23 | modules-download-mode: readonly 24 | linters: 25 | default: none 26 | enable: 27 | - depguard 28 | settings: 29 | depguard: 30 | rules: 31 | noreverse: 32 | deny: 33 | - pkg: k8c.io/machine-controller/pkg 34 | desc: SDK must not depend on the main module 35 | exclusions: 36 | generated: lax 37 | presets: 38 | - comments 39 | - common-false-positives 40 | - legacy 41 | - std-error-handling 42 | paths: 43 | - zz_generated.*.go 44 | - third_party$ 45 | - builtin$ 46 | - examples$ 47 | formatters: 48 | exclusions: 49 | generated: lax 50 | paths: 51 | - third_party$ 52 | - builtin$ 53 | - examples$ 54 | -------------------------------------------------------------------------------- /sdk/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2025 The Machine Controller Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | .PHONY: lint 16 | lint: 17 | golangci-lint run --verbose --print-resources-usage ./... 18 | golangci-lint run --verbose --print-resources-usage --config ../.golangci.yml ./... 19 | -------------------------------------------------------------------------------- /sdk/README.md: -------------------------------------------------------------------------------- 1 | # machine-controller SDK 2 | 3 | This directory contains the `k8c.io/machine-controller/sdk` Go module. If you're 4 | looking at integrating the machine controller (MC) into your application, this 5 | is where you should start. 6 | 7 | ## Usage 8 | 9 | Simply `go get` the SDK to use it in your application: 10 | 11 | ```shell 12 | go get k8c.io/machine-controller/sdk 13 | ``` 14 | 15 | If necessary, you can also import the main MC module, but this comes with heavy 16 | dependencies that might be too costly to maintain for you: 17 | 18 | ```shell 19 | go get k8c.io/machine-controller 20 | go get k8c.io/machine-controller/sdk 21 | ``` 22 | 23 | In this case it's recommended to always keep both dependencies on the exact same 24 | version. 25 | 26 | ## Development 27 | 28 | There are two main design criteria for the SDK: 29 | 30 | 1. The SDK should contain a minimal set of dependencies, in a perfect world it 31 | would be only Kube dependencies. The idea behind the SDK is to make importing 32 | KKP cheap and easy and to not force dependencies onto consumers. 33 | 34 | 1. The SDK should not contain as few functions as possible. Functions always 35 | represent application logic and usually that logic should not be hardcoded into 36 | client apps. Every function in the SDK is therefore to be considered "eternal". 37 | 38 | 1. The SDK should truly follow the Go Modules idea of declaring the _minimum_ 39 | compatible versions of every dependency and even of Go. The main machine 40 | controller module can and should have the _latest_ dependencies, but the SDK 41 | should not force consumers to be on the most recent Kube version, for example. 42 | -------------------------------------------------------------------------------- /sdk/apis/cluster/common/plugins.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package common 18 | 19 | import ( 20 | "fmt" 21 | "sync" 22 | ) 23 | 24 | var ( 25 | providersMutex sync.Mutex 26 | providers = make(map[string]interface{}) 27 | ) 28 | 29 | // RegisterClusterProvisioner registers a ClusterProvisioner by name. This 30 | // is expected to happen during app startup. 31 | func RegisterClusterProvisioner(name string, provisioner interface{}) { 32 | providersMutex.Lock() 33 | defer providersMutex.Unlock() 34 | if _, found := providers[name]; found { 35 | panic(fmt.Sprintf("Cluster provisioner %q was registered twice", name)) 36 | } 37 | providers[name] = provisioner 38 | } 39 | 40 | func ClusterProvisioner(name string) (interface{}, error) { 41 | providersMutex.Lock() 42 | defer providersMutex.Unlock() 43 | provisioner, found := providers[name] 44 | if !found { 45 | return nil, fmt.Errorf("failed to find provisioner for %s", name) 46 | } 47 | return provisioner, nil 48 | } 49 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/common_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | corev1 "k8s.io/api/core/v1" 21 | runtime "k8s.io/apimachinery/pkg/runtime" 22 | ) 23 | 24 | // ProviderSpec defines the configuration to use during node creation. 25 | type ProviderSpec struct { 26 | 27 | // No more than one of the following may be specified. 28 | 29 | // Value is an inlined, serialized representation of the resource 30 | // configuration. It is recommended that providers maintain their own 31 | // versioned API types that should be serialized/deserialized from this 32 | // field, akin to component config. 33 | // +optional 34 | Value *runtime.RawExtension `json:"value,omitempty"` 35 | 36 | // Source for the provider configuration. Cannot be used if value is 37 | // not empty. 38 | // +optional 39 | ValueFrom *ProviderSpecSource `json:"valueFrom,omitempty"` 40 | } 41 | 42 | // ProviderSpecSource represents a source for the provider-specific 43 | // resource configuration. 44 | type ProviderSpecSource struct { 45 | // The machine class from which the provider config should be sourced. 46 | // +optional 47 | MachineClass *MachineClassRef `json:"machineClass,omitempty"` 48 | } 49 | 50 | // MachineClassRef is a reference to the MachineClass object. Controllers should find the right MachineClass using this reference. 51 | type MachineClassRef struct { 52 | // +optional 53 | *corev1.ObjectReference `json:",inline"` 54 | 55 | // Provider is the name of the cloud-provider which MachineClass is intended for. 56 | // +optional 57 | Provider string `json:"provider,omitempty"` 58 | } 59 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/clusterv1alpha1machineDeploymentWithProviderConfig/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: MachineDeployment 3 | metadata: 4 | annotations: 5 | machinedeployment.clusters.k8s.io/revision: "1" 6 | generateName: kubermatic-gttbxgswnv- 7 | generation: 1 8 | name: kubermatic-gttbxgswnv-q5rcj 9 | namespace: kube-system 10 | spec: 11 | minReadySeconds: 0 12 | progressDeadlineSeconds: 600 13 | replicas: 3 14 | revisionHistoryLimit: 1 15 | selector: 16 | matchLabels: 17 | machine: md-gttbxgswnv-nl5s9qs8ww 18 | strategy: 19 | rollingUpdate: 20 | maxSurge: 1 21 | maxUnavailable: 0 22 | type: RollingUpdate 23 | template: 24 | metadata: 25 | creationTimestamp: null 26 | labels: 27 | machine: md-gttbxgswnv-nl5s9qs8ww 28 | spec: 29 | metadata: 30 | creationTimestamp: null 31 | providerConfig: 32 | value: 33 | cloudProvider: hetzner 34 | cloudProviderSpec: 35 | datacenter: nbg1-dc3 36 | location: "" 37 | serverType: cx31 38 | token: "" 39 | operatingSystem: ubuntu 40 | operatingSystemSpec: 41 | distUpgradeOnBoot: false 42 | sshPublicKeys: [] 43 | versions: 44 | kubelet: 1.11.6 45 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/clusterv1alpha1machineSetWithProviderConfig/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: MachineSet 3 | metadata: 4 | annotations: 5 | machinedeployment.clusters.k8s.io/desired-replicas: "3" 6 | machinedeployment.clusters.k8s.io/max-replicas: "4" 7 | machinedeployment.clusters.k8s.io/revision: "1" 8 | creationTimestamp: "2019-01-23T12:59:25Z" 9 | generation: 1 10 | labels: 11 | machine: md-gttbxgswnv-nl5s9qs8ww 12 | machine-template-hash: "1950051685" 13 | name: kubermatic-gttbxgswnv-q5rcj-5f94495bd9 14 | namespace: kube-system 15 | ownerReferences: 16 | - apiVersion: cluster.k8s.io/v1alpha1 17 | blockOwnerDeletion: true 18 | controller: true 19 | kind: MachineDeployment 20 | name: kubermatic-gttbxgswnv-q5rcj 21 | uid: b5fd92a1-1f0e-11e9-9561-b2d5a2b51b30 22 | resourceVersion: "9387" 23 | spec: 24 | replicas: 3 25 | selector: 26 | matchLabels: 27 | machine: md-gttbxgswnv-nl5s9qs8ww 28 | machine-template-hash: "1950051685" 29 | template: 30 | metadata: 31 | creationTimestamp: null 32 | labels: 33 | machine: md-gttbxgswnv-nl5s9qs8ww 34 | machine-template-hash: "1950051685" 35 | spec: 36 | metadata: 37 | creationTimestamp: null 38 | providerConfig: 39 | value: 40 | cloudProvider: hetzner 41 | cloudProviderSpec: 42 | datacenter: nbg1-dc3 43 | location: "" 44 | serverType: cx31 45 | token: "" 46 | operatingSystem: ubuntu 47 | operatingSystemSpec: 48 | distUpgradeOnBoot: false 49 | sshPublicKeys: [] 50 | versions: 51 | kubelet: 1.11.6 52 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/clusterv1alpha1machineWithProviderConfig/aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: