├── hack ├── make │ ├── ldflags.txt │ └── docker.mk ├── ipclaim-template.yaml ├── boilerplate.go.txt ├── tools.go ├── tools │ ├── tools.go │ ├── go.mod │ └── Makefile ├── check-vet.sh ├── images │ └── ci │ │ └── Makefile ├── build-gitbooks.sh ├── check-mdlint.sh ├── install-helm.sh ├── check-lint.sh ├── check-staticcheck.sh ├── go-install.sh ├── check-shell.sh ├── verify-container-images.sh ├── ensure-trivy.sh ├── make.sh ├── verify-codegen.sh ├── install-gh.sh ├── git-squash.sh ├── check-format.sh ├── kpromo.sh └── update-codegen.sh ├── test ├── integration │ ├── .gitignore │ ├── secrets.yaml │ ├── vsphere.conf │ ├── install_kind.sh │ └── create-vms.sh ├── kind │ ├── c01-product-uuid.txt │ ├── w01-product-uuid.txt │ ├── c01-product-serial.txt │ ├── w01-product-serial.txt │ └── kind-config.yaml └── vcsim │ ├── entrypoint.sh │ ├── Makefile │ ├── Dockerfile │ └── deployment.yaml ├── pkg ├── common │ ├── vclib │ │ ├── fixtures │ │ │ ├── invalid.pem │ │ │ ├── README.md │ │ │ ├── server.csr │ │ │ ├── ca.pem │ │ │ ├── server.pem │ │ │ └── createCerts.sh │ │ ├── folder.go │ │ ├── vmoptions.go │ │ ├── datastore.go │ │ ├── datastore_test.go │ │ ├── utils_test.go │ │ ├── utils.go │ │ └── custom_errors.go │ ├── kubernetes │ │ ├── envvars.go │ │ ├── types.go │ │ └── kubernetes.go │ └── credentialmanager │ │ ├── consts_and_errors.go │ │ └── types.go ├── cloudprovider │ ├── vsphereparavirtual │ │ ├── nsxipmanager │ │ │ ├── const.go │ │ │ └── interfaces.go │ │ ├── routemanager │ │ │ ├── helper │ │ │ │ ├── helper_test.go │ │ │ │ └── helper.go │ │ │ └── interfaces.go │ │ ├── client │ │ │ ├── clientset │ │ │ │ └── versioned │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ └── register.go │ │ │ │ │ ├── scheme │ │ │ │ │ ├── doc.go │ │ │ │ │ └── register.go │ │ │ │ │ └── typed │ │ │ │ │ └── nsxnetworking │ │ │ │ │ └── v1alpha1 │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ └── fake_nsxnetworking_client.go │ │ │ │ │ ├── doc.go │ │ │ │ │ └── generated_expansion.go │ │ │ ├── listers │ │ │ │ └── nsxnetworking │ │ │ │ │ └── v1alpha1 │ │ │ │ │ └── expansion_generated.go │ │ │ └── informers │ │ │ │ └── externalversions │ │ │ │ ├── internalinterfaces │ │ │ │ └── factory_interfaces.go │ │ │ │ └── nsxnetworking │ │ │ │ ├── interface.go │ │ │ │ └── v1alpha1 │ │ │ │ └── interface.go │ │ ├── vmservice │ │ │ ├── mocks │ │ │ │ └── doc.go │ │ │ └── types.go │ │ ├── apis │ │ │ └── nsxnetworking │ │ │ │ └── v1alpha1 │ │ │ │ └── doc.go │ │ ├── ippoolmanager │ │ │ ├── interfaces.go │ │ │ └── helper │ │ │ │ └── helper.go │ │ ├── types.go │ │ └── vmoperator │ │ │ ├── client │ │ │ └── fake_client.go │ │ │ └── interface.go │ └── vsphere │ │ ├── route │ │ └── config │ │ │ ├── types_common.go │ │ │ ├── types_ini_legacy.go │ │ │ ├── types_yaml.go │ │ │ ├── config_yaml_test.go │ │ │ ├── config_ini_legacy_test.go │ │ │ ├── config.go │ │ │ ├── consts_and_errors.go │ │ │ └── config_ini_legacy.go │ │ ├── options │ │ └── flags.go │ │ ├── loadbalancer │ │ ├── config │ │ │ ├── consts_and_errors.go │ │ │ ├── types_common.go │ │ │ └── types_ini_legacy.go │ │ ├── lock.go │ │ └── helpers.go │ │ ├── vapilogger.go │ │ └── config │ │ ├── types_common.go │ │ ├── types_ini_legacy.go │ │ └── types_yaml.go ├── nsxt │ └── config │ │ ├── consts_and_errors.go │ │ ├── types_common.go │ │ ├── types_ini_legacy.go │ │ ├── config_test.go │ │ └── types_yaml.go ├── util │ ├── utils.go │ ├── utils_test.go │ ├── retry_test.go │ └── retry.go └── cli │ ├── test │ └── vcsim.go │ ├── util.go │ └── client_test.go ├── cluster └── images │ └── controller-manager │ └── .gitignore ├── docs ├── vmware_logo.png ├── images │ ├── pitfalls.png │ ├── vCenter.png │ ├── clusterbased.png │ ├── cns-mongo-pvs.png │ ├── in-tree-arch.png │ ├── datacenterbased.png │ ├── out-of-tree-arch.png │ ├── space-efficient.png │ ├── whichdatastore.png │ ├── cns-mongo-pvs-labels.png │ ├── vsphere_kubernetes_logo.png │ ├── cpi_node_addresses_example.png │ ├── cpi_zones_topology_example.png │ ├── vsphere-in-tree-architecture.png │ ├── cpi_nodes_instance_type_example.png │ └── vsphere-out-of-tree-architecture.png └── book │ ├── .gitignore │ ├── vcp_roles.md │ ├── known_issues.md │ ├── SUMMARY.md │ └── concepts │ ├── in_tree_vs_out_of_tree.md │ ├── vcp_overview.md │ └── vmware_vsphere_storage.md ├── .markdownlintrc ├── charts ├── vsphere-cpi-1.24.1.tgz ├── vsphere-cpi-1.24.2.tgz ├── vsphere-cpi-1.25.0.tgz ├── vsphere-cpi-1.26.0.tgz ├── vsphere-cpi-1.27.0.tgz ├── vsphere-cpi-1.28.0.tgz ├── vsphere-cpi-1.29.0.tgz ├── vsphere-cpi-1.32.0.tgz ├── vsphere-cpi-1.32.1.tgz ├── vsphere-cpi-1.33.0.tgz ├── vsphere-cpi-1.34.0.tgz ├── vsphere-cpi-1.35.0.tgz ├── vsphere-cpi-v1.30.0.tgz ├── vsphere-cpi-v1.30.1.tgz ├── vsphere-cpi-v1.31.0.tgz └── vsphere-cpi │ ├── templates │ ├── NOTES.txt │ ├── service-account.yaml │ ├── secret.yaml │ ├── podsecuritypolicy.yaml │ ├── role-binding.yaml │ ├── configmap.yaml │ ├── role.yaml │ └── _helpers.tpl │ ├── .helmignore │ └── Chart.yaml ├── manifests └── controller-manager │ ├── README.md │ ├── vccm-secret.yaml │ ├── example-test.yaml │ ├── cloud-controller-manager-role-bindings.yaml │ ├── vsphere.conf │ ├── cloud-controller-manager-roles.yaml │ ├── vsphere-cloud-controller-manager-pod.yaml │ └── vsphere-cloud-controller-manager-ds.yaml ├── .github ├── ISSUE_TEMPLATE │ ├── config.yml │ ├── enhancement.yaml │ ├── failing-test.yaml │ └── flaking-test.yaml ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── weekly-security-scan.yaml │ └── auto-release-helm-chart.yml ├── code-of-conduct.md ├── OWNERS ├── OWNERS_ALIASES ├── SECURITY_CONTACTS ├── netlify.toml ├── .gcloudignore ├── scripts └── ci-test-coverage.sh ├── cloudbuild.yaml ├── cloudbuild-nightly.yaml ├── SECURITY.md ├── CONTRIBUTING.md └── cmd └── vcpctl └── main.go /hack/make/ldflags.txt: -------------------------------------------------------------------------------- 1 | -extldflags "-static" -w -s -------------------------------------------------------------------------------- /test/integration/.gitignore: -------------------------------------------------------------------------------- 1 | /kind-config.yaml 2 | -------------------------------------------------------------------------------- /test/kind/c01-product-uuid.txt: -------------------------------------------------------------------------------- 1 | 04F419FE-8688-4066-A16D-CBC4193D5B93 -------------------------------------------------------------------------------- /test/kind/w01-product-uuid.txt: -------------------------------------------------------------------------------- 1 | 04F419FE-8688-4066-A16D-CBC4193D5B94 -------------------------------------------------------------------------------- /pkg/common/vclib/fixtures/invalid.pem: -------------------------------------------------------------------------------- 1 | this is some invalid content 2 | -------------------------------------------------------------------------------- /cluster/images/controller-manager/.gitignore: -------------------------------------------------------------------------------- 1 | /vsphere-cloud-controller-manager -------------------------------------------------------------------------------- /test/vcsim/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CMD="${1}"; shift; exec "${CMD}" "${@}" -------------------------------------------------------------------------------- /test/kind/c01-product-serial.txt: -------------------------------------------------------------------------------- 1 | VMware-fe 19 f4 04 88 86 66 40-a1 6d cb c4 19 3d 5b 93 -------------------------------------------------------------------------------- /test/kind/w01-product-serial.txt: -------------------------------------------------------------------------------- 1 | VMware-fe 19 f4 04 88 86 66 40-a1 6d cb c4 19 3d 5b 94 -------------------------------------------------------------------------------- /docs/vmware_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/vmware_logo.png -------------------------------------------------------------------------------- /docs/images/pitfalls.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/pitfalls.png -------------------------------------------------------------------------------- /docs/images/vCenter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/vCenter.png -------------------------------------------------------------------------------- /.markdownlintrc: -------------------------------------------------------------------------------- 1 | { 2 | "default": true, 3 | "line_length": false, 4 | "MD026": { "punctuation": ".,;:!"} 5 | } 6 | -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.24.1.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.24.1.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.24.2.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.24.2.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.25.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.25.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.26.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.26.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.27.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.27.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.28.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.28.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.29.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.29.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.32.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.32.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.32.1.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.32.1.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.33.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.33.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.34.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.34.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-1.35.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-1.35.0.tgz -------------------------------------------------------------------------------- /docs/images/clusterbased.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/clusterbased.png -------------------------------------------------------------------------------- /docs/images/cns-mongo-pvs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/cns-mongo-pvs.png -------------------------------------------------------------------------------- /docs/images/in-tree-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/in-tree-arch.png -------------------------------------------------------------------------------- /charts/vsphere-cpi-v1.30.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-v1.30.0.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-v1.30.1.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-v1.30.1.tgz -------------------------------------------------------------------------------- /charts/vsphere-cpi-v1.31.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/charts/vsphere-cpi-v1.31.0.tgz -------------------------------------------------------------------------------- /docs/images/datacenterbased.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/datacenterbased.png -------------------------------------------------------------------------------- /docs/images/out-of-tree-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/out-of-tree-arch.png -------------------------------------------------------------------------------- /docs/images/space-efficient.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/space-efficient.png -------------------------------------------------------------------------------- /docs/images/whichdatastore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/whichdatastore.png -------------------------------------------------------------------------------- /docs/images/cns-mongo-pvs-labels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/cns-mongo-pvs-labels.png -------------------------------------------------------------------------------- /docs/images/vsphere_kubernetes_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/vsphere_kubernetes_logo.png -------------------------------------------------------------------------------- /docs/images/cpi_node_addresses_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/cpi_node_addresses_example.png -------------------------------------------------------------------------------- /docs/images/cpi_zones_topology_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/cpi_zones_topology_example.png -------------------------------------------------------------------------------- /docs/images/vsphere-in-tree-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/vsphere-in-tree-architecture.png -------------------------------------------------------------------------------- /docs/images/cpi_nodes_instance_type_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/cpi_nodes_instance_type_example.png -------------------------------------------------------------------------------- /docs/images/vsphere-out-of-tree-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/HEAD/docs/images/vsphere-out-of-tree-architecture.png -------------------------------------------------------------------------------- /manifests/controller-manager/README.md: -------------------------------------------------------------------------------- 1 | # DEPRECATED 2 | 3 | The manifest in this directory is deprecated. Please see the [releases](/releases) directory for example manifests. 4 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | contact_links: 2 | - name: Support Request 3 | url: https://discuss.kubernetes.io 4 | about: Support request or question relating to Kubernetes 5 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://github.com/kubernetes/community/blob/master/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /test/integration/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: vsphere-cloud-secret 5 | namespace: kube-system 6 | data: 7 | 10.96.96.96.username: "dXNlcg==" 8 | 10.96.96.96.password: "cGFzcw==" 9 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - sig-cloud-provider-leads 5 | - cloud-provider-vsphere-maintainers 6 | 7 | reviewers: 8 | - cloud-provider-vsphere-maintainers 9 | -------------------------------------------------------------------------------- /manifests/controller-manager/vccm-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: vccm 5 | namespace: kube-system 6 | stringData: 7 | 1.2.3.4.username: "" 8 | 1.2.3.4.password: "" 9 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }}. 2 | 3 | Your release is named {{ .Release.Name }}. 4 | 5 | To learn more about the release, try: 6 | 7 | $ helm status {{ .Release.Name }} 8 | $ helm get all {{ .Release.Name }} 9 | -------------------------------------------------------------------------------- /test/integration/vsphere.conf: -------------------------------------------------------------------------------- 1 | [Global] 2 | secret-name = "vsphere-cloud-secret" 3 | secret-namespace = "kube-system" 4 | service-account = "cloud-controller-manager" 5 | 6 | port = "443" 7 | insecure-flag = "1" 8 | datacenters = "DC0" 9 | 10 | [VirtualCenter "10.96.96.96"] -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/nsxipmanager/const.go: -------------------------------------------------------------------------------- 1 | package nsxipmanager 2 | 3 | const ( 4 | // PublicIPPoolType allows Pod IP address routable outside of Tier 0 router. 5 | PublicIPPoolType = "Public" 6 | 7 | // PrivateIPPoolType allows Pod IP address routable within VPC router. 8 | PrivateIPPoolType = "Private" 9 | ) 10 | -------------------------------------------------------------------------------- /hack/ipclaim-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ipam.cluster.x-k8s.io/v1alpha1 2 | kind: IPAddressClaim 3 | metadata: 4 | name: ${IPCLAIM_NAME} 5 | annotations: 6 | prow.k8s.io/build-id: "${BUILD_ID}" 7 | prow.k8s.io/job: "${JOB_NAME}" 8 | spec: 9 | poolRef: 10 | apiGroup: ipam.cluster.x-k8s.io 11 | kind: InClusterIPPool 12 | name: capv-e2e-ippool 13 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/service-account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }} 6 | labels: 7 | app: {{ template "cpi.name" . }} 8 | vsphere-cpi-infra: service-account 9 | component: cloud-controller-manager 10 | namespace: {{ .Release.Namespace }} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /pkg/common/vclib/fixtures/README.md: -------------------------------------------------------------------------------- 1 | # Security Go(lang) Testing 2 | 3 | The files below are only used for our Go test framework for making sure the simulated vCenter Server (vcsim) is able to authenticate in a secure manner. The files don't actually access any valid resource anywhere. These files include: 4 | 5 | - ca.key 6 | - ca.pem 7 | - server.csr 8 | - server.key 9 | - server.pem 10 | - invalid.pem 11 | -------------------------------------------------------------------------------- /test/vcsim/Makefile: -------------------------------------------------------------------------------- 1 | all: build 2 | 3 | IMAGE := akutz/vcsim 4 | TAG ?