├── hack ├── .gitignore ├── boilerplate │ ├── boilerplate.pyc │ ├── README.md │ ├── boilerplate.go.txt │ ├── boilerplate.generatego.txt │ ├── boilerplate.py.txt │ ├── boilerplate.sh.txt │ ├── boilerplate.bzl.txt │ ├── boilerplate.generatebzl.txt │ ├── boilerplate.Makefile.txt │ ├── test │ │ ├── pass.go │ │ ├── pass.py │ │ ├── fail.py │ │ └── fail.go │ └── boilerplate.Dockerfile.txt ├── tools │ ├── .custom-gcl.yaml │ ├── janitor │ │ └── README.md │ └── openvpn │ │ ├── Dockerfile │ │ └── openvpn.sh ├── boilerplate.go.txt ├── ci-apidiff.sh ├── verify-api-conversion.sh ├── ci-test-coverage.sh ├── generate-doctoc.sh ├── codecov-ignore.sh ├── create-mirror-repository-pr.sh └── get-project-maintainers.sh ├── test ├── e2e │ ├── config │ │ └── .gitignore │ └── data │ │ ├── infrastructure-vsphere-govmomi │ │ ├── main │ │ │ ├── commons │ │ │ │ ├── remove-storage-policy.yaml │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ ├── vcpu.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── ignition │ │ │ │ ├── patch-user-md.yaml │ │ │ │ ├── patch-user-kcp.yaml │ │ │ │ ├── flatcar.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── clusterclass-runtimesdk │ │ │ │ ├── name.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── patch-test-extension.yaml │ │ │ ├── topology-runtimesdk │ │ │ │ ├── clusterclass.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── pci │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pci-device-template.yaml │ │ │ ├── conformance │ │ │ │ ├── kustomization.yaml │ │ │ │ └── worker-node-size.yaml │ │ │ ├── multi-disk │ │ │ │ ├── kustomization.yaml │ │ │ │ └── data-disks-patch.yaml │ │ │ ├── dhcp-overrides │ │ │ │ ├── kustomization.yaml │ │ │ │ └── dhcp-overrides.yaml │ │ │ ├── ipam │ │ │ │ ├── kustomization.yaml │ │ │ │ └── ippool.yaml │ │ │ ├── mhc-remediation │ │ │ │ ├── md │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── mhc-label.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ └── kcp │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── mhc.yaml │ │ │ ├── node-drain │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── md-drain.yaml │ │ │ │ └── kcp-drain.yaml │ │ │ ├── fast-rollout │ │ │ │ ├── kustomization.yaml │ │ │ │ └── set-md-rollout-strategy.yaml │ │ │ ├── ownerrefs-finalizers │ │ │ │ ├── vspherecluster-failuredomainselector.yaml │ │ │ │ ├── drop-existing-identity-secret.yaml │ │ │ │ ├── vsphereclusteridentity.yaml │ │ │ │ ├── cluster-identity.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── failure-domains.yaml │ │ │ ├── clusterclass │ │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── topology │ │ │ │ └── kustomization.yaml │ │ │ ├── hw-upgrade │ │ │ │ └── kustomization.yaml │ │ │ ├── storage-policy │ │ │ │ └── kustomization.yaml │ │ │ └── base │ │ │ │ └── kustomization.yaml │ │ ├── v1.11 │ │ │ ├── workload │ │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── topology │ │ │ │ └── kustomization.yaml │ │ │ └── clusterclass │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ ├── v1.12 │ │ │ ├── workload │ │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── topology │ │ │ │ └── kustomization.yaml │ │ │ └── clusterclass │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ ├── v1.13 │ │ │ ├── workload │ │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── clusterclass │ │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── topology │ │ │ │ └── kustomization.yaml │ │ └── v1.14 │ │ │ ├── workload │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ ├── cluster-resource-set-label.yaml │ │ │ ├── cluster-network-CIDR.yaml │ │ │ └── cluster-resource-set.yaml │ │ │ ├── clusterclass │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ ├── patch-namingstrategy.yaml │ │ │ └── kustomization.yaml │ │ │ └── topology │ │ │ └── kustomization.yaml │ │ ├── kubetest │ │ ├── upstream-conformance.yaml │ │ ├── conformance.yaml │ │ ├── conformance-fast.yaml │ │ ├── upstream-e2e-serial.yaml │ │ ├── upstream-e2e.yaml │ │ ├── upstream-e2e-slow.yaml │ │ └── upstream-e2e-alpha-features.yaml │ │ ├── infrastructure-vsphere-supervisor │ │ ├── main │ │ │ ├── clusterclass-runtimesdk │ │ │ │ ├── name.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── patch-test-extension.yaml │ │ │ ├── topology-runtimesdk │ │ │ │ ├── clusterclass.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── conformance │ │ │ │ ├── kustomization.yaml │ │ │ │ └── worker-node-size.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── fast-rollout │ │ │ │ ├── kustomization.yaml │ │ │ │ └── set-md-rollout-strategy.yaml │ │ │ ├── topology-autoscaler │ │ │ │ ├── kustomization.yaml │ │ │ │ └── cluster-autoscaler.yaml │ │ │ ├── clusterclass │ │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── topology │ │ │ │ └── kustomization.yaml │ │ │ ├── ownerrefs-finalizers │ │ │ │ └── kustomization.yaml │ │ │ └── base │ │ │ │ └── kustomization.yaml │ │ ├── v1.11 │ │ │ ├── workload │ │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── clusterclass │ │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── topology │ │ │ │ └── kustomization.yaml │ │ ├── v1.12 │ │ │ ├── workload │ │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── clusterclass │ │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── topology │ │ │ │ └── kustomization.yaml │ │ ├── v1.13 │ │ │ ├── workload │ │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ │ ├── cluster-resource-set-label.yaml │ │ │ │ ├── cluster-network-CIDR.yaml │ │ │ │ └── cluster-resource-set.yaml │ │ │ ├── clusterclass │ │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ │ ├── patch-namingstrategy.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── topology │ │ │ │ └── kustomization.yaml │ │ └── v1.14 │ │ │ ├── workload │ │ │ ├── workload-control-plane-endpoint-ip.yaml │ │ │ └── kustomization.yaml │ │ │ ├── commons │ │ │ ├── cluster-resource-set-label.yaml │ │ │ ├── cluster-network-CIDR.yaml │ │ │ └── cluster-resource-set.yaml │ │ │ ├── clusterclass │ │ │ ├── patch-vm-namingstrategy.yaml │ │ │ ├── patch-namingstrategy.yaml │ │ │ └── kustomization.yaml │ │ │ └── topology │ │ │ └── kustomization.yaml │ │ └── shared │ │ ├── vmoperator │ │ └── v1.8 │ │ │ └── metadata.yaml │ │ ├── caipamic │ │ └── v1.0 │ │ │ └── metadata.yaml │ │ ├── capi │ │ ├── v1.9 │ │ │ └── metadata.yaml │ │ ├── v1.10 │ │ │ └── metadata.yaml │ │ ├── v1.11 │ │ │ └── metadata.yaml │ │ └── v1.12 │ │ │ └── metadata.yaml │ │ └── capv │ │ ├── v1.12 │ │ └── metadata.yaml │ │ └── v1.13 │ │ └── metadata.yaml ├── infrastructure │ ├── vm-operator │ │ ├── .gitignore │ │ └── config │ │ │ ├── .gitignore │ │ │ ├── vm-operator-replicas.yaml │ │ │ ├── vm-operator-pull-policy.yaml │ │ │ ├── vm-operator-host-network.yaml │ │ │ ├── vm-operator-drop-certs-volume.yaml │ │ │ └── vm-operator-image-names.yaml │ ├── vcsim │ │ ├── config │ │ │ ├── manager │ │ │ │ └── kustomization.yaml │ │ │ ├── webhook │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── service.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ ├── certmanager │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── certificate.yaml │ │ │ ├── rbac │ │ │ │ ├── service_account.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── role_binding.yaml │ │ │ │ ├── leader_election_role_binding.yaml │ │ │ │ └── leader_election_role.yaml │ │ │ ├── default │ │ │ │ ├── namespace.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── manager_pull_policy.yaml │ │ │ │ ├── manager_image_patch.yaml │ │ │ │ └── manager_webhook_patch.yaml │ │ │ └── crd │ │ │ │ ├── patches │ │ │ │ ├── cainjection_in_envvars.yaml │ │ │ │ ├── cainjection_in_vcentersimulators.yaml │ │ │ │ ├── cainjection_in_controlplaneendpoints.yaml │ │ │ │ └── cainjection_in_vmoperatordependencies.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ ├── api │ │ │ └── v1alpha1 │ │ │ │ ├── .import-restrictions │ │ │ │ └── doc.go │ │ ├── tilt-provider.yaml │ │ └── controllers │ │ │ ├── doc.go │ │ │ └── images │ │ │ └── images.go │ └── net-operator │ │ ├── config │ │ ├── manager │ │ │ └── kustomization.yaml │ │ ├── webhook │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── certmanager │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── certificate.yaml │ │ ├── rbac │ │ │ ├── service_account.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── leader_election_role.yaml │ │ │ └── role.yaml │ │ └── default │ │ │ ├── namespace.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ ├── manager_pull_policy.yaml │ │ │ ├── manager_image_patch.yaml │ │ │ └── manager_webhook_patch.yaml │ │ ├── README.md │ │ ├── tilt-provider.yaml │ │ └── controllers │ │ └── doc.go ├── extension │ ├── config │ │ ├── manager │ │ │ └── kustomization.yaml │ │ ├── webhook │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── certmanager │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── certificate.yaml │ │ ├── rbac │ │ │ ├── service_account.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── leader_election_role.yaml │ │ │ └── role.yaml │ │ ├── default │ │ │ ├── namespace.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ ├── manager_pull_policy.yaml │ │ │ ├── manager_image_patch.yaml │ │ │ └── manager_webhook_patch.yaml │ │ └── tilt │ │ │ └── extensionconfig.yaml │ ├── README.md │ └── tilt-provider.yaml └── framework │ └── vmoperator │ └── doc.go ├── config ├── base │ ├── namespace.yaml │ ├── kustomizeconfig.yaml │ ├── manager_pull_policy.yaml │ ├── credentials.yaml │ ├── manager_image_patch.yaml │ ├── manager_role_aggregation_patch.yaml │ ├── manager_credentials_patch.yaml │ ├── manager_prometheus_metrics_patch.yaml │ └── manager_webhook_patch.yaml ├── rbac │ ├── serviceaccount.yaml │ ├── aggregate_labels.yaml │ ├── aggregate_role.yaml │ ├── kustomization.yaml │ ├── role_binding.yaml │ ├── leader_election_role_binding.yaml │ └── leader_election_role.yaml ├── certmanager │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── certificate.yaml ├── manager │ └── kustomization.yaml ├── govmomi │ └── webhook │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── webhookcainjection_patch.yaml ├── supervisor │ └── webhook │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── webhookcainjection_patch.yaml ├── metrics │ ├── kustomization.yaml │ └── crd-clusterrole.yaml ├── default │ ├── crd │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_vspherevms.yaml │ │ │ ├── cainjection_in_vsphereclusters.yaml │ │ │ ├── cainjection_in_vspheremachines.yaml │ │ │ ├── cainjection_in_vspheredeploymentzones.yaml │ │ │ ├── cainjection_in_vspherefailuredomains.yaml │ │ │ ├── cainjection_in_vsphereclustertemplates.yaml │ │ │ ├── cainjection_in_vspheremachinetemplates.yaml │ │ │ ├── webhook_in_vspherevms.yaml │ │ │ ├── webhook_in_vsphereclusters.yaml │ │ │ ├── webhook_in_vspheremachines.yaml │ │ │ ├── webhook_in_vsphereclustertemplates.yaml │ │ │ ├── webhook_in_vspheredeploymentzones.yaml │ │ │ ├── webhook_in_vspherefailuredomains.yaml │ │ │ └── webhook_in_vspheremachinetemplates.yaml │ └── kustomization.yaml └── deployments │ └── integration-tests │ ├── README.md │ └── kustomization.yaml ├── packaging └── flavorgen │ ├── cloudprovider │ ├── csi │ │ ├── namespace.yaml │ │ ├── README.md │ │ └── kustomization.yaml │ └── embed.go │ ├── main.go │ └── flavors │ └── kubevip │ └── kubevip.go ├── docs └── design │ ├── create-workflow.png │ ├── cluster-admission-cluster-controller.puml │ └── cluster-admission-machine-controller.puml ├── code-of-conduct.md ├── clusterctl-settings.json ├── apis ├── v1beta1 │ ├── .import-restrictions │ ├── doc.go │ ├── vspherevm_conversion.go │ ├── vspherecluster_conversion.go │ ├── vspheremachine_conversion.go │ ├── vspherefailuredomain_conversion.go │ ├── vspheredeploymentzone_conversion.go │ ├── vsphereclusteridentity_conversion.go │ ├── vsphereclustertemplate_conversion.go │ └── vspheremachinetemplate_conversion.go ├── .import-restrictions ├── vmware │ └── v1beta1 │ │ ├── .import-restrictions │ │ └── doc.go ├── v1alpha3 │ ├── doc.go │ └── topology_conversion.go └── v1alpha4 │ ├── doc.go │ └── topology_conversion.go ├── .github ├── codecov.yml ├── workflows │ ├── pr-verify.yaml │ ├── pr-md-link-check.yaml │ ├── weekly-md-link-check.yaml │ ├── weekly-security-scan.yaml │ └── cover.yaml └── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md ├── OWNERS ├── .markdownlinkcheck.json ├── SECURITY_CONTACTS ├── webhooks ├── doc.go └── vmware │ └── doc.go ├── internal ├── webhooks │ ├── doc.go │ └── util.go └── apis │ └── topology │ └── v1alpha1 │ └── groupversion_info.go ├── cloudbuild.yaml ├── pkg ├── services │ ├── govmomi │ │ ├── constants.go │ │ ├── ipam │ │ │ └── error.go │ │ ├── storageprofile_util.go │ │ └── context.go │ └── network │ │ └── network_suite_test.go ├── util │ └── ipaddress_claim.go └── context │ └── vmware │ └── guest_cluster_context.go ├── cloudbuild-nightly.yaml ├── OWNERS_ALIASES ├── .dockerignore └── tilt-provider.yaml /hack/.gitignore: -------------------------------------------------------------------------------- 1 | /.bin/ -------------------------------------------------------------------------------- /test/e2e/config/.gitignore: -------------------------------------------------------------------------------- 1 | config-overrides.yaml 2 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/.gitignore: -------------------------------------------------------------------------------- 1 | vm-operator.tmp 2 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/config/.gitignore: -------------------------------------------------------------------------------- 1 | vm-operator.yaml 2 | -------------------------------------------------------------------------------- /test/extension/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /config/base/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: system -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /config/rbac/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: manager 5 | namespace: system -------------------------------------------------------------------------------- /test/extension/README.md: -------------------------------------------------------------------------------- 1 | # CAPV test-extension 2 | 3 | Provide a minimal implementation of a Runtime SDK test-extension. 