Machine 3 | metadata: 4 | name: aws-machinedeployment 5 | namespace: kube-system 6 | spec: 7 | providerConfig: 8 | value: 9 | cloudProvider: aws 10 | cloudProviderSpec: 11 | accessKeyId: 12 | secretKeyRef: 13 | key: accessKeyId 14 | name: machine-controller-aws 15 | namespace: kube-system 16 | availabilityZone: eu-central-1a 17 | diskSize: 50 18 | diskType: gp2 19 | instanceProfile: kubernetes-v1 20 | instanceType: t2.micro 21 | region: eu-central-1 22 | secretAccessKey: 23 | secretKeyRef: 24 | key: secretAccessKey 25 | name: machine-controller-aws 26 | namespace: kube-system 27 | subnetId: subnet-2bff4f43 28 | tags: 29 | KubernetesCluster: 6qsm86c2d 30 | vpcId: vpc-079f7648481a11e77 31 | operatingSystem: flatcar 32 | operatingSystemSpec: 33 | disableAutoUpdate: true 34 | sshPublicKeys: 35 | - << YOUR_PUBLIC_KEY >> 36 | versions: 37 | kubelet: 1.9.6 38 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/clusterv1alpha1machineWithProviderConfig/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: Machine 3 | metadata: 4 | name: hetzner-machine 5 | namespace: kube-system 6 | spec: 7 | providerConfig: 8 | value: 9 | cloudProvider: hetzner 10 | cloudProviderSpec: 11 | datacenter: '' 12 | location: fsn1 13 | serverType: cx22 14 | token: << HETZNER_TOKEN >> 15 | operatingSystem: << OS_NAME >> 16 | operatingSystemSpec: 17 | disableAutoUpdate: true 18 | distUpgradeOnBoot: false 19 | sshPublicKeys: 20 | - << YOUR_PUBLIC_KEY >> 21 | versions: 22 | kubelet: << KUBERNETES_VERSION >> 23 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: aws 5 | finalizers: 6 | - machine-delete-finalizer 7 | spec: 8 | metadata: 9 | name: node1 10 | providerConfig: 11 | sshPublicKeys: 12 | - "<< YOUR_PUBLIC_KEY >>" 13 | cloudProvider: "aws" 14 | cloudProviderSpec: 15 | accessKeyId: "val" 16 | secretAccessKey: "val" 17 | region: "eu-central-1" 18 | availabilityZone: "eu-central-1a" 19 | vpcId: "vpc-079f7648481a11e77" 20 | subnetId: "subnet-2bff4f43" 21 | instanceType: "t2.micro" 22 | diskSize: 50 23 | diskType: "gp2" 24 | tags: 25 | "KubernetesCluster": "6qsm86c2d" 26 | operatingSystem: "flatcar" 27 | operatingSystemSpec: 28 | disableAutoUpdate: true 29 | roles: 30 | - "Node" 31 | versions: 32 | kubelet: "v1.9.6" 33 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/azure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: azure 5 | spec: 6 | metadata: 7 | labels: 8 | foo: "bar" 9 | providerConfig: 10 | sshPublicKeys: 11 | - "<< YOUR_PUBLIC_KEY >>" 12 | cloudProvider: "azure" 13 | cloudProviderSpec: 14 | tenantID: 15 | secretKeyRef: 16 | namespace: kube-system 17 | name: machine-controller-azure 18 | key: tenantID 19 | clientID: 20 | secretKeyRef: 21 | namespace: kube-system 22 | name: machine-controller-azure 23 | key: clientID 24 | clientSecret: 25 | secretKeyRef: 26 | namespace: kube-system 27 | name: machine-controller-azure 28 | key: clientSecret 29 | subscriptionID: 30 | secretKeyRef: 31 | namespace: kube-system 32 | name: machine-controller-azure 33 | key: subscriptionID 34 | location: "westeurope" 35 | resourceGroup: "<< YOUR_RESOURCE_GROUP >>" 36 | vmSize: "Standard_B1ms" 37 | vnetName: "<< VNET_NAME >>" 38 | subnetName: "<< SUBNET_NAME >>" 39 | routeTableName: "<< ROUTE_TABLE_NAME >>" 40 | assignPublicIP: false 41 | operatingSystem: "flatcar" 42 | operatingSystemSpec: 43 | distUpgradeOnBoot: false 44 | roles: 45 | - "Node" 46 | versions: 47 | kubelet: "v1.10.2" 48 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/digitalocean.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: digitalocean 5 | spec: 6 | metadata: 7 | name: node1 8 | providerConfig: 9 | sshPublicKeys: 10 | - "<< YOUR_PUBLIC_KEY >>" 11 | cloudProvider: "digitalocean" 12 | cloudProviderSpec: 13 | token: "token" 14 | region: fra1 15 | size: 2gb 16 | backups: false 17 | ipv6: false 18 | private_networking: true 19 | monitoring: false 20 | tags: 21 | - "machine-controller" 22 | operatingSystem: "ubuntu" 23 | operatingSystemSpec: 24 | disableAutoUpdate: true 25 | roles: 26 | - "Node" 27 | versions: 28 | kubelet: "v1.9.6" 29 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: hetzner 5 | spec: 6 | providerConfig: 7 | sshPublicKeys: 8 | - "<< YOUR_PUBLIC_KEY >>" 9 | cloudProvider: "hetzner" 10 | cloudProviderSpec: 11 | token: 12 | secretKeyRef: 13 | namespace: kube-system 14 | name: machine-controller-hetzner 15 | key: token 16 | serverType: "cx22" 17 | datacenter: "" 18 | location: "fsn1" 19 | operatingSystem: "ubuntu" 20 | operatingSystemSpec: 21 | distUpgradeOnBoot: false 22 | roles: 23 | - "Node" 24 | versions: 25 | kubelet: "1.9.6" 26 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/linode.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: linode 5 | spec: 6 | metadata: 7 | name: node1 8 | providerConfig: 9 | sshPublicKeys: 10 | - "<< YOUR_PUBLIC_KEY >>" 11 | cloudProvider: "linode" 12 | cloudProviderSpec: 13 | backups: false 14 | private_networking: true 15 | region: eu-west 16 | tags: 17 | - "machine-controller" 18 | token: "token" 19 | type: g6-standard-2 20 | operatingSystem: "ubuntu" 21 | operatingSystemSpec: 22 | disableAutoUpdate: true 23 | roles: 24 | - "Node" 25 | versions: 26 | kubelet: "v1.9.6" 27 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/vsphere-static-ip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: vsphere-static-ip 5 | spec: 6 | metadata: 7 | labels: 8 | foo: "bar" 9 | providerConfig: 10 | sshPublicKeys: 11 | - "<< YOUR_PUBLIC_KEY >>" 12 | cloudProvider: "vsphere" 13 | cloudProviderSpec: 14 | templateVMName: '<< OS_NAME >>-template' 15 | username: '<< VSPHERE_USERNAME >>' 16 | vsphereURL: '<< VSPHERE_ADDRESS >>' 17 | datacenter: 'Datacenter' 18 | folder: '/Datacenter/vm/e2e-tests' 19 | password: << VSPHERE_PASSWORD >> 20 | # example: 'https://your-vcenter:8443'. '/sdk' gets appended automatically 21 | cluster: '<< VSPHERE_CLUSTER >>' 22 | datastore: datastore1 23 | allowInsecure: true 24 | cpus: 2 25 | MemoryMB: 2048 26 | operatingSystem: "<< OS_NAME >>" 27 | operatingSystemSpec: 28 | distUpgradeOnBoot: false 29 | network: 30 | cidr: "192.168.44.<< IP_OCTET >>/20" 31 | gateway: "192.168.32.1" 32 | dns: 33 | servers: 34 | - "192.168.32.1" 35 | - "8.8.8.8" 36 | roles: 37 | - "Node" 38 | versions: 39 | kubelet: "<< KUBERNETES_VERSION >>" 40 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/vsphere.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "machine.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: vsphere 5 | spec: 6 | metadata: 7 | labels: 8 | foo: "bar" 9 | providerConfig: 10 | sshPublicKeys: 11 | - "<< YOUR_PUBLIC_KEY >>" 12 | cloudProvider: "vsphere" 13 | cloudProviderSpec: 14 | templateVMName: ubuntu-template 15 | # Can also be set via the env var 'VSPHERE_USERNAME' on the machine-controller 16 | username: '<< VSPHERE_USERNAME >>' 17 | # Can also be set via the env var 'VSPHERE_ADDRESS' on the machine-controller 18 | # example: 'https://your-vcenter:8443'. '/sdk' gets appended automatically 19 | vsphereURL: '<< VSPHERE_ADDRESS >>' 20 | datacenter: 'Datacenter' 21 | # Can also be set via the env var 'VSPHERE_PASSWORD' on the machine-controller 22 | password: 23 | secretKeyRef: 24 | namespace: kube-system 25 | name: machine-controller-vsphere 26 | key: password 27 | cluster: "test-cluster" 28 | datastore: datastore1 29 | # Can also be set via the env var 'VSPHERE_ALLOW_INSECURE' on the machine-controller 30 | allowInsecure: true 31 | cpus: 2 32 | MemoryMB: 2048 33 | operatingSystem: "ubuntu" 34 | operatingSystemSpec: 35 | distUpgradeOnBoot: false 36 | roles: 37 | - "Node" 38 | versions: 39 | kubelet: "v1.9.6" 40 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/aws.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | finalizers: 4 | - machine-delete-finalizer 5 | name: aws 6 | namespace: kube-system 7 | spec: 8 | metadata: 9 | creationTimestamp: null 10 | name: node1 11 | providerSpec: 12 | value: 13 | cloudProvider: aws 14 | cloudProviderSpec: 15 | accessKeyId: val 16 | availabilityZone: eu-central-1a 17 | diskSize: 50 18 | diskType: gp2 19 | instanceType: t2.micro 20 | region: eu-central-1 21 | secretAccessKey: val 22 | subnetId: subnet-2bff4f43 23 | tags: 24 | KubernetesCluster: 6qsm86c2d 25 | vpcId: vpc-079f7648481a11e77 26 | operatingSystem: flatcar 27 | operatingSystemSpec: 28 | disableAutoUpdate: true 29 | sshPublicKeys: 30 | - << YOUR_PUBLIC_KEY >> 31 | versions: 32 | kubelet: v1.9.6 33 | status: {} 34 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/azure.