= $(shell date +v%Y%m%d)-$(shell git describe --tags --always --dirty) 5 | 6 | build: image 7 | image: $(KEEPALIVE) 8 | docker build -t "$(IMAGE):$(TAG)" . 9 | docker tag "$(IMAGE):$(TAG)" "$(IMAGE):latest" 10 | 11 | push: image 12 | docker push "$(IMAGE):$(TAG)" 13 | docker push "$(IMAGE):latest" 14 | 15 | .PHONY: build image push 16 | -------------------------------------------------------------------------------- /docs/book/.gitignore: -------------------------------------------------------------------------------- 1 | # Node rules: 2 | ## Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 3 | .grunt 4 | 5 | ## Dependency directory 6 | ## Commenting this out is preferred by some people, see 7 | ## https://docs.npmjs.com/misc/faq#should-i-check-my-node_modules-folder-into-git 8 | node_modules/ 9 | 10 | # Book build output 11 | _book/ 12 | 13 | # eBook build output 14 | *.epub 15 | *.mobi 16 | *.pdf 17 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /manifests/controller-manager/example-test.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: my-csi-app 5 | spec: 6 | containers: 7 | - name: my-frontend 8 | image: busybox 9 | command: [ "sleep", "1000000" ] 10 | # nodeSelector: 11 | # failure-domain.beta.kubernetes.io/region: IF_USING_ZONES_REPLACE_WITH_TARGETED_REGION_VALUE 12 | # failure-domain.beta.kubernetes.io/zone: IF_USING_ZONES_REPLACE_WITH_TARGETED_ZONE_VALUE 13 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/nsxipmanager/interfaces.go: -------------------------------------------------------------------------------- 1 | package nsxipmanager 2 | 3 | import ( 4 | corev1 "k8s.io/api/core/v1" 5 | ) 6 | 7 | // NSXIPManager defines an interface that can interact with NSX to claim/release pod cidr. 8 | type NSXIPManager interface { 9 | // ClaimPodCIDR claims a pod cidr for a node. 10 | ClaimPodCIDR(node *corev1.Node) error 11 | // ReleasePodCIDR releases a pod cidr for a node. 12 | ReleasePodCIDR(node *corev1.Node) error 13 | } 14 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.35.0 3 | description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) 4 | name: vsphere-cpi 5 | version: 1.35.0 6 | keywords: 7 | - vsphere 8 | - vmware 9 | - cloud 10 | - provider 11 | - cpi 12 | home: https://github.com/kubernetes/cloud-provider-vsphere 13 | icon: https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/master/docs/vmware_logo.png 14 | sources: 15 | - https://github.com/kubernetes/cloud-provider-vsphere 16 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/routemanager/helper/helper_test.go: -------------------------------------------------------------------------------- 1 | package helper 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/stretchr/testify/assert" 7 | ) 8 | 9 | const ( 10 | testClustername = "test-cluster" 11 | testCIDR = "100.96.0.0/24" 12 | testNodeName = "fakeNode1" 13 | ) 14 | 15 | func TestGetRouteName(t *testing.T) { 16 | name := GetRouteName(testNodeName, testCIDR, testClustername) 17 | expectedName := testNodeName + "-100.96.0.0-24-" + testClustername 18 | assert.Equal(t, name, expectedName) 19 | } 20 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md 2 | 3 | aliases: 4 | sig-cloud-provider-leads: 5 | - andrewsykim 6 | - cheftako 7 | cloud-provider-vsphere-maintainers: 8 | - andrewsykim 9 | - divyenpatel 10 | - dougm 11 | - frapposelli 12 | - sandeeppissay 13 | - lubronzhan 14 | - XudongLiuHarold 15 | - wyike 16 | - YanzhaoLi 17 | - DanielXiao 18 | - chenlin07 19 | - christianang 20 | - flawedmatrix 21 | - sunjayBhatia 22 | - skriss 23 | - zhanggbj 24 | - silvery1622 25 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Committee to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | frapposelli 14 | dougm 15 | abrarshivani 16 | baludontu 17 | divyenpatel 18 | imkin 19 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **What this PR does / why we need it**: 4 | 5 | **Which issue this PR fixes** *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)*: fixes # 6 | 7 | **Special notes for your reviewer**: 8 | 9 | **Release note**: 10 | 14 | ```release-note 15 | ``` 16 | -------------------------------------------------------------------------------- /test/kind/kind-config.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | extraMounts: 6 | - containerPath: /sys/class/dmi/id/product_serial 7 | hostPath: {{PROJECT_ROOT}}/test/kind/c01-product-serial.txt 8 | readOnly: true 9 | - containerPath: /sys/class/dmi/id/product_uuid 10 | hostPath: {{PROJECT_ROOT}}/test/kind/c01-product-uuid.txt 11 | readOnly: true 12 | - role: worker 13 | extraMounts: 14 | - containerPath: /sys/class/dmi/id/product_serial 15 | hostPath: {{PROJECT_ROOT}}/test/kind/w01-product-serial.txt 16 | readOnly: true 17 | - containerPath: /sys/class/dmi/id/product_uuid 18 | hostPath: {{PROJECT_ROOT}}/test/kind/w01-product-uuid.txt 19 | readOnly: true 20 | -------------------------------------------------------------------------------- /netlify.toml: -------------------------------------------------------------------------------- 1 | # Netlify build 2 | [build] 3 | command = "./hack/build-gitbooks.sh" 4 | publish = "docs/book/_book" 5 | 6 | # Netlify redirects 7 | [[redirects]] 8 | from = "https://kubernetes-sigs-cloud-provider-vsphere.netlify.com/*" 9 | to = "https://cloud-provider-vsphere.sigs.k8s.io/:splat" 10 | status = 301 11 | force = true 12 | 13 | # HTTP -> HTTPS 14 | [[redirects]] 15 | from = "http://cloud-provider-vsphere.sigs.k8s.io/*" 16 | to = "https://cloud-provider-vsphere.sigs.k8s.io/:splat" 17 | status = 301 18 | force = true 19 | 20 | [[redirects]] 21 | from = "http://kubernetes-sigs-cloud-provider-vsphere.netlify.com/*" 22 | to = "http://cloud-provider-vsphere.sigs.k8s.io/:splat" 23 | status = 301 24 | force = true 25 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $config := .Values.config -}} 2 | {{- if .Values.global -}} 3 | {{- if .Values.global.config -}} 4 | {{- $config = mergeOverwrite (deepCopy .Values.config) .Values.global.config -}} 5 | {{- end -}} 6 | {{- end -}} 7 | {{- if and $config.secret.create $config.enabled -}} 8 | apiVersion: v1 9 | kind: Secret 10 | metadata: 11 | name: {{ $config.secret.name | default "vsphere-cloud-secret" }} 12 | labels: 13 | app: {{ template "cpi.name" . }} 14 | vsphere-cpi-infra: secret 15 | component: cloud-controller-manager 16 | namespace: {{ .Release.Namespace }} 17 | stringData: 18 | {{ $config.vcenter }}.username: {{ $config.username | quote }} 19 | {{ $config.vcenter }}.password: {{ $config.password | quote }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /hack/tools.go: -------------------------------------------------------------------------------- 1 | // +build tools 2 | 3 | /* 4 | Copyright 2021 The Kubernetes Authors. 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | // This package imports things required by build scripts, to force `go mod` to see them as dependencies 17 | package tools 18 | 19 | import _ "k8s.io/code-generator" -------------------------------------------------------------------------------- /.gcloudignore: -------------------------------------------------------------------------------- 1 | # Ignore the build output. 2 | /.build 3 | 4 | # Ignore tooling binaries. 5 | /hack/tools/bin 6 | 7 | # Ignore vendor at the root and test of the project. Please note that 8 | # /vendor/bitbucket.org/ww/goautoneg is versioned forcefully in order to 9 | # bypass a build issue. 10 | /vendor 11 | /test/e2e/vendor 12 | 13 | *.json 14 | *.sublime-project 15 | *.sublime-workspace 16 | *.swp 17 | .idea 18 | 19 | 20 | # OSX leaves these everywhere on SMB shares 21 | ._* 22 | 23 | # OSX trash 24 | .DS_Store 25 | 26 | # Eclipse files 27 | .classpath 28 | .project 29 | .settings/** 30 | 31 | # Files generated by JetBrains IDEs, e.g. IntelliJ IDEA 32 | .idea/ 33 | *.iml 34 | 35 | # Vscode files 36 | .vscode 37 | 38 | # irrelated file for building image 39 | /charts 40 | /docs 41 | /manifests 42 | /releases 43 | /scripts 44 | /test 45 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated clientset. 20 | package versioned 21 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /scripts/ci-test-coverage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | 23 | cd "${REPO_ROOT}" && \ 24 | make test-cover 25 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/typed/nsxnetworking/v1alpha1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/enhancement.yaml: -------------------------------------------------------------------------------- 1 | name: Enhancement Tracking Issue 2 | description: Provide supporting details for a feature in development 3 | labels: kind/feature 4 | body: 5 | - type: textarea 6 | id: feature 7 | attributes: 8 | label: What would you like to be added? 9 | description: | 10 | Feature requests are unlikely to make progress as issues. Please consider engaging with SIGs on slack and mailing lists, instead. 11 | A proposal that works through the design along with the implications of the change can be opened as a KEP. 12 | See https://git.k8s.io/enhancements/keps#kubernetes-enhancement-proposals-keps 13 | validations: 14 | required: true 15 | 16 | - type: textarea 17 | id: rationale 18 | attributes: 19 | label: Why is this needed? 20 | validations: 21 | required: true 22 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/typed/nsxnetworking/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/vmservice/mocks/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package mocks 18 | 19 | //go:generate mockgen -destination=vmservice_mock.go -package=mocks k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/vmservice VMService 20 | -------------------------------------------------------------------------------- /cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # See https://cloud.google.com/cloud-build/docs/build-config 2 | # See https://console.cloud.google.com/gcr/images/k8s-staging-test-infra/global/gcb-docker-gcloud 3 | timeout: 2700s 4 | options: 5 | substitution_option: ALLOW_LOOSE 6 | machineType: 'E2_HIGHCPU_8' 7 | steps: 8 | - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:63840f133e0dfeea0af9ef391210da7fab9d2676172e2967fccab0cd6110c4e7' # v20250513-9264efb079 9 | entrypoint: make 10 | env: 11 | - DOCKER_CLI_EXPERIMENTAL=enabled 12 | - TAG=$_GIT_TAG 13 | - PULL_BASE_REF=$_PULL_BASE_REF 14 | - DOCKER_BUILDKIT=1 15 | args: 16 | - release-staging 17 | substitutions: 18 | # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and 19 | # can be used as a substitution 20 | _GIT_TAG: '12345' 21 | _PULL_BASE_REF: 'dev' 22 | -------------------------------------------------------------------------------- /pkg/common/vclib/folder.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import ( 20 | "github.com/vmware/govmomi/object" 21 | ) 22 | 23 | // Folder extends the govmomi Folder object 24 | type Folder struct { 25 | *object.Folder 26 | Datacenter *Datacenter 27 | } 28 | -------------------------------------------------------------------------------- /cloudbuild-nightly.yaml: -------------------------------------------------------------------------------- 1 | # See https://cloud.google.com/cloud-build/docs/build-config 2 | # See https://console.cloud.google.com/gcr/images/k8s-staging-test-infra/global/gcb-docker-gcloud 3 | timeout: 2700s 4 | options: 5 | substitution_option: ALLOW_LOOSE 6 | machineType: 'E2_HIGHCPU_8' 7 | steps: 8 | - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:63840f133e0dfeea0af9ef391210da7fab9d2676172e2967fccab0cd6110c4e7' # v20250513-9264efb079 9 | entrypoint: make 10 | env: 11 | - DOCKER_CLI_EXPERIMENTAL=enabled 12 | - TAG=$_GIT_TAG 13 | - PULL_BASE_REF=$_PULL_BASE_REF 14 | - DOCKER_BUILDKIT=1 15 | args: 16 | - release-staging-nightly 17 | substitutions: 18 | # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and 19 | # can be used as a substitution 20 | _GIT_TAG: '12345' 21 | _PULL_BASE_REF: 'dev' 22 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/apis/nsxnetworking/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the nsxnetworking v1alpha1 API group 18 | // +k8s:deepcopy-gen=package,register 19 | // +groupName=nsx.vmware.com 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/typed/nsxnetworking/v1alpha1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | type IPPoolExpansion interface{} 22 | 23 | type RouteSetExpansion interface{} 24 | -------------------------------------------------------------------------------- /pkg/nsxt/config/consts_and_errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | const ( 20 | // UsernameKeyInSecret is the username key in secret 21 | UsernameKeyInSecret = "username" 22 | // PasswordKeyInSecret is the password key in secret 23 | PasswordKeyInSecret = "password" 24 | ) 25 | -------------------------------------------------------------------------------- /hack/tools/tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | // +build tools 3 | 4 | /* 5 | Copyright 2021 The Kubernetes Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // This package imports things required by build scripts, to force `go mod` to see them as dependencies 21 | package tools 22 | 23 | import ( 24 | _ "github.com/onsi/ginkgo/v2/ginkgo" 25 | _ "sigs.k8s.io/kind" 26 | ) 27 | -------------------------------------------------------------------------------- /hack/check-vet.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2018 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | go vet ./cmd/... ./pkg/... 26 | -------------------------------------------------------------------------------- /pkg/util/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "net" 21 | "strings" 22 | ) 23 | 24 | // IsIPv4 checks whether IP address is IPv4 25 | func IsIPv4(str string) bool { 26 | str = strings.Split(str, "/")[0] 27 | ip := net.ParseIP(str) 28 | return ip != nil && ip.To4() != nil 29 | } 30 | -------------------------------------------------------------------------------- /pkg/common/vclib/vmoptions.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import ( 20 | "github.com/vmware/govmomi/object" 21 | ) 22 | 23 | // VMOptions provides helper objects for provisioning volume with SPBM Policy 24 | type VMOptions struct { 25 | VMFolder *Folder 26 | VMResourcePool *object.ResourcePool 27 | } 28 | -------------------------------------------------------------------------------- /docs/book/vcp_roles.md: -------------------------------------------------------------------------------- 1 | # Minimal required privilege for vCenters 2 | 3 | ## Introduction 4 | 5 | This article documents the minimal required permissions required for the vSphere user designated to the vSphere Cloud Provider. 6 | 7 | Please refer [vSphere Documentation Center](https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html) to find out 8 | how to create a `Custom Role`, `User`, and `Role Assignment`. 9 | 10 | ## Environment 11 | 12 | * VMware vCenter Server 7.0.0 build-18369597 13 | * vSphere Cloud Controller Manager version v1.18.1_vmware.1 14 | 15 | ## Required permission 16 | 17 | The vSphere Cloud Controller Manager requires the Read permission on the parent entities of the node VMs such as folder, host, datacenter, datastore folder, datastore cluster, etc. 18 | The role `ReadOnly: See details of objects, but not make changes` should be associated with the vSphere user for CPV. 19 | -------------------------------------------------------------------------------- /pkg/common/kubernetes/envvars.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package kubernetes 18 | 19 | const ( 20 | // DefaultKubeConfigPath is /etc/kubernetes/controller-manager.conf 21 | DefaultKubeConfigPath = "/etc/kubernetes/controller-manager.conf" 22 | 23 | // EnvKubeConfig contains the path to the KubeConfig 24 | EnvKubeConfig = "VSPHERE_KUBE_CONFIG" 25 | ) 26 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/types_common.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | // Config is used to read and store information from the cloud configuration file 20 | type Config struct { 21 | Route RouteConfig 22 | } 23 | 24 | // RouteConfig contains the configuration for the route itself 25 | type RouteConfig struct { 26 | RouterPath string 27 | } 28 | -------------------------------------------------------------------------------- /hack/images/ci/Makefile: -------------------------------------------------------------------------------- 1 | all: build 2 | 3 | include ../../../hack/make/login-to-image-registry.mk 4 | 5 | VERSION ?= $(shell git describe --always --dirty) 6 | IMAGE := $(REGISTRY)/ci 7 | IMAGE_D := $(VERSION).d 8 | 9 | build: $(IMAGE_D) 10 | $(IMAGE_D): Dockerfile conformance.sh 11 | docker build -t $(IMAGE):$(VERSION) -f $< ../../.. 