4 | -------------------------------------------------------------------------------- /config/base/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - kind: Deployment 3 | path: spec/template/spec/volumes/secret/secretName 4 | -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /packaging/flavorgen/cloudprovider/csi/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: vmware-system-csi 5 | -------------------------------------------------------------------------------- /test/extension/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - manager.yaml 5 | -------------------------------------------------------------------------------- /docs/design/create-workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-vsphere/HEAD/docs/design/create-workflow.png -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-vsphere/HEAD/hack/boilerplate/boilerplate.pyc -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/commons/remove-storage-policy.yaml: -------------------------------------------------------------------------------- 1 | - op: remove 2 | path: /spec/template/spec/storagePolicyName -------------------------------------------------------------------------------- /test/extension/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /test/extension/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ignition/patch-user-md.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/users/0/name 3 | value: "capv" 4 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/upstream-conformance.yaml: -------------------------------------------------------------------------------- 1 | disable-log-dump: true 2 | ginkgo.focus: \[Conformance\] 3 | # ginkgo.skip: 4 | 5 | ginkgo.trace: true 6 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ignition/patch-user-kcp.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/kubeadmConfigSpec/users/0/name 3 | value: "capv" 4 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /config/govmomi/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service.yaml 3 | - manifests.yaml 4 | 5 | patchesStrategicMerge: 6 | - webhookcainjection_patch.yaml 7 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /config/supervisor/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service.yaml 3 | - manifests.yaml 4 | 5 | patchesStrategicMerge: 6 | - webhookcainjection_patch.yaml 7 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/clusterclass-runtimesdk/name.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /metadata/name 3 | value: ${CLUSTER_CLASS_NAME}-runtimesdk -------------------------------------------------------------------------------- /test/extension/config/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/clusterclass-runtimesdk/name.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /metadata/name 3 | value: ${CLUSTER_CLASS_NAME}-runtimesdk 4 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/README.md: -------------------------------------------------------------------------------- 1 | # net-operator 2 | 3 | Provide a minimal implementation of the net-operator. See [vm-operator](../vm-operator/README.md) for more details. 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/topology-runtimesdk/clusterclass.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/classRef/name 3 | value: ${CLUSTER_CLASS_NAME}-runtimesdk 4 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | -------------------------------------------------------------------------------- /clusterctl-settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infrastructure-vsphere", 3 | "config": { 4 | "componentsFile": "infrastructure-components.yaml", 5 | "nextVersion": "v1.15.99" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/topology-runtimesdk/clusterclass.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/classRef/name 3 | value: ${CLUSTER_CLASS_NAME}-runtimesdk 4 | -------------------------------------------------------------------------------- /apis/v1beta1/.import-restrictions: -------------------------------------------------------------------------------- 1 | rules: 2 | - selectorRegexp: sigs[.]k8s[.]io/controller-runtime 3 | allowedPrefixes: [] 4 | forbiddenPrefixes: 5 | - "sigs.k8s.io/controller-runtime" 6 | -------------------------------------------------------------------------------- /apis/.import-restrictions: -------------------------------------------------------------------------------- 1 | rules: 2 | - selectorRegexp: sigs[.]k8s[.]io/controller-runtime 3 | allowedPrefixes: 4 | - "sigs.k8s.io/controller-runtime/pkg/conversion" 5 | forbiddenPrefixes: [] 6 | -------------------------------------------------------------------------------- /apis/vmware/v1beta1/.import-restrictions: -------------------------------------------------------------------------------- 1 | rules: 2 | - selectorRegexp: sigs[.]k8s[.]io/controller-runtime 3 | allowedPrefixes: [] 4 | forbiddenPrefixes: 5 | - "sigs.k8s.io/controller-runtime" 6 | -------------------------------------------------------------------------------- /config/govmomi/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook-service 5 | namespace: system 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: webhook-server -------------------------------------------------------------------------------- /hack/tools/.custom-gcl.yaml: -------------------------------------------------------------------------------- 1 | version: v2.1.0 2 | name: golangci-lint-kube-api-linter 3 | destination: ./bin 4 | plugins: 5 | - module: 'sigs.k8s.io/kube-api-linter' 6 | version: v0.0.0-20250908163129-65a570bd22aa 7 | -------------------------------------------------------------------------------- /config/supervisor/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook-service 5 | namespace: system 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: webhook-server 10 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/api/v1alpha1/.import-restrictions: -------------------------------------------------------------------------------- 1 | rules: 2 | - selectorRegexp: sigs[.]k8s[.]io/controller-runtime 3 | allowedPrefixes: [] 4 | forbiddenPrefixes: 5 | - "sigs.k8s.io/controller-runtime" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/pci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patchesStrategicMerge: 6 | - pci-device-template.yaml 7 | -------------------------------------------------------------------------------- /test/extension/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook-service 5 | namespace: system 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: webhook-server 10 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/config/vm-operator-replicas.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: vmware-system-vmop-controller-manager 5 | namespace: vmware-system-vmop 6 | spec: 7 | replicas: 1 8 | -------------------------------------------------------------------------------- /packaging/flavorgen/cloudprovider/csi/README.md: -------------------------------------------------------------------------------- 1 | # CSI 2 | 3 | The manifest at `vsphere-csi-driver.yaml` is synced from `https://raw.githubusercontent.com/kubernetes-sigs/vsphere-csi-driver/${VERSION}/manifests/vanilla/vsphere-csi-driver.yaml`. -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/conformance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patchesStrategicMerge: 6 | - worker-node-size.yaml 7 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/multi-disk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patchesStrategicMerge: 6 | - data-disks-patch.yaml 7 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/conformance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patchesStrategicMerge: 6 | - worker-node-size.yaml 7 | -------------------------------------------------------------------------------- /test/extension/config/default/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | varReference: 3 | - kind: Deployment 4 | path: spec/template/spec/volumes/secret/secretName 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/dhcp-overrides/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patchesStrategicMerge: 6 | - dhcp-overrides.yaml 7 | 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ipam/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - ippool.yaml 6 | patchesStrategicMerge: 7 | - ipam-patch.yaml 8 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook-service 5 | namespace: system 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: webhook-server 10 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webhook-service 5 | namespace: system 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: webhook-server 10 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/default/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | varReference: 3 | - kind: Deployment 4 | path: spec/template/spec/volumes/secret/secretName 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/mhc-remediation/md/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - mhc-label.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/workload/workload-control-plane-endpoint-ip.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/variables/2 3 | value: 4 | name: controlPlaneIpAddr 5 | value: "${WORKLOAD_CONTROL_PLANE_ENDPOINT_IP}" 6 | -------------------------------------------------------------------------------- /test/extension/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | 4 | varReference: 5 | - path: metadata/annotations 6 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/default/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | varReference: 3 | - kind: Deployment 4 | path: spec/template/spec/volumes/secret/secretName 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/mhc-remediation/kcp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - ../../commons/vcpu.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/conformance.yaml: -------------------------------------------------------------------------------- 1 | ginkgo.focus: \[Conformance\] 2 | ginkgo.skip: \[Serial\] 3 | disable-log-dump: true 4 | ginkgo.show-node-events: true 5 | ginkgo.slow-spec-threshold: 120s 6 | ginkgo.flake-attempts: 3 7 | ginkgo.trace: true 8 | ginkgo.v: true 9 | -------------------------------------------------------------------------------- /test/extension/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - role.yaml 5 | - role_binding.yaml 6 | - service_account.yaml 7 | - leader_election_role.yaml 8 | - leader_election_role_binding.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /config/rbac/aggregate_labels.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: manager-role 5 | labels: 6 | kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" 7 | cluster.x-k8s.io/aggregate-to-manager: "true" 8 | -------------------------------------------------------------------------------- /hack/boilerplate/README.md: -------------------------------------------------------------------------------- 1 | # Boilerplate utilities 2 | 3 | The boilerplate validation utilities have been copied and adapted from upstream Kubernetes, see [boilerplate](https://github.com/kubernetes/kubernetes/blob/4dfd73940396730caf331e35cbb28235d233f2a0/hack/boilerplate). 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/node-drain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patchesStrategicMerge: 6 | - kcp-drain.yaml 7 | - md-drain.yaml 8 | - ../commons/vcpu.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/topology-runtimesdk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: ./clusterclass.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/commons/cluster-resource-set-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | labels: 7 | cni: "${CLUSTER_NAME}-crs-cni" 8 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - role.yaml 5 | - role_binding.yaml 6 | - service_account.yaml 7 | - leader_election_role.yaml 8 | - leader_election_role_binding.yaml 9 | -------------------------------------------------------------------------------- /config/base/manager_pull_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Always 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/fast-rollout/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: ./set-md-rollout-strategy.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/topology-runtimesdk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: ./clusterclass.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/fast-rollout/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: ./set-md-rollout-strategy.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/topology-autoscaler/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: ./cluster-autoscaler.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../topology 5 | patches: 6 | - target: 7 | kind: Cluster 8 | path: workload-control-plane-endpoint-ip.yaml 9 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - role.yaml 5 | - role_binding.yaml 6 | - service_account.yaml 7 | - leader_election_role.yaml 8 | - leader_election_role_binding.yaml 9 | -------------------------------------------------------------------------------- /.github/codecov.yml: -------------------------------------------------------------------------------- 1 | coverage: 2 | status: 3 | project: 4 | default: 5 | target: auto 6 | threshold: 1% 7 | informational: true 8 | patch: 9 | default: 10 | target: auto 11 | threshold: 1% 12 | informational: true 13 | -------------------------------------------------------------------------------- /config/base/credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: manager-bootstrap-credentials 5 | namespace: system 6 | type: Opaque 7 | stringData: 8 | credentials.yaml: |- 9 | username: '${VSPHERE_USERNAME}' 10 | password: '${VSPHERE_PASSWORD}' 11 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/conformance-fast.yaml: -------------------------------------------------------------------------------- 1 | ginkgo.focus: \[Conformance\] 2 | ginkgo.skip: \[sig-scheduling\].