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: azure 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | labels: 9 | foo: bar 10 | providerSpec: 11 | value: 12 | cloudProvider: azure 13 | cloudProviderSpec: 14 | assignPublicIP: false 15 | clientID: 16 | secretKeyRef: 17 | key: clientID 18 | name: machine-controller-azure 19 | namespace: kube-system 20 | clientSecret: 21 | secretKeyRef: 22 | key: clientSecret 23 | name: machine-controller-azure 24 | namespace: kube-system 25 | location: westeurope 26 | resourceGroup: << YOUR_RESOURCE_GROUP >> 27 | routeTableName: << ROUTE_TABLE_NAME >> 28 | subnetName: << SUBNET_NAME >> 29 | subscriptionID: 30 | secretKeyRef: 31 | key: subscriptionID 32 | name: machine-controller-azure 33 | namespace: kube-system 34 | tenantID: 35 | secretKeyRef: 36 | key: tenantID 37 | name: machine-controller-azure 38 | namespace: kube-system 39 | vmSize: Standard_B1ms 40 | vnetName: << VNET_NAME >> 41 | operatingSystem: flatcar 42 | operatingSystemSpec: 43 | distUpgradeOnBoot: false 44 | sshPublicKeys: 45 | - << YOUR_PUBLIC_KEY >> 46 | versions: 47 | kubelet: v1.10.2 48 | status: {} 49 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/digitalocean.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: digitalocean 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | name: node1 9 | providerSpec: 10 | value: 11 | cloudProvider: digitalocean 12 | cloudProviderSpec: 13 | backups: false 14 | ipv6: false 15 | monitoring: false 16 | private_networking: true 17 | region: fra1 18 | size: 2gb 19 | tags: 20 | - machine-controller 21 | token: token 22 | operatingSystem: ubuntu 23 | operatingSystemSpec: 24 | disableAutoUpdate: true 25 | sshPublicKeys: 26 | - << YOUR_PUBLIC_KEY >> 27 | versions: 28 | kubelet: v1.9.6 29 | status: {} 30 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/hetzner.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: hetzner 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | providerSpec: 9 | value: 10 | cloudProvider: hetzner 11 | cloudProviderSpec: 12 | datacenter: "" 13 | location: fsn1 14 | serverType: cx22 15 | token: 16 | secretKeyRef: 17 | key: token 18 | name: machine-controller-hetzner 19 | namespace: kube-system 20 | operatingSystem: ubuntu 21 | operatingSystemSpec: 22 | distUpgradeOnBoot: false 23 | sshPublicKeys: 24 | - << YOUR_PUBLIC_KEY >> 25 | versions: 26 | kubelet: 1.9.6 27 | status: {} 28 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/linode.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: linode 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | name: node1 9 | providerSpec: 10 | value: 11 | cloudProvider: linode 12 | cloudProviderSpec: 13 | backups: false 14 | private_networking: true 15 | region: eu-west 16 | tags: 17 | - machine-controller 18 | token: token 19 | type: g6-standard-2 20 | operatingSystem: ubuntu 21 | operatingSystemSpec: 22 | disableAutoUpdate: true 23 | sshPublicKeys: 24 | - << YOUR_PUBLIC_KEY >> 25 | versions: 26 | kubelet: v1.9.6 27 | status: {} 28 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/openstack.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: openstack 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | labels: 9 | foo: bar 10 | providerSpec: 11 | value: 12 | cloudProvider: openstack 13 | cloudProviderSpec: 14 | availabilityZone: "" 15 | domainName: 16 | secretKeyRef: 17 | key: domainName 18 | name: machine-controller-openstack 19 | namespace: kube-system 20 | flavor: m1.small 21 | floatingIpPool: ext-net 22 | identityEndpoint: 23 | secretKeyRef: 24 | key: identityEndpoint 25 | name: machine-controller-openstack 26 | namespace: kube-system 27 | image: Ubuntu 16.04 amd64 28 | instanceReadyCheckPeriod: 2m 29 | instanceReadyCheckTimeout: 2m 30 | network: "" 31 | password: 32 | secretKeyRef: 33 | key: password 34 | name: machine-controller-openstack 35 | namespace: kube-system 36 | region: "" 37 | securityGroups: 38 | - configMapKeyRef: 39 | key: securityGroup 40 | name: machine-controller 41 | namespace: kube-system 42 | subnet: "" 43 | tags: 44 | tagKey: tagValue 45 | tenantName: 46 | secretKeyRef: 47 | key: tenantName 48 | name: machine-controller-openstack 49 | namespace: kube-system 50 | username: 51 | secretKeyRef: 52 | key: username 53 | name: machine-controller-openstack 54 | namespace: kube-system 55 | operatingSystem: ubuntu 56 | operatingSystemSpec: 57 | distUpgradeOnBoot: true 58 | sshPublicKeys: 59 | - << YOUR_PUBLIC_KEY >> 60 | versions: 61 | kubelet: v1.9.6 62 | status: {} 63 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/vsphere-static-ip.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: vsphere-static-ip 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | labels: 9 | foo: bar 10 | providerSpec: 11 | value: 12 | cloudProvider: vsphere 13 | cloudProviderSpec: 14 | MemoryMB: 2048 15 | allowInsecure: true 16 | cluster: << VSPHERE_CLUSTER >> 17 | cpus: 2 18 | datacenter: Datacenter 19 | datastore: datastore1 20 | folder: /Datacenter/vm/e2e-tests 21 | password: << VSPHERE_PASSWORD >> 22 | templateVMName: << OS_NAME >>-template 23 | username: << VSPHERE_USERNAME >> 24 | vsphereURL: << VSPHERE_ADDRESS >> 25 | network: 26 | cidr: 192.168.44.<< IP_OCTET >>/20 27 | dns: 28 | servers: 29 | - 192.168.32.1 30 | - 8.8.8.8 31 | gateway: 192.168.32.1 32 | operatingSystem: << OS_NAME >> 33 | operatingSystemSpec: 34 | distUpgradeOnBoot: false 35 | sshPublicKeys: 36 | - << YOUR_PUBLIC_KEY >> 37 | versions: 38 | kubelet: << KUBERNETES_VERSION >> 39 | status: {} 40 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machine/vsphere.yaml: -------------------------------------------------------------------------------- 1 | metadata: 2 | creationTimestamp: null 3 | name: vsphere 4 | namespace: kube-system 5 | spec: 6 | metadata: 7 | creationTimestamp: null 8 | labels: 9 | foo: bar 10 | providerSpec: 11 | value: 12 | cloudProvider: vsphere 13 | cloudProviderSpec: 14 | MemoryMB: 2048 15 | allowInsecure: true 16 | cluster: test-cluster 17 | cpus: 2 18 | datacenter: Datacenter 19 | datastore: datastore1 20 | password: 21 | secretKeyRef: 22 | key: password 23 | name: machine-controller-vsphere 24 | namespace: kube-system 25 | templateVMName: ubuntu-template 26 | username: << VSPHERE_USERNAME >> 27 | vsphereURL: << VSPHERE_ADDRESS >> 28 | operatingSystem: ubuntu 29 | operatingSystemSpec: 30 | distUpgradeOnBoot: false 31 | sshPublicKeys: 32 | - << YOUR_PUBLIC_KEY >> 33 | versions: 34 | kubelet: v1.9.6 35 | status: {} 36 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machineDeploymentWithProviderConfig/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: MachineDeployment 3 | metadata: 4 | annotations: 5 | machinedeployment.clusters.k8s.io/revision: "1" 6 | creationTimestamp: null 7 | generateName: kubermatic-gttbxgswnv- 8 | generation: 1 9 | name: kubermatic-gttbxgswnv-q5rcj 10 | namespace: kube-system 11 | spec: 12 | minReadySeconds: 0 13 | progressDeadlineSeconds: 600 14 | replicas: 3 15 | revisionHistoryLimit: 1 16 | selector: 17 | matchLabels: 18 | machine: md-gttbxgswnv-nl5s9qs8ww 19 | strategy: 20 | rollingUpdate: 21 | maxSurge: 1 22 | maxUnavailable: 0 23 | type: RollingUpdate 24 | template: 25 | metadata: 26 | creationTimestamp: null 27 | labels: 28 | machine: md-gttbxgswnv-nl5s9qs8ww 29 | spec: 30 | metadata: 31 | creationTimestamp: null 32 | providerSpec: 33 | value: 34 | cloudProvider: hetzner 35 | cloudProviderSpec: 36 | datacenter: nbg1-dc3 37 | location: "" 38 | serverType: cx31 39 | token: "" 40 | operatingSystem: ubuntu 41 | operatingSystemSpec: 42 | distUpgradeOnBoot: false 43 | sshPublicKeys: [] 44 | versions: 45 | kubelet: 1.11.6 46 | status: {} 47 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machineSetWithProviderConfig/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: MachineSet 3 | metadata: 4 | annotations: 5 | machinedeployment.clusters.k8s.io/desired-replicas: "3" 6 | machinedeployment.clusters.k8s.io/max-replicas: "4" 7 | machinedeployment.clusters.k8s.io/revision: "1" 8 | creationTimestamp: "2019-01-23T12:59:25Z" 9 | generation: 1 10 | labels: 11 | machine: md-gttbxgswnv-nl5s9qs8ww 12 | machine-template-hash: "1950051685" 13 | name: kubermatic-gttbxgswnv-q5rcj-5f94495bd9 