12 | docker tag $(IMAGE):$(VERSION) $(IMAGE):latest 13 | @touch $@ 14 | 15 | .PHONY: rebuild 16 | rebuild: MAKEFLAGS += --always-make 17 | rebuild: 18 | $(MAKE) build 19 | 20 | .PHONY: ls-images 21 | ls-images: 22 | docker images --filter=reference=$(IMAGE):* 23 | 24 | .PHONY: clean 25 | DOCKER_RMI_FLAGS := --no-prune 26 | clean: 27 | rm -f $(IMAGE_D) 28 | docker rmi $(DOCKER_RMI_FLAGS) $(IMAGE):$(VERSION) $(IMAGE):latest 2>/dev/null || true 29 | 30 | .PHONY: clobber 31 | clobber: DOCKER_RMI_FLAGS := 32 | clobber: clean 33 | rm -f *.d 34 | docker rmi $$(docker images -qf reference=$(IMAGE):*) 2>/dev/null || true 35 | 36 | .PHONY: print 37 | print: 38 | @echo $(IMAGE):$(VERSION) 39 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/types_ini_legacy.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | // RouteConfigINI is used to read and store information from the cloud configuration file 20 | type RouteConfigINI struct { 21 | Route RouteINI `gcfg:"route"` 22 | } 23 | 24 | // RouteINI contains the configuration for route 25 | type RouteINI struct { 26 | RouterPath string `gcfg:"router-path"` 27 | } 28 | -------------------------------------------------------------------------------- /hack/build-gitbooks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | pushd docs/book/ 26 | npm install gitbook-cli -g 27 | npm install phantomjs-prebuilt 28 | gitbook install 29 | gitbook build 30 | popd 31 | -------------------------------------------------------------------------------- /hack/check-mdlint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | docker run --rm -v "$(pwd)":/build \ 26 | registry.k8s.io/cloud-pv-vsphere/extra/mdlint:0.17.0 /md/lint -i vendor -i docs/book/node_modules . 27 | -------------------------------------------------------------------------------- /hack/install-helm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2024 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # ========== install Helm Chart ========== 22 | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash 23 | 24 | # ========== install cloud-provider-vsphere chart ========== 25 | helm repo add vsphere-cpi https://kubernetes.github.io/cloud-provider-vsphere 26 | helm repo update 27 | -------------------------------------------------------------------------------- /.github/workflows/weekly-security-scan.yaml: -------------------------------------------------------------------------------- 1 | name: Weekly security scan 2 | 3 | on: 4 | schedule: 5 | # Cron for every Monday at 12:00 UTC. 6 | - cron: "0 12 * * 1" 7 | 8 | # Remove all permissions from GITHUB_TOKEN except metadata. 9 | permissions: {} 10 | 11 | jobs: 12 | scan: 13 | strategy: 14 | fail-fast: false 15 | matrix: 16 | branch: [ master, release-1.35, release-1.34, release-1.33 ] 17 | name: Trivy 18 | runs-on: ubuntu-latest 19 | steps: 20 | - name: Check out code 21 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v4.2.2 22 | with: 23 | ref: ${{ matrix.branch }} 24 | - name: Calculate go version 25 | id: vars 26 | run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT 27 | - name: Set up Go 28 | uses: actions/setup-go@c0137caad775660c0844396c52da96e560aba63d # tag=v5.1.0 29 | with: 30 | go-version: ${{ steps.vars.outputs.go_version }} 31 | - name: Run verify security target 32 | run: make verify-security 33 | -------------------------------------------------------------------------------- /hack/tools/go.mod: -------------------------------------------------------------------------------- 1 | module tools 2 | 3 | go 1.23.0 4 | 5 | require ( 6 | github.com/onsi/ginkgo/v2 v2.27.3 7 | sigs.k8s.io/kind v0.30.0 8 | ) 9 | 10 | require ( 11 | al.essio.dev/pkg/shellescape v1.5.1 // indirect 12 | github.com/BurntSushi/toml v1.4.0 // indirect 13 | github.com/Masterminds/semver/v3 v3.4.0 // indirect 14 | github.com/evanphx/json-patch/v5 v5.6.0 // indirect 15 | github.com/go-task/slim-sprig/v3 v3.0.0 // indirect 16 | github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect 17 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 18 | github.com/mattn/go-isatty v0.0.20 // indirect 19 | github.com/pelletier/go-toml v1.9.5 // indirect 20 | github.com/pkg/errors v0.9.1 // indirect 21 | github.com/spf13/cobra v1.8.0 // indirect 22 | github.com/spf13/pflag v1.0.5 // indirect 23 | go.yaml.in/yaml/v3 v3.0.4 // indirect 24 | golang.org/x/mod v0.27.0 // indirect 25 | golang.org/x/sync v0.16.0 // indirect 26 | golang.org/x/sys v0.35.0 // indirect 27 | golang.org/x/tools v0.36.0 // indirect 28 | sigs.k8s.io/yaml v1.4.0 // indirect 29 | ) 30 | -------------------------------------------------------------------------------- /test/integration/install_kind.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | KIND_VERSION="v0.23.0" 22 | KIND_PATH="/usr/local/bin/kind" 23 | 24 | # Check if KIND already exists 25 | if ! [[ -x "${KIND_PATH}" ]]; then 26 | wget "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64" \ 27 | --no-verbose -O "${KIND_PATH}" 28 | chmod +x "${KIND_PATH}" 29 | fi 30 | -------------------------------------------------------------------------------- /hack/check-lint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | go get golang.org/x/lint/golint 26 | go install golang.org/x/lint/golint 27 | 28 | CMD=$(go list -f \{\{\.Target\}\} golang.org/x/lint/golint) 29 | 30 | "${CMD}" -set_exit_status ./pkg/... ./cmd/... 31 | -------------------------------------------------------------------------------- /manifests/controller-manager/cloud-controller-manager-role-bindings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: servicecatalog.k8s.io:apiserver-authentication-reader 7 | namespace: kube-system 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: extension-apiserver-authentication-reader 12 | subjects: 13 | - apiGroup: "" 14 | kind: ServiceAccount 15 | name: cloud-controller-manager 16 | namespace: kube-system 17 | - apiGroup: "" 18 | kind: User 19 | name: cloud-controller-manager 20 | - apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: system:cloud-controller-manager 24 | roleRef: 25 | apiGroup: rbac.authorization.k8s.io 26 | kind: ClusterRole 27 | name: system:cloud-controller-manager 28 | subjects: 29 | - kind: ServiceAccount 30 | name: cloud-controller-manager 31 | namespace: kube-system 32 | - kind: User 33 | name: cloud-controller-manager 34 | kind: List 35 | metadata: {} 36 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Security Announcements 4 | 5 | Join the [kubernetes-security-announce] group for security and vulnerability announcements. 6 | 7 | You can also subscribe to an RSS feed of the above using [this link][kubernetes-security-announce-rss]. 8 | 9 | ## Reporting a Vulnerability 10 | 11 | Instructions for reporting a vulnerability can be found on the 12 | [Kubernetes Security and Disclosure Information] page. 13 | 14 | ## Supported Versions 15 | 16 | Information about supported Kubernetes versions can be found on the 17 | [Kubernetes version and version skew support policy] page on the Kubernetes website. 18 | 19 | [kubernetes-security-announce]: https://groups.google.com/forum/#!forum/kubernetes-security-announce 20 | [kubernetes-security-announce-rss]: https://groups.google.com/forum/feed/kubernetes-security-announce/msgs/rss_v2_0.xml?num=50 21 | [Kubernetes version and version skew support policy]: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions 22 | [Kubernetes Security and Disclosure Information]: https://kubernetes.io/docs/reference/issues-security/security/#report-a-vulnerability 23 | -------------------------------------------------------------------------------- /pkg/cli/test/vcsim.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2016 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | 19 | import ( 20 | "log" 21 | 22 | "github.com/vmware/govmomi/simulator" 23 | ) 24 | 25 | // NewServiceInstance returns a new vCenter simulator's model and 26 | // server object used to access the simulator's data and control its 27 | // lifecycle. 28 | func NewServiceInstance() (*simulator.Model, *simulator.Server, error) { 29 | model := simulator.VPX() 30 | err := model.Create() 31 | if err != nil { 32 | log.Fatal(err) 33 | } 34 | return model, model.Service.NewServer(), nil 35 | } 36 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/options/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2025 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package options 15 | 16 | import ( 17 | "github.com/spf13/pflag" 18 | "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphere" 19 | ) 20 | 21 | // AddFlags add the additional flags for the controller 22 | func AddFlags(fs *pflag.FlagSet) { 23 | fs.StringToStringVar(&vsphere.AdditionalLabels, "node-labels", nil, 24 | "Additional labels to add to vSphere nodes during registration. Each key must follow kubernetes label format.\n"+ 25 | "Example: --node-labels=node.foo.bar=vsphere,foo.bar/mapi=") 26 | } 27 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/ippoolmanager/interfaces.go: -------------------------------------------------------------------------------- 1 | package ippoolmanager 2 | 3 | import ( 4 | corev1 "k8s.io/api/core/v1" 5 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 6 | "k8s.io/client-go/tools/cache" 7 | 8 | "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/ippoolmanager/helper" 9 | ) 10 | 11 | // IPPoolManager defines an interface that can interact with nsx.vmware.com.ippool 12 | type IPPoolManager interface { 13 | GetIPPoolListerSynced() cache.InformerSynced 14 | GetIPPoolInformer() cache.SharedIndexInformer 15 | StartIPPoolInformers(stopCh <-chan struct{}) 16 | 17 | GetIPPool(clusterNS, clusterName string) (helper.NSXIPPool, error) 18 | GetIPPoolFromIndexer(key string) (helper.NSXIPPool, error) 19 | CreateIPPool(clusterNS, clusterName string, ownerRef *metav1.OwnerReference) (helper.NSXIPPool, error) 20 | 21 | GetIPPoolSubnets(ippool helper.NSXIPPool) (map[string]string, error) 22 | AddSubnetToIPPool(node *corev1.Node, ippool helper.NSXIPPool, ownerRef *metav1.OwnerReference) error 23 | DeleteSubnetFromIPPool(subnetName string, ippool helper.NSXIPPool) error 24 | DiffIPPoolSubnets(old, cur helper.NSXIPPool) bool 25 | } 26 | -------------------------------------------------------------------------------- /hack/check-staticcheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | go get honnef.co/go/tools/cmd/staticcheck 26 | go install honnef.co/go/tools/cmd/staticcheck 27 | CMD=$(go list -f \{\{\.Target\}\} honnef.co/go/tools/cmd/staticcheck) 28 | 29 | # re-enable SA1019 when we upgrade to Go 1.14 30 | CHECKS="all,-ST1*,-SA1019" 31 | 32 | "${CMD}" -checks "${CHECKS}" ./... 33 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/types_yaml.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | /* 20 | TODO: 21 | When the INI based cloud-config is deprecated, this file should be renamed 22 | from types_yaml.go to types.go and the structs within this file should be named: 23 | 24 | RouteConfigYAML -> RouteConfig 25 | */ 26 | 27 | // RouteConfigYAML is used to read and store information from the cloud configuration file 28 | type RouteConfigYAML struct { 29 | Route RouteYAML `yaml:"route"` 30 | } 31 | 32 | // RouteYAML contains the configuration for route 33 | type RouteYAML struct { 34 | RouterPath string `yaml:"routerPath"` 35 | } 36 | -------------------------------------------------------------------------------- /pkg/common/vclib/datastore.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import ( 20 | "fmt" 21 | 22 | "github.com/vmware/govmomi/object" 23 | "github.com/vmware/govmomi/vim25/types" 24 | ) 25 | 26 | // Datastore extends the govmomi Datastore object 27 | type Datastore struct { 28 | *object.Datastore 29 | Datacenter *Datacenter 30 | } 31 | 32 | // DatastoreInfo is a structure to store the Datastore and it's Info. 33 | type DatastoreInfo struct { 34 | *Datastore 35 | Info *types.DatastoreInfo 36 | } 37 | 38 | func (di DatastoreInfo) String() string { 39 | return fmt.Sprintf("Datastore: %+v, datastore URL: %s", di.Datastore, di.Info.Url) 40 | } 41 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/loadbalancer/config/consts_and_errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/util/sets" 21 | 22 | "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/model" 23 | ) 24 | 25 | const ( 26 | // DefaultLoadBalancerClass is the default load balancer class 27 | DefaultLoadBalancerClass = "default" 28 | ) 29 | 30 | // LoadBalancerSizes contains the valid size names 31 | var LoadBalancerSizes = sets.NewString( 32 | model.LBService_SIZE_SMALL, 33 | model.LBService_SIZE_MEDIUM, 34 | model.LBService_SIZE_LARGE, 35 | model.LBService_SIZE_XLARGE, 36 | model.LBService_SIZE_DLB, 37 | ) 38 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/routemanager/interfaces.go: -------------------------------------------------------------------------------- 1 | package routemanager 2 | 3 | import ( 4 | "context" 5 | 6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 | "k8s.io/client-go/rest" 8 | cloudprovider "k8s.io/cloud-provider" 9 | "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/routemanager/helper" 10 | "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/routemanager/routeset" 11 | "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/routemanager/staticroute" 12 | ) 13 | 14 | // RouteManager defines an interface that can interact with nsx.vmware.com route CR 15 | type RouteManager interface { 16 | ListRouteCR(ctx context.Context, ls metav1.LabelSelector) (helper.RouteCRList, error) 17 | CreateRouteCR(ctx context.Context, routeInfo *helper.RouteInfo) (helper.RouteCR, error) 18 | DeleteRouteCR(route string) error 19 | WaitRouteCR(crName string) error 20 | 21 | CreateCPRoutes(routes helper.RouteCRList) ([]*cloudprovider.Route, error) 22 | } 23 | 24 | // GetRouteManager gets an RouteManager 25 | func GetRouteManager(vpcModeEnabled bool, config *rest.Config, clusterNS string) (RouteManager, error) { 26 | if vpcModeEnabled { 27 | return staticroute.NewRouteManager(config, clusterNS) 28 | } 29 | 30 | return routeset.NewRouteManager(config, clusterNS) 31 | } 32 | -------------------------------------------------------------------------------- /docs/book/known_issues.md: -------------------------------------------------------------------------------- 1 | # Known Issues 2 | 3 | ## VMTools Nice/Device Filtering 4 | 5 | A number of [CNI](https://github.com/containernetworking/cni) implementations (such Calico, Antrea, and etc) introduce networking artifacts that interfere with the normal operation of vSphere's internal reporting for network/device interfaces. To address this issue, an `exclude-nics` filter for VMTools needs to be applied in order to prevent these artifacts from getting reported to vSphere and causing problems with network/device associations to vNICs on virtual machines. 6 | 7 | The recommended `exclude-nics` filter is as follows for `/etc/vmware-tools/tools.conf`: 8 | 9 | ```bash 10 | [guestinfo] 11 | primary-nics=eth0 12 | exclude-nics=antrea-*,cali*,cilium*,lxc*,ovs-system,br*,flannel*,veth*,docker*,virbr*,vxlan_sys_*,genev_sys_*,gre_sys_*,stt_sys_*,????????-?????? 13 | ``` 14 | 15 | Each filter represents known CNI network/device interfaces. Most filters are straight foward, such as `docker*` for devices based on docker. Some filters, such as `????????-??????`, aren't so straight-forward as that filter identifies Antrea devices which get created per POD. 16 | 17 | Restart VMTools for the changes to take effect. 18 | 19 | ```bash 20 | /etc/vmware-tools/services.sh start 21 | /etc/vmware-tools/services.sh stop 22 | /etc/vmware-tools/services.sh restart 23 | ``` 24 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/failing-test.yaml: -------------------------------------------------------------------------------- 1 | name: Failing Test 2 | description: Report continuously failing tests or jobs in Kubernetes CI 3 | labels: kind/failing-test 4 | body: 5 | - type: textarea 6 | id: jobs 7 | attributes: 8 | label: Which jobs are failing? 9 | placeholder: | 10 | Please only use this template for submitting reports about continuously failing tests or jobs in Kubernetes CI. 11 | validations: 12 | required: true 13 | 14 | - type: textarea 15 | id: tests 16 | attributes: 17 | label: Which tests are failing? 18 | validations: 19 | required: true 20 | 21 | - type: textarea 22 | id: since 23 | attributes: 24 | label: Since when has it been failing? 25 | validations: 26 | required: true 27 | 28 | - type: input 29 | id: testgrid 30 | attributes: 31 | label: Testgrid link 32 | 33 | - type: textarea 34 | id: reason 35 | attributes: 36 | label: Reason for failure (if possible) 37 | 38 | - type: textarea 39 | id: additional 40 | attributes: 41 | label: Anything else we need to know? 42 | 43 | - type: textarea 44 | id: sigs 45 | attributes: 46 | label: Relevant SIG(s) 47 | description: You can identify the SIG from the "prowjob_config_url" on the testgrid dashboard for a test. 48 | value: /sig 49 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/config_yaml_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "testing" 21 | ) 22 | 23 | /* 24 | TODO: 25 | When the INI based cloud-config is deprecated. This file should be deleted. 