*\[Serial\] 3 | disable-log-dump: true 4 | ginkgo.show-node-events: true 5 | ginkgo.slow-spec-threshold: 120s 6 | ginkgo.flake-attempts: 3 7 | ginkgo.trace: true 8 | ginkgo.v: true 9 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/tilt-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: net-operator 3 | config: 4 | version: v1.15.99 5 | image: gcr.io/k8s-staging-capi-vsphere/cluster-api-net-operator 6 | live_reload_deps: 7 | - main.go 8 | - controllers 9 | label: NETOP 10 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ownerrefs-finalizers/vspherecluster-failuredomainselector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 2 | kind: VSphereCluster 3 | metadata: 4 | name: ${CLUSTER_NAME} 5 | namespace: ${NAMESPACE} 6 | spec: 7 | failureDomainSelector: {} -------------------------------------------------------------------------------- /test/extension/config/default/manager_pull_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Always 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ownerrefs-finalizers/drop-existing-identity-secret.yaml: -------------------------------------------------------------------------------- 1 | # This secret is not needed. This cluster uses a ClusterIdentity instead 2 | $patch: delete 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: ${CLUSTER_NAME} 7 | namespace: ${NAMESPACE} 8 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/default/manager_pull_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Always 12 | -------------------------------------------------------------------------------- /config/rbac/aggregate_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: aggregated-manager-role 5 | aggregationRule: 6 | clusterRoleSelectors: 7 | - matchLabels: 8 | capv.infrastucture.cluster.x-k8s.io/aggregate-to-manager: "true" 9 | rules: [] 10 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/fast-rollout/set-md-rollout-strategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/topology/workers/machineDeployments/0/rollout 3 | value: 4 | strategy: 5 | type: RollingUpdate 6 | rollingUpdate: 7 | maxUnavailable: "100%" 8 | maxSurge: "100%" 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/fast-rollout/set-md-rollout-strategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/topology/workers/machineDeployments/0/rollout 3 | value: 4 | strategy: 5 | type: RollingUpdate 6 | rollingUpdate: 7 | maxUnavailable: "100%" 8 | maxSurge: "100%" 9 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/default/manager_pull_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Always 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/tilt-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: vcsim 3 | config: 4 | version: v1.15.99 5 | image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vcsim-controller 6 | live_reload_deps: 7 | - main.go 8 | - api 9 | - controllers 10 | - server 11 | label: VCSIM 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ignition/flatcar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 2 | kind: VSphereMachineTemplate 3 | metadata: 4 | name: ${CLUSTER_NAME} 5 | namespace: ${NAMESPACE} 6 | spec: 7 | template: 8 | spec: 9 | template: '${FLATCAR_VSPHERE_TEMPLATE}' 10 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/clusterclass/patch-vm-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/namingStrategy 3 | value: 4 | template: '{{ if le (len .machine.name) 20 }}{{ .machine.name }}{{else}}{{ trimSuffix "-" (trunc 14 .machine.name) }}-{{ trunc -5 .machine.name }}{{end}}' 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/commons/cluster-network-CIDR.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: Cluster 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | clusterNetwork: 8 | pods: 9 | cidrBlocks: 10 | - 192.168.128.0/24 11 | -------------------------------------------------------------------------------- /config/base/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-controller:main 11 | name: manager 12 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - role.yaml 5 | - role_binding.yaml 6 | - leader_election_role.yaml 7 | - leader_election_role_binding.yaml 8 | - aggregate_role.yaml 9 | - serviceaccount.yaml 10 | patchesStrategicMerge: 11 | - aggregate_labels.yaml 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/mhc-remediation/md/mhc-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: MachineDeployment 3 | metadata: 4 | name: '${CLUSTER_NAME}-md-0' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | template: 8 | metadata: 9 | labels: 10 | "e2e.remediation.label": "" 11 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/config/vm-operator-pull-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: vmware-system-vmop-controller-manager 5 | namespace: vmware-system-vmop 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Always 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/conformance/worker-node-size.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereMachineTemplate 4 | metadata: 5 | name: ${CLUSTER_NAME}-worker 6 | namespace: ${NAMESPACE} 7 | spec: 8 | template: 9 | spec: 10 | memoryMiB: 8192 11 | numCPUs: 8 12 | -------------------------------------------------------------------------------- /test/extension/config/default/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-test-extension:dev 11 | name: manager 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ipam/ippool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: ipam.cluster.x-k8s.io/v1alpha2 3 | kind: InClusterIPPool 4 | metadata: 5 | name: ${CLUSTER_NAME} 6 | namespace: ${NAMESPACE} 7 | spec: 8 | prefix: ${IPAM_PREFIX:-24} 9 | gateway: ${IPAM_GATEWAY} 10 | addresses: 11 | - ${IPAM_IP_1} 12 | - ${IPAM_IP_2} 13 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/node-drain/md-drain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1beta2 2 | kind: MachineDeployment 3 | metadata: 4 | name: "${CLUSTER_NAME}-md-0" 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | template: 8 | spec: 9 | deletion: 10 | nodeDrainTimeoutSeconds: "${NODE_DRAIN_TIMEOUT_SECONDS}" 11 | -------------------------------------------------------------------------------- /test/extension/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/default/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - image: gcr.io/k8s-staging-capi-vsphere/cluster-api-net-operator:main 11 | name: manager 12 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/default/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vcsim-controller:main 11 | name: manager 12 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/config/vm-operator-host-network.yaml: -------------------------------------------------------------------------------- 1 | # Set hostNetwork: false because we are running out of the supervisor 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: vmware-system-vmop-controller-manager 6 | namespace: vmware-system-vmop 7 | spec: 8 | template: 9 | spec: 10 | hostNetwork: false 11 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - cluster-api-maintainers 5 | - cluster-api-vsphere-maintainers 6 | - sig-cluster-lifecycle-leads 7 | - sig-cluster-lifecycle-tech-leads 8 | 9 | reviewers: 10 | - cluster-api-vsphere-maintainers 11 | - cluster-api-vsphere-reviewers 12 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /hack/tools/janitor/README.md: -------------------------------------------------------------------------------- 1 | # janitor 2 | 3 | The janitor is a tool for CI to cleanup objects leftover from failed or killed prowjobs. 4 | It can be run regularly as prowjob. 5 | 6 | It retrieves vSphere projects from Boskos and then deletes VMs and resource pools accordingly. 7 | Additionally it will delete cluster modules which do not refer any virtual machine. 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /config/metrics/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ./crd-clusterrole.yaml 3 | 4 | namespace: observability 5 | 6 | configMapGenerator: 7 | - name: kube-state-metrics-crd-config-capv 8 | files: 9 | - capv.yaml=crd-metrics-config.yaml 10 | options: 11 | disableNameSuffixHash: true 12 | labels: 13 | kube-state-metrics/custom-resource: "true" 14 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/hw-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patches: 6 | - target: 7 | kind: VSphereMachineTemplate 8 | patch: |- 9 | - op: add 10 | path: /spec/template/spec/hardwareVersion 11 | value: vmx-17 -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ownerrefs-finalizers/vsphereclusteridentity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereCluster 4 | metadata: 5 | name: "${CLUSTER_NAME}" 6 | namespace: "${NAMESPACE}" 7 | spec: 8 | identityRef: 9 | kind: VSphereClusterIdentity 10 | name: ownerrefs-finalizers 11 | 12 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/conformance/worker-node-size.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: vmware.infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereMachineTemplate 4 | metadata: 5 | name: ${CLUSTER_NAME}-worker 6 | namespace: ${NAMESPACE} 7 | spec: 8 | template: 9 | spec: 10 | className: ${VSPHERE_MACHINE_CLASS_NAME_CONFORMANCE} 11 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/naming 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/naming 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/naming 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/naming 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology-supervisor.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology-supervisor.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology-supervisor.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology-supervisor.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-topology-supervisor.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | -------------------------------------------------------------------------------- /test/extension/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/naming 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/naming 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/naming 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/naming 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/pci/pci-device-template.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereMachineTemplate 4 | metadata: 5 | name: ${CLUSTER_NAME}-worker 6 | namespace: ${NAMESPACE} 7 | spec: 8 | template: 9 | spec: 10 | pciDevices: 11 | - deviceId: ${DEVICE_ID} 12 | vendorId: ${VENDOR_ID} -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/namingStrategy 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/namingStrategy 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/namingStrategy 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/namingStrategy 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/namingStrategy 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/namingStrategy 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/namingStrategy 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/namingStrategy 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/namingStrategy 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/namingStrategy 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/clusterclass/patch-namingstrategy.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/controlPlane/namingStrategy 3 | value: 4 | template: '{{ .cluster.name }}-cp-{{ .random }}' 5 | - op: add 6 | path: /spec/workers/machineDeployments/0/namingStrategy 7 | value: 8 | template: '{{ .cluster.name }}-md-{{ .machineDeployment.topologyName }}-{{ .random }}' 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ownerrefs-finalizers/cluster-identity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereClusterIdentity 4 | metadata: 5 | name: ownerrefs-finalizers 6 | spec: 7 | secretName: ownerrefs-finalizers 8 | allowedNamespaces: 9 | selector: 10 | matchLabels: 11 | kubernetes.io/metadata.name: '${NAMESPACE}' -------------------------------------------------------------------------------- /config/default/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhook/clientConfig/service/name 9 | 10 | varReference: 11 | - path: metadata/annotations 12 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/upstream-e2e-serial.yaml: -------------------------------------------------------------------------------- 1 | # original jobs: https://github.com/kubernetes/test-infra/blob/92927d1abec1c3c78e396356e1bbaf19f9e2b699/config/jobs/kubernetes/sig-cloud-provider/gcp/gcp-gce.yaml#L857 2 | disable-log-dump: true 3 | ginkgo.focus: \[Serial\]|\[Disruptive\] 4 | ginkgo.skip: \[Driver:.gcepd\]|\[Flaky\]|\[Feature:.+\] 5 | minStartupPods: 8 6 | ginkgo.flake-attempts: 1 7 | 8 | ginkgo.trace: true 9 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/upstream-e2e.yaml: -------------------------------------------------------------------------------- 1 | # original job: https://github.com/kubernetes/test-infra/blob/92927d1abec1c3c78e396356e1bbaf19f9e2b699/config/jobs/kubernetes/sig-cloud-provider/gcp/gcp-gce.yaml#L581 2 | disable-log-dump: true 3 | # ginkgo.focus: 4 | ginkgo.skip: \[Driver:.gcepd\]|\[Slow\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:.+\] 5 | minStartupPods: 8 6 | ginkgo.flake-attempts: 1 7 | 8 | ginkgo.trace: true 9 | -------------------------------------------------------------------------------- /test/extension/tilt-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: capv-test-extension 3 | config: 4 | version: v1.15.99 5 | image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-test-extension 6 | live_reload_deps: 7 | - main.go 8 | - handlers 9 | label: CAPV_EXTENSION 10 | additional_resources: 11 | - config/tilt/extensionconfig.yaml 12 | resource_deps: 13 | - "capi_controller" 14 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/upstream-e2e-slow.yaml: -------------------------------------------------------------------------------- 1 | # original job: https://github.com/kubernetes/test-infra/blob/92927d1abec1c3c78e396356e1bbaf19f9e2b699/config/jobs/kubernetes/sig-cloud-provider/gcp/gcp-gce.yaml#L896 2 | disable-log-dump: true 3 | ginkgo.focus: \[Slow\] 4 | ginkgo.skip: \[Driver:.gcepd\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:.