14 | namespace: kube-system 15 | ownerReferences: 16 | - apiVersion: cluster.k8s.io/v1alpha1 17 | blockOwnerDeletion: true 18 | controller: true 19 | kind: MachineDeployment 20 | name: kubermatic-gttbxgswnv-q5rcj 21 | uid: b5fd92a1-1f0e-11e9-9561-b2d5a2b51b30 22 | resourceVersion: "9387" 23 | spec: 24 | replicas: 3 25 | selector: 26 | matchLabels: 27 | machine: md-gttbxgswnv-nl5s9qs8ww 28 | machine-template-hash: "1950051685" 29 | template: 30 | metadata: 31 | creationTimestamp: null 32 | labels: 33 | machine: md-gttbxgswnv-nl5s9qs8ww 34 | machine-template-hash: "1950051685" 35 | spec: 36 | metadata: 37 | creationTimestamp: null 38 | providerSpec: 39 | value: 40 | cloudProvider: hetzner 41 | cloudProviderSpec: 42 | datacenter: nbg1-dc3 43 | location: "" 44 | serverType: cx31 45 | token: "" 46 | operatingSystem: ubuntu 47 | operatingSystemSpec: 48 | distUpgradeOnBoot: false 49 | sshPublicKeys: [] 50 | versions: 51 | kubelet: 1.11.6 52 | status: 53 | replicas: 0 54 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machineWithProviderConfig/aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: Machine 3 | metadata: 4 | creationTimestamp: null 5 | name: aws-machinedeployment 6 | namespace: kube-system 7 | spec: 8 | metadata: 9 | creationTimestamp: null 10 | providerSpec: 11 | value: 12 | cloudProvider: aws 13 | cloudProviderSpec: 14 | accessKeyId: 15 | secretKeyRef: 16 | key: accessKeyId 17 | name: machine-controller-aws 18 | namespace: kube-system 19 | availabilityZone: eu-central-1a 20 | diskSize: 50 21 | diskType: gp2 22 | instanceProfile: kubernetes-v1 23 | instanceType: t2.micro 24 | region: eu-central-1 25 | secretAccessKey: 26 | secretKeyRef: 27 | key: secretAccessKey 28 | name: machine-controller-aws 29 | namespace: kube-system 30 | subnetId: subnet-2bff4f43 31 | tags: 32 | KubernetesCluster: 6qsm86c2d 33 | vpcId: vpc-079f7648481a11e77 34 | operatingSystem: flatcar 35 | operatingSystemSpec: 36 | disableAutoUpdate: true 37 | sshPublicKeys: 38 | - << YOUR_PUBLIC_KEY >> 39 | versions: 40 | kubelet: 1.9.6 41 | status: {} 42 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/conversions/testdata/migrated_clusterv1alpha1machineWithProviderConfig/hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.k8s.io/v1alpha1 2 | kind: Machine 3 | metadata: 4 | creationTimestamp: null 5 | name: hetzner-machine 6 | namespace: kube-system 7 | spec: 8 | metadata: 9 | creationTimestamp: null 10 | providerSpec: 11 | value: 12 | cloudProvider: hetzner 13 | cloudProviderSpec: 14 | datacenter: "" 15 | location: fsn1 16 | serverType: cx22 17 | token: << HETZNER_TOKEN >> 18 | operatingSystem: << OS_NAME >> 19 | operatingSystemSpec: 20 | disableAutoUpdate: true 21 | distUpgradeOnBoot: false 22 | sshPublicKeys: 23 | - << YOUR_PUBLIC_KEY >> 24 | versions: 25 | kubelet: << KUBERNETES_VERSION >> 26 | status: {} 27 | -------------------------------------------------------------------------------- /sdk/apis/cluster/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the cluster v1alpha1 API group 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package,register 20 | // +k8s:conversion-gen=k8c.io/machine-controller/sdk/apis/cluster 21 | // +k8s:defaulter-gen=TypeMeta 22 | // +groupName=cluster.k8s.io 23 | package v1alpha1 24 | -------------------------------------------------------------------------------- /sdk/apis/machines/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package machines 18 | 19 | import ( 20 | "reflect" 21 | 22 | "k8c.io/machine-controller/sdk/apis/machines/v1alpha1" 23 | ) 24 | 25 | type resource struct { 26 | plural string 27 | kind string 28 | } 29 | 30 | const CRDName = v1alpha1.MachineResourcePlural + "." + v1alpha1.GroupName 31 | 32 | var resourceNames = []resource{ 33 | { 34 | plural: "machines", 35 | kind: reflect.TypeOf(v1alpha1.Machine{}).Name(), 36 | }, 37 | } 38 | -------------------------------------------------------------------------------- /sdk/apis/machines/v1alpha1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return nil 25 | } 26 | -------------------------------------------------------------------------------- /sdk/apis/machines/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | 19 | // +groupName=machine.k8s.io 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /sdk/bootstrap/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | /* 18 | package bootstrap contains the necessary type definitions to implement the external bootstrap 19 | mechanism that machine-controller can use instead of generating instance user-data itself. 20 | 21 | Any external bootstrap provider needs to implement the logic as laid out in this documentation. 22 | This package can be imported to ensure the correct values and patterns are used. 23 | 24 | machine-controller will expect a Secret object in the namespace defined by `CloudInitSettingsNamespace`, 25 | using `CloudConfigSecretNamePattern` as a pattern to determine the Secret name. This secret must provide 26 | valid user-data that will be passed to the cloud provider instance on creation. 27 | 28 | Example code that determines the secret name for a specific Machine: 29 | 30 | ``` 31 | bootstrapSecretName := fmt.Sprintf(bootstrap.CloudConfigSecretNamePattern, 32 | referencedMachineDeployment, 33 | machine.Namespace, 34 | bootstrap.BootstrapCloudConfig) 35 | ``` 36 | 37 | */ 38 | 39 | package bootstrap 40 | -------------------------------------------------------------------------------- /sdk/bootstrap/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package bootstrap 18 | 19 | /* 20 | Do NOT update existing consts in this file as they are used by external bootstrap providers. Instead, 21 | introduce new consts (e.g. `CloudConfigSecretNamePatternV2`) and ensure that machine-controller still 22 | supports the old "interface" (the existing consts) for a few releases, in addition to any new interfaces 23 | you are introducing. 24 | */ 25 | 26 | type CloudConfigSecret string 27 | 28 | const ( 29 | BootstrapCloudConfig CloudConfigSecret = "bootstrap" 30 | 31 | CloudConfigSecretNamePattern = "%s-%s-%s-config" 32 | 33 | // CloudInitSettingsNamespace is the namespace in which bootstrap secrets are created by an external mechanism. 34 | CloudInitSettingsNamespace = "cloud-init-settings" 35 | // MachineDeploymentRevision is the revision for Machine Deployment. 36 | MachineDeploymentRevision = "k8c.io/machine-deployment-revision" 37 | ) 38 | -------------------------------------------------------------------------------- /sdk/cloudprovider/alibaba/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package alibaba 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | AccessKeyID providerconfig.ConfigVarString `json:"accessKeyID,omitempty"` 26 | AccessKeySecret providerconfig.ConfigVarString `json:"accessKeySecret,omitempty"` 27 | RegionID providerconfig.ConfigVarString `json:"regionID,omitempty"` 28 | InstanceName providerconfig.ConfigVarString `json:"instanceName,omitempty"` 29 | InstanceType providerconfig.ConfigVarString `json:"instanceType,omitempty"` 30 | VSwitchID providerconfig.ConfigVarString `json:"vSwitchID,omitempty"` 31 | InternetMaxBandwidthOut providerconfig.ConfigVarString `json:"internetMaxBandwidthOut,omitempty"` 32 | Labels map[string]string `json:"labels,omitempty"` 33 | ZoneID providerconfig.ConfigVarString `json:"zoneID,omitempty"` 34 | DiskType providerconfig.ConfigVarString `json:"diskType,omitempty"` 35 | DiskSize providerconfig.ConfigVarString `json:"diskSize,omitempty"` 36 | } 37 | 38 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 39 | rawConfig := &RawConfig{} 40 | 41 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 42 | } 43 | -------------------------------------------------------------------------------- /sdk/cloudprovider/baremetal/plugins/plugins.