26 | */ 27 | 28 | func TestReadYAMLConfig(t *testing.T) { 29 | contents := ` 30 | route: 31 | routerPath: /infra/tier-1s/test-router 32 | ` 33 | config, err := ReadRawConfigYAML([]byte(contents)) 34 | if err != nil { 35 | t.Error(err) 36 | return 37 | } 38 | 39 | assertEquals := func(name, left, right string) { 40 | if left != right { 41 | t.Errorf("%s %s != %s", name, left, right) 42 | } 43 | } 44 | assertEquals("route.routerPath", config.Route.RouterPath, "/infra/tier-1s/test-router") 45 | } 46 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/config_ini_legacy_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "testing" 21 | ) 22 | 23 | /* 24 | TODO: 25 | When the INI based cloud-config is deprecated. This file should be deleted. 26 | */ 27 | 28 | func TestReadINIConfig(t *testing.T) { 29 | contents := ` 30 | [Route] 31 | router-path = /infra/tier-1s/test-router 32 | ` 33 | config, err := ReadRawConfigINI([]byte(contents)) 34 | if err != nil { 35 | t.Error(err) 36 | return 37 | } 38 | 39 | assertEquals := func(name, left, right string) { 40 | if left != right { 41 | t.Errorf("%s %s != %s", name, left, right) 42 | } 43 | } 44 | assertEquals("Route.routerPath", config.Route.RouterPath, "/infra/tier-1s/test-router") 45 | } 46 | -------------------------------------------------------------------------------- /.github/workflows/auto-release-helm-chart.yml: -------------------------------------------------------------------------------- 1 | name: Release Helm Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | - release-* 8 | paths: 9 | - "charts/**" 10 | 11 | workflow_dispatch: # Use for manaully trigger to debug 12 | 13 | permissions: 14 | contents: read 15 | packages: write 16 | 17 | jobs: 18 | release-helm-chart: 19 | runs-on: ubuntu-latest 20 | steps: 21 | # This step uses Github's checkout-action: https://github.com/actions/checkout 22 | - name: Checkout 23 | uses: actions/checkout@v6.0.1 24 | with: 25 | fetch-depth: 0 26 | 27 | # Configure Git for helm release 28 | - name: Configure Git 29 | run: | 30 | git config user.name "$GITHUB_ACTOR" 31 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 32 | 33 | # Install Helm 34 | - name: Install Helm 35 | uses: azure/setup-helm@v4 36 | with: 37 | version: v3.4.0 38 | 39 | # Run chart-releaser action (https://github.com/helm/chart-releaser-action) 40 | - name: Run chart-releaser 41 | uses: helm/chart-releaser-action@v1.7.0 42 | with: 43 | charts_dir: charts 44 | env: 45 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 46 | CR_RELEASE_NAME_TEMPLATE: "{{ .Name }}-chart-{{ .Version }}" 47 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "cpi.name" . }} 6 | labels: 7 | app: {{ template "cpi.name" . }} 8 | vsphere-cpi-infra: pod-security-policy 9 | component: cloud-controller-manager 10 | release: {{ .Release.Name }} 11 | {{- if .Values.podSecurityPolicy.annotations }} 12 | annotations: 13 | {{- toYaml .Values.podSecurityPolicy.annotations | indent 4 }} 14 | {{- end }} 15 | spec: 16 | allowPrivilegeEscalation: false 17 | privileged: false 18 | volumes: 19 | - 'configMap' 20 | - 'secret' 21 | - 'emptyDir' 22 | hostNetwork: false 23 | hostIPC: false 24 | hostPID: false 25 | runAsUser: 26 | rule: 'MustRunAs' 27 | ranges: 28 | - min: {{ .Values.securityContext.runAsUser }} 29 | max: {{ .Values.securityContext.runAsUser }} 30 | seLinux: 31 | rule: 'RunAsAny' 32 | supplementalGroups: 33 | rule: 'MustRunAs' 34 | ranges: 35 | - min: {{ .Values.securityContext.runAsUser }} 36 | max: {{ .Values.securityContext.runAsUser }} 37 | fsGroup: 38 | rule: 'MustRunAs' 39 | ranges: 40 | # Forbid adding the root group. 41 | - min: 1 42 | max: 65535 43 | readOnlyRootFilesystem: true 44 | requiredDropCapabilities: 45 | - ALL 46 | {{- end }} -------------------------------------------------------------------------------- /docs/book/SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | * [Introduction](README.md) 4 | * [VMware vSphere Storage Concepts](concepts/vmware_vsphere_storage.md) 5 | * [In-Tree and Out-of-Tree Implementation Models](concepts/in_tree_vs_out_of_tree.md) 6 | * [About vSphere Cloud Provider](concepts/vcp_overview.md) 7 | * [Overview of the CPI](concepts/cpi_overview.md) 8 | * [Overview of the CSI](https://github.com/container-storage-interface/spec/blob/master/spec.md) 9 | * [Glossary](glossary.md) 10 | * [Cloud Provider Interface (CPI)](cloud_provider_interface.md) 11 | * [Cloud Config Spec](cloud_config.md) 12 | * [Known Issues](known_issues.md) 13 | 14 | ## Tutorials 15 | 16 | * [Deploying the vSphere CPI in a Multi-vCenter OR Multi-Datacenter Environment using Zones](/tutorials/deploying_cpi_with_multi_dc_vc_aka_zones.md) 17 | * [Using vSphere Container Storage Plug-in](https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/2.0/vmware-vsphere-csp-getting-started/GUID-5D144DA0-4806-4DEB-8819-10A1C42E38AB.html) 18 | * [Running a Kubernetes Cluster on vSphere with kubeadm](./tutorials/k8s-vcp-on-vsphere-with-kubeadm.md) 19 | * [Deploying vSphere CPI using Helm](/tutorials/kubernetes-on-vsphere-with-helm.md) 20 | * [Deploying vSphere CPI with k3s](/tutorials/deploying-cpi-with-k3s.md) 21 | * [Deploying a Kubernetes Cluster on vSphere with CSI and CPI](/tutorials/kubernetes-on-vsphere-with-kubeadm.md) 22 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/listers/nsxnetworking/v1alpha1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | // IPPoolListerExpansion allows custom methods to be added to 22 | // IPPoolLister. 23 | type IPPoolListerExpansion interface{} 24 | 25 | // IPPoolNamespaceListerExpansion allows custom methods to be added to 26 | // IPPoolNamespaceLister. 27 | type IPPoolNamespaceListerExpansion interface{} 28 | 29 | // RouteSetListerExpansion allows custom methods to be added to 30 | // RouteSetLister. 31 | type RouteSetListerExpansion interface{} 32 | 33 | // RouteSetNamespaceListerExpansion allows custom methods to be added to 34 | // RouteSetNamespaceLister. 35 | type RouteSetNamespaceListerExpansion interface{} 36 | -------------------------------------------------------------------------------- /pkg/cli/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package cli 18 | 19 | import ( 20 | "fmt" 21 | "os" 22 | ) 23 | 24 | // ReadContent reads a file from disk and returns its contents as a string. 25 | func ReadContent(path string) (string, error) { 26 | _, err := os.Stat(path) 27 | if err != nil { 28 | if os.IsNotExist(err) { 29 | return "", fmt.Errorf("file [%s] does not exist", path) 30 | } 31 | return "", err 32 | } 33 | content, err := os.ReadFile(path) 34 | if err != nil { 35 | return "", err 36 | } 37 | return string(content), nil 38 | } 39 | 40 | // IsClusterNode returns a flag indicating whether or not the name of a cluster 41 | // node is valie. 42 | // TODO (fanz): IsK8sNode validate if the given name refers to a node in kubernetes cluster 43 | func IsClusterNode(name string) bool { 44 | return false 45 | } 46 | -------------------------------------------------------------------------------- /hack/go-install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2025 The Kubernetes Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -o errexit 17 | set -o nounset 18 | set -o pipefail 19 | 20 | if [ -z "${1}" ]; then 21 | echo "must provide module as first parameter" 22 | exit 1 23 | fi 24 | 25 | if [ -z "${2}" ]; then 26 | echo "must provide binary name as second parameter" 27 | exit 1 28 | fi 29 | 30 | if [ -z "${3}" ]; then 31 | echo "must provide version as third parameter" 32 | exit 1 33 | fi 34 | 35 | if [ -z "${GOBIN}" ]; then 36 | echo "GOBIN is not set. Must set GOBIN to install the bin in a specified directory." 37 | exit 1 38 | fi 39 | 40 | rm -f "${GOBIN}/${2}"* || true 41 | 42 | # install the golang module specified as the first argument 43 | go install "${1}@${3}" 44 | mv "${GOBIN}/${2}" "${GOBIN}/${2}-${3}" 45 | ln -sf "${GOBIN}/${2}-${3}" "${GOBIN}/${2}" 46 | -------------------------------------------------------------------------------- /manifests/controller-manager/vsphere.conf: -------------------------------------------------------------------------------- 1 | [Global] 2 | # properties in this section will be used for all specified vCenters unless overridden in VirtualCenter section. 3 | 4 | # If setting vCenter creds in a Kubernetes secret, set the following: 5 | secret-name = "Kubernetes Secret containing creds in the namespace below" 6 | secret-namespace = "Kubernetes namespace for CCM deploy" 7 | service-account = "Kubernetes service account used for CCM deploy" #Default: cloud-controller-manager 8 | # Otherwise, you can globally set vCenter creds below 9 | user = "vCenter username for cloud provider" 10 | password = "password" 11 | 12 | port = "443" #Optional 13 | insecure-flag = "1" #set to 1 if the vCenter uses a self-signed cert 14 | datacenters = "list of datacenters where Kubernetes node VMs are present" 15 | 16 | [VirtualCenter "1.2.3.4"] 17 | # Override specific properties for this Virtual Center. 18 | user = "vCenter username for cloud provider" 19 | password = "password" 20 | # port, insecure-flag, datacenters will be used from Global section. 21 | 22 | [VirtualCenter "10.0.0.1"] 23 | # Override specific properties for this Virtual Center. 24 | port = "448" 25 | insecure-flag = "0" 26 | # user, password, datacenters will be used from Global section. 27 | 28 | # For Zone Support 29 | # [Labels] 30 | # region = IF_USING_ZONES_REPLACE_WITH_REGION_VALUE 31 | # zone = IF_USING_ZONES_REPLACE_WITH_ZONE_VALUE 32 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vsphereparavirtual 18 | 19 | import ( 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | clientset "k8s.io/client-go/kubernetes" 22 | cloudprovider "k8s.io/cloud-provider" 23 | cpcfg "k8s.io/cloud-provider-vsphere/pkg/common/config" 24 | k8s "k8s.io/cloud-provider-vsphere/pkg/common/kubernetes" 25 | ) 26 | 27 | // VSphereParavirtual is an implementation of cloud provider Interface for vsphere paravirtual. 28 | type VSphereParavirtual struct { 29 | cfg *cpcfg.Config 30 | ownerReference *metav1.OwnerReference 31 | client clientset.Interface 32 | informMgr *k8s.InformerManager 33 | loadBalancer cloudprovider.LoadBalancer 34 | instances cloudprovider.Instances 35 | routes RoutesProvider 36 | zones cloudprovider.Zones 37 | } 38 | -------------------------------------------------------------------------------- /hack/make/docker.mk: -------------------------------------------------------------------------------- 1 | ifndef INCLUDE_DOCKER # Do not load this include more than once. 2 | export INCLUDE_DOCKER := true 3 | 4 | # Recipes that require Docker should use DOCKER_SOCK as an order-only 5 | # dependency. If the DOCKER_SOCK does not exist then the Docker server 6 | # will be started inside the container. If DOCKER_SOCK *does* exist then 7 | # DOCKER_SOCK_FROM_HOST is set to "true" to indicate that the Docker 8 | # socket was provided by the host system. 9 | DOCKER_SOCK := /var/run/docker.sock 10 | 11 | ifeq (,$(strip $(wildcard $(DOCKER_SOCK)))) 12 | 13 | $(DOCKER_SOCK): 14 | @printf "starting docker..." 15 | @service docker start >/dev/null 2>&1 || true; 16 | @i=0 && while ! docker ps -aq 2>/dev/null; do \ 17 | exit_code="$${?}"; \ 18 | if [ "$${i}" -ge "300" ]; then \ 19 | echo "failed" 1>&2; \ 20 | [ -f /var/log/docker.log ] && cat /var/log/docker.log 1>&2; \ 21 | exit "$${exit_code}"; \ 22 | fi; \ 23 | sleep 1 && printf "." && i=$$((i+1)); \ 24 | done; \ 25 | echo "success" 26 | 27 | else 28 | 29 | # If the Docker socket already exists then indicate the socket was 30 | # provided by the host system. However, do not redefine this value. 31 | # In the case of the project's root Makefile invoking other Makefiles, 32 | # the Docker server could have been started in the container and thus 33 | # DOCKER_SOCK_FROM_HOST should not be modified. 34 | export DOCKER_SOCK_FROM_HOST ?= true 35 | 36 | endif 37 | 38 | endif # ifndef INCLUDE_DOCKER -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/loadbalancer/lock.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package loadbalancer 18 | 19 | import ( 20 | "fmt" 21 | "sync" 22 | ) 23 | 24 | type keyLock struct { 25 | lock sync.Mutex 26 | keys map[string]*sync.Mutex 27 | } 28 | 29 | func newKeyLock() *keyLock { 30 | return &keyLock{keys: map[string]*sync.Mutex{}} 31 | } 32 | 33 | // Lock locks the key 34 | func (l *keyLock) Lock(key string) { 35 | l.lock.Lock() 36 | lock := l.keys[key] 37 | if lock == nil { 38 | lock = &sync.Mutex{} 39 | l.keys[key] = lock 40 | } 41 | l.lock.Unlock() 42 | 43 | lock.Lock() 44 | } 45 | 46 | // Unlock unlocks the key 47 | func (l *keyLock) Unlock(key string) { 48 | l.lock.Lock() 49 | defer l.lock.Unlock() 50 | 51 | lock := l.keys[key] 52 | if lock == nil { 53 | panic(fmt.Sprintf("unlock of unknown keyLock %s", key)) 54 | } 55 | lock.Unlock() 56 | } 57 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: v1 3 | kind: List 4 | metadata: {} 5 | items: 6 | - apiVersion: rbac.authorization.k8s.io/v1 7 | kind: RoleBinding 8 | metadata: 9 | name: servicecatalog.k8s.io:apiserver-authentication-reader 10 | labels: 11 | app: {{ template "cpi.name" . }} 12 | vsphere-cpi-infra: role-binding 13 | component: cloud-controller-manager 14 | namespace: kube-system 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: Role 18 | name: extension-apiserver-authentication-reader 19 | subjects: 20 | - apiGroup: "" 21 | kind: ServiceAccount 22 | name: {{ .Values.serviceAccount.name }} 23 | namespace: {{ .Release.Namespace }} 24 | - apiGroup: "" 25 | kind: User 26 | name: {{ .Values.serviceAccount.name }} 27 | - apiVersion: rbac.authorization.k8s.io/v1 28 | kind: ClusterRoleBinding 29 | metadata: 30 | name: {{ .Values.serviceAccount.name }} 31 | labels: 32 | app: {{ template "cpi.name" . }} 33 | vsphere-cpi-infra: cluster-role-binding 34 | component: cloud-controller-manager 35 | roleRef: 36 | apiGroup: rbac.authorization.k8s.io 37 | kind: ClusterRole 38 | name: {{ .Values.serviceAccount.name }} 39 | subjects: 40 | - kind: ServiceAccount 41 | name: {{ .Values.serviceAccount.name }} 42 | namespace: {{ .Release.Namespace }} 43 | - kind: User 44 | name: {{ .Values.serviceAccount.name }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /pkg/util/utils_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "testing" 21 | 22 | "github.com/stretchr/testify/assert" 23 | ) 24 | 25 | func TestIsIPv4(t *testing.T) { 26 | testCases := []struct { 27 | name string 28 | testIP string 29 | expectedResult bool 30 | }{ 31 | { 32 | name: "valid IPv4 address", 33 | testIP: "100.96.1.0/24", 34 | expectedResult: true, 35 | }, 36 | { 37 | name: "empty IP address", 38 | testIP: "", 39 | expectedResult: false, 40 | }, 41 | { 42 | name: "invalid IPv4 address", 43 | testIP: "fe80::20c:29ff:fe0b:b407/64", 44 | expectedResult: false, 45 | }, 46 | } 47 | 48 | for _, testCase := range testCases { 49 | t.Run(testCase.name, func(t *testing.T) { 50 | assert.Equal(t, testCase.expectedResult, IsIPv4(testCase.testIP)) 51 | }) 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /pkg/nsxt/config/types_common.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | // Config is used to read and store information from the cloud configuration file 20 | type Config struct { 21 | // NSX-T username. 22 | User string 23 | // NSX-T password in clear text. 24 | Password string 25 | // NSX-T host. 26 | Host string 27 | // InsecureFlag is to be set to true if NSX-T uses self-signed cert. 28 | InsecureFlag bool 29 | // RemoteAuth is to be set to true if NSX-T uses remote authentication (authentication done through the vIDM). 30 | RemoteAuth bool 31 | // SecretName is the secret name for NSX-T username and password 32 | SecretName string 33 | // SecretNamespace is the secret namespace for NSX-T username and password 34 | SecretNamespace string 35 | 36 | VMCAccessToken string 37 | VMCAuthHost string 38 | ClientAuthCertFile string 39 | ClientAuthKeyFile string 40 | CAFile string 41 | } 42 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- $config := .Values.config -}} 2 | {{- if .Values.global }} 3 | {{- if .Values.global.config }} 4 | {{- $config = mergeOverwrite (deepCopy .Values.config) .Values.global.config -}} 5 | {{- end }} 6 | {{- end }} 7 | {{- if $config.enabled -}} 8 | apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | name: {{ $config.name | default "cloud-config" }} 12 | labels: 13 | app: {{ template "cpi.name" . }} 14 | vsphere-cpi-infra: cloud-config 15 | component: cloud-controller-manager 16 | namespace: {{ .Release.Namespace }} 17 | data: 18 | vsphere.conf: | 19 | # Global properties in this section will be used for all specified vCenters unless overriden in VirtualCenter section. 