+\] 5 | minStartupPods: 8 6 | ginkgo.flake-attempts: 1 7 | 8 | ginkgo.trace: true 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vspherevms.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vspherevms.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vsphereclusters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vsphereclusters.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vspheremachines.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vspheremachines.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/ownerrefs-finalizers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | # Note: we need a template named cluster-template-ownerrefs-finalizers-supervisor because the corresponding govimomi template 5 | # is different from the govimomi base template. However, in case of supervisor, this template matches the base one. 6 | - ../base 7 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/crd/patches/cainjection_in_envvars.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: envvars.vcsim.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vspheredeploymentzones.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vspheredeploymentzones.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vspherefailuredomains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vspherefailuredomains.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /packaging/flavorgen/cloudprovider/csi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: vmware-system-csi 4 | resources: 5 | - namespace.yaml 6 | - vsphere-csi-driver.yaml 7 | patches: 8 | - patch: |- 9 | kind: Deployment 10 | apiVersion: apps/v1 11 | metadata: 12 | name: vsphere-csi-controller 13 | namespace: vmware-system-csi 14 | spec: 15 | replicas: 1 16 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/topology-autoscaler/cluster-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/topology/workers/machineDeployments/0/metadata 3 | value: 4 | annotations: 5 | cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "5" 6 | cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "2" 7 | - op: remove 8 | path: /spec/topology/workers/machineDeployments/0/replicas 9 | 10 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vsphereclustertemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vsphereclustertemplates.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/cainjection_in_vspheremachinetemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vspheremachinetemplates.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /test/e2e/data/shared/vmoperator/v1.8/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 8 11 | contract: v1beta1 12 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/crd/patches/cainjection_in_vcentersimulators.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vcentersimulators.vcsim.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/storage-policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patches: 6 | - target: 7 | kind: VSphereMachineTemplate 8 | patch: |- 9 | - op: remove 10 | path: /spec/template/spec/datastore 11 | - op: add 12 | path: /spec/template/spec/storagePolicyName 13 | value: '${VSPHERE_STORAGE_POLICY}' 14 | -------------------------------------------------------------------------------- /test/e2e/data/shared/caipamic/v1.0/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 0 11 | contract: v1beta1 12 | 13 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/crd/patches/cainjection_in_controlplaneendpoints.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: controlplaneendpoints.vcsim.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/crd/patches/cainjection_in_vmoperatordependencies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: vmoperatordependencies.vcsim.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/clusterclass-runtimesdk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../clusterclass 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-test-extension.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./name.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ../clusterclass/patch-k8s-install-script.yaml 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/clusterclass-runtimesdk/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../clusterclass 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-test-extension.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./name.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ../clusterclass/patch-k8s-install-script.yaml 15 | -------------------------------------------------------------------------------- /config/base/manager_role_aggregation_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: manager-role 5 | labels: 6 | capv.infrastucture.cluster.x-k8s.io/aggregate-to-manager: "true" 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRoleBinding 10 | metadata: 11 | name: manager-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: aggregated-manager-role 16 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ownerrefs-finalizers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - cluster-identity.yaml 6 | - failure-domains.yaml 7 | patchesStrategicMerge: 8 | - ../commons/cluster-resource-set-label.yaml 9 | - ../commons/cluster-network-CIDR.yaml 10 | - vsphereclusteridentity.yaml 11 | - drop-existing-identity-secret.yaml 12 | - vspherecluster-failuredomainselector.yaml 13 | -------------------------------------------------------------------------------- /test/extension/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - events 11 | verbs: 12 | - create 13 | - apiGroups: 14 | - "coordination.k8s.io" 15 | resources: 16 | - leases 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - update 23 | - patch 24 | - delete 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/commons/vcpu.yaml: -------------------------------------------------------------------------------- 1 | # VSphereMachineTemplate object with the number of CPUs raised to 4 2 | # for the purposes of mitigating the CPU spikes caused by scaling up 3 | # the control plane (during upgrades and for HA control planes) 4 | --- 5 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 6 | kind: VSphereMachineTemplate 7 | metadata: 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | spec: 13 | numCPUs: 4 14 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - events 11 | verbs: 12 | - create 13 | - apiGroups: 14 | - "coordination.k8s.io" 15 | resources: 16 | - leases 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - update 23 | - patch 24 | - delete 25 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - events 11 | verbs: 12 | - create 13 | - apiGroups: 14 | - "coordination.k8s.io" 15 | resources: 16 | - leases 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - update 23 | - patch 24 | - delete 25 | -------------------------------------------------------------------------------- /.github/workflows/pr-verify.yaml: -------------------------------------------------------------------------------- 1 | name: PR title verifier 2 | 3 | on: 4 | pull_request_target: 5 | types: [opened, edited, synchronize, reopened] 6 | 7 | jobs: 8 | verify: 9 | runs-on: ubuntu-latest 10 | 11 | steps: 12 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 13 | 14 | - name: Check if PR title is valid 15 | env: 16 | PR_TITLE: ${{ github.event.pull_request.title }} 17 | run: | 18 | ./hack/verify-pr-title.sh "${PR_TITLE}" 19 | -------------------------------------------------------------------------------- /config/base/manager_credentials_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | volumeMounts: 12 | - name: manager-bootstrap-credentials 13 | mountPath: "/etc/capv" 14 | readOnly: true 15 | volumes: 16 | - name: manager-bootstrap-credentials 17 | secret: 18 | secretName: manager-bootstrap-credentials 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/node-drain/kcp-drain.yaml: -------------------------------------------------------------------------------- 1 | # KubeadmControlPlane referenced by the Cluster object with 2 | # - the label kcp-adoption.step2, because it should be created in the second step of the kcp-adoption test. 3 | kind: KubeadmControlPlane 4 | apiVersion: controlplane.cluster.x-k8s.io/v1beta2 5 | metadata: 6 | name: '${CLUSTER_NAME}' 7 | namespace: '${NAMESPACE}' 8 | spec: 9 | machineTemplate: 10 | spec: 11 | deletion: 12 | nodeDrainTimeoutSeconds: ${NODE_DRAIN_TIMEOUT_SECONDS} 13 | -------------------------------------------------------------------------------- /config/metrics/crd-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kube-state-metrics-custom-resource-capv 6 | labels: 7 | kube-state-metrics/aggregate-to-manager: "true" 8 | rules: 9 | - apiGroups: 10 | - infrastructure.cluster.x-k8s.io 11 | resources: 12 | - vsphereclusters 13 | - vsphereclusteridentities 14 | - vspheredeploymentzones 15 | - vspherefailuredomains 16 | - vspheremachines 17 | - vspherevms 18 | verbs: 19 | - get 20 | - list 21 | - watch -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta2 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta1 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta1 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta1 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta2 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta2 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta1 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta1 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta1 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/commons/cluster-resource-set.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "cni-${CLUSTER_NAME}-crs-cni" 5 | data: ${CNI_RESOURCES} 6 | --- 7 | apiVersion: addons.cluster.x-k8s.io/v1beta2 8 | kind: ClusterResourceSet 9 | metadata: 10 | name: "${CLUSTER_NAME}-crs-cni" 11 | spec: 12 | strategy: ApplyOnce 13 | clusterSelector: 14 | matchLabels: 15 | cni: "${CLUSTER_NAME}-crs-cni" 16 | resources: 17 | - name: "cni-${CLUSTER_NAME}-crs-cni" 18 | kind: ConfigMap 19 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/config/vm-operator-drop-certs-volume.yaml: -------------------------------------------------------------------------------- 1 | # Drop VC cert bundle because we are running out of the supervisor 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: vmware-system-vmop-controller-manager 6 | namespace: vmware-system-vmop 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | volumeMounts: 13 | - $patch: delete 14 | mountPath: /etc/vmware/wcp/tls 15 | volumes: 16 | - $patch: delete 17 | name: vmca-certs 18 | -------------------------------------------------------------------------------- /config/base/manager_prometheus_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch enables Prometheus scraping for the manager pod. 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | metadata: 10 | annotations: 11 | prometheus.io/scrape: 'true' 12 | spec: 13 | containers: 14 | # Expose the prometheus metrics on default port 15 | - name: manager 16 | ports: 17 | - containerPort: 8080 18 | name: metrics 19 | protocol: TCP 20 | -------------------------------------------------------------------------------- /test/extension/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: manager-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - create 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - authentication.k8s.io 20 | resources: 21 | - tokenreviews 22 | verbs: 23 | - create 24 | - apiGroups: 25 | - authorization.k8s.io 26 | resources: 27 | - subjectaccessreviews 28 | verbs: 29 | - create 30 | -------------------------------------------------------------------------------- /.markdownlinkcheck.json: -------------------------------------------------------------------------------- 1 | { 2 | "ignorePatterns": [{ 3 | "pattern": "^http://localhost" 4 | }], 5 | "httpHeaders": [{ 6 | "comment": "Workaround as suggested here: https://github.com/tcort/markdown-link-check/issues/201", 7 | "urls": ["https://docs.github.com/"], 8 | "headers": { 9 | "Accept-Encoding": "zstd, br, gzip, deflate" 10 | } 11 | }], 12 | "timeout": "10s", 13 | "retryOn429": true, 14 | "retryCount": 5, 15 | "fallbackRetryDelay": "30s", 16 | "aliveStatusCodes": [200, 206] 17 | } 18 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vspherevms.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vspherevms.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature enhancement request 3 | about: Suggest an idea for this project 4 | 5 | --- 6 | 7 | /kind feature 8 | 9 | **Describe the solution you'd like** 10 | [A clear and concise description of what you want to happen.] 11 | 12 | 13 | **Anything else you would like to add:** 14 | [Miscellaneous information that will assist in solving the issue.] 15 | 16 | 17 | **Environment:** 18 | 19 | - Cluster-api-provider-vsphere version: 20 | - Kubernetes version: (use `kubectl version`): 21 | - OS (e.g. from `/etc/os-release`): -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.11/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.12/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vsphereclusters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vsphereclusters.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vspheremachines.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vspheremachines.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template-supervisor.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | patches: 10 | - target: 11 | kind: KubeadmControlPlane 12 | path: ./patch-k8s-install-script-kcp.yaml 13 | - target: 14 | kind: KubeadmConfigTemplate 15 | path: ./patch-k8s-install-script-kct.yaml 16 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/upstream-e2e-alpha-features.yaml: -------------------------------------------------------------------------------- 1 | # original job: https://github.com/kubernetes/test-infra/blob/92927d1abec1c3c78e396356e1bbaf19f9e2b699/config/jobs/kubernetes/sig-cloud-provider/gcp/gcp-gce.yaml#L713 2 | disable-log-dump: true 3 | ginkgo.focus: \[Feature:(AdmissionWebhookMatchConditions|InPlacePodVerticalScaling|SidecarContainers|StorageVersionAPI|PodPreset|StatefulSetAutoDeletePVC)\]|Networking 4 | ginkgo.skip: \[Feature:(SCTPConnectivity|Volumes|Networking-Performance)\]|IPv6|csi-hostpath-v0 5 | minStartupPods: 8 6 | ginkgo.flake-attempts: 1 7 | 8 | ginkgo.trace: true 9 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vsphereclustertemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vsphereclustertemplates.