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package plugins 18 | 19 | type Driver string 20 | 21 | const Tinkerbell Driver = "tinkerbell" 22 | -------------------------------------------------------------------------------- /sdk/cloudprovider/baremetal/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package baremetal 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | 23 | "k8s.io/apimachinery/pkg/runtime" 24 | ) 25 | 26 | type RawConfig struct { 27 | Driver providerconfig.ConfigVarString `json:"driver"` 28 | DriverSpec runtime.RawExtension `json:"driverSpec"` 29 | } 30 | 31 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 32 | rawConfig := &RawConfig{} 33 | 34 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 35 | } 36 | -------------------------------------------------------------------------------- /sdk/cloudprovider/digitalocean/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package digitalocean 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | Token providerconfig.ConfigVarString `json:"token,omitempty"` 26 | Region providerconfig.ConfigVarString `json:"region"` 27 | Size providerconfig.ConfigVarString `json:"size"` 28 | Backups providerconfig.ConfigVarBool `json:"backups"` 29 | IPv6 providerconfig.ConfigVarBool `json:"ipv6"` 30 | PrivateNetworking providerconfig.ConfigVarBool `json:"private_networking"` 31 | Monitoring providerconfig.ConfigVarBool `json:"monitoring"` 32 | Tags []providerconfig.ConfigVarString `json:"tags,omitempty"` 33 | } 34 | 35 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 36 | rawConfig := &RawConfig{} 37 | 38 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 39 | } 40 | -------------------------------------------------------------------------------- /sdk/cloudprovider/equinixmetal/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package equinixmetal 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | Token providerconfig.ConfigVarString `json:"token,omitempty"` 26 | ProjectID providerconfig.ConfigVarString `json:"projectID,omitempty"` 27 | BillingCycle providerconfig.ConfigVarString `json:"billingCycle"` 28 | InstanceType providerconfig.ConfigVarString `json:"instanceType"` 29 | Metro providerconfig.ConfigVarString `json:"metro,omitempty"` 30 | Facilities []providerconfig.ConfigVarString `json:"facilities,omitempty"` 31 | Tags []providerconfig.ConfigVarString `json:"tags,omitempty"` 32 | } 33 | 34 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 35 | rawConfig := &RawConfig{} 36 | 37 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 38 | } 39 | -------------------------------------------------------------------------------- /sdk/cloudprovider/hetzner/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package hetzner 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | Token providerconfig.ConfigVarString `json:"token,omitempty"` 26 | ServerType providerconfig.ConfigVarString `json:"serverType"` 27 | Datacenter providerconfig.ConfigVarString `json:"datacenter"` 28 | Image providerconfig.ConfigVarString `json:"image"` 29 | Location providerconfig.ConfigVarString `json:"location"` 30 | PlacementGroupPrefix providerconfig.ConfigVarString `json:"placementGroupPrefix"` 31 | Networks []providerconfig.ConfigVarString `json:"networks"` 32 | Firewalls []providerconfig.ConfigVarString `json:"firewalls"` 33 | Labels map[string]string `json:"labels,omitempty"` 34 | AssignPublicIPv4 providerconfig.ConfigVarBool `json:"assignPublicIPv4,omitempty"` 35 | AssignPublicIPv6 providerconfig.ConfigVarBool `json:"assignPublicIPv6,omitempty"` 36 | } 37 | 38 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 39 | rawConfig := &RawConfig{} 40 | 41 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 42 | } 43 | -------------------------------------------------------------------------------- /sdk/cloudprovider/linode/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package linode 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | Token providerconfig.ConfigVarString `json:"token,omitempty"` 26 | Region providerconfig.ConfigVarString `json:"region"` 27 | Type providerconfig.ConfigVarString `json:"type"` 28 | Backups providerconfig.ConfigVarBool `json:"backups"` 29 | PrivateNetworking providerconfig.ConfigVarBool `json:"private_networking"` 30 | Tags []providerconfig.ConfigVarString `json:"tags,omitempty"` 31 | } 32 | 33 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 34 | rawConfig := &RawConfig{} 35 | 36 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 37 | } 38 | -------------------------------------------------------------------------------- /sdk/cloudprovider/opennebula/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package opennebula 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | // Auth details 26 | Username providerconfig.ConfigVarString `json:"username,omitempty"` 27 | Password providerconfig.ConfigVarString `json:"password,omitempty"` 28 | Endpoint providerconfig.ConfigVarString `json:"endpoint,omitempty"` 29 | 30 | // Machine details 31 | CPU *float64 `json:"cpu"` 32 | VCPU *int `json:"vcpu"` 33 | Memory *int `json:"memory"` 34 | Image providerconfig.ConfigVarString `json:"image"` 35 | Datastore providerconfig.ConfigVarString `json:"datastore"` 36 | DiskSize *int `json:"diskSize"` 37 | Network providerconfig.ConfigVarString `json:"network"` 38 | EnableVNC providerconfig.ConfigVarBool `json:"enableVNC"` 39 | VMTemplateExtra map[string]string `json:"vmTemplateExtra,omitempty"` 40 | } 41 | 42 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 43 | rawConfig := &RawConfig{} 44 | 45 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 46 | } 47 | -------------------------------------------------------------------------------- /sdk/cloudprovider/scaleway/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package scaleway 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | AccessKey providerconfig.ConfigVarString `json:"accessKey,omitempty"` 26 | SecretKey providerconfig.ConfigVarString `json:"secretKey,omitempty"` 27 | ProjectID providerconfig.ConfigVarString `json:"projectId,omitempty"` 28 | Zone providerconfig.ConfigVarString `json:"zone,omitempty"` 29 | CommercialType providerconfig.ConfigVarString `json:"commercialType"` 30 | IPv6 providerconfig.ConfigVarBool `json:"ipv6"` 31 | Tags []string `json:"tags,omitempty"` 32 | } 33 | 34 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 35 | rawConfig := &RawConfig{} 36 | 37 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 38 | } 39 | -------------------------------------------------------------------------------- /sdk/cloudprovider/vultr/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vultr 18 | 19 | import ( 20 | "k8c.io/machine-controller/sdk/jsonutil" 21 | "k8c.io/machine-controller/sdk/providerconfig" 22 | ) 23 | 24 | type RawConfig struct { 25 | PhysicalMachine bool `json:"physicalMachine,omitempty"` 26 | APIKey providerconfig.ConfigVarString `json:"apiKey,omitempty"` 27 | Region providerconfig.ConfigVarString `json:"region"` 28 | Plan providerconfig.ConfigVarString `json:"plan"` 29 | OsID providerconfig.ConfigVarString `json:"osId"` 30 | Tags []string `json:"tags,omitempty"` 31 | VpcID []string `json:"vpcId,omitempty"` 32 | Vpc2ID []string `json:"vpc2Id,omitempty"` 33 | EnableVPC bool `json:"enableVPC,omitempty"` 34 | EnableVPC2 bool `json:"enableVPC2,omitempty"` 35 | EnableIPv6 bool `json:"enableIPv6,omitempty"` 36 | } 37 | 38 | func GetConfig(pconfig providerconfig.Config) (*RawConfig, error) { 39 | rawConfig := &RawConfig{} 40 | 41 | return rawConfig, jsonutil.StrictUnmarshal(pconfig.CloudProviderSpec.Raw, rawConfig) 42 | } 43 | -------------------------------------------------------------------------------- /sdk/internal/test/helper.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | 19 | import ( 20 | "os" 21 | "path/filepath" 22 | "testing" 23 | 24 | "github.com/pmezard/go-difflib/difflib" 25 | ) 26 | 27 | func CompareOutput(t *testing.T, name, output string, update bool) { 28 | golden, err := filepath.Abs(filepath.Join("testdata", name)) 29 | if err != nil { 30 | t.Fatalf("failed to get absolute path to testdata file: %v", err) 31 | } 32 | if update { 33 | if err := os.WriteFile(golden, []byte(output), 0644); err != nil { 34 | t.Fatalf("failed to write updated fixture: %v", err) 35 | } 36 | } 37 | expected, err := os.ReadFile(golden) 38 | if err != nil { 39 | t.Fatalf("failed to read testdata file: %v", err) 40 | } 41 | 42 | diff := difflib.UnifiedDiff{ 43 | A: difflib.SplitLines(string(expected)), 44 | B: difflib.SplitLines(output), 45 | FromFile: "Fixture", 46 | ToFile: "Current", 47 | Context: 3, 48 | } 49 | diffStr, err := difflib.GetUnifiedDiffString(diff) 50 | if err != nil { 51 | t.Fatal(err) 52 | } 53 | 54 | if diffStr != "" { 55 | t.Errorf("got diff between expected and actual result: \n%s\n", diffStr) 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /sdk/jsonutil/strict.