20 | global: 21 | port: 443 22 | {{- if $config.thumbprint }} 23 | thumbprint: {{ $config.thumbprint }} 24 | {{- else if $config.caFile }} 25 | ca-file: {{ $config.caFile }} 26 | {{- else }} 27 | # set insecure-flag to true if the vCenter uses a self-signed cert 28 | insecureFlag: true 29 | {{- end }} 30 | # settings for using k8s secret 31 | secretName: {{ $config.secret.name }} 32 | secretNamespace: {{ .Release.Namespace }} 33 | 34 | # vcenter section 35 | vcenter: 36 | {{ $config.vcenter }}: 37 | server: {{ $config.vcenter }} 38 | datacenters: 39 | - {{ $config.datacenter }} 40 | 41 | # labels for regions and zones 42 | labels: 43 | region: {{ $config.region }} 44 | zone: {{ $config.zone }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/loadbalancer/config/types_common.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | // LBConfig is used to read and store information from the cloud configuration file 20 | type LBConfig struct { 21 | LoadBalancer LoadBalancerConfig 22 | LoadBalancerClass map[string]*LoadBalancerClassConfig 23 | } 24 | 25 | // LoadBalancerConfig contains the configuration for the load balancer itself 26 | type LoadBalancerConfig struct { 27 | LoadBalancerClassConfig 28 | Size string 29 | LBServiceID string 30 | Tier1GatewayPath string 31 | SnatDisabled bool 32 | AdditionalTags map[string]string 33 | } 34 | 35 | // LoadBalancerClassConfig contains the configuration for a load balancer class 36 | type LoadBalancerClassConfig struct { 37 | IPPoolName string 38 | IPPoolID string 39 | TCPAppProfileName string 40 | TCPAppProfilePath string 41 | UDPAppProfileName string 42 | UDPAppProfilePath string 43 | } 44 | -------------------------------------------------------------------------------- /pkg/common/vclib/datastore_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import ( 20 | "context" 21 | "testing" 22 | 23 | "github.com/vmware/govmomi" 24 | "github.com/vmware/govmomi/simulator" 25 | ) 26 | 27 | func TestDatastore(t *testing.T) { 28 | ctx := context.Background() 29 | 30 | // vCenter model + initial set of objects (cluster, hosts, VMs, network, datastore, etc) 31 | model := simulator.VPX() 32 | 33 | defer model.Remove() 34 | err := model.Create() 35 | if err != nil { 36 | t.Fatal(err) 37 | } 38 | 39 | s := model.Service.NewServer() 40 | defer s.Close() 41 | 42 | c, err := govmomi.NewClient(ctx, s.URL, true) 43 | if err != nil { 44 | t.Fatal(err) 45 | } 46 | 47 | vc := &VSphereConnection{Client: c.Client} 48 | 49 | dc, err := GetDatacenter(ctx, vc, TestDefaultDatacenter) 50 | if err != nil { 51 | t.Error(err) 52 | } 53 | 54 | _, err = dc.GetAllDatastores(ctx) 55 | if err != nil { 56 | t.Fatal(err) 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /pkg/common/credentialmanager/consts_and_errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package credentialmanager 18 | 19 | import ( 20 | "errors" 21 | ) 22 | 23 | const ( 24 | usernamePrefix = "username_" 25 | passwordPrefix = "password_" 26 | serverPrefix = "server_" 27 | ) 28 | 29 | // Errors 30 | var ( 31 | // ErrCredentialsNotFound is returned when no credentials are configured. 32 | ErrCredentialsNotFound = errors.New("Credentials not found") 33 | 34 | // ErrCredentialMissing is returned when the credentials do not contain a username and/or password. 35 | ErrCredentialMissing = errors.New("Username/Password is missing") 36 | 37 | // ErrUnknownSecretKey is returned when the supplied key does not return a secret. 38 | ErrUnknownSecretKey = errors.New("Unknown secret key") 39 | 40 | // ErrIncompleteCredentialSet is returned when the credentials do not contain all required values 41 | ErrIncompleteCredentialSet = errors.New("Credentials did not have all required values") 42 | ) 43 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/ippoolmanager/helper/helper.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package helper 15 | 16 | import ( 17 | "fmt" 18 | "time" 19 | ) 20 | 21 | const ( 22 | // DefaultResyncTime is the default period for ippool informer to do re-sync 23 | DefaultResyncTime time.Duration = time.Minute * 1 24 | ) 25 | 26 | const ( 27 | // IPFamilyDefault is default value of ipFamily in v1alpha1 ippool 28 | IPFamilyDefault = "ipv4" 29 | // IPFamilyDefaultV2 is default value of ipFamily in v1alpha2 ippool 30 | IPFamilyDefaultV2 = "IPv4" 31 | // PrefixLengthDefault is default value of prefixLength 32 | PrefixLengthDefault = 24 33 | ) 34 | 35 | // NSXIPPool defines an interface that is used to represent different versions nsx.vmware.com ipppol 36 | type NSXIPPool interface{} 37 | 38 | // IppoolNameFromClusterName returns the ippool name constructed using the cluster name 39 | func IppoolNameFromClusterName(clusterName string) string { 40 | return fmt.Sprintf("%s-ippool", clusterName) 41 | } 42 | -------------------------------------------------------------------------------- /hack/tools/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # If you update this file, please follow 16 | # https://suva.sh/posts/well-documented-makefiles 17 | 18 | # Ensure Make is run with bash shell as some syntax below is bash-specific 19 | SHELL := /usr/bin/env bash 20 | 21 | .DEFAULT_GOAL := all 22 | 23 | # Use GOPROXY environment variable if set 24 | GOPROXY := $(shell go env GOPROXY) 25 | ifeq (,$(strip $(GOPROXY))) 26 | GOPROXY := https://proxy.golang.org 27 | endif 28 | export GOPROXY 29 | 30 | # Active module mode, as we use go modules to manage dependencies 31 | export GO111MODULE := on 32 | 33 | # Directories. 34 | BIN_DIR := bin 35 | SRCS := go.mod go.sum 36 | 37 | # Binaries. 38 | KIND := $(BIN_DIR)/kind 39 | GINKGO := $(BIN_DIR)/ginkgo 40 | 41 | all: kind ginkgo 42 | 43 | kind: $(KIND) $(SRCS) 44 | $(KIND): go.mod 45 | go build -tags=tools -o $@ sigs.k8s.io/kind 46 | 47 | ginkgo: $(GINKGO) $(SRCS) 48 | $(GINKGO): go.mod 49 | go build -tags=tools -o $@ github.com/onsi/ginkgo/v2/ginkgo 50 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/flaking-test.yaml: -------------------------------------------------------------------------------- 1 | name: Flaking Test 2 | description: Report flaky tests or jobs in Kubernetes CI 3 | labels: kind/flake 4 | body: 5 | - type: textarea 6 | id: jobs 7 | attributes: 8 | label: Which jobs are flaking? 9 | description: | 10 | Please only use this template for submitting reports about flaky tests or jobs (pass or fail with no underlying change in code) in Kubernetes CI. 11 | Links to go.k8s.io/triage and/or links to specific failures in spyglass are appreciated. 12 | Please see the deflaking doc (https://github.com/kubernetes/community/blob/master/contributors/devel/sig-testing/flaky-tests.md) for more guidance. 13 | validations: 14 | required: true 15 | 16 | - type: textarea 17 | id: tests 18 | attributes: 19 | label: Which tests are flaking? 20 | validations: 21 | required: true 22 | 23 | - type: textarea 24 | id: since 25 | attributes: 26 | label: Since when has it been flaking? 27 | validations: 28 | required: true 29 | 30 | - type: input 31 | id: testgrid 32 | attributes: 33 | label: Testgrid link 34 | 35 | - type: textarea 36 | id: reason 37 | attributes: 38 | label: Reason for failure (if possible) 39 | 40 | - type: textarea 41 | id: additional 42 | attributes: 43 | label: Anything else we need to know? 44 | 45 | - type: textarea 46 | id: sigs 47 | attributes: 48 | label: Relevant SIG(s) 49 | description: You can identify the SIG from the "prowjob_config_url" on the testgrid dashboard for a test. 50 | value: /sig 51 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/typed/nsxnetworking/v1alpha1/fake/fake_nsxnetworking_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package fake 20 | 21 | import ( 22 | rest "k8s.io/client-go/rest" 23 | testing "k8s.io/client-go/testing" 24 | v1alpha1 "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/typed/nsxnetworking/v1alpha1" 25 | ) 26 | 27 | type FakeNsxV1alpha1 struct { 28 | *testing.Fake 29 | } 30 | 31 | func (c *FakeNsxV1alpha1) IPPools(namespace string) v1alpha1.IPPoolInterface { 32 | return &FakeIPPools{c, namespace} 33 | } 34 | 35 | func (c *FakeNsxV1alpha1) RouteSets(namespace string) v1alpha1.RouteSetInterface { 36 | return &FakeRouteSets{c, namespace} 37 | } 38 | 39 | // RESTClient returns a RESTClient that is used to communicate 40 | // with API server by this client implementation. 41 | func (c *FakeNsxV1alpha1) RESTClient() rest.Interface { 42 | var ret *rest.RESTClient 43 | return ret 44 | } 45 | -------------------------------------------------------------------------------- /pkg/common/kubernetes/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package kubernetes 18 | 19 | import ( 20 | "k8s.io/client-go/informers" 21 | v1 "k8s.io/client-go/informers/core/v1" 22 | clientset "k8s.io/client-go/kubernetes" 23 | "k8s.io/client-go/tools/cache" 24 | ) 25 | 26 | const ( 27 | defaultInformerFactoryNamespace = "" 28 | ) 29 | 30 | // InformerManager is a service that notifies subscribers about changes 31 | // to well-defined information in the Kubernetes API server. 32 | type InformerManager struct { 33 | // k8s client 34 | client clientset.Interface 35 | 36 | // namespaced informer factories for resources limited to namespaces. 37 | // The main informer factory is for cluster-scoped resources and is under 38 | // the key "". 39 | namespacedInformerFactories map[string]informers.SharedInformerFactory 40 | 41 | // main signal 42 | stopCh (<-chan struct{}) 43 | 44 | // secret informers by namespace 45 | namespacedSecretInformer map[string]v1.SecretInformer 46 | 47 | // node informer 48 | nodeInformer cache.SharedInformer 49 | } 50 | -------------------------------------------------------------------------------- /manifests/controller-manager/cloud-controller-manager-roles.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | name: system:cloud-controller-manager 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - events 12 | verbs: 13 | - create 14 | - patch 15 | - update 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - nodes 20 | verbs: 21 | - '*' 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - nodes/status 26 | verbs: 27 | - patch 28 | - apiGroups: 29 | - "" 30 | resources: 31 | - services 32 | verbs: 33 | - list 34 | - patch 35 | - update 36 | - watch 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - services/status 41 | verbs: 42 | - patch 43 | - apiGroups: 44 | - "" 45 | resources: 46 | - serviceaccounts 47 | verbs: 48 | - create 49 | - get 50 | - list 51 | - watch 52 | - update 53 | - apiGroups: 54 | - "" 55 | resources: 56 | - persistentvolumes 57 | verbs: 58 | - get 59 | - list 60 | - update 61 | - watch 62 | - apiGroups: 63 | - "" 64 | resources: 65 | - endpoints 66 | verbs: 67 | - create 68 | - get 69 | - list 70 | - watch 71 | - update 72 | - apiGroups: 73 | - "" 74 | resources: 75 | - secrets 76 | verbs: 77 | - get 78 | - list 79 | - watch 80 | - apiGroups: 81 | - "coordination.k8s.io" 82 | resources: 83 | - leases 84 | verbs: 85 | - get 86 | - list 87 | - watch 88 | - create 89 | - update 90 | kind: List 91 | metadata: {} 92 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/vmoperator/client/fake_client.go: -------------------------------------------------------------------------------- 1 | package client 2 | 3 | import ( 4 | "k8s.io/client-go/dynamic" 5 | dynamicfake "k8s.io/client-go/dynamic/fake" 6 | 7 | "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/vmoperator" 8 | ) 9 | 10 | // FakeClientSet contains the fake clients for groups. Each group has exactly one 11 | // version included in a Clientset. 12 | type FakeClientSet struct { 13 | FakeClient *FakeClient 14 | } 15 | 16 | // V1alpha2 retrieves the fake VmoperatorV1alpha2Client 17 | func (c *FakeClientSet) V1alpha2() vmoperator.V1alpha2Interface { 18 | return c.FakeClient 19 | } 20 | 21 | // NewFakeClientSet creates a FakeClientWrapper 22 | func NewFakeClientSet(fakeClient *dynamicfake.FakeDynamicClient) *FakeClientSet { 23 | fcw := &FakeClientSet{ 24 | FakeClient: &FakeClient{ 25 | DynamicClient: fakeClient, 26 | }, 27 | } 28 | return fcw 29 | } 30 | 31 | // FakeClient contains the fake dynamic client for vm operator group 32 | type FakeClient struct { 33 | DynamicClient *dynamicfake.FakeDynamicClient 34 | } 35 | 36 | // VirtualMachines retrieves the virtualmachine client 37 | func (c *FakeClient) VirtualMachines(namespace string) vmoperator.VirtualMachineInterface { 38 | return newVirtualMachines(c, namespace) 39 | } 40 | 41 | // VirtualMachineServices retrieves the virtualmachineservice client 42 | func (c *FakeClient) VirtualMachineServices(namespace string) vmoperator.VirtualMachineServiceInterface { 43 | return newVirtualMachineServices(c, namespace) 44 | } 45 | 46 | // Client retrieves the dynamic client 47 | func (c *FakeClient) Client() dynamic.Interface { 48 | if c == nil { 49 | return nil 50 | } 51 | return c.DynamicClient 52 | } 53 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "fmt" 21 | 22 | klog "k8s.io/klog/v2" 23 | ) 24 | 25 | /* 26 | TODO: 27 | When the INI based cloud-config is deprecated, the references to the 28 | INI based code (ie the call to ReadConfigINI) below should be deleted. 29 | */ 30 | 31 | // ReadRouteConfig parses vSphere cloud config file and stores it into VSphereConfig. 32 | // Environment variables are also checked 33 | func ReadRouteConfig(configData []byte) (*Config, error) { 34 | if len(configData) == 0 { 35 | return nil, fmt.Errorf("Invalid YAML/INI file") 36 | } 37 | 38 | cfg, err := ReadConfigYAML(configData) 39 | if err != nil { 40 | cfg, err = ReadConfigINI(configData) 41 | if err != nil { 42 | return nil, err 43 | } 44 | 45 | klog.Info("ReadConfig INI succeeded. Route INI-based cloud-config is deprecated and will be removed in 2.0. Please use YAML based cloud-config.") 46 | } else { 47 | klog.Info("ReadRouteConfig YAML succeeded") 48 | } 49 | 50 | klog.Info("Route Config initialized") 51 | return cfg, nil 52 | } 53 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/informers/externalversions/internalinterfaces/factory_interfaces.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package internalinterfaces 20 | 21 | import ( 22 | time "time" 23 | 24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | cache "k8s.io/client-go/tools/cache" 27 | versioned "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned" 28 | ) 29 | 30 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. 31 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer 32 | 33 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle 34 | type SharedInformerFactory interface { 35 | Start(stopCh <-chan struct{}) 36 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer 37 | } 38 | 39 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions. 40 | type TweakListOptionsFunc func(*v1.ListOptions) 41 | -------------------------------------------------------------------------------- /hack/check-shell.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | usage() { 26 | cat <&2; exit 1 43 | ;; 44 | \?) 45 | { echo "invalid option: -${OPTARG}"; usage; } 1>&2; exit 1 46 | ;; 47 | :) 48 | echo "option -${OPTARG} requires an argument" 1>&2; exit 1 49 | ;; 50 | esac 51 | done 52 | shift $((OPTIND-1)) 53 | 54 | if [ ! "${DO_DOCKER-}" ] && command -v shellcheck >/dev/null 2>&1; then 55 | find . -path ./vendor -prune -o -name "*.*sh" -type f -print0 | xargs -0 shellcheck 56 | else 57 | docker run --rm -t -v "$(pwd)":/build:ro registry.k8s.io/cloud-pv-vsphere/extra/shellcheck:stable 58 | fi 59 | -------------------------------------------------------------------------------- /hack/verify-container-images.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2022 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | if [[ "${TRACE-0}" == "1" ]]; then 22 | set -o xtrace 23 | fi 24 | 25 | VERSION=${1} 26 | DB_MIRROR="public.ecr.aws/aquasecurity/trivy-db" 27 | 28 | REPO_ROOT=$(git rev-parse --show-toplevel) 29 | "${REPO_ROOT}/hack/ensure-trivy.sh" "${VERSION}" 30 | 31 | TRIVY="${REPO_ROOT}/hack/tools/bin/trivy/${VERSION}/trivy" 32 | 33 | IMAGE="gcr.io/k8s-staging-cloud-pv-vsphere/cloud-provider-vsphere" 34 | BRANCH_NAME="dev" 35 | # Builds CPI image to be scanned. 36 | make IMAGE=${IMAGE} BRANCH_NAME=${BRANCH_NAME} docker-image 37 | 38 | # Scan the images 39 | "${TRIVY}" image --db-repository="${DB_MIRROR}" -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL ${IMAGE}:${BRANCH_NAME} && R1=$? || R1=$? 40 | 41 | echo "" 42 | BRed='\033[1;31m' 43 | BGreen='\033[1;32m' 44 | NC='\033[0m' # No 45 | 46 | if [ "$R1" -ne "0" ] 47 | then 48 | echo -e "${BRed}Check container images failed! There are vulnerabilities to be fixed${NC}" 49 | exit 1 50 | fi 51 | 52 | echo -e "${BGreen}Check container images passed! No vulnerability found${NC}" 53 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/consts_and_errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "time" 21 | ) 22 | 23 | const ( 24 | // ClusterNameTagScope is the scope of clusterName tag 25 | // NSXT Tag includes scope and tag value, the format is a JSON map with name/value pair, 26 | // for example {"scope": "vsphere.k8s.io/cluster-name", "tag": "kubernetes-cluster-1"} 27 | ClusterNameTagScope = "vsphere.k8s.io/cluster-name" 28 | // NodeNameTagScope is the scope of nodeName tag 29 | // Node name tag will be used to identify static route belongs to which node, 30 | // for example {"scope": "vsphere.k8s.io/node-name", "tag": "worker-node-1"} 31 | NodeNameTagScope = "vsphere.k8s.io/node-name" 32 | 33 | // RealizedStateTimeout is the timeout duration for realized state check 34 | RealizedStateTimeout = 10 * time.Second 35 | // RealizedStateSleepTime is the interval between realized state check 36 | RealizedStateSleepTime = 1 * time.Second 37 | // RealizedState is the realized state 38 | RealizedState = "REALIZED" 39 | 40 | // DisplayNameMaxLength is the maximum length of static route display name 41 | DisplayNameMaxLength = 255 42 | ) 43 | -------------------------------------------------------------------------------- /test/vcsim/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use a dedicated stage to build the vCenter simulator and govc binaries. 2 | FROM golang:1.11.5 as builder 3 | WORKDIR /go/src 4 | ENV VCSIM_VERSION=v0.20.0 5 | RUN go get -d github.com/vmware/govmomi && \ 6 | git -C github.com/vmware/govmomi checkout -b build "${VCSIM_VERSION}" && \ 7 | make -C github.com/vmware/govmomi/govc && \ 8 | make -C github.com/vmware/govmomi/vcsim 9 | 10 | FROM debian:stretch-20190204-slim 11 | LABEL "maintainer" "Andrew Kutz " 12 | 13 | # Update the CA certificates and clean up the apt cache. 14 | RUN apt-get -y update && \ 15 | apt-get -y --no-install-recommends install \ 16 | ca-certificates curl iproute2 locales tar unzip && \ 17 | rm -rf /var/cache/apt/* /var/lib/apt/lists/* 18 | 19 | # Set the locale so that the gist command is happy. 20 | ENV LANG=en_US.UTF-8 21 | ENV LC_ALL=C.UTF-8 22 | 23 | # Copy the vCenter simulator and govc binaries. 24 | COPY --from=builder /go/src/github.com/vmware/govmomi/govc/govc \ 25 | /go/src/github.com/vmware/govmomi/vcsim/vcsim \ 26 | /usr/local/bin/ 27 | 28 | # Set the working directory. 29 | WORKDIR / 30 | 31 | # Copy the entrypoint script into the image. 32 | COPY entrypoint.sh / 33 | RUN chmod 0755 /entrypoint.sh 34 | 35 | ENV GOVC_URL=https://localhost:8443/sdk 36 | ENV GOVC_USERNAME=user 37 | ENV GOVC_PASSWORD=pass 38 | ENV GOVC_INSECURE="true" 39 | ENV GOVC_DATACENTER="/DC0" 40 | ENV GOVC_RESOURCE_POOL="/DC0/host/DC0_C0/Resources" 41 | ENV GOVC_DATASTORE="/DC0/datastore/LocalDS_0" 42 | ENV GOVC_FOLDER="/DC0/vm" 43 | ENV GOVC_NETWORK="/DC0/network/VM Network" 44 | 45 | # The default argument for the entrypoint will drop the user into a shell. 46 | CMD [ "/usr/local/bin/vcsim", "-l", ":8443" ] 47 | ENTRYPOINT [ "/entrypoint.sh" ] 48 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | The **kubernetes/cloud-provider-vsphere** project accepts contribution via github [pull request](https://help.github.com/articles/about-pull-requests/). This document outlines the process to help get your contribution accepted. Please also read the [Kubernetes contributor guide](https://github.com/kubernetes/community/blob/master/contributors/guide/README.md). 4 | 5 | ## Sign the Contributor License Agreement 6 | 7 | We'd love to accept your patches! Before we can accept them you need to sign Cloud Native Computing Foundation (CNCF) [CLA](https://github.com/kubernetes/community/blob/master/CLA.md). 8 | 9 | ## Reporting an issue 10 | 11 | If you find a bug or a feature request related to cloud-provider-vsphere you can create a new github issue in this repo. 12 | 13 | ## Contributing a Patch 14 | 15 | 1. Submit an issue describing your proposed change to the repo. 16 | 2. Fork the cloud-provider-vsphere repo, develop and test your code changes. 17 | 3. Submit a pull request. 18 | 4. The bot will automatically assigns someone to review your PR. Check the full list of bot commands [here](https://prow.k8s.io/command-help). 19 | 20 | ## Contact 21 | 22 | * [Slack](https://kubernetes.slack.com/messages/sig-vmware) 23 | * [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-vmware) 24 | * Please check the [sig-vmware community page](https://github.com/kubernetes/community/blob/2213de9ac19324422c781549541c25d90e9729e9/sig-vmware/README.md) for meeting times and more details. 25 | 26 | ## More about CCM 27 | 28 | * [Concepts Underlying the Cloud Controller Manager](https://kubernetes.io/docs/concepts/architecture/cloud-controller/) 29 | * [Developing Cloud Controller Manager](https://kubernetes.io/docs/tasks/administer-cluster/developing-cloud-controller-manager/) 30 | -------------------------------------------------------------------------------- /pkg/common/vclib/fixtures/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEtTCCAp0CAQAwQzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQK 3 | DApBY21lLCBJbmMuMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEB 4 | AQUAA4ICDwAwggIKAoICAQCVkk5HMKNvMXVJoJcUfKK252UT6rdnlsaFLZOlcbp3 5 | otqiq3A2jhQLeL5Ocyd22s/ak2RX9liK+ynV8fP3YWoUBP5elhwbykubiIvSTRS5 6 | 85Z0s9NfzscImMpnivt+bOy3KOoriy/0jfJ7WMqLRUTUEusXUpW8QT/U9cK6DrwQ 7 | E/9oXTr669yvqjyFsxjOB0pLOFFib0LeQZxrA2h+oAP8qT/Of6kyTgGWjLhSC1cV 8 | eCPZsSeZUT61FbIu/b5M42WYuddoFbf8y9m0oLeYizYob7poE25jw91bNa8y2nfS 9 | v+JuCcfO4wq29cnldGFNpJPhBhc1sbBvVshXXKWdfzN1c8RCS5hNANy1phAJ7RFe 10 | 3Uj0WneBVBHHJMz7Qh61uxTST1W8HBDTuaBTxGKTcPFWd9u4lj/BEScRFOSC/qiO 11 | 1HCKzOsYhjnHfql5GzfQKpEy/e4m2oL8VTqcJBsfHCyxDIH+6Y3ovttymxAUPJ14 12 | r3mG9FDLq1va/+8xzDswyjmRIVQeOgvllzgM5vCKqz6nsXtLRYgkwHMk5yOaAIzO 13 | BnsmZztsyaubjcYvM5pUsiO49VWk6ntiAn+WpF/sreFlesx1peQKbTVovwvn137d 14 | V92Oncce+ZikKHxtz4qOz+dH1Fz7Ykor8fXcsfdbkKvwWdz8U/pOBu+83CxBXTWA 15 | bwIDAQABoC0wKwYJKoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgglsb2NhbGhvc3SH 16 | BH8AAAEwDQYJKoZIhvcNAQELBQADggIBADgJfI3xRKlOInZQjg+afz+L477IiFmP 17 | Pf0qwO/EqBkCmbDbmvXpXi/y9Ffh6bMx2naN873nW3k1uVG2W0O4Bl7di9PkmRxY 18 | ktcWY+CaxDT5+Y3LmrqICgrZmELTuV5G8xX2/7bpdEtY4sWpoOeOun+CeGTCeUGx 19 | sGxOWrhydYwrkowupPthYreIIBBPHWl2gEw/m+Y7aJZGtKnDD9eCbF6RxmXRWHDu 20 | 0Ly+F3veXbht9LjKPFsgfsogo33Nl8+W1LCActKNY7NMDdGkc+RqaTyxhYEwomui 21 | N1NDOW1qHqSyp2RC13cXokfLL58WGXS6PpNhSln9u4ZG9a+TY+vw1qC//1CyTicY 22 | ylyEn2qfqTSG3W7T/u6ZTL0MpMjFv8VigpffJcFDjq6lVH8LyTniSXdCREy78jAo 23 | 8O/2tzJtWrar8bbeN7KCwVcJVaK15a1GWZmo5Ei33U/2Tm+UyRbWL8eISO2Hs3WM 24 | 90aFPaHfqKpiPsJrnnOm270lZclgqEtpsyuLsAClqxytCYPw4zTa6WOfDJtmVUrT 25 | 1fvMjqwzvs7jbNrgfkwSxXiABwTMQQWeAtuSO+zZH4Ms10qyANoh4FFi/oS3dRKQ 26 | 0kdu7AsJqnou9q9HWq1WCTqMcyNE0KPHuo4xhtOlWoGbsugTs7XBml30D7bKJVfG 27 | PazsY1b0/cx7 28 | -----END CERTIFICATE REQUEST----- 29 | -------------------------------------------------------------------------------- /cmd/vcpctl/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // The vcpctl tool is responsible for facilitating cloud controller manager provisioning 18 | 19 | package main 20 | 21 | import ( 22 | "fmt" 23 | "os" 24 | 25 | "github.com/spf13/cobra" 26 | "k8s.io/cloud-provider-vsphere/cmd/vcpctl/provision" 27 | ) 28 | 29 | func main() { 30 | 31 | provision.AddProvision(cmd) 32 | if err := cmd.Execute(); err != nil { 33 | fmt.Fprintf(os.Stderr, "error: %v\n", err) 34 | os.Exit(1) 35 | } 36 | fmt.Printf("\nCompleted!\n") 37 | } 38 | 39 | var cmd = &cobra.Command{ 40 | Use: "vcpctl", 41 | Short: "The vcpctl tool is responsible for facilitating cloud controller manager provisioining.", 42 | Long: `Deploying a cloud provider on vSphere is a task that has many prerequisites, this tool provides these needs: 43 | * Perform vSphere configuration health check. 44 | * Create vSphere role with a minimal set of permissioins. 45 | * Create vSphere solution user, to be used with CCM 46 | * Convert old in-tree vsphere.conf configuration files to new configMap 47 | 48 | `, 49 | 50 | Run: RunMain, 51 | } 52 | 53 | // RunMain is the "Run" function callback for a cobra command object. 54 | func RunMain(cmd *cobra.Command, args []string) { 55 | cmd.Help() 56 | } 57 | -------------------------------------------------------------------------------- /manifests/controller-manager/vsphere-cloud-controller-manager-pod.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: cloud-controller-manager 6 | namespace: kube-system 7 | --- 8 | apiVersion: v1 9 | kind: Pod 10 | metadata: 11 | annotations: 12 | scheduler.alpha.kubernetes.io/critical-pod: "" 13 | labels: 14 | component: cloud-controller-manager 15 | tier: control-plane 16 | k8s-app: vsphere-cloud-controller-manager 17 | name: vsphere-cloud-controller-manager 18 | namespace: kube-system 19 | spec: 20 | containers: 21 | - name: vsphere-cloud-controller-manager 22 | image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.35.0 23 | args: 24 | - --v=2 25 | - --cloud-config=/etc/cloud/vsphere.conf 26 | - --cloud-provider=vsphere 27 | volumeMounts: 28 | - mountPath: /etc/cloud 29 | name: vsphere-config-volume 30 | readOnly: true 31 | resources: 32 | requests: 33 | cpu: 200m 34 | hostNetwork: true 35 | tolerations: 36 | - key: node.cloudprovider.kubernetes.io/uninitialized 37 | value: "true" 38 | effect: NoSchedule 39 | - key: node.kubernetes.io/not-ready 40 | effect: NoSchedule 41 | operator: Exists 42 | securityContext: 43 | runAsUser: 1001 44 | serviceAccountName: cloud-controller-manager 45 | volumes: 46 | - name: vsphere-config-volume 47 | configMap: 48 | name: cloud-config 49 | --- 50 | apiVersion: v1 51 | kind: Service 52 | metadata: 53 | labels: 54 | component: cloud-controller-manager 55 | name: vsphere-cloud-controller-manager 56 | namespace: kube-system 57 | spec: 58 | type: NodePort 59 | ports: 60 | - port: 43001 61 | protocol: TCP 62 | targetPort: 43001 63 | selector: 64 | component: cloud-controller-manager 65 | -------------------------------------------------------------------------------- /docs/book/concepts/in_tree_vs_out_of_tree.md: -------------------------------------------------------------------------------- 1 | # In-Tree and Out-of-Tree Implementation Models for Cloud Providers in Kubernetes 2 | 3 | Originally, Kubernetes implemented cloud provider-specific functionalities natively within the main Kubernetes tree, or as in-tree modules. However, with more infrastructure providers supporting Kubernetes, the old method has become impractical and is no longer advised. New providers that support Kubernetes must follow the out-of-tree model. For the existing in-tree cloud providers, Kubernetes offers a program of migration to the out-of-tree architecture and removal of all cloud provider specific code from the repository. See the [Removing In-Tree Cloud Provider Code](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cloud-provider/2395-removing-in-tree-cloud-providers) proposal for more details. 4 | 5 | While the mechanism for supporting cloud providers is still in transition, it is important to understand the difference between the in-tree and out-of-tree models. 6 | 7 | The in-tree cloud providers are developed and released in the main Kubernetes repository. With the in-tree model, you simply deploy Kubernetes without the need to install any additional components. You can immediately begin to provision storage by setting the appropriate StorageClass that matches your underlying storage infrastructure. To control placement decisions, you can use zones and regions that are usually implemented. 8 | 9 | The out-of-tree model does not offer a driver or provider in the Kubernetes repository, but the provider can be developed, built, and released independently of Kubernetes core. The out-of-tree solution that vSphere offers includes two distinct components, the Cloud Provider Interface (CPI) and the Container Storage Interface (CSI). Before you can start consuming underlying infrastructure resources, you must install both components. 10 | -------------------------------------------------------------------------------- /test/integration/create-vms.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | printf "waiting for vcsim..." 4 | while ! kubectl -n kube-system get pods | \ 5 | grep -q 'vcsim-0[[:space:]]\{0,\}1/1[[:space:]]\{0,\}Running'; do 6 | sleep 1 7 | printf "." 8 | done 9 | echo "ok" 10 | 11 | for name in $(kubectl get nodes -o jsonpath='{.items[*].metadata.name}'); do \ 12 | ip4=$(docker exec "${name}" ip route get dev eth0 1 | awk '{print $NF;exit}') 13 | mac="$(docker exec "${name}" ip a | grep -F "${ip4}" -B 1 | head -n 1 | awk '{print $2}')" 14 | host_name="$(docker exec "${name}" hostname -s)" 15 | host_fqdn="$(docker exec "${name}" hostname -f)" 16 | serial="$(docker exec "${name}" cat /sys/class/dmi/id/product_serial)" 17 | serial="$(echo "${serial}" | tr '[:upper:]' '[:lower:]' | cut -c8- | tr -d ' -')" 18 | serial="$(echo "${serial}" | sed 's/^\([[:alnum:]]\{1,8\}\)\([[:alnum:]]\{1,4\}\)\([[:alnum:]]\{1,4\}\)\([[:alnum:]]\{1,4\}\)\([[:alnum:]]\{1,12\}\)$/\1-\2-\3-\4-\5/')" 19 | uuid="$(docker exec "${name}" cat /sys/class/dmi/id/product_uuid)" 20 | uuid="$(echo "${uuid}" | tr '[:upper:]' '[:lower:]')" 21 | printf 'creating vcsim vm:\n name=%s\n fqdn=%s\n ipv4=%s\n mac=%s\n uuid=%s\n suid=%s\n' \ 22 | "${host_name}" "${host_fqdn}" "${ip4}" "${mac}" "${uuid}" "${serial}" 23 | kubectl -n kube-system exec vcsim-0 -- govc vm.create \ 24 | -net.address "${mac}" "${host_name}" 25 | kubectl -n kube-system exec vcsim-0 -- govc vm.change \ 26 | -vm "${host_name}" \ 27 | -e "SET.config.uuid=${serial}" \ 28 | -e "SET.summary.config.uuid=${serial}" \ 29 | -e "SET.config.instanceUuid=${uuid}" \ 30 | -e "SET.summary.config.instanceUuid=${uuid}" \ 31 | -e "SET.guest.hostName=${host_fqdn}" \ 32 | -e "SET.summary.guest.hostName=${host_fqdn}" \ 33 | -e "SET.guest.ipAddress=${ip4}" \ 34 | -e "SET.summary.guest.ipAddress=${ip4}" 35 | done 36 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ .Values.serviceAccount.name }} 6 | labels: 7 | app: {{ template "cpi.name" . }} 8 | vsphere-cpi-infra: role 9 | component: cloud-controller-manager 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - events 15 | verbs: 16 | - create 17 | - patch 18 | - update 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - nodes 23 | verbs: 24 | - "*" 25 | - apiGroups: 26 | - "" 27 | resources: 28 | - nodes/status 29 | verbs: 30 | - patch 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - services 35 | verbs: 36 | - list 37 | - patch 38 | - update 39 | - watch 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - services/status 44 | verbs: 45 | - patch 46 | - apiGroups: 47 | - "" 48 | resources: 49 | - serviceaccounts 50 | verbs: 51 | - create 52 | - get 53 | - list 54 | - watch 55 | - update 56 | - apiGroups: 57 | - "" 58 | resources: 59 | - persistentvolumes 60 | verbs: 61 | - get 62 | - list 63 | - update 64 | - watch 65 | - apiGroups: 66 | - "" 67 | resources: 68 | - endpoints 69 | verbs: 70 | - create 71 | - get 72 | - list 73 | - watch 74 | - update 75 | - apiGroups: 76 | - "" 77 | resources: 78 | - secrets 79 | verbs: 80 | - get 81 | - list 82 | - watch 83 | - apiGroups: 84 | - "coordination.k8s.io" 85 | resources: 86 | - leases 87 | verbs: 88 | - create 89 | - get 90 | - list 91 | - watch 92 | - update 93 | {{- end -}} 94 | -------------------------------------------------------------------------------- /hack/ensure-trivy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2025 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | if [[ "${TRACE-0}" == "1" ]]; then 22 | set -o xtrace 23 | fi 24 | 25 | VERSION=${1} 26 | 27 | GO_OS="$(go env GOOS)" 28 | if [[ "${GO_OS}" == "linux" ]]; then 29 | TRIVY_OS="Linux" 30 | elif [[ "${GO_OS}" == "darwin"* ]]; then 31 | TRIVY_OS="macOS" 32 | fi 33 | 34 | GO_ARCH="$(go env GOARCH)" 35 | if [[ "${GO_ARCH}" == "amd" ]]; then 36 | TRIVY_ARCH="32bit" 37 | elif [[ "${GO_ARCH}" == "amd64"* ]]; then 38 | TRIVY_ARCH="64bit" 39 | elif [[ "${GO_ARCH}" == "arm" ]]; then 40 | TRIVY_ARCH="ARM" 41 | elif [[ "${GO_ARCH}" == "arm64" ]]; then 42 | TRIVY_ARCH="ARM64" 43 | fi 44 | 45 | TOOL_BIN=hack/tools/bin 46 | mkdir -p ${TOOL_BIN} 47 | 48 | TRIVY="${TOOL_BIN}/trivy/${VERSION}/trivy" 49 | 50 | # Downloads trivy scanner 51 | if [ ! -f "$TRIVY" ]; then 52 | curl -L -o ${TOOL_BIN}/trivy.tar.gz "https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_${TRIVY_OS}-${TRIVY_ARCH}.tar.gz" 53 | mkdir -p "$(dirname "$0")/tools/bin/trivy/${VERSION}" 54 | tar -xf "${TOOL_BIN}/trivy.tar.gz" -C "${TOOL_BIN}/trivy/${VERSION}" trivy 55 | chmod +x "${TOOL_BIN}/trivy/${VERSION}/trivy" 56 | rm "${TOOL_BIN}/trivy.tar.gz" 57 | fi 58 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/routemanager/helper/helper.go: -------------------------------------------------------------------------------- 1 | package helper 2 | 3 | import ( 4 | "strings" 5 | "time" 6 | 7 | "github.com/pkg/errors" 8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 9 | ) 10 | 11 | // A list of possible RouteSet or StaticRoute operation error messages 12 | var ( 13 | ErrGetRouteCR = errors.New("failed to get Route CR") 14 | ErrCreateRouteCR = errors.New("failed to create