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vspheredeploymentzones.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vspheredeploymentzones.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: [ "v1", "v1beta1" ] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vspherefailuredomains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vspherefailuredomains.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: [ "v1", "v1beta1" ] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/default/crd/patches/webhook_in_vspheremachinetemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: vspheremachinetemplates.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhook/clientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhook/clientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | - kind: Certificate 18 | group: cert-manager.io 19 | path: spec/secretName 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Tell us about a problem you are experiencing 4 | 5 | --- 6 | 7 | /kind bug 8 | 9 | **What steps did you take and what happened:** 10 | [A clear and concise description of what the bug is.] 11 | 12 | 13 | **What did you expect to happen:** 14 | 15 | 16 | **Anything else you would like to add:** 17 | [Miscellaneous information that will assist in solving the issue.] 18 | 19 | 20 | **Environment:** 21 | 22 | - Cluster-api-provider-vsphere version: 23 | - Kubernetes version: (use `kubectl version`): 24 | - OS (e.g. from `/etc/os-release`): -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/clusterclass-runtimesdk/patch-test-extension.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/patches 3 | value: 4 | - name: test-patch 5 | external: 6 | generatePatchesExtension: generate-patches.${EXTENSION_CONFIG_NAME:=k8s-upgrade-with-runtimesdk} 7 | validateTopologyExtension: validate-topology.${EXTENSION_CONFIG_NAME:=k8s-upgrade-with-runtimesdk} 8 | discoverVariablesExtension: discover-variables.${EXTENSION_CONFIG_NAME:=k8s-upgrade-with-runtimesdk} 9 | settings: 10 | testMode: govmomi 11 | - op: remove 12 | path: /spec/variables 13 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/clusterclass-runtimesdk/patch-test-extension.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/patches 3 | value: 4 | - name: test-patch 5 | external: 6 | generatePatchesExtension: generate-patches.${EXTENSION_CONFIG_NAME:=k8s-upgrade-with-runtimesdk} 7 | validateTopologyExtension: validate-topology.${EXTENSION_CONFIG_NAME:=k8s-upgrade-with-runtimesdk} 8 | discoverVariablesExtension: discover-variables.${EXTENSION_CONFIG_NAME:=k8s-upgrade-with-runtimesdk} 9 | settings: 10 | testMode: supervisor 11 | - op: remove 12 | path: /spec/variables 13 | -------------------------------------------------------------------------------- /test/extension/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | - kind: Certificate 18 | group: cert-manager.io 19 | path: spec/secretName 20 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | - kind: Certificate 18 | group: cert-manager.io 19 | path: spec/secretName 20 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | - kind: Certificate 18 | group: cert-manager.io 19 | path: spec/secretName 20 | -------------------------------------------------------------------------------- /config/base/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: capv-webhook-service-cert 24 | -------------------------------------------------------------------------------- /test/infrastructure/vm-operator/config/vm-operator-image-names.yaml: -------------------------------------------------------------------------------- 1 | # Set image names / version to use. 2 | # Note: we are not building vm-operator images with Tilt, so those images must be available in a public image repository. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: vmware-system-vmop-controller-manager 7 | namespace: vmware-system-vmop 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: manager 13 | image: gcr.io/k8s-staging-capi-vsphere/extra/vm-operator:v1.8.6-0-gde75746a 14 | - name: kube-rbac-proxy 15 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 16 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: manager-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | - secrets 12 | verbs: 13 | - create 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - netoperator.vmware.com 19 | resources: 20 | - networkinterfaces 21 | verbs: 22 | - get 23 | - list 24 | - patch 25 | - watch 26 | - apiGroups: 27 | - netoperator.vmware.com 28 | resources: 29 | - networkinterfaces/status 30 | verbs: 31 | - get 32 | - patch 33 | - update 34 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright YEAR The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatego.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.py.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.sh.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.bzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatebzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/mhc-remediation/md/mhc.yaml: -------------------------------------------------------------------------------- 1 | # MachineHealthCheck object with 2 | # - a selector that targets all the machines with label e2e.remediation.label="" 3 | # - unhealthyNodeConditions triggering remediation after 10s the condition is set 4 | apiVersion: cluster.x-k8s.io/v1beta2 5 | kind: MachineHealthCheck 6 | metadata: 7 | name: "${CLUSTER_NAME}-mhc-md" 8 | spec: 9 | clusterName: "${CLUSTER_NAME}" 10 | selector: 11 | matchLabels: 12 | e2e.remediation.label: "" 13 | checks: 14 | unhealthyNodeConditions: 15 | - type: e2e.remediation.condition 16 | status: "False" 17 | timeoutSeconds: 10 18 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.13/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/v1.14/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Makefile.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/test/pass.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/main/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start-supervisor.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.11/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start-supervisor.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.12/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start-supervisor.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.13/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start-supervisor.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-supervisor/v1.14/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./clusterclass-quick-start-supervisor.yaml 5 | patches: 6 | - target: 7 | kind: ClusterClass 8 | path: ./patch-vsphere-template.yaml 9 | - target: 10 | kind: ClusterClass 11 | path: ./patch-prekubeadmscript.yaml 12 | - target: 13 | kind: ClusterClass 14 | path: ./patch-k8s-install-script.yaml 15 | - target: 16 | kind: ClusterClass 17 | path: ./patch-namingstrategy.yaml 18 | - target: 19 | kind: VSphereMachineTemplate 20 | path: ./patch-vm-namingstrategy.yaml 21 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Team to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | justinsb 14 | timothysc 15 | neolit123 16 | jeewan 17 | yastij 18 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/mhc-remediation/kcp/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label cluster.x-k8s.io/control-plane="" 4 | # - unhealthyNodeConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta2 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-kcp" 9 | spec: 10 | clusterName: "${CLUSTER_NAME}" 11 | selector: 12 | matchLabels: 13 | cluster.x-k8s.io/control-plane: "" 14 | checks: 15 | unhealthyNodeConditions: 16 | - type: e2e.remediation.condition 17 | status: "False" 18 | timeoutSeconds: 10 19 | -------------------------------------------------------------------------------- /test/extension/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 23 | 24 | -------------------------------------------------------------------------------- /config/govmomi/webhook/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(NAMESPACE) and $(CERTIFICATENAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: ValidatingWebhookConfiguration 5 | metadata: 6 | name: validating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: MutatingWebhookConfiguration 12 | metadata: 13 | name: mutating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /config/supervisor/webhook/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(NAMESPACE) and $(CERTIFICATENAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: ValidatingWebhookConfiguration 5 | metadata: 6 | name: validating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: MutatingWebhookConfiguration 12 | metadata: 13 | name: mutating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /hack/boilerplate/test/pass.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2015 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | True 18 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Dockerfile.txt: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | 3 | # Copyright YEAR The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | -------------------------------------------------------------------------------- /hack/boilerplate/test/fail.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2015 The Kubernetes Authors. 4 | # 5 | # failed 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 23 | 24 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 23 | 24 | -------------------------------------------------------------------------------- /hack/boilerplate/test/fail.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | fail 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */ 18 | 19 | // Package test contains test boilerplate. 20 | package test 21 | -------------------------------------------------------------------------------- /webhooks/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2025 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package webhooks contains webhooks for the infrastructure v1beta1 API group. 18 | package webhooks 19 | -------------------------------------------------------------------------------- /internal/webhooks/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package webhooks contains webhooks for the infrastructure v1beta1 API group. 18 | package webhooks 19 | -------------------------------------------------------------------------------- /webhooks/vmware/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2025 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package vmware contains webhooks for the infrastructure vmware v1beta1 API group. 18 | package vmware 19 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/controllers/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package controllers implements reconcilers for the vcsim controller. 18 | package controllers 19 | -------------------------------------------------------------------------------- /test/framework/vmoperator/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package vmoperator contains utils to run tests with the vm-operator in standalone mode. 18 | package vmoperator 19 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/controllers/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package controllers implements reconcilers for the net-operator controller. 18 | package controllers 19 | -------------------------------------------------------------------------------- /.github/workflows/pr-md-link-check.yaml: -------------------------------------------------------------------------------- 1 | name: PR check Markdown links 2 | 3 | on: 4 | pull_request: 5 | types: [opened, edited, synchronize, reopened] 6 | paths: 7 | - '**.md' 8 | 9 | # Remove all permissions from GITHUB_TOKEN except metadata. 10 | permissions: {} 11 | 12 | jobs: 13 | markdown-link-check: 14 | name: Broken Links 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 18 | - uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # tag=1.0.17 19 | with: 20 | use-quiet-mode: 'yes' 21 | config-file: .markdownlinkcheck.json 22 | check-modified-files-only: 'yes' 23 | base-branch: ${{ github.base_ref }} 24 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-template.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | patches: 10 | # We are dropping storage policy so we also have test coverage 11 | # for normal provisioning via data stores. 12 | - target: 13 | kind: VSphereMachineTemplate 14 | path: ../commons/remove-storage-policy.yaml 15 | - target: 16 | kind: KubeadmControlPlane 17 | path: ./patch-k8s-install-script-kcp.yaml 18 | - target: 19 | kind: KubeadmConfigTemplate 20 | path: ./patch-k8s-install-script-kct.yaml 21 | -------------------------------------------------------------------------------- /docs/design/cluster-admission-cluster-controller.puml: -------------------------------------------------------------------------------- 1 | @startuml cluster-admission-cluster-controller 2 | 3 | start; 4 | :Cluster controller; 5 | 6 | repeat 7 | :Cluster controller enqueues a Reconcile call; 8 | if (Cluster has ready annotation) then (no) 9 | #LightBlue:Get control plane machines for cluster; 10 | if (A control plane machine is ready) then (yes) 11 | #LightBlue:Set Cluster Ready annotation; 12 | #LightBlue:Patch Cluster back to API server; 13 | else (no) 14 | #Pink:Return RequeueError; 15 | endif 16 | endif 17 | repeat while (Reconcile returned RequeueError) is (yes) 18 | -> no; 19 | if (Reconcile returned error) then (yes) 20 | #Pink:Error reconciling cluster; 21 | else (no) 22 | #LightBlue:Cluster is ready; 23 | endif 24 | stop; 25 | 26 | @enduml -------------------------------------------------------------------------------- /packaging/flavorgen/cloudprovider/embed.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package cloudprovider 18 | 19 | import _ "embed" 20 | 21 | var ( 22 | //go:embed cpi/cpi.yaml 23 | cpiManifests string 24 | ) 25 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | - apiGroups: 34 | - "coordination.k8s.io" 35 | resources: 36 | - leases 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | - create 42 | - update 43 | - patch 44 | - delete 45 | -------------------------------------------------------------------------------- /apis/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1beta1 contains API Schema definitions for the infrastructure v1beta1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=infrastructure.cluster.x-k8s.io 20 | package v1beta1 21 | -------------------------------------------------------------------------------- /apis/v1beta1/vspherevm_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereVM as a conversion hub. 20 | func (*VSphereVM) Hub() {} 21 | 22 | // Hub marks VSphereVMList as a conversion hub. 23 | func (*VSphereVMList) Hub() {} 24 | -------------------------------------------------------------------------------- /config/deployments/integration-tests/README.md: -------------------------------------------------------------------------------- 1 | # Integration tests 2 | 3 | The [crds](./crds/) are copied from the vm-operators version which is consumed as go module. 4 | 5 | These should get updated when bumping the vm-operator dependency. 6 | 7 | To sync the new CRD's use the following script **and** update `kustomization.yaml` accordingly. 8 | 9 | ```sh 10 | make clean-vm-operator checkout-vm-operator 11 | rm -r config/deployments/integration-tests/crds 12 | cp -r test/infrastructure/vm-operator/vm-operator.tmp/config/crd/bases config/deployments/integration-tests/crds 13 | # Note: for now we only need the AvailabilityZone CRD in our integration tests 14 | cp test/infrastructure/vm-operator/vm-operator.tmp/config/crd/external-crds/topology.tanzu.vmware.com_availabilityzones.yaml config/deployments/integration-tests/crds 15 | 16 | make clean-vm-operator 17 | ``` 18 | -------------------------------------------------------------------------------- /cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # See https://cloud.google.com/cloud-build/docs/build-config 2 | # See https://console.cloud.google.com/gcr/images/k8s-staging-test-infra/global/gcb-docker-gcloud 3 | timeout: 2700s 4 | options: 5 | substitution_option: ALLOW_LOOSE 6 | machineType: 'E2_HIGHCPU_8' 7 | steps: 8 | - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:8d6a3a5b895e6776dbe9115b75db1412fbe57299b8db329d45cb54680e462b0b' # v20251211-4c812d4cd8 9 | entrypoint: make 10 | env: 11 | - DOCKER_CLI_EXPERIMENTAL=enabled 12 | - TAG=$_GIT_TAG 13 | - PULL_BASE_REF=$_PULL_BASE_REF 14 | - DOCKER_BUILDKIT=1 15 | args: 16 | - release-staging 17 | substitutions: 18 | # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and 19 | # can be used as a substitution 20 | _GIT_TAG: '12345' 21 | _PULL_BASE_REF: 'dev' 22 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/api/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the vcsim API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=vcsim.infrastructure.cluster.x-k8s.io 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /packaging/flavorgen/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package main is the main package for flavorgen. 18 | package main 19 | 20 | import ( 21 | "sigs.k8s.io/cluster-api-provider-vsphere/packaging/flavorgen/cmd" 22 | ) 23 | 24 | func main() { 25 | cmd.Execute() 26 | } 27 | -------------------------------------------------------------------------------- /pkg/services/govmomi/constants.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package govmomi contains tools for interacting with vSphere APIs. 18 | package govmomi 19 | 20 | const ( 21 | morefTypeTask = "Task" 22 | ) 23 | 24 | const ( 25 | guestInfoKeyMetadata = "guestinfo.metadata" 26 | ) 27 | -------------------------------------------------------------------------------- /apis/v1beta1/vspherecluster_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereCluster as a conversion hub. 20 | func (*VSphereCluster) Hub() {} 21 | 22 | // Hub marks VSphereClusterList as a conversion hub. 23 | func (*VSphereClusterList) Hub() {} 24 | -------------------------------------------------------------------------------- /apis/v1beta1/vspheremachine_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereMachine as a conversion hub. 20 | func (*VSphereMachine) Hub() {} 21 | 22 | // Hub marks VSphereMachineList as a conversion hub. 23 | func (*VSphereMachineList) Hub() {} 24 | -------------------------------------------------------------------------------- /cloudbuild-nightly.yaml: -------------------------------------------------------------------------------- 1 | # See https://cloud.google.com/cloud-build/docs/build-config 2 | # See https://console.cloud.google.com/gcr/images/k8s-staging-test-infra/global/gcb-docker-gcloud 3 | timeout: 2700s 4 | options: 5 | substitution_option: ALLOW_LOOSE 6 | machineType: 'E2_HIGHCPU_8' 7 | steps: 8 | - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:8d6a3a5b895e6776dbe9115b75db1412fbe57299b8db329d45cb54680e462b0b' # v20251211-4c812d4cd8 9 | entrypoint: make 10 | env: 11 | - DOCKER_CLI_EXPERIMENTAL=enabled 12 | - TAG=$_GIT_TAG 13 | - PULL_BASE_REF=$_PULL_BASE_REF 14 | - DOCKER_BUILDKIT=1 15 | args: 16 | - release-staging-nightly 17 | substitutions: 18 | # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and 19 | # can be used as a substitution 20 | _GIT_TAG: '12345' 21 | _PULL_BASE_REF: 'dev' 22 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/dhcp-overrides/dhcp-overrides.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereMachineTemplate 4 | metadata: 5 | name: ${CLUSTER_NAME} 6 | namespace: ${NAMESPACE} 7 | spec: 8 | template: 9 | spec: 10 | network: 11 | devices: 12 | - networkName: "${VSPHERE_NETWORK}" 13 | dhcp4: true 14 | dhcp4Overrides: 15 | sendHostname: false 16 | --- 17 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 18 | kind: VSphereMachineTemplate 19 | metadata: 20 | name: ${CLUSTER_NAME}-worker 21 | namespace: ${NAMESPACE} 22 | spec: 23 | template: 24 | spec: 25 | network: 26 | devices: 27 | - networkName: "${VSPHERE_NETWORK}" 28 | dhcp4: true 29 | dhcp4Overrides: 30 | sendHostname: false 31 | 32 | -------------------------------------------------------------------------------- /.github/workflows/weekly-md-link-check.yaml: -------------------------------------------------------------------------------- 1 | name: Weekly check all Markdown links 2 | 3 | on: 4 | schedule: 5 | # Cron for every Monday at 12:00 UTC. 6 | - cron: "0 12 * * 1" 7 | 8 | # Remove all permissions from GITHUB_TOKEN except metadata. 9 | permissions: {} 10 | 11 | jobs: 12 | markdown-link-check: 13 | name: Broken Links 14 | strategy: 15 | fail-fast: false 16 | matrix: 17 | branch: [ main, release-1.15, release-1.14, release-1.13 ] 18 | runs-on: ubuntu-latest 19 | steps: 20 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 21 | with: 22 | ref: ${{ matrix.branch }} 23 | - uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # tag=1.0.17 24 | with: 25 | use-quiet-mode: 'yes' 26 | config-file: .markdownlinkcheck.json 27 | -------------------------------------------------------------------------------- /apis/vmware/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1beta1 contains API Schema definitions for the vmware.infrastructure v1beta1 API group 18 | // +k8s:openapi-gen=true 19 | // +kubebuilder:object:generate=true 20 | // +groupName=vmware.infrastructure.cluster.x-k8s.io 21 | package v1beta1 22 | -------------------------------------------------------------------------------- /test/extension/config/tilt/extensionconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: runtime.cluster.x-k8s.io/v1alpha1 2 | kind: ExtensionConfig 3 | metadata: 4 | annotations: 5 | runtime.cluster.x-k8s.io/inject-ca-from-secret: capv-test-extension/capv-test-extension-webhook-service-cert 6 | name: capv-test-extension 7 | spec: 8 | clientConfig: 9 | service: 10 | name: capv-test-extension-webhook-service 11 | namespace: capv-test-extension # Note: this assumes the test extension get deployed in the default namespace defined in its own runtime-extensions-components.yaml 12 | port: 443 13 | settings: 14 | extensionConfigName: capv-test-extension 15 | namespaceSelector: 16 | matchExpressions: 17 | - key: kubernetes.io/metadata.name 18 | operator: In 19 | values: 20 | - default # Note: this assumes the test extension is used by Cluster in the default namespace only -------------------------------------------------------------------------------- /pkg/services/govmomi/ipam/error.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package ipam 18 | 19 | import ( 20 | "github.com/pkg/errors" 21 | ) 22 | 23 | // ErrWaitingForIPAddr is used when all IPAddressClaims have not been bound. 24 | var ErrWaitingForIPAddr = errors.New("waiting for IP address claims to be bound") 25 | -------------------------------------------------------------------------------- /apis/v1beta1/vspherefailuredomain_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereFailureDomain as a conversion hub. 20 | func (*VSphereFailureDomain) Hub() {} 21 | 22 | // Hub marks VSphereFailureDomainList as a conversion hub. 23 | func (*VSphereFailureDomainList) Hub() {} 24 | -------------------------------------------------------------------------------- /hack/ci-apidiff.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2022 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | 23 | cd "${REPO_ROOT}" 24 | 25 | echo "*** Running go-apidiff ***" 26 | APIDIFF_OLD_COMMIT="${PULL_BASE_SHA}" make apidiff 27 | -------------------------------------------------------------------------------- /hack/verify-api-conversion.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2022 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | cd "${REPO_ROOT}" || exit 1 23 | 24 | echo "*** Verifying CAPV API conversions***" 25 | make verify-conversions 26 | -------------------------------------------------------------------------------- /apis/v1beta1/vspheredeploymentzone_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereDeploymentZone as a conversion hub. 20 | func (*VSphereDeploymentZone) Hub() {} 21 | 22 | // Hub marks VSphereDeploymentZoneList as a conversion hub. 23 | func (*VSphereDeploymentZoneList) Hub() {} 24 | -------------------------------------------------------------------------------- /apis/v1beta1/vsphereclusteridentity_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereClusterIdentity as a conversion hub. 20 | func (*VSphereClusterIdentity) Hub() {} 21 | 22 | // Hub marks VSphereClusterIdentityList as a conversion hub. 23 | func (*VSphereClusterIdentityList) Hub() {} 24 | -------------------------------------------------------------------------------- /apis/v1beta1/vsphereclustertemplate_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereClusterIdentity as a conversion hub. 20 | func (*VSphereClusterTemplate) Hub() {} 21 | 22 | // Hub marks VSphereClusterIdentityList as a conversion hub. 23 | func (*VSphereClusterTemplateList) Hub() {} 24 | -------------------------------------------------------------------------------- /apis/v1beta1/vspheremachinetemplate_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | // Hub marks VSphereMachineTemplate as a conversion hub. 20 | func (*VSphereMachineTemplate) Hub() {} 21 | 22 | // Hub marks VSphereMachineTemplateList as a conversion hub. 23 | func (*VSphereMachineTemplateList) Hub() {} 24 | -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Issuer 5 | metadata: 6 | name: selfsigned-issuer 7 | namespace: system 8 | spec: 9 | selfSigned: {} 10 | --- 11 | apiVersion: cert-manager.io/v1 12 | kind: Certificate 13 | metadata: 14 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 15 | namespace: system 16 | spec: 17 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 18 | dnsNames: 19 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 21 | issuerRef: 22 | kind: Issuer 23 | name: selfsigned-issuer 24 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 25 | -------------------------------------------------------------------------------- /hack/ci-test-coverage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2022 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | # shellcheck source=./hack/ensure-go.sh 23 | source "${REPO_ROOT}/hack/ensure-go.sh" 24 | 25 | cd "${REPO_ROOT}" && \ 26 | make test-cover -------------------------------------------------------------------------------- /test/infrastructure/vcsim/controllers/images/images.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package images contains fake images for the vcsim content library. 18 | package images 19 | 20 | import ( 21 | _ "embed" 22 | ) 23 | 24 | var ( 25 | // SampleOVF image. 26 | //go:embed ttylinux-pc_i486-16.1.ovf 27 | SampleOVF []byte 28 | ) 29 | -------------------------------------------------------------------------------- /test/extension/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Issuer 5 | metadata: 6 | name: selfsigned-issuer 7 | namespace: system 8 | spec: 9 | selfSigned: {} 10 | --- 11 | apiVersion: cert-manager.io/v1 12 | kind: Certificate 13 | metadata: 14 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 15 | namespace: system 16 | spec: 17 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 18 | dnsNames: 19 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 21 | issuerRef: 22 | kind: Issuer 23 | name: selfsigned-issuer 24 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 25 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /pkg/util/ipaddress_claim.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import "fmt" 20 | 21 | // IPAddressClaimName returns a name given a VsphereVM name, deviceIndex, and 22 | // poolIndex. 23 | func IPAddressClaimName(vmName string, deviceIndex, poolIndex int) string { 24 | return fmt.Sprintf("%s-%d-%d", vmName, deviceIndex, poolIndex) 25 | } 26 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /test/infrastructure/vcsim/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Issuer 5 | metadata: 6 | name: selfsigned-issuer 7 | namespace: system 8 | spec: 9 | selfSigned: {} 10 | --- 11 | apiVersion: cert-manager.io/v1 12 | kind: Certificate 13 | metadata: 14 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 15 | namespace: system 16 | spec: 17 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 18 | dnsNames: 19 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 21 | issuerRef: 22 | kind: Issuer 23 | name: selfsigned-issuer 24 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 25 | -------------------------------------------------------------------------------- /test/infrastructure/net-operator/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Issuer 5 | metadata: 6 | name: selfsigned-issuer 7 | namespace: system 8 | spec: 9 | selfSigned: {} 10 | --- 11 | apiVersion: cert-manager.io/v1 12 | kind: Certificate 13 | metadata: 14 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 15 | namespace: system 16 | spec: 17 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 18 | dnsNames: 19 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 21 | issuerRef: 22 | kind: Issuer 23 | name: selfsigned-issuer 24 | secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize 25 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md 2 | 3 | aliases: 4 | sig-cluster-lifecycle-leads: 5 | - fabriziopandini 6 | - justinsb 7 | - neolit123 8 | sig-cluster-lifecycle-tech-leads: 9 | - CecileRobertMichon 10 | - vincepri 11 | cluster-api-maintainers: 12 | - CecileRobertMichon 13 | - enxebre 14 | - fabriziopandini 15 | - sbueringer 16 | - vincepri 17 | cluster-api-vsphere-maintainers: 18 | - randomvariable 19 | - srm09 20 | - yastij 21 | - fabriziopandini 22 | - sbueringer 23 | - gab-satchi 24 | - chrischdi 25 | cluster-api-vsphere-reviewers: 26 | - maxrink 27 | - vrabbi 28 | - zhanggbj 29 | - rvanderp3 30 | - laozc 31 | cluster-api-vsphere-emeritus-maintainers: 32 | - akutz 33 | - andrewsykim 34 | - figo 35 | - frapposelli 36 | - ncdc 37 | - sidharthsurana 38 | - frapposelli 39 | - killianmuldoon 40 | 41 | -------------------------------------------------------------------------------- /config/deployments/integration-tests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../supervisor 5 | - ./crds/vmoperator.vmware.com_clustervirtualmachineimages.yaml 6 | - ./crds/vmoperator.vmware.com_contentlibraryproviders.yaml 7 | - ./crds/vmoperator.vmware.com_contentsourcebindings.yaml 8 | - ./crds/vmoperator.vmware.com_contentsources.yaml 9 | - ./crds/vmoperator.vmware.com_virtualmachineclassbindings.yaml 10 | - ./crds/vmoperator.vmware.com_virtualmachineclasses.yaml 11 | - ./crds/vmoperator.vmware.com_virtualmachineimages.yaml 12 | - ./crds/vmoperator.vmware.com_virtualmachinepublishrequests.yaml 13 | - ./crds/vmoperator.vmware.com_virtualmachines.yaml 14 | - ./crds/vmoperator.vmware.com_virtualmachineservices.yaml 15 | - ./crds/vmoperator.vmware.com_virtualmachinesetresourcepolicies.yaml 16 | - ./crds/vmoperator.vmware.com_virtualmachinewebconsolerequests.yaml 17 | - ./crds/vmoperator.vmware.com_webconsolerequests.yaml 18 | -------------------------------------------------------------------------------- /internal/apis/topology/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // © Broadcom. All Rights Reserved. 2 | // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. 3 | // SPDX-License-Identifier: Apache-2.0 4 | 5 | // Package v1alpha1 contains API Schema definitions for vSphere topology APIs. 6 | // +kubebuilder:object:generate=true 7 | // +groupName=topology.tanzu.vmware.com 8 | package v1alpha1 9 | 10 | import ( 11 | "k8s.io/apimachinery/pkg/runtime/schema" 12 | "sigs.k8s.io/controller-runtime/pkg/scheme" 13 | ) 14 | 15 | var ( 16 | // GroupVersion is group version used to register these objects 17 | GroupVersion = schema.GroupVersion{ 18 | Group: "topology.tanzu.vmware.com", 19 | Version: "v1alpha1", 20 | } 21 | 22 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 23 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 24 | 25 | // AddToScheme adds the types in this group-version to the given scheme. 26 | AddToScheme = SchemeBuilder.AddToScheme 27 | ) 28 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.9/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 9 11 | contract: v1beta1 12 | - major: 1 13 | minor: 8 14 | contract: v1beta1 15 | - major: 1 16 | minor: 7 17 | contract: v1beta1 18 | - major: 1 19 | minor: 6 20 | contract: v1beta1 21 | - major: 1 22 | minor: 5 23 | contract: v1beta1 24 | - major: 1 25 | minor: 4 26 | contract: v1beta1 27 | - major: 1 28 | minor: 3 29 | contract: v1beta1 30 | - major: 1 31 | minor: 2 32 | contract: v1beta1 33 | - major: 1 34 | minor: 1 35 | contract: v1beta1 36 | - major: 1 37 | minor: 0 38 | contract: v1beta1 39 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | .github 3 | .vscode 4 | .gitignore 5 | .golangci.yml 6 | bin/ 7 | **/*.yaml 8 | out/ 9 | docs/ 10 | packaging/ 11 | templates/ 12 | **/*.md 13 | **/.tiltbuild 14 | **/config/**/*.yaml 15 | **/config/**/*.yaml-e 16 | _artifacts 17 | Makefile 18 | **/Makefile 19 | 20 | # add yaml files from internal/kubevip which are required for embedding. 21 | !internal/kubevip/*.yaml 22 | 23 | # ignores changes to test-only code to avoid extra rebuilds 24 | test/e2e/** 25 | 26 | # We want to ignore any frequently modified files to avoid cache-busting the COPY ./ ./ 27 | # Binaries for programs and plugins 28 | **/*.exe 29 | **/*.dll 30 | **/*.so 31 | **/*.dylib 32 | **/bin/** 33 | **/out/** 34 | 35 | # go.work files 36 | go.work 37 | go.work.sum 38 | 39 | # Test binary, build with `go test -c` 40 | **/*.test 41 | 42 | # Output of the go coverage tool, specifically when used with LiteIDE 43 | **/*.out 44 | 45 | # Common editor / temporary files 46 | **/*~ 47 | **/*.tmp 48 | **/.DS_Store 49 | **/*.swp 50 | -------------------------------------------------------------------------------- /apis/v1alpha3/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha3 contains API Schema definitions for the infrastructure v1alpha3 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=infrastructure.cluster.x-k8s.io 20 | // +k8s:conversion-gen=sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1 21 | // 22 | // Deprecated: This package will be removed in one of the next releases. 23 | package v1alpha3 24 | -------------------------------------------------------------------------------- /apis/v1alpha4/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha4 contains API Schema definitions for the infrastructure v1alpha4 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=infrastructure.cluster.x-k8s.io 20 | // +k8s:conversion-gen=sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1 21 | // 22 | // Deprecated: This package will be removed in one of the next releases. 23 | package v1alpha4 24 | -------------------------------------------------------------------------------- /apis/v1alpha3/topology_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha3 18 | 19 | import ( 20 | conversion "k8s.io/apimachinery/pkg/conversion" 21 | v1beta1 "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1" 22 | ) 23 | 24 | func Convert_v1beta1_Topology_To_v1alpha3_Topology(in *v1beta1.Topology, out *Topology, s conversion.Scope) error { 25 | return autoConvert_v1beta1_Topology_To_v1alpha3_Topology(in, out, s) 26 | } 27 | -------------------------------------------------------------------------------- /apis/v1alpha4/topology_conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha4 18 | 19 | import ( 20 | conversion "k8s.io/apimachinery/pkg/conversion" 21 | v1beta1 "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1" 22 | ) 23 | 24 | func Convert_v1beta1_Topology_To_v1alpha4_Topology(in *v1beta1.Topology, out *Topology, s conversion.Scope) error { 25 | return autoConvert_v1beta1_Topology_To_v1alpha4_Topology(in, out, s) 26 | } 27 | -------------------------------------------------------------------------------- /hack/tools/openvpn/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | FROM debian:buster-slim 18 | 19 | RUN apt-get --assume-no update && \ 20 | apt-get --assume-yes install curl openvpn iputils-ping && \ 21 | rm -fr /var/lib/apt/lists/* 22 | 23 | WORKDIR /vpn 24 | 25 | COPY openvpn.sh /usr/local/bin/ 26 | RUN chmod 0755 /usr/local/bin/openvpn.sh 27 | 28 | ENTRYPOINT ["/usr/local/bin/openvpn.sh"] 29 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/multi-disk/data-disks-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 2 | kind: VSphereMachineTemplate 3 | metadata: 4 | name: '${CLUSTER_NAME}' 5 | namespace: '${NAMESPACE}' 6 | spec: 7 | template: 8 | spec: 9 | dataDisks: 10 | - name: "disk_1" 11 | sizeGiB: 1 12 | provisioningMode: "Thin" 13 | - name: "disk_2" 14 | sizeGiB: 2 15 | provisioningMode: "Thick" 16 | --- 17 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 18 | kind: VSphereMachineTemplate 19 | metadata: 20 | name: '${CLUSTER_NAME}-worker' 21 | namespace: '${NAMESPACE}' 22 | spec: 23 | template: 24 | spec: 25 | dataDisks: 26 | - name: "disk_1" 27 | sizeGiB: 1 28 | provisioningMode: "Thin" 29 | - name: "disk_2" 30 | sizeGiB: 2 31 | provisioningMode: "Thick" 32 | - name: "disk_3" 33 | sizeGiB: 3 34 | provisioningMode: "EagerlyZeroed" 35 | - name: "disk_4" 36 | sizeGiB: 4 37 | -------------------------------------------------------------------------------- /.github/workflows/weekly-security-scan.yaml: -------------------------------------------------------------------------------- 1 | name: Weekly security scan 2 | 3 | on: 4 | schedule: 5 | # Cron for every Monday at 12:00 UTC. 6 | - cron: "0 12 * * 1" 7 | 8 | # Remove all permissions from GITHUB_TOKEN except metadata. 9 | permissions: {} 10 | 11 | jobs: 12 | scan: 13 | strategy: 14 | fail-fast: false 15 | matrix: 16 | branch: [ main, release-1.15, release-1.14, release-1.13 ] 17 | name: Trivy 18 | runs-on: ubuntu-latest 19 | steps: 20 | - name: Check out code 21 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 22 | with: 23 | ref: ${{ matrix.branch }} 24 | - name: Calculate go version 25 | id: vars 26 | run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT 27 | - name: Set up Go 28 | uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # tag=v6.1.0 29 | with: 30 | go-version: ${{ steps.vars.outputs.go_version }} 31 | - name: Run verify security target 32 | run: make verify-security 33 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.10/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 10 11 | contract: v1beta1 12 | - major: 1 13 | minor: 9 14 | contract: v1beta1 15 | - major: 1 16 | minor: 8 17 | contract: v1beta1 18 | - major: 1 19 | minor: 7 20 | contract: v1beta1 21 | - major: 1 22 | minor: 6 23 | contract: v1beta1 24 | - major: 1 25 | minor: 5 26 | contract: v1beta1 27 | - major: 1 28 | minor: 4 29 | contract: v1beta1 30 | - major: 1 31 | minor: 3 32 | contract: v1beta1 33 | - major: 1 34 | minor: 2 35 | contract: v1beta1 36 | - major: 1 37 | minor: 1 38 | contract: v1beta1 39 | - major: 1 40 | minor: 0 41 | contract: v1beta1 42 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ownerrefs-finalizers/failure-domains.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 3 | kind: VSphereFailureDomain 4 | metadata: 5 | name: ownerrefs-finalizers 6 | spec: 7 | region: 8 | name: '${VSPHERE_DATACENTER}' 9 | type: Datacenter 10 | tagCategory: k8s-region 11 | # autoConfigure: true 12 | zone: 13 | name: '${VSPHERE_COMPUTE_CLUSTER}' 14 | type: ComputeCluster 15 | tagCategory: k8s-zone 16 | # autoConfigure: true 17 | topology: 18 | datacenter: '${VSPHERE_DATACENTER}' 19 | # datastore is optional and should\can be set when only one compute cluster is set 20 | # or we should use storage policy 21 | computeCluster: '${VSPHERE_COMPUTE_CLUSTER}' 22 | --- 23 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 24 | kind: VSphereDeploymentZone 25 | metadata: 26 | name: ownerrefs-finalizers 27 | spec: 28 | server: '${VSPHERE_SERVER}' 29 | failureDomain: "ownerrefs-finalizers" 30 | placementConstraint: 31 | resourcePool: '${VSPHERE_RESOURCE_POOL}' 32 | -------------------------------------------------------------------------------- /tilt-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: vsphere 3 | config: 4 | version: v1.15.99 5 | image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-controller 6 | live_reload_deps: 7 | - main.go 8 | - go.mod 9 | - go.sum 10 | - apis 11 | - controllers 12 | - feature 13 | - internal 14 | - pkg 15 | label: CAPV 16 | - name: vsphere-supervisor 17 | config: 18 | version: v1.15.99 19 | image: gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-controller 20 | live_reload_deps: 21 | - main.go 22 | - go.mod 23 | - go.sum 24 | - apis 25 | - controllers 26 | - feature 27 | - internal 28 | - pkg 29 | label: CAPV 30 | kustomize_folder: "/config/supervisor" 31 | 32 | # IMPORTANT: run "make vm-operator-manifest-build" before using this "provider" with tilt 33 | - name: vm-operator 34 | config: 35 | version: v1.8.6 36 | label: VMOP 37 | kustomize_folder: "/test/infrastructure/vm-operator/config" 38 | kustomize_options: 39 | - "--load-restrictor=LoadRestrictionsNone" 40 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-vsphere-govmomi/main/ignition/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base/cluster-template-ignition.yaml 5 | - ../commons/cluster-resource-set.yaml 6 | patchesStrategicMerge: 7 | - ../commons/cluster-resource-set-label.yaml 8 | - ../commons/cluster-network-CIDR.yaml 9 | - flatcar.yaml 10 | patches: 11 | # We are dropping storage policy so we also have test coverage 12 | # for normal provisioning via data stores. 13 | - target: 14 | kind: VSphereMachineTemplate 15 | path: ../commons/remove-storage-policy.yaml 16 | # Replace ssh user to match expected user by the e2e machine collector 17 | - target: 18 | kind: KubeadmControlPlane 19 | path: patch-user-kcp.yaml 20 | - target: 21 | kind: KubeadmConfigTemplate 22 | path: patch-user-md.yaml 23 | - target: 24 | kind: KubeadmControlPlane 25 | path: ../base/patch-k8s-install-script-kcp.yaml 26 | - target: 27 | kind: KubeadmConfigTemplate 28 | path: ../base/patch-k8s-install-script-kct.yaml 29 | -------------------------------------------------------------------------------- /hack/generate-doctoc.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | if [[ "${TRACE-0}" == "1" ]]; then 22 | set -o xtrace 23 | fi 24 | 25 | if [[ -z "$(command -v doctoc)" ]]; then 26 | echo "doctoc is not available on your system, skipping verification" 27 | echo "Note: The doctoc module can be installed via npm (https://www.npmjs.com/package/doctoc)" 28 | exit 0 29 | fi 30 | 31 | doctoc docs/release/release-tasks.md 32 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.11/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 11 11 | contract: v1beta2 12 | - major: 1 13 | minor: 10 14 | contract: v1beta1 15 | - major: 1 16 | minor: 9 17 | contract: v1beta1 18 | - major: 1 19 | minor: 8 20 | contract: v1beta1 21 | - major: 1 22 | minor: 7 23 | contract: v1beta1 24 | - major: 1 25 | minor: 6 26 | contract: v1beta1 27 | - major: 1 28 | minor: 5 29 | contract: v1beta1 30 | - major: 1 31 | minor: 4 32 | contract: v1beta1 33 | - major: 1 34 | minor: 3 35 | contract: v1beta1 36 | - major: 1 37 | minor: 2 38 | contract: v1beta1 39 | - major: 1 40 | minor: 1 41 | contract: v1beta1 42 | - major: 1 43 | minor: 0 44 | contract: v1beta1 45 | -------------------------------------------------------------------------------- /hack/tools/openvpn/openvpn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | run_openvpn() { 22 | [ "${#}" -eq "0" ] && exec openvpn --config "$(/bin/ls ./*.ovpn)" 23 | exec openvpn "${@}" 24 | } 25 | 26 | [ "${#}" -eq "0" ] && run_openvpn 27 | 28 | { [ "${1}" = "/bin/bash" ] || \ 29 | [ "${1}" = "bash" ] || \ 30 | [ "${1}" = "/bin/sh" ] || \ 31 | [ "${1}" = "sh" ] || \ 32 | [ "${1}" = "shell" ]; } && exec /bin/bash 33 | 34 | run_openvpn "${@}" 35 | -------------------------------------------------------------------------------- /hack/codecov-ignore.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2023 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Ignore generated files in API packages, e.g. zz_generated.deepcopy.go and zz_generated.conversion.go. 18 | { 19 | find apis -regex '.*zz_generated.*\.go' -exec echo sigs.k8s.io/cluster-api-provider-vsphere/{} \; 20 | } >> codecov-ignore.txt 21 | 22 | while read -r p || [ -n "$p" ] 23 | do 24 | if [[ "${OSTYPE}" == "darwin"* ]]; then 25 | sed -i '' "/${p//\//\\/}/d" ./coverage.out 26 | else 27 | sed -i "/${p//\//\\/}/d" ./coverage.out 28 | fi 29 | done < ./codecov-ignore.txt 30 | -------------------------------------------------------------------------------- /pkg/services/govmomi/storageprofile_util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package govmomi 18 | 19 | import ( 20 | pbmTypes "github.com/vmware/govmomi/pbm/types" 21 | ) 22 | 23 | // isStoragePolicyIDPresent checks, given a ProfileResult if the requested storageprofileid 24 | // is associated at least with one entity. 25 | func isStoragePolicyIDPresent(storageProfileID string, result pbmTypes.PbmQueryProfileResult) bool { 26 | for _, id := range result.ProfileId { 27 | if id.UniqueId == storageProfileID { 28 | return true 29 | } 30 | } 31 | return false 32 | } 33 | -------------------------------------------------------------------------------- /hack/create-mirror-repository-pr.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2024 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | PR_NUMBER="${1:-}" 18 | 19 | if [ -z "${PR_NUMBER}" ]; then 20 | echo "PR_NUMBER must be set" 21 | exit 1 22 | fi 23 | 24 | gh pr view "${PR_NUMBER}" \ 25 | -R kubernetes-sigs/cluster-api-provider-vsphere \ 26 | --json headRepository,headRepositoryOwner,headRefName,baseRefName \ 27 | -q '"https://github.com/team-cluster-api/cluster-api-provider-vsphere/compare/" + .baseRefName + "..." + .headRepositoryOwner.login + ":" + .headRepository.name + ":" + .headRefName' 28 | -------------------------------------------------------------------------------- /hack/get-project-maintainers.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | if [[ "${TRACE-0}" == "1" ]]; then 22 | set -o xtrace 23 | fi 24 | 25 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 26 | 27 | YQ_BIN=yq 28 | YQ_PATH=hack/tools/bin/${YQ_BIN} 29 | 30 | cd "${REPO_ROOT}" && make ${YQ_BIN} >/dev/null 31 | 32 | KEYS=() 33 | while IFS='' read -r line; do KEYS+=("$line"); done < <(${YQ_PATH} e '.aliases["cluster-api-vsphere-maintainers"][]' OWNERS_ALIASES) 34 | echo "${KEYS[@]/#/@}" 35 | -------------------------------------------------------------------------------- /internal/webhooks/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package webhooks 18 | 19 | import ( 20 | apierrors "k8s.io/apimachinery/pkg/api/errors" 21 | "k8s.io/apimachinery/pkg/runtime/schema" 22 | "k8s.io/apimachinery/pkg/util/validation/field" 23 | ) 24 | 25 | // AggregateObjErrors aggregates a list of field errors into a single Invalid API error. 26 | func AggregateObjErrors(gk schema.GroupKind, name string, allErrs field.ErrorList) error { 27 | if len(allErrs) == 0 { 28 | return nil 29 | } 30 | 31 | return apierrors.NewInvalid( 32 | gk, 33 | name, 34 | allErrs, 35 | ) 36 | } 37 | -------------------------------------------------------------------------------- /packaging/flavorgen/flavors/kubevip/kubevip.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package kubevip exposes functions to add kubevip to templates. 18 | package kubevip 19 | 20 | import ( 21 | controlplanev1 "sigs.k8s.io/cluster-api/api/controlplane/kubeadm/v1beta2" 22 | 23 | "sigs.k8s.io/cluster-api-provider-vsphere/internal/kubevip" 24 | ) 25 | 26 | // PatchControlPlane adds kube-vip to a KubeadmControlPlane object. 27 | func PatchControlPlane(cp *controlplanev1.KubeadmControlPlane) { 28 | cp.Spec.KubeadmConfigSpec.Files = append(cp.Spec.KubeadmConfigSpec.Files, kubevip.Files()...) 29 | } 30 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.12/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 12 11 | contract: v1beta2 12 | - major: 1 13 | minor: 11 14 | contract: v1beta2 15 | - major: 1 16 | minor: 10 17 | contract: v1beta1 18 | - major: 1 19 | minor: 9 20 | contract: v1beta1 21 | - major: 1 22 | minor: 8 23 | contract: v1beta1 24 | - major: 1 25 | minor: 7 26 | contract: v1beta1 27 | - major: 1 28 | minor: 6 29 | contract: v1beta1 30 | - major: 1 31 | minor: 5 32 | contract: v1beta1 33 | - major: 1 34 | minor: 4 35 | contract: v1beta1 36 | - major: 1 37 | minor: 3 38 | contract: v1beta1 39 | - major: 1 40 | minor: 2 41 | contract: v1beta1 42 | - major: 1 43 | minor: 1 44 | contract: v1beta1 45 | - major: 1 46 | minor: 0 47 | contract: v1beta1 48 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capv/v1.12/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 0 11 | contract: v1beta1 12 | - major: 1 13 | minor: 1 14 | contract: v1beta1 15 | - major: 1 16 | minor: 2 17 | contract: v1beta1 18 | - major: 1 19 | minor: 3 20 | contract: v1beta1 21 | - major: 1 22 | minor: 4 23 | contract: v1beta1 24 | - major: 1 25 | minor: 5 26 | contract: v1beta1 27 | - major: 1 28 | minor: 6 29 | contract: v1beta1 30 | - major: 1 31 | minor: 7 32 | contract: v1beta1 33 | - major: 1 34 | minor: 8 35 | contract: v1beta1 36 | - major: 1 37 | minor: 9 38 | contract: v1beta1 39 | - major: 1 40 | minor: 10 41 | contract: v1beta1 42 | - major: 1 43 | minor: 11 44 | contract: v1beta1 45 | - major: 1 46 | minor: 12 47 | contract: v1beta1 48 | -------------------------------------------------------------------------------- /.github/workflows/cover.yaml: -------------------------------------------------------------------------------- 1 | name: codecov 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | permissions: 8 | contents: read 9 | 10 | jobs: 11 | coverage: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Harden Runner 15 | uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 16 | with: 17 | egress-policy: audit 18 | 19 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 20 | - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 21 | with: 22 | go-version: '1.22' 23 | - run: "PATH=/usr/local/go/bin:$PATH make test-cover" 24 | # Retry codecov upload. It is flaky due to a known issue https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954 25 | - uses: Wandalen/wretry.action@e68c23e6309f2871ca8ae4763e7629b9c258e1ea # v3.8.0 26 | with: 27 | attempt_limit: 20 28 | action: codecov/codecov-action@7afa10ed9b269c561c2336fd862446844e0cbf71 # v4.2.0 29 | with: | 30 | file: ./coverage.out 31 | fail_ci_if_error: true 32 | token: ${{ secrets.CODECOV_TOKEN }} 33 | -------------------------------------------------------------------------------- /docs/design/cluster-admission-machine-controller.puml: -------------------------------------------------------------------------------- 1 | @startuml cluster-admission-machine-controller 2 | 3 | start; 4 | :Machine controller; 5 | 6 | repeat 7 | :Machine controller enqueues a Create call; 8 | if (Cluster has ready annotation) then (yes) 9 | if (Machine has control plane role) then (yes) 10 | #LightBlue:Join as control plane member; 11 | else (no) 12 | #LightBlue:Join as worker node; 13 | endif 14 | else (no) 15 | if (Machine has control plane role) then (yes) 16 | #LightBlue:Create control plane config map; 17 | if (Control plane config map already exists) then (yes) 18 | #Pink:Return RequeueError; 19 | else (no) 20 | #LightBlue:Init control plane; 21 | #LightBlue:Set ready status on Machine annotation; 22 | #LightBlue:Patch Machine back to API server; 23 | endif 24 | else (no) 25 | #Pink:Return RequeueError; 26 | endif 27 | endif 28 | repeat while (Create returned RequeueError) is (yes) 29 | -> no; 30 | if (Create returned error) then (yes) 31 | #Pink:Error creating machine; 32 | else (no) 33 | #LightBlue:Machine has initialized or joined the cluster; 34 | endif 35 | stop; 36 | 37 | @enduml -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | # Adds namespace to all resources. 5 | namespace: capv-system 6 | 7 | namePrefix: capv- 8 | 9 | commonLabels: 10 | cluster.x-k8s.io/provider: "infrastructure-vsphere" 11 | 12 | resources: 13 | - ../base 14 | - ./crd 15 | - ../govmomi/webhook 16 | 17 | vars: 18 | - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR 19 | objref: 20 | kind: Certificate 21 | group: cert-manager.io 22 | version: v1 23 | name: serving-cert # this name should match the one in certificate.yaml 24 | fieldref: 25 | fieldpath: metadata.namespace 26 | - name: CERTIFICATE_NAME 27 | objref: 28 | kind: Certificate 29 | group: cert-manager.io 30 | version: v1 31 | name: serving-cert # this name should match the one in certificate.yaml 32 | - name: SERVICE_NAMESPACE # namespace of the service 33 | objref: 34 | kind: Service 35 | version: v1 36 | name: webhook-service 37 | fieldref: 38 | fieldpath: metadata.namespace 39 | - name: SERVICE_NAME 40 | objref: 41 | kind: Service 42 | version: v1 43 | name: webhook-service 44 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capv/v1.13/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 0 11 | contract: v1beta1 12 | - major: 1 13 | minor: 1 14 | contract: v1beta1 15 | - major: 1 16 | minor: 2 17 | contract: v1beta1 18 | - major: 1 19 | minor: 3 20 | contract: v1beta1 21 | - major: 1 22 | minor: 4 23 | contract: v1beta1 24 | - major: 1 25 | minor: 5 26 | contract: v1beta1 27 | - major: 1 28 | minor: 6 29 | contract: v1beta1 30 | - major: 1 31 | minor: 7 32 | contract: v1beta1 33 | - major: 1 34 | minor: 8 35 | contract: v1beta1 36 | - major: 1 37 | minor: 9 38 | contract: v1beta1 39 | - major: 1 40 | minor: 10 41 | contract: v1beta1 42 | - major: 1 43 | minor: 11 44 | contract: v1beta1 45 | - major: 1 46 | minor: 12 47 | contract: v1beta1 48 | - major: 1 49 | minor: 13 50 | contract: v1beta1 51 | -------------------------------------------------------------------------------- /pkg/context/vmware/guest_cluster_context.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vmware 18 | 19 | import ( 20 | "fmt" 21 | 22 | "sigs.k8s.io/controller-runtime/pkg/client" 23 | ) 24 | 25 | // GuestClusterContext is the context used for GuestClusterControllers. 26 | type GuestClusterContext struct { 27 | *ClusterContext 28 | 29 | // GuestClient can be used to access the guest cluster. 30 | GuestClient client.Client 31 | } 32 | 33 | // String returns ClusterGroupVersionKind ClusterNamespace/ClusterName. 34 | func (c *GuestClusterContext) String() string { 35 | return fmt.Sprintf("%s %s/%s", c.Cluster.GroupVersionKind(), c.Cluster.Namespace, c.Cluster.Name) 36 | } 37 | -------------------------------------------------------------------------------- /pkg/services/network/network_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package network_test 18 | 19 | import ( 20 | "os" 21 | "path/filepath" 22 | "testing" 23 | 24 | . "github.com/onsi/ginkgo/v2" 25 | "github.com/onsi/ginkgo/v2/types" 26 | . "github.com/onsi/gomega" 27 | ) 28 | 29 | func TestNetworkProvider(t *testing.T) { 30 | RegisterFailHandler(Fail) 31 | 32 | reporterConfig := types.NewDefaultReporterConfig() 33 | if artifactFolder, exists := os.LookupEnv("ARTIFACTS"); exists { 34 | reporterConfig.JUnitReport = filepath.Join(artifactFolder, "junit.ginkgo.pkg_services_network.xml") 35 | } 36 | RunSpecs(t, "Network Services Suite", reporterConfig) 37 | } 38 | -------------------------------------------------------------------------------- /pkg/services/govmomi/context.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package govmomi 18 | 19 | import ( 20 | "github.com/vmware/govmomi/object" 21 | "github.com/vmware/govmomi/vim25/types" 22 | 23 | infrav1 "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1" 24 | capvcontext "sigs.k8s.io/cluster-api-provider-vsphere/pkg/context" 25 | ) 26 | 27 | type virtualMachineContext struct { 28 | capvcontext.VMContext 29 | Ref types.ManagedObjectReference 30 | Obj *object.VirtualMachine 31 | State *infrav1.VirtualMachine 32 | IPAMState map[string]infrav1.NetworkDeviceSpec 33 | } 34 | 35 | func (c *virtualMachineContext) String() string { 36 | return c.VMContext.String() 37 | } 38 | --------------------------------------------------------------------------------