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package jsonutil 18 | 19 | import ( 20 | "bytes" 21 | "encoding/json" 22 | ) 23 | 24 | func StrictUnmarshal(buf []byte, obj interface{}) error { 25 | dec := json.NewDecoder(bytes.NewReader(buf)) 26 | dec.DisallowUnknownFields() 27 | 28 | return dec.Decode(obj) 29 | } 30 | -------------------------------------------------------------------------------- /sdk/net/net.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package net 18 | 19 | import ( 20 | gonet "net" 21 | ) 22 | 23 | const ( 24 | ErrIPv6OnlyUnsupported = "IPv6-only network family not supported yet" 25 | ErrUnknownNetworkFamily = "unknown IP family %q, only IPv4,IPv6,IPv4+IPv6 are valid values" 26 | ) 27 | 28 | // IPFamily IPv4 | IPv6 | IPv4+IPv6. 29 | type IPFamily string 30 | 31 | const ( 32 | IPFamilyUnspecified IPFamily = "" // interpreted as IPv4 33 | IPFamilyIPv4 IPFamily = "IPv4" // IPv4 only 34 | IPFamilyIPv6 IPFamily = "IPv6" // IPv6 only 35 | IPFamilyIPv4IPv6 IPFamily = "IPv4+IPv6" // dualstack with IPv4 as primary 36 | IPFamilyIPv6IPv4 IPFamily = "IPv6+IPv4" // dualstack with IPv6 as primary 37 | ) 38 | 39 | func (f IPFamily) HasIPv6() bool { 40 | return f == IPFamilyIPv6 || f == IPFamilyIPv4IPv6 || f == IPFamilyIPv6IPv4 41 | } 42 | 43 | func (f IPFamily) HasIPv4() bool { 44 | return f == IPFamilyUnspecified || f == IPFamilyIPv4 || f == IPFamilyIPv4IPv6 || f == IPFamilyIPv6IPv4 45 | } 46 | 47 | func (f IPFamily) IsDualstack() bool { 48 | return f == IPFamilyIPv4IPv6 || f == IPFamilyIPv6IPv4 49 | } 50 | 51 | // IsLinkLocal checks if given ip address is link local.. 52 | func IsLinkLocal(ipAddr string) bool { 53 | addr := gonet.ParseIP(ipAddr) 54 | return addr.IsLinkLocalMulticast() || addr.IsLinkLocalUnicast() 55 | } 56 | -------------------------------------------------------------------------------- /sdk/node/eviction.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package node 18 | 19 | const ( 20 | SkipEvictionAnnotationKey = "kubermatic.io/skip-eviction" 21 | ) 22 | -------------------------------------------------------------------------------- /sdk/providerconfig/resolver.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package providerconfig 18 | 19 | import ( 20 | "time" 21 | ) 22 | 23 | type ConfigVarResolver interface { 24 | GetDurationValue(configVar ConfigVarString) (time.Duration, error) 25 | GetDurationValueOrDefault(configVar ConfigVarString, defaultDuration time.Duration) (time.Duration, error) 26 | GetStringValue(configVar ConfigVarString) (string, error) 27 | GetStringValueOrEnv(configVar ConfigVarString, envVarName string) (string, error) 28 | GetBoolValue(configVar ConfigVarBool) (bool, bool, error) 29 | GetBoolValueOrEnv(configVar ConfigVarBool, envVarName string) (bool, error) 30 | } 31 | -------------------------------------------------------------------------------- /sdk/userdata/amzn2/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package amzn2 18 | 19 | import ( 20 | "encoding/json" 21 | 22 | "k8s.io/apimachinery/pkg/runtime" 23 | ) 24 | 25 | // Config contains specific configuration for Amazon Linux 2. 26 | type Config struct { 27 | DistUpgradeOnBoot bool `json:"distUpgradeOnBoot"` 28 | } 29 | 30 | func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension { 31 | if operatingSystemSpec.Raw == nil { 32 | operatingSystemSpec.Raw, _ = json.Marshal(Config{}) 33 | } 34 | 35 | return operatingSystemSpec 36 | } 37 | 38 | // LoadConfig retrieves the Amazon Linux 2 configuration from raw data. 39 | func LoadConfig(r runtime.RawExtension) (*Config, error) { 40 | r = DefaultConfig(r) 41 | cfg := Config{} 42 | 43 | if err := json.Unmarshal(r.Raw, &cfg); err != nil { 44 | return nil, err 45 | } 46 | return &cfg, nil 47 | } 48 | 49 | // Spec return the configuration as raw data. 50 | func (cfg *Config) Spec() (*runtime.RawExtension, error) { 51 | ext := &runtime.RawExtension{} 52 | b, err := json.Marshal(cfg) 53 | if err != nil { 54 | return nil, err 55 | } 56 | 57 | ext.Raw = b 58 | return ext, nil 59 | } 60 | -------------------------------------------------------------------------------- /sdk/userdata/default.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package userdata 18 | 19 | import ( 20 | "errors" 21 | 22 | "k8c.io/machine-controller/sdk/providerconfig" 23 | "k8c.io/machine-controller/sdk/userdata/amzn2" 24 | "k8c.io/machine-controller/sdk/userdata/flatcar" 25 | "k8c.io/machine-controller/sdk/userdata/rhel" 26 | "k8c.io/machine-controller/sdk/userdata/rockylinux" 27 | "k8c.io/machine-controller/sdk/userdata/ubuntu" 28 | 29 | "k8s.io/apimachinery/pkg/runtime" 30 | ) 31 | 32 | func DefaultOperatingSystemSpec(os providerconfig.OperatingSystem, operatingSystemSpec runtime.RawExtension) (runtime.RawExtension, error) { 33 | switch os { 34 | case providerconfig.OperatingSystemAmazonLinux2: 35 | return amzn2.DefaultConfig(operatingSystemSpec), nil 36 | case providerconfig.OperatingSystemFlatcar: 37 | return flatcar.DefaultConfig(operatingSystemSpec), nil 38 | case providerconfig.OperatingSystemRHEL: 39 | return rhel.DefaultConfig(operatingSystemSpec), nil 40 | case providerconfig.OperatingSystemUbuntu: 41 | return ubuntu.DefaultConfig(operatingSystemSpec), nil 42 | case providerconfig.OperatingSystemRockyLinux: 43 | return rockylinux.DefaultConfig(operatingSystemSpec), nil 44 | } 45 | 46 | return operatingSystemSpec, errors.New("unknown OperatingSystem") 47 | } 48 | -------------------------------------------------------------------------------- /sdk/userdata/default_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package userdata 18 | 19 | import ( 20 | "testing" 21 | 22 | "k8c.io/machine-controller/sdk/providerconfig" 23 | 24 | "k8s.io/apimachinery/pkg/runtime" 25 | ) 26 | 27 | func TestDefaultOperatingSystemSpec(t *testing.T) { 28 | // this test validates that DefaultOperatingSystemSpec takes into account all listed operating systems in 29 | // AllOperatingSystems 30 | for _, osys := range providerconfig.AllOperatingSystems { 31 | t.Run(string(osys), func(t *testing.T) { 32 | operatingSystemSpec, err := DefaultOperatingSystemSpec(osys, runtime.RawExtension{}) 33 | if err != nil { 34 | t.Fatalf("no error expected, but got: %v", err) 35 | } 36 | 37 | if operatingSystemSpec.Raw == nil { 38 | t.Error("expected not nil") 39 | } 40 | }) 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /sdk/userdata/rockylinux/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package rockylinux 18 | 19 | import ( 20 | "encoding/json" 21 | 22 | "k8s.io/apimachinery/pkg/runtime" 23 | ) 24 | 25 | // Config contains specific configuration for RockyLinux. 26 | type Config struct { 27 | DistUpgradeOnBoot bool `json:"distUpgradeOnBoot"` 28 | } 29 | 30 | func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension { 31 | if operatingSystemSpec.Raw == nil { 32 | operatingSystemSpec.Raw, _ = json.Marshal(Config{}) 33 | } 34 | 35 | return operatingSystemSpec 36 | } 37 | 38 | // LoadConfig retrieves the RockyLinux configuration from raw data. 39 | func LoadConfig(r runtime.RawExtension) (*Config, error) { 40 | r = DefaultConfig(r) 41 | cfg := Config{} 42 | 43 | if err := json.Unmarshal(r.Raw, &cfg); err != nil { 44 | return nil, err 45 | } 46 | return &cfg, nil 47 | } 48 | 49 | // Spec return the configuration as raw data. 50 | func (cfg *Config) Spec() (*runtime.RawExtension, error) { 51 | ext := &runtime.RawExtension{} 52 | b, err := json.Marshal(cfg) 53 | if err != nil { 54 | return nil, err 55 | } 56 | 57 | ext.Raw = b 58 | return ext, nil 59 | } 60 | -------------------------------------------------------------------------------- /sdk/userdata/ubuntu/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Machine Controller Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package ubuntu 18 | 19 | import ( 20 | "encoding/json" 21 | 22 | "k8s.io/apimachinery/pkg/runtime" 23 | ) 24 | 25 | // Config contains specific configuration for Ubuntu. 26 | type Config struct { 27 | DistUpgradeOnBoot bool `json:"distUpgradeOnBoot"` 28 | } 29 | 30 | func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension { 31 | if operatingSystemSpec.Raw == nil { 32 | operatingSystemSpec.Raw, _ = json.Marshal(Config{}) 33 | } 34 | 35 | return operatingSystemSpec 36 | } 37 | 38 | // LoadConfig retrieves the Ubuntu configuration from raw data. 39 | func LoadConfig(r runtime.RawExtension) (*Config, error) { 40 | r = DefaultConfig(r) 41 | cfg := Config{} 42 | 43 | if err := json.Unmarshal(r.Raw, &cfg); err != nil { 44 | return nil, err 45 | } 46 | return &cfg, nil 47 | } 48 | 49 | // Spec return the configuration as raw data. 50 | func (cfg *Config) Spec() (*runtime.RawExtension, error) { 51 | ext := &runtime.RawExtension{} 52 | b, err := json.Marshal(cfg) 53 | if err != nil { 54 | return nil, err 55 | } 56 | 57 | ext.Raw = b 58 | return ext, nil 59 | } 60 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machine-invalid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | spec: 7 | spec: 8 | providerSpec: 9 | value: 10 | sshPublicKeys: 11 | - "<< YOUR_PUBLIC_KEY >>" 12 | cloudProvider: "hetzner" 13 | cloudProviderSpec: 14 | token: << HETZNER_TOKEN >> 15 | serverType: "cx22" 16 | datacenter: "" 17 | location: "fsn1" 18 | operatingSystem: "<< OS_NAME >>" 19 | operatingSystemSpec: 20 | distUpgradeOnBoot: false 21 | disableAutoUpdate: true 22 | versions: 23 | kubelet: "<< KUBERNETES_VERSION >>" 24 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machine-openstack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: Machine 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | spec: 7 | providerSpec: 8 | value: 9 | sshPublicKeys: 10 | - "<< YOUR_PUBLIC_KEY >>" 11 | cloudProvider: "openstack" 12 | cloudProviderSpec: 13 | identityEndpoint: "<< IDENTITY_ENDPOINT >>" 14 | username: "<< USERNAME >>" 15 | password: "<< PASSWORD >>" 16 | tenantName: "<< TENANT_NAME >>" 17 | image: "<< OS_IMAGE >>" 18 | flavor: "m1.tiny" 19 | floatingIpPool: "" 20 | domainName: "<< DOMAIN_NAME >>" 21 | region: "<< REGION >>" 22 | network: "<< NETWORK_NAME >>" 23 | instanceReadyCheckPeriod: 5s 24 | instanceReadyCheckTimeout: 2m 25 | operatingSystem: "<< OS_NAME >>" 26 | operatingSystemSpec: 27 | distUpgradeOnBoot: false 28 | disableAutoUpdate: true 29 | versions: 30 | kubelet: "<< KUBERNETES_VERSION >>" 31 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-alibaba.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "alibaba" 28 | cloudProviderSpec: 29 | accessKeyID: << ALIBABA_ACCESS_KEY_ID >> 30 | accessKeySecret: << ALIBABA_ACCESS_KEY_SECRET >> 31 | instanceType: "ecs.c6.large" 32 | instanceName: "alibaba-instance" 33 | regionID: eu-central-1 34 | vSwitchID: "vsw-gw8g8mn4ohmj483hsylmn" 35 | internetMaxBandwidthOut: 10 36 | zoneID: eu-central-1a 37 | diskType: "cloud_efficiency" 38 | diskSize: "40" 39 | operatingSystem: "<< OS_NAME >>" 40 | operatingSystemSpec: 41 | distUpgradeOnBoot: false 42 | disableAutoUpdate: true 43 | versions: 44 | kubelet: "<< KUBERNETES_VERSION >>" 45 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-anexia.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-flatcar-cloud-init 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: anexia 28 | cloudProviderSpec: 29 | token: "<< ANEXIA_TOKEN >>" 30 | vlanID: "<< ANEXIA_VLAN_ID >>" 31 | templateID: "<< ANEXIA_TEMPLATE_ID >>" 32 | locationID: "<< ANEXIA_LOCATION_ID >>" 33 | cpus: 2 34 | memory: 2048 35 | diskSize: 60 36 | operatingSystem: "<< OS_NAME >>" 37 | operatingSystemSpec: 38 | provisioningUtility: "cloud-init" 39 | distUpgradeOnBoot: false 40 | disableAutoUpdate: true 41 | versions: 42 | kubelet: "<< KUBERNETES_VERSION >>" 43 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-aws-ebs-encryption-enabled.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "aws" 28 | cloudProviderSpec: 29 | accessKeyId: << AWS_ACCESS_KEY_ID >> 30 | secretAccessKey: << AWS_SECRET_ACCESS_KEY >> 31 | region: "eu-central-1" 32 | availabilityZone: "eu-central-1b" 33 | vpcId: "vpc-079f7648481a11e77" 34 | instanceType: "t2.medium" 35 | instanceProfile: "kubernetes-v1" 36 | diskSize: 50 37 | diskType: "gp2" 38 | ebsVolumeEncrypted: true 39 | securityGroupIDs: 40 | - "sg-0f1f62df28fb378b7" 41 | tags: 42 | # you have to set this flag to real clusterID when running against our dev or prod 43 | # otherwise you might have issues with your nodes not joining the cluster 44 | "KubernetesCluster": "randomString" 45 | # Disabling the public IP assignment requires a private subnet with internet access. 46 | assignPublicIP: true 47 | operatingSystem: "<< OS_NAME >>" 48 | operatingSystemSpec: 49 | distUpgradeOnBoot: false 50 | disableAutoUpdate: true 51 | versions: 52 | kubelet: "<< KUBERNETES_VERSION >>" 53 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-digitalocean.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "digitalocean" 28 | cloudProviderSpec: 29 | token: << DIGITALOCEAN_TOKEN >> 30 | region: nyc3 31 | size: c-2 32 | backups: false 33 | ipv6: false 34 | private_networking: true 35 | monitoring: false 36 | tags: 37 | - "machine-controller" 38 | operatingSystem: "<< OS_NAME >>" 39 | operatingSystemSpec: 40 | distUpgradeOnBoot: false 41 | disableAutoUpdate: true 42 | versions: 43 | kubelet: "<< KUBERNETES_VERSION >>" 44 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-equinixmetal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "equinixmetal" 28 | cloudProviderSpec: 29 | token: << METAL_AUTH_TOKEN >> 30 | projectID: << METAL_PROJECT_ID >> 31 | instanceType: << INSTANCE_TYPE >> 32 | metro: << METRO_CODE >> 33 | operatingSystem: "<< OS_NAME >>" 34 | operatingSystemSpec: 35 | distUpgradeOnBoot: false 36 | disableAutoUpdate: true 37 | versions: 38 | kubelet: "<< KUBERNETES_VERSION >>" 39 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-hetzner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "hetzner" 28 | cloudProviderSpec: 29 | token: << HETZNER_TOKEN >> 30 | serverType: "cx22" 31 | datacenter: "" 32 | location: "nbg1" 33 | networks: 34 | - "machine-controller-e2e" 35 | firewalls: 36 | - "machine-controller-e2e" 37 | operatingSystem: "<< OS_NAME >>" 38 | operatingSystemSpec: 39 | distUpgradeOnBoot: false 40 | disableAutoUpdate: true 41 | versions: 42 | kubelet: "<< KUBERNETES_VERSION >>" 43 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-kubevirt.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | paused: false 10 | replicas: 1 11 | strategy: 12 | type: RollingUpdate 13 | rollingUpdate: 14 | maxSurge: 1 15 | maxUnavailable: 0 16 | minReadySeconds: 0 17 | selector: 18 | matchLabels: 19 | name: << MACHINE_NAME >> 20 | template: 21 | metadata: 22 | labels: 23 | name: << MACHINE_NAME >> 24 | spec: 25 | providerSpec: 26 | value: 27 | sshPublicKeys: 28 | - "<< YOUR_PUBLIC_KEY >>" 29 | cloudProvider: "kubevirt" 30 | cloudProviderSpec: 31 | auth: 32 | kubeconfig: 33 | value: '<< KUBECONFIG_BASE64 >>' 34 | virtualMachine: 35 | template: 36 | cpus: "1" 37 | memory: "4096M" 38 | primaryDisk: 39 | osImage: http://image-repo.kube-system.svc/images/<< KUBEVIRT_OS_IMAGE >>.img 40 | size: "25Gi" 41 | storageClassName: rook-ceph-block 42 | dnsPolicy: "None" 43 | dnsConfig: 44 | nameservers: 45 | - 8.8.8.8 46 | operatingSystem: "<< OS_NAME >>" 47 | operatingSystemSpec: 48 | distUpgradeOnBoot: false 49 | disableAutoUpdate: true 50 | # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER` 51 | rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>" 52 | # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD` 53 | rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>" 54 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 55 | versions: 56 | kubelet: "<< KUBERNETES_VERSION >>" 57 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-linode.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "linode" 28 | cloudProviderSpec: 29 | backups: false 30 | private_networking: true 31 | region: eu-west 32 | tags: 33 | - "machine-controller" 34 | token: << LINODE_TOKEN >> 35 | type: g6-standard-2 36 | # Can be 'ubuntu' 37 | operatingSystem: "<< OS_NAME >>" 38 | operatingSystemSpec: 39 | distUpgradeOnBoot: false 40 | disableAutoUpdate: true 41 | versions: 42 | kubelet: "<< KUBERNETES_VERSION >>" 43 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-nutanix.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "nutanix" 28 | cloudProviderSpec: 29 | username: '<< NUTANIX_USERNAME >>' 30 | password: '<< NUTANIX_PASSWORD >>' 31 | endpoint: '<< NUTANIX_ENDPOINT >>' 32 | allowInsecure: true 33 | clusterName: '<< NUTANIX_CLUSTER >>' 34 | projectName: '<< NUTANIX_PROJECT >>' 35 | subnetName: '<< NUTANIX_SUBNET >>' 36 | additionalSubnetNames: [] 37 | imageName: 'machine-controller-e2e-<< OS_NAME >>' 38 | cpus: 2 39 | memoryMB: 2048 40 | diskSize: 20 41 | operatingSystem: "<< OS_NAME >>" 42 | operatingSystemSpec: 43 | distUpgradeOnBoot: false 44 | disableAutoUpdate: true 45 | versions: 46 | kubelet: "<< KUBERNETES_VERSION >>" 47 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-opennebula.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | spec: 7 | replicas: 1 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxSurge: 1 12 | maxUnavailable: 0 13 | selector: 14 | matchLabels: 15 | name: << MACHINE_NAME >> 16 | template: 17 | metadata: 18 | labels: 19 | name: << MACHINE_NAME >> 20 | spec: 21 | providerSpec: 22 | value: 23 | sshPublicKeys: 24 | - "<< YOUR_PUBLIC_KEY >>" 25 | cloudProvider: "opennebula" 26 | cloudProviderSpec: 27 | endpoint: "<< ONE_ENDPOINT >>" 28 | username: "<< ONE_USERNAME >>" 29 | password: "<< ONE_PASSWORD >>" 30 | 31 | cpu: 1 32 | vcpu: 2 33 | memory: 1024 34 | 35 | image: "<< ONE_IMAGE >>" 36 | datastore: "<< ONE_DATASTORE_NAME >>" 37 | diskSize: 51200 # MB 38 | 39 | network: "<< ONE_NETWORK_NAME >>" 40 | 41 | enableVNC: true 42 | operatingSystem: "<< OS_NAME >>" 43 | operatingSystemSpec: 44 | distUpgradeOnBoot: false 45 | disableAutoUpdate: true 46 | # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER` 47 | rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>" 48 | # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD` 49 | rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>" 50 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 51 | 52 | # use cloud-init for flatcar as ignition doesn't know anything about OpenNebula yet 53 | provisioningUtility: "cloud-init" 54 | versions: 55 | kubelet: "<< KUBERNETES_VERSION >>" 56 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-openstack-project-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "openstack" 28 | cloudProviderSpec: 29 | identityEndpoint: "<< IDENTITY_ENDPOINT >>" 30 | username: "<< USERNAME >>" 31 | password: "<< PASSWORD >>" 32 | projectName: "<< PROJECT_NAME >>" 33 | image: "<< OS_IMAGE >>" 34 | flavor: "m1.tiny" 35 | floatingIpPool: "" 36 | domainName: "<< DOMAIN_NAME >>" 37 | region: "<< REGION >>" 38 | network: "<< NETWORK_NAME >>" 39 | instanceReadyCheckPeriod: 5s 40 | instanceReadyCheckTimeout: 2m 41 | operatingSystem: "<< OS_NAME >>" 42 | operatingSystemSpec: 43 | distUpgradeOnBoot: false 44 | disableAutoUpdate: true 45 | # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER` 46 | rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>" 47 | # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD` 48 | rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>" 49 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 50 | versions: 51 | kubelet: "<< KUBERNETES_VERSION >>" 52 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-openstack-upgrade.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "openstack" 28 | cloudProviderSpec: 29 | identityEndpoint: "<< IDENTITY_ENDPOINT >>" 30 | username: "<< USERNAME >>" 31 | password: "<< PASSWORD >>" 32 | tenantName: "<< TENANT_NAME >>" 33 | image: "machine-controller-e2e-ubuntu" 34 | flavor: "m1.small" 35 | floatingIpPool: "" 36 | domainName: "<< DOMAIN_NAME >>" 37 | region: "<< REGION >>" 38 | network: "<< NETWORK_NAME >>" 39 | rootDiskSizeGB: 10 40 | instanceReadyCheckPeriod: 5s 41 | instanceReadyCheckTimeout: 2m 42 | operatingSystem: "<< OS_NAME >>" 43 | operatingSystemSpec: 44 | distUpgradeOnBoot: true 45 | disableAutoUpdate: true 46 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 47 | # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER` 48 | rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>" 49 | # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD` 50 | rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>" 51 | versions: 52 | kubelet: "<< KUBERNETES_VERSION >>" 53 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-openstack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "openstack" 28 | cloudProviderSpec: 29 | identityEndpoint: "<< IDENTITY_ENDPOINT >>" 30 | username: "<< USERNAME >>" 31 | password: "<< PASSWORD >>" 32 | tenantName: "<< TENANT_NAME >>" 33 | image: "<< OS_IMAGE >>" 34 | flavor: "m1.tiny" 35 | floatingIpPool: "" 36 | domainName: "<< DOMAIN_NAME >>" 37 | region: "<< REGION >>" 38 | network: "<< NETWORK_NAME >>" 39 | instanceReadyCheckPeriod: 5s 40 | instanceReadyCheckTimeout: 2m 41 | operatingSystem: "<< OS_NAME >>" 42 | operatingSystemSpec: 43 | distUpgradeOnBoot: false 44 | disableAutoUpdate: true 45 | # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER` 46 | rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>" 47 | # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD` 48 | rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>" 49 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 50 | versions: 51 | kubelet: "<< KUBERNETES_VERSION >>" 52 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-scaleway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "scaleway" 28 | cloudProviderSpec: 29 | accessKey: << SCW_ACCESS_KEY >> 30 | secretKey: << SCW_SECRET_KEY >> 31 | projectId: << SCW_DEFAULT_PROJECT_ID >> 32 | commercialType: "DEV1-M" 33 | zone: "fr-par-1" 34 | tags: 35 | - foo 36 | - bar 37 | operatingSystem: "<< OS_NAME >>" 38 | operatingSystemSpec: 39 | distUpgradeOnBoot: false 40 | disableAutoUpdate: true 41 | versions: 42 | kubelet: "<< KUBERNETES_VERSION >>" 43 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-vsphere-resource-pool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "vsphere" 28 | cloudProviderSpec: 29 | templateVMName: '<< OS_Image_Template >>' 30 | username: '<< VSPHERE_USERNAME >>' 31 | vsphereURL: '<< VSPHERE_ADDRESS >>' 32 | datacenter: 'Hamburg' 33 | folder: '/Hamburg/vm/Kubermatic-ci' 34 | password: << VSPHERE_PASSWORD >> 35 | datastore: 'vsan' 36 | resourcePool: 'e2e-resource-pool' 37 | cluster: Kubermatic 38 | vmAntiAffinity: true 39 | cpus: 2 40 | MemoryMB: 2048 41 | diskSizeGB: << DISK_SIZE >> 42 | allowInsecure: true 43 | operatingSystem: "<< OS_NAME >>" 44 | operatingSystemSpec: 45 | distUpgradeOnBoot: false 46 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 47 | versions: 48 | kubelet: "<< KUBERNETES_VERSION >>" 49 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-vsphere-static-ip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "vsphere" 28 | cloudProviderSpec: 29 | templateVMName: '<< OS_Image_Template >>' 30 | username: '<< VSPHERE_USERNAME >>' 31 | vsphereURL: '<< VSPHERE_ADDRESS >>' 32 | datacenter: 'Hamburg' 33 | folder: '/Hamburg/vm/Kubermatic-ci' 34 | password: << VSPHERE_PASSWORD >> 35 | # example: 'https://your-vcenter:8443'. '/sdk' gets appended automatically 36 | cluster: Kubermatic 37 | vmAntiAffinity: true 38 | datastore: vsan 39 | cpus: 2 40 | MemoryMB: 2048 41 | allowInsecure: true 42 | operatingSystem: "<< OS_NAME >>" 43 | operatingSystemSpec: 44 | distUpgradeOnBoot: false 45 | disableAutoUpdate: true 46 | rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>" 47 | network: 48 | cidr: "192.168.44.<< IP_OCTET >>/20" 49 | gateway: "192.168.32.1" 50 | dns: 51 | servers: 52 | - "192.168.32.1" 53 | - "8.8.8.8" 54 | versions: 55 | kubelet: "<< KUBERNETES_VERSION >>" 56 | -------------------------------------------------------------------------------- /test/e2e/provisioning/testdata/machinedeployment-vultr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cluster.k8s.io/v1alpha1" 2 | kind: MachineDeployment 3 | metadata: 4 | name: << MACHINE_NAME >> 5 | namespace: kube-system 6 | annotations: 7 | k8c.io/operating-system-profile: osp-<< OS_NAME >> 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: RollingUpdate 12 | rollingUpdate: 13 | maxSurge: 1 14 | maxUnavailable: 0 15 | selector: 16 | matchLabels: 17 | name: << MACHINE_NAME >> 18 | template: 19 | metadata: 20 | labels: 21 | name: << MACHINE_NAME >> 22 | spec: 23 | providerSpec: 24 | value: 25 | sshPublicKeys: 26 | - "<< YOUR_PUBLIC_KEY >>" 27 | cloudProvider: "vultr" 28 | cloudProviderSpec: 29 | apiKey: << VULTR_API_KEY >> 30 | region: blr 31 | plan: 'vhf-8c-32gb' 32 | osId: 127 33 | operatingSystem: "<< OS_NAME >>" 34 | operatingSystemSpec: 35 | distUpgradeOnBoot: false 36 | disableAutoUpdate: true 37 | versions: 38 | kubelet: "<< KUBERNETES_VERSION >>" 39 | --------------------------------------------------------------------------------