Route CR") 15 | ErrListRouteCR = errors.New("failed to list Route CR") 16 | ErrDeleteRouteCR = errors.New("failed to delete Route CR") 17 | ) 18 | 19 | const ( 20 | // LabelKeyClusterName is the label key to specify GC name for RouteSet/StaticRoute CR 21 | LabelKeyClusterName = "clusterName" 22 | // RealizedStateTimeout is the timeout duration for realized state check 23 | RealizedStateTimeout = 10 * time.Second 24 | // RealizedStateSleepTime is the interval between realized state check 25 | RealizedStateSleepTime = 1 * time.Second 26 | ) 27 | 28 | // RouteCR defines an interface that is used to represent different kinds of nsx.vmware.com route CR 29 | type RouteCR interface{} 30 | 31 | // RouteCRList defines an interface that is used to represent different kinds of nsx.vmware.com route CR List 32 | type RouteCRList interface{} 33 | 34 | // RouteInfo collects all the information to build a RouteCR 35 | type RouteInfo struct { 36 | Namespace string 37 | Labels map[string]string 38 | Owner []metav1.OwnerReference 39 | Name string // route cr name / node name 40 | Cidr string // destination network 41 | NodeIP string // next hop / target ip 42 | RouteName string 43 | } 44 | 45 | // GetRouteName returns RouteInfo name as -- 46 | // e.g. nodeName-100.96.0.0-24-clusterName 47 | func GetRouteName(nodeName string, cidr string, clusterName string) string { 48 | return strings.Replace(nodeName+"-"+cidr+"-"+clusterName, "/", "-", -1) 49 | } 50 | -------------------------------------------------------------------------------- /test/vcsim/deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2017 The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: ServiceAccount 16 | apiVersion: v1 17 | metadata: 18 | name: vcsim 19 | namespace: kube-system 20 | --- 21 | apiVersion: apps/v1 22 | kind: StatefulSet 23 | metadata: 24 | name: vcsim 25 | namespace: kube-system 26 | spec: 27 | serviceName: "vcsim" 28 | replicas: 1 29 | selector: 30 | matchLabels: 31 | app: vcsim 32 | template: 33 | metadata: 34 | labels: 35 | app: vcsim 36 | namespace: kube-system 37 | spec: 38 | tolerations: 39 | - key: node.kubernetes.io/not-ready 40 | effect: NoSchedule 41 | - key: node.cloudprovider.kubernetes.io/uninitialized 42 | value: "true" 43 | effect: NoSchedule 44 | serviceAccountName: vcsim 45 | terminationGracePeriodSeconds: 30 46 | containers: 47 | - name: vcsim 48 | image: akutz/vcsim:v20190308-v0.1.1-29-g85867cf-dirty 49 | ports: 50 | - containerPort: 8443 51 | protocol: TCP 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: vcsim 57 | namespace: kube-system 58 | spec: 59 | selector: 60 | app: vcsim 61 | clusterIP: 10.96.96.96 62 | ports: 63 | - name: default 64 | protocol: TCP 65 | port: 443 66 | targetPort: 8443 67 | -------------------------------------------------------------------------------- /pkg/common/credentialmanager/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package credentialmanager 18 | 19 | import ( 20 | "sync" 21 | 22 | v1 "k8s.io/api/core/v1" 23 | clientv1 "k8s.io/client-go/listers/core/v1" 24 | ) 25 | 26 | // SecretCache is used to cache information about Kubernetes secrets data. 27 | type SecretCache struct { 28 | cacheLock sync.Mutex 29 | VirtualCenter map[string]*Credential 30 | Secret *v1.Secret 31 | SecretFile map[string][]byte 32 | } 33 | 34 | // Credential is a vCenter credential that is retrieved or stored in a 35 | // Kubernetes secret. 36 | type Credential struct { 37 | User string `gcfg:"user"` 38 | Password string `gcfg:"password"` 39 | // VC shared session manager directives 40 | VCSessionManagerURL string `gcfg:"vc-session-manager-url"` 41 | VCSessionManagerToken string `gcfg:"vc-session-manager-token"` 42 | } 43 | 44 | // CredentialManager is used to manage vCenter credentials stored as 45 | // Kubernetes secrets. 46 | type CredentialManager struct { 47 | SecretName string 48 | SecretNamespace string 49 | SecretLister clientv1.SecretLister 50 | SecretsDirectory string 51 | secretsDirectoryParsed bool // internal placeholder to identify we parsed the SecretsDirectory 52 | Cache *SecretCache 53 | } 54 | -------------------------------------------------------------------------------- /pkg/common/vclib/fixtures/ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE/jCCAuYCCQDRJ2qPhdmG0DANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJV 3 | UzELMAkGA1UECAwCQ0ExEzARBgNVBAoMCkFjbWUsIEluYy4xDzANBgNVBAMMBnNv 4 | bWVDQTAgFw0xODA2MDgxMzM5MjFaGA8yMjE4MDQyMTEzMzkyMVowQDELMAkGA1UE 5 | BhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQKDApBY21lLCBJbmMuMQ8wDQYDVQQD 6 | DAZzb21lQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgIovAI/Ax 7 | QhVoaG9nEuZcTMN+UgtVoYJlFEFt9i5x/KzKVP8ko8yUqzc5E1VbVx2JbXP9lSUC 8 | U356qrjRZJVAmotR5eW2x9nB6Z0WZ/dIBYi72/3AjmaEtAkyHZc8o0gsIGGsRP8A 9 | 0tU9s5slQW8Zq+lH1dVdNewtS+4JH6hKkO9BjKdYonl0DCopoXHcYIQUCbR02dLO 10 | WJCvMoU4TQNQzEVAfku3YRgsevJr4rhm1htfmcpf75P1HmlmzSemqZNBL+sh9+/a 11 | FPz20p2o/P8wK3nHCaOwA7a6uLk75ZotQiR/wF1+ZUC6wT/m/anfHcwfStRdo0+D 12 | sWouPVydtzAeqq3c+ZWX1Vkg2Q9ucceK5rbUY2oMBn8b+8/z+GVfAh4Tx3pg+xI+ 13 | bg0QfQq77KTRMQvpCQYUxhinILDUE1gZd37O9/XGNm0atxWIeF6zG6/vWcZ0ls1K 14 | LvPCRhfJ1IoI2eMn46rKKnm5QL4ObJ2pwlNAtxlbk5s194Hw8vPpS5WJ0x9+Hx68 15 | TXcvrRxLnBnJlaF6syoH4j+5ES3TmCKQK2UlU6iyG4tLRCNsr8g1gJIUEmO3TGvB 16 | NvDXdJCwSGS1Bh2pMdoMFaLq6H6lxj2awXWNkn4YAQ9hwvMrejb+QTqDT1NndAN4 17 | /1sQNOWUv6YizgkaJYY0L94aMZ/LICd+YQIDAQABMA0GCSqGSIb3DQEBCwUAA4IC 18 | AQBYBRH/q3gB4gEiOAUl9HbnoUb7MznZ0uQTH7fUYqr66ceZkg9w1McbwiAeZAaY 19 | qQWwr3u4A8/Bg8csE2yQTsXeA33FP3Q6obyuYn4q7e++4+9SLkbSSQfbB67pGUK5 20 | /pal6ULrLGzs69fbL1tOaA/VKQJndg3N9cftyiIUWTzHDop8SLmIobWVRtPQHf00 21 | oKq8loakyluQdxQxnGdl7vMXwSpSpIH84TOdy2JN90MzVLgOz55sb/wRYfhClNFD 22 | +1sb2V4nL2w1kXaO2UVPzk7qpG5FE54JPvvN67Ec4JjMSnGo8l3dJ9jGEmgBIML3 23 | l1onrti2HStSs1vR4Ax0xok08okRlrGA4FqQiSx853T5uLa/JLmWfLKg9ixR4ZV+ 24 | dF+2ZrFwDLZUr4VeaDd2v2mQFBNLvdZrqp1OZ4B/1+H5S8ucb+oVhGqzDkEvRCc+ 25 | WYpNxx7kpwZPTLmMYTXXKdTWfpgz9GL0LSkY8d1rxLwHxtV8EzAkV+zIWix4h/IE 26 | 0FG4WvhrttMCu8ulZhGGoVqy7gdb4+ViWnUYNuCCjIcRJj7SeZaDawBASa/jZwik 27 | Hxrwn0osGUqEUBmvjDdXJpTaKCr2GFOvhCM2pG6AXa14b5hS2DgbX+NZYcScYtVC 28 | vn2HMDjnIEF4uOfDJU5eLok4jli5+VwzOQ7hOHs3DIm4+g== 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/vapilogger.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vsphere 18 | 19 | import ( 20 | "github.com/vmware/vsphere-automation-sdk-go/runtime/log" 21 | klog "k8s.io/klog/v2" 22 | ) 23 | 24 | // klogBridge is a connector for the vapi logger to klog 25 | // the github.com/vmware/vsphere-automation-sdk-go SDK used for the NSX-T 26 | // load balancer support logs a lot of stuff on its own logger defaulted 27 | // to standard output. This bridge redirects the SDK log to the 28 | // logging environment used by the controller manager (klog). 29 | type klogBridge struct{} 30 | 31 | // NewKlogBridge provides a vapi logger with klog backend 32 | func NewKlogBridge() log.Logger { 33 | return klogBridge{} 34 | } 35 | 36 | func (d klogBridge) Error(args ...interface{}) { 37 | klog.Error(args...) 38 | } 39 | 40 | func (d klogBridge) Errorf(a string, args ...interface{}) { 41 | klog.Errorf(a, args...) 42 | } 43 | 44 | func (d klogBridge) Info(args ...interface{}) { 45 | klog.Info(args...) 46 | } 47 | 48 | func (d klogBridge) Infof(a string, args ...interface{}) { 49 | klog.Infof(a, args...) 50 | } 51 | 52 | func (d klogBridge) Debug(args ...interface{}) { 53 | klog.V(4).Info(args...) 54 | } 55 | 56 | func (d klogBridge) Debugf(a string, args ...interface{}) { 57 | klog.V(4).Infof(a, args...) 58 | } 59 | -------------------------------------------------------------------------------- /hack/make.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright 2018 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # posix compliant 18 | # verified by https://www.shellcheck.net 19 | 20 | # Runs make inside a Docker container. 21 | 22 | # Change directories to the project's root directory. 23 | # shellcheck disable=2128 24 | if [ -n "${BASH_SOURCE}" ]; then 25 | # shellcheck disable=2039 26 | HACK_DIR="$(dirname "${BASH_SOURCE[0]}")" 27 | elif command -v python >/dev/null 2>&1; then 28 | HACK_DIR="$(python -c "import os; print(os.path.realpath('$(dirname "${0}")'))")" 29 | elif [ -d "../.git" ]; then 30 | HACK_DIR="$(pwd)" 31 | elif [ -d ".git" ]; then 32 | HACK_DIR="$(pwd)/hack" 33 | fi 34 | [ -n "${HACK_DIR}" ] || { echo "unable to find project root" 1>&2; exit 1; } 35 | cd "${HACK_DIR}/.." || { echo "unable to cd to project root" 1>&2; exit 1; } 36 | 37 | # When in an interactive terminal add the -t flag so Docker inherits 38 | # a pseudo TTY. Otherwords SIGINT does not work to kill the container 39 | # when running this script interactively. 40 | TERM_FLAGS="-i" 41 | echo "${-}" | grep -q i && TERM_FLAGS="${TERM_FLAGS}t" 42 | 43 | # shellcheck disable=2086 44 | docker run --rm ${TERM_FLAGS} ${DOCKER_OPTS} \ 45 | -v "$(pwd)":/build:z \ 46 | -w /build \ 47 | "${CI_IMAGE:-gcr.io/k8s-staging-cloud-pv-vsphere/cloud-provider-vsphere:latest}" \ 48 | make "${@}" 49 | -------------------------------------------------------------------------------- /hack/verify-codegen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # SCRIPT_ROOT: the directory in which this script is located 22 | SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 23 | # CUSTOM_RESOURCE_PACKAGE: the name of the custom resource package that we are generating client code for 24 | CUSTOM_RESOURCE_PACKAGE="nsxnetworking" 25 | # CUSTOM_RESOURCE_VERSION: the version of the resource 26 | CUSTOM_RESOURCE_VERSION="v1alpha1" 27 | 28 | DIFFROOT="${SCRIPT_ROOT}/pkg" 29 | TMP_DIFFROOT="${SCRIPT_ROOT}/_tmp/pkg" 30 | _tmp="${SCRIPT_ROOT}/_tmp" 31 | 32 | cleanup() { 33 | rm -rf "${_tmp}" 34 | } 35 | trap "cleanup" EXIT SIGINT 36 | 37 | cleanup 38 | 39 | mkdir -p "${TMP_DIFFROOT}" 40 | cp -a "${DIFFROOT}"/* "${TMP_DIFFROOT}" 41 | 42 | "${SCRIPT_ROOT}/hack/update-codegen.sh" 43 | printf "\xE2\x8F\xB3" 44 | echo "diffing ${DIFFROOT} against freshly generated codegen" 45 | ret=0 46 | diff -Naupr "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$? 47 | cp -a "${TMP_DIFFROOT}"/* "${DIFFROOT}" 48 | if [[ $ret -eq 0 ]] 49 | then 50 | printf "\xE2\x9C\x85" 51 | echo "$CUSTOM_RESOURCE_PACKAGE:$CUSTOM_RESOURCE_VERSION up to date." 52 | else 53 | printf "\xE2\x9D\x8C" 54 | echo "${DIFFROOT} is out of date. Please run hack/update-codegen.sh" 55 | exit 1 56 | fi 57 | -------------------------------------------------------------------------------- /pkg/nsxt/config/types_ini_legacy.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | // NsxtConfigINI is used to read and store information from the cloud configuration file 20 | type NsxtConfigINI struct { 21 | NSXT NsxtINI `gcfg:"nsxt"` 22 | } 23 | 24 | // NsxtINI contains the NSX-T specific configuration 25 | type NsxtINI struct { 26 | // NSX-T username. 27 | User string `gcfg:"user"` 28 | // NSX-T password in clear text. 29 | Password string `gcfg:"password"` 30 | // NSX-T host. 31 | Host string `gcfg:"host"` 32 | // InsecureFlag is to be set to true if NSX-T uses self-signed cert. 33 | InsecureFlag bool `gcfg:"insecure-flag"` 34 | // RemoteAuth is to be set to true if NSX-T uses remote authentication (authentication done through the vIDM). 35 | RemoteAuth bool `gcfg:"remote-auth"` 36 | // SecretName is the secret name for NSX-T username and password 37 | SecretName string `gcfg:"secret-name"` 38 | // SecretNamespace is the secret namespace for NSX-T username and password 39 | SecretNamespace string `gcfg:"secret-namespace"` 40 | 41 | VMCAccessToken string `gcfg:"vmc-access-token"` 42 | VMCAuthHost string `gcfg:"vmc-auth-host"` 43 | ClientAuthCertFile string `gcfg:"client-auth-cert-file"` 44 | ClientAuthKeyFile string `gcfg:"client-auth-key-file"` 45 | CAFile string `gcfg:"ca-file"` 46 | } 47 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/loadbalancer/config/types_ini_legacy.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | // LBConfigINI is used to read and store information from the cloud configuration file 20 | type LBConfigINI struct { 21 | LoadBalancer LoadBalancerConfigINI `gcfg:"loadbalancer"` 22 | LoadBalancerClass map[string]*LoadBalancerClassConfigINI `gcfg:"loadbalancerclass"` 23 | } 24 | 25 | // LoadBalancerConfigINI contains the configuration for the load balancer itself 26 | type LoadBalancerConfigINI struct { 27 | LoadBalancerClassConfigINI 28 | Size string `gcfg:"size"` 29 | LBServiceID string `gcfg:"lb-service-id"` 30 | Tier1GatewayPath string `gcfg:"tier1-gateway-path"` 31 | SnatDisabled bool `gcfg:"snat-disabled"` 32 | RawTags string `gcfg:"tags"` 33 | AdditionalTags map[string]string 34 | } 35 | 36 | // LoadBalancerClassConfigINI contains the configuration for a load balancer class 37 | type LoadBalancerClassConfigINI struct { 38 | IPPoolName string `gcfg:"ip-pool-name"` 39 | IPPoolID string `gcfg:"ip-pool-id"` 40 | TCPAppProfileName string `gcfg:"tcp-app-profile-name"` 41 | TCPAppProfilePath string `gcfg:"tcp-app-profile-path"` 42 | UDPAppProfileName string `gcfg:"udp-app-profile-name"` 43 | UDPAppProfilePath string `gcfg:"udp-app-profile-path"` 44 | } 45 | -------------------------------------------------------------------------------- /hack/install-gh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2024 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | GH_VER=2.50.0 22 | # Set the installation command based on the operating system 23 | case "$(uname -s)" in 24 | Linux*) 25 | curl -fsSL https://github.com/cli/cli/releases/download/v${GH_VER}/gh_${GH_VER}_linux_amd64.tar.gz -o gh.tar.gz 26 | tar -xzf gh.tar.gz 27 | sudo mv ./gh_${GH_VER}_linux_amd64/bin/gh /usr/local/bin/gh 28 | rm -rf ./gh* 29 | echo 'gh has been successfully installed to /usr/local/bin/gh' 30 | ;; 31 | Darwin*) 32 | # For macOS, use Homebrew or download the binary directly 33 | if command -v brew >/dev/null 2>&1; then 34 | brew install gh 35 | else 36 | echo "macOS users are recommended to install gh using Homebrew. If Homebrew is not installed, please install it first and try again." 37 | exit 1 38 | fi 39 | ;; 40 | *) 41 | echo "Unsupported operating system." 42 | exit 1 43 | ;; 44 | esac 45 | 46 | # Check if gh is successfully installed 47 | if command -v gh >/dev/null 2>&1; then 48 | echo "gh has been successfully installed." 49 | else 50 | echo "Failed to install gh. Please check the output for more information." 51 | exit 1 52 | fi 53 | -------------------------------------------------------------------------------- /pkg/common/vclib/fixtures/server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFJjCCAw6gAwIBAgIJAOcEAbv8NslfMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV 3 | BAYTAlVTMQswCQYDVQQIDAJDQTETMBEGA1UECgwKQWNtZSwgSW5jLjEPMA0GA1UE 4 | AwwGc29tZUNBMCAXDTE4MDYwODEzMzkyNFoYDzIyMTgwNDIxMTMzOTI0WjBDMQsw 5 | CQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEzARBgNVBAoMCkFjbWUsIEluYy4xEjAQ 6 | BgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB 7 | AJWSTkcwo28xdUmglxR8orbnZRPqt2eWxoUtk6Vxunei2qKrcDaOFAt4vk5zJ3ba 8 | z9qTZFf2WIr7KdXx8/dhahQE/l6WHBvKS5uIi9JNFLnzlnSz01/OxwiYymeK+35s 9 | 7Lco6iuLL/SN8ntYyotFRNQS6xdSlbxBP9T1wroOvBAT/2hdOvrr3K+qPIWzGM4H 10 | Sks4UWJvQt5BnGsDaH6gA/ypP85/qTJOAZaMuFILVxV4I9mxJ5lRPrUVsi79vkzj 11 | ZZi512gVt/zL2bSgt5iLNihvumgTbmPD3Vs1rzLad9K/4m4Jx87jCrb1yeV0YU2k 12 | k+EGFzWxsG9WyFdcpZ1/M3VzxEJLmE0A3LWmEAntEV7dSPRad4FUEcckzPtCHrW7 13 | FNJPVbwcENO5oFPEYpNw8VZ327iWP8ERJxEU5IL+qI7UcIrM6xiGOcd+qXkbN9Aq 14 | kTL97ibagvxVOpwkGx8cLLEMgf7pjei+23KbEBQ8nXiveYb0UMurW9r/7zHMOzDK 15 | OZEhVB46C+WXOAzm8IqrPqexe0tFiCTAcyTnI5oAjM4GeyZnO2zJq5uNxi8zmlSy 16 | I7j1VaTqe2ICf5akX+yt4WV6zHWl5AptNWi/C+fXft1X3Y6dxx75mKQofG3Pio7P 17 | 50fUXPtiSivx9dyx91uQq/BZ3PxT+k4G77zcLEFdNYBvAgMBAAGjHjAcMBoGA1Ud 18 | EQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEABL8kffi7 19 | 48qSD+/l/UwCYdmqta1vAbOkvLnPtfXe1XlDpJipNuPxUBc8nNTemtrbg0erNJnC 20 | jQHodqmdKBJJOdaEKTwAGp5pYvvjlU3WasmhfJy+QwOWgeqjJcTUo3+DEaHRls16 21 | AZXlsp3hB6z0gzR/qzUuZwpMbL477JpuZtAcwLYeVvLG8bQRyWyEy8JgGDoYSn8s 22 | Z16s+r6AX+cnL/2GHkZ+oc3iuXJbnac4xfWTKDiYnyzK6RWRnoyro7X0jiPz6XX3 23 | wyoWzB1uMSCXscrW6ZcKyKqz75lySLuwGxOMhX4nGOoYHY0ZtrYn5WK2ZAJxsQnn 24 | 8QcjPB0nq37U7ifk1uebmuXe99iqyKnWaLvlcpe+HnO5pVxFkSQEf7Zh+hEnRDkN 25 | IBzLFnqwDS1ug/oQ1aSvc8oBh2ylKDJuGtPNqGKibNJyb2diXO/aEUOKRUKPAxKa 26 | dbKsc4Y1bhZNN3/MICMoyghwAOiuwUQMR5uhxTkQmZUwNrPFa+eW6GvyoYLFUsZs 27 | hZfWLNGD5mLADElxs0HF7F9Zk6pSocTDXba4d4lfxsq88SyZZ7PbjJYFRfLQPzd1 28 | CfvpRPqolEmZo1Y5Q644PELYiJRKpBxmX5GtC5j5eaUD9XdGKvXsGhb0m0gW75rq 29 | iUnnLkZt2ya1cDJDiCnJjo7r5KxMo0XXFDc= 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /docs/book/concepts/vcp_overview.md: -------------------------------------------------------------------------------- 1 | # About vSphere Cloud Provider 2 | 3 | Project Hatchway was the first VMware container project. It offered vSphere storage infrastructure choices, such as hyper-converged infrastructure (HCI) powered by VMware vSAN and traditional SAN and NAS storage, to container environments. Initially, the project included two distinct parts – one focusing on docker container volumes and the other focusing on Kubernetes. The purpose of both was to provision block VMDK volumes on vSphere storage to provide persistent storage for containerized applications running in a Container Orchestrator on vSphere. The vSphere Cloud Provider (VCP) is a Kubernetes solution and has been included as in-tree code since Kubernetes version v1.6.5. The vSphere Cloud Provider enables both static and dynamic consumption of vSphere storage for Kubernetes. It also integrates with Storage Policy Based Management, which allows persistent volumes to inherit and select capabilities of the underlying storage infrastructure, such as RAID levels, encryption, deduplication, compression, and so on. 4 | 5 | The in-tree vSphere Cloud Provider can connect to vCenter Server to map information about your infrastructure, such as VMs, disks, and so on, back to the Kubernetes API. With the in-tree solution, the kubelet, kube-apiserver, and kube-controller-manager are natively aware of how to connect to vCenter Server if each component is provided with a valid config file and credentials. The content of the config file and how the credentials are shared is covered in the following chapters. For now, assume that every component has access to the config file and credentials that allow access to vCenter Server. The simplified diagram below illustrates which components in your cluster should be connecting to vCenter Server. 6 | 7 | ![vSphere In-Tree Cloud Provider Architecture](https://github.com/kubernetes/cloud-provider-vsphere/raw/master/docs/images/vsphere-in-tree-architecture.png "vSphere In-Tree Cloud Provider Architecture") 8 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/informers/externalversions/nsxnetworking/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package nsxnetworking 20 | 21 | import ( 22 | internalinterfaces "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/client/informers/externalversions/internalinterfaces" 23 | v1alpha1 "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/client/informers/externalversions/nsxnetworking/v1alpha1" 24 | ) 25 | 26 | // Interface provides access to each of this group's versions. 27 | type Interface interface { 28 | // V1alpha1 provides access to shared informers for resources in V1alpha1. 29 | V1alpha1() v1alpha1.Interface 30 | } 31 | 32 | type group struct { 33 | factory internalinterfaces.SharedInformerFactory 34 | namespace string 35 | tweakListOptions internalinterfaces.TweakListOptionsFunc 36 | } 37 | 38 | // New returns a new Interface. 39 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 40 | return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 41 | } 42 | 43 | // V1alpha1 returns a new v1alpha1.Interface. 44 | func (g *group) V1alpha1() v1alpha1.Interface { 45 | return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) 46 | } 47 | -------------------------------------------------------------------------------- /pkg/common/vclib/utils_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import ( 20 | "context" 21 | "testing" 22 | 23 | "github.com/vmware/govmomi" 24 | "github.com/vmware/govmomi/simulator" 25 | ) 26 | 27 | func TestUtils(t *testing.T) { 28 | ctx := context.Background() 29 | 30 | model := simulator.VPX() 31 | // Child folder "F0" will be created under the root folder and datacenter folders, 32 | // and all resources are created within the "F0" child folders. 33 | model.Folder = 1 34 | 35 | defer model.Remove() 36 | err := model.Create() 37 | if err != nil { 38 | t.Fatal(err) 39 | } 40 | 41 | s := model.Service.NewServer() 42 | defer s.Close() 43 | 44 | c, err := govmomi.NewClient(ctx, s.URL, true) 45 | if err != nil { 46 | t.Fatal(err) 47 | } 48 | 49 | vc := &VSphereConnection{Client: c.Client} 50 | 51 | dc, err := GetDatacenter(ctx, vc, TestDefaultDatacenter) 52 | if err != nil { 53 | t.Error(err) 54 | } 55 | 56 | finder := getFinder(dc) 57 | datastores, err := finder.DatastoreList(ctx, "*") 58 | if err != nil { 59 | t.Fatal(err) 60 | } 61 | 62 | count := model.Count() 63 | if count.Datastore != len(datastores) { 64 | t.Errorf("got %d Datastores, expected: %d", len(datastores), count.Datastore) 65 | } 66 | 67 | _, err = finder.Datastore(ctx, testNameNotFound) 68 | if !IsNotFound(err) { 69 | t.Errorf("unexpected error: %s", err) 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /pkg/common/vclib/utils.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import ( 20 | "github.com/vmware/govmomi/find" 21 | "github.com/vmware/govmomi/vim25/soap" 22 | "github.com/vmware/govmomi/vim25/types" 23 | ) 24 | 25 | // IsNotFound return true if err is NotFoundError or DefaultNotFoundError 26 | func IsNotFound(err error) bool { 27 | _, ok := err.(*find.NotFoundError) 28 | if ok { 29 | return true 30 | } 31 | 32 | _, ok = err.(*find.DefaultNotFoundError) 33 | return ok 34 | } 35 | 36 | func getFinder(dc *Datacenter) *find.Finder { 37 | finder := find.NewFinder(dc.Client(), false) 38 | finder.SetDatacenter(dc.Datacenter) 39 | return finder 40 | } 41 | 42 | // IsManagedObjectNotFoundError returns true if error is of type ManagedObjectNotFound 43 | func IsManagedObjectNotFoundError(err error) bool { 44 | isManagedObjectNotFoundError := false 45 | if soap.IsSoapFault(err) { 46 | _, isManagedObjectNotFoundError = soap.ToSoapFault(err).VimFault().(types.ManagedObjectNotFound) 47 | } 48 | return isManagedObjectNotFoundError 49 | } 50 | 51 | // IsInvalidCredentialsError returns true if error is of type InvalidLogin 52 | func IsInvalidCredentialsError(err error) bool { 53 | isInvalidCredentialsError := false 54 | if soap.IsSoapFault(err) { 55 | _, isInvalidCredentialsError = soap.ToSoapFault(err).VimFault().(types.InvalidLogin) 56 | } 57 | return isInvalidCredentialsError 58 | } 59 | -------------------------------------------------------------------------------- /charts/vsphere-cpi/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Expand the name of the chart. 5 | */}} 6 | {{- define "cpi.name" -}} 7 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 8 | {{- end -}} 9 | 10 | {{/* 11 | Create a default fully qualified app name. 12 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) 13 | If release name contains chart name it will be used as a full name. 14 | */}} 15 | {{- define "cpi.fullname" -}} 16 | {{- if .Values.fullnameOverride -}} 17 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 18 | {{- else -}} 19 | {{- $name := default .Chart.Name .Values.nameOverride -}} 20 | {{- if contains $name .Release.Name -}} 21 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 22 | {{- else -}} 23 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 24 | {{- end -}} 25 | {{- end -}} 26 | {{- end -}} 27 | 28 | {{/* 29 | Create a fully qualified daemonset name. 30 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 31 | */}} 32 | {{- define "cpi.daemonset.name" -}} 33 | {{- $nameGlobalOverride := printf "%s-daemonset" (include "cpi.fullname" .) -}} 34 | {{- if .Values.daemonset.fullnameOverride -}} 35 | {{- printf "%s" .Values.daemonset.fullnameOverride | trunc 63 | trimSuffix "-" -}} 36 | {{- else -}} 37 | {{- printf "%s" $nameGlobalOverride | trunc 63 | trimSuffix "-" -}} 38 | {{- end -}} 39 | {{- end -}} 40 | 41 | {{- define "api.binding" -}} 42 | {{- printf ":%.0f" .Values.service.endpointPort | trunc 63 | trimSuffix "-" -}} 43 | {{- end -}} 44 | 45 | {{/* 46 | Configure list of IP CIDRs allowed access to load balancer (if supported) 47 | */}} 48 | {{- define "loadBalancerSourceRanges" -}} 49 | {{- if .service.loadBalancerSourceRanges }} 50 | loadBalancerSourceRanges: 51 | {{- range $cidr := .service.loadBalancerSourceRanges }} 52 | - {{ $cidr }} 53 | {{- end }} 54 | {{- end }} 55 | {{- end -}} 56 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/loadbalancer/helpers.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package loadbalancer 18 | 19 | import ( 20 | "strings" 21 | 22 | corev1 "k8s.io/api/core/v1" 23 | "k8s.io/apimachinery/pkg/types" 24 | 25 | vapi_errors "github.com/vmware/vsphere-automation-sdk-go/lib/vapi/std/errors" 26 | ) 27 | 28 | func namespacedNameFromService(service *corev1.Service) types.NamespacedName { 29 | return types.NamespacedName{Namespace: service.Namespace, Name: service.Name} 30 | } 31 | 32 | func parseNamespacedName(name string) types.NamespacedName { 33 | parts := strings.Split(name, "/") 34 | return types.NamespacedName{Namespace: parts[0], Name: parts[1]} 35 | } 36 | 37 | func collectNodeInternalAddresses(nodes []*corev1.Node) map[string]string { 38 | set := map[string]string{} 39 | for _, node := range nodes { 40 | for _, addr := range node.Status.Addresses { 41 | if addr.Type == corev1.NodeInternalIP { 42 | set[addr.Address] = node.Name 43 | break 44 | } 45 | } 46 | } 47 | return set 48 | } 49 | 50 | func strptr(s string) *string { 51 | return &s 52 | } 53 | 54 | func isNotFoundError(err error) bool { 55 | _, ok := err.(vapi_errors.NotFound) 56 | return ok 57 | } 58 | 59 | func boolptr(b bool) *bool { 60 | return &b 61 | } 62 | 63 | func int64ptr(i int64) *int64 { 64 | return &i 65 | } 66 | 67 | func safeEquals(a, b *string) bool { 68 | if a == nil || b == nil { 69 | return a == b 70 | } 71 | return *a == *b 72 | } 73 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/vmoperator/interface.go: -------------------------------------------------------------------------------- 1 | package vmoperator 2 | 3 | import ( 4 | "context" 5 | 6 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 | "k8s.io/client-go/dynamic" 8 | 9 | vmopv1 "github.com/vmware-tanzu/vm-operator/api/v1alpha2" 10 | ) 11 | 12 | // Interface has methods to work with Vmoperator resources. 13 | type Interface interface { 14 | V1alpha2() V1alpha2Interface 15 | } 16 | 17 | // V1alpha2Interface has methods to work with Vmoperator V1alpha2 resources. 18 | type V1alpha2Interface interface { 19 | Client() dynamic.Interface 20 | VirtualMachines(namespace string) VirtualMachineInterface 21 | VirtualMachineServices(namespace string) VirtualMachineServiceInterface 22 | } 23 | 24 | // VirtualMachineInterface has methods to work with VirtualMachineService resources. 25 | type VirtualMachineInterface interface { 26 | Create(ctx context.Context, virtualMachine *vmopv1.VirtualMachine, opts v1.CreateOptions) (*vmopv1.VirtualMachine, error) 27 | Update(ctx context.Context, virtualMachine *vmopv1.VirtualMachine, opts v1.UpdateOptions) (*vmopv1.VirtualMachine, error) 28 | Delete(ctx context.Context, name string, opts v1.DeleteOptions) error 29 | Get(ctx context.Context, name string, opts v1.GetOptions) (*vmopv1.VirtualMachine, error) 30 | List(ctx context.Context, opts v1.ListOptions) (*vmopv1.VirtualMachineList, error) 31 | } 32 | 33 | // VirtualMachineServiceInterface has methods to work with VirtualMachineService resources. 34 | type VirtualMachineServiceInterface interface { 35 | Create(ctx context.Context, virtualMachineService *vmopv1.VirtualMachineService, opts v1.CreateOptions) (*vmopv1.VirtualMachineService, error) 36 | Update(ctx context.Context, virtualMachineService *vmopv1.VirtualMachineService, opts v1.UpdateOptions) (*vmopv1.VirtualMachineService, error) 37 | Delete(ctx context.Context, name string, opts v1.DeleteOptions) error 38 | Get(ctx context.Context, name string, opts v1.GetOptions) (*vmopv1.VirtualMachineService, error) 39 | List(ctx context.Context, opts v1.ListOptions) (*vmopv1.VirtualMachineServiceList, error) 40 | } 41 | -------------------------------------------------------------------------------- /pkg/util/retry_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "fmt" 21 | "testing" 22 | 23 | "k8s.io/apimachinery/pkg/api/errors" 24 | "k8s.io/apimachinery/pkg/runtime/schema" 25 | "k8s.io/apimachinery/pkg/util/wait" 26 | ) 27 | 28 | func TestRetryOnConflict(t *testing.T) { 29 | opts := wait.Backoff{Factor: 1.0, Steps: 3} 30 | conflictErr := errors.NewConflict(schema.GroupResource{Resource: "test"}, "other", nil) 31 | 32 | // never returns 33 | err := RetryOnError(opts, errors.IsConflict, func() error { 34 | return conflictErr 35 | }) 36 | if err != conflictErr { 37 | t.Errorf("unexpected error: %v", err) 38 | } 39 | 40 | // returns immediately 41 | i := 0 42 | err = RetryOnError(opts, errors.IsConflict, func() error { 43 | i++ 44 | return nil 45 | }) 46 | if err != nil || i != 1 { 47 | t.Errorf("unexpected error: %v", err) 48 | } 49 | 50 | // returns immediately on error 51 | testErr := fmt.Errorf("some other error") 52 | err = RetryOnError(opts, errors.IsConflict, func() error { 53 | return testErr 54 | }) 55 | if err != testErr { 56 | t.Errorf("unexpected error: %v", err) 57 | } 58 | 59 | // keeps retrying 60 | i = 0 61 | err = RetryOnError(opts, errors.IsConflict, func() error { 62 | if i < 2 { 63 | i++ 64 | return errors.NewConflict(schema.GroupResource{Resource: "test"}, "other", nil) 65 | } 66 | return nil 67 | }) 68 | if err != nil || i != 2 { 69 | t.Errorf("unexpected error: %v", err) 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /pkg/cli/client_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package cli 18 | 19 | import ( 20 | "context" 21 | "errors" 22 | "net/http" 23 | "testing" 24 | 25 | "github.com/vmware/govmomi/vim25/mo" 26 | "k8s.io/cloud-provider-vsphere/pkg/cli/test" 27 | ) 28 | 29 | func TestNewClient(t *testing.T) { 30 | o := ClientOption{} 31 | m, s, err := test.NewServiceInstance() 32 | if err != nil { 33 | t.Fatal(err) 34 | } 35 | defer func() { 36 | s.Close() 37 | m.Remove() 38 | }() 39 | c, err := o.NewClient(context.Background(), s.URL.String()) 40 | if err != nil { 41 | t.Fatal(err) 42 | } 43 | 44 | f := func() error { 45 | var x mo.Folder 46 | err = mo.RetrieveProperties(context.Background(), c, c.ServiceContent.PropertyCollector, c.ServiceContent.RootFolder, &x) 47 | if err != nil { 48 | return err 49 | } 50 | if len(x.Name) == 0 { 51 | return errors.New("empty response") 52 | } 53 | return nil 54 | } 55 | 56 | // check cookie is valid with an sdk request 57 | if err := f(); err != nil { 58 | t.Fatal(err) 59 | } 60 | 61 | // check cookie is valid with a non-sdk request 62 | o.url.User = nil // turn off Basic auth 63 | o.url.Path = "/folder" 64 | r, err := c.Client.Get(o.url.String()) 65 | if err != nil { 66 | t.Fatal(err) 67 | } 68 | if r.StatusCode != http.StatusOK { 69 | t.Fatal(r) 70 | } 71 | 72 | // sdk request should fail w/o a valid cookie 73 | c.Client.Jar = nil 74 | if err := f(); err == nil { 75 | t.Fatal("should fail") 76 | } 77 | 78 | } 79 | -------------------------------------------------------------------------------- /pkg/util/retry.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "time" 21 | 22 | "k8s.io/apimachinery/pkg/util/wait" 23 | ) 24 | 25 | // DefaultRetry is the recommended retry for a conflict where multiple clients 26 | // are making changes to the same resource. 27 | var DefaultRetry = wait.Backoff{ 28 | Steps: 5, 29 | Duration: 10 * time.Millisecond, 30 | Factor: 1.0, 31 | Jitter: 0.1, 32 | } 33 | 34 | // DefaultBackoff is the recommended backoff for a conflict where a client 35 | // may be attempting to make an unrelated modification to a resource under 36 | // active management by one or more controllers. 37 | var DefaultBackoff = wait.Backoff{ 38 | Steps: 4, 39 | Duration: 10 * time.Millisecond, 40 | Factor: 5.0, 41 | Jitter: 0.1, 42 | } 43 | 44 | // RetryOnError allows the caller to retry fn in case the error returned by fn is retriable 45 | // according to the provided function. backoff defines the maximum retries and the wait 46 | // interval between two retries. 47 | func RetryOnError(backoff wait.Backoff, retriable func(error) bool, fn func() error) error { 48 | var lastErr error 49 | err := wait.ExponentialBackoff(backoff, func() (bool, error) { 50 | err := fn() 51 | switch { 52 | case err == nil: 53 | return true, nil 54 | case retriable(err): 55 | lastErr = err 56 | return false, nil 57 | default: 58 | return false, err 59 | } 60 | }) 61 | if err == wait.ErrWaitTimeout { 62 | err = lastErr 63 | } 64 | return err 65 | } 66 | -------------------------------------------------------------------------------- /hack/git-squash.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # This script is used to squash all commits of the branch. 18 | # Usage: "./hack/git-squash.sh " 19 | # Note: squash-branch and base-branch are optional, default to current branch and master branch 20 | 21 | set -o errexit 22 | set -o nounset 23 | set -o pipefail 24 | 25 | if [ -n "$(git status --porcelain)" ] 26 | then 27 | echo "git status wasn't clean, it's likely that there are changes not staged for commit - FAILED" 28 | exit 1 29 | fi 30 | 31 | red='\033[0;31m' 32 | green='\033[0;32m' 33 | color_off='\033[0m' 34 | 35 | function print_usage { 36 | echo "Usage:" 37 | echo " ./hack/git-squash.sh [squash-branch] [base-branch] \"commit-message\"" 38 | echo " base-branch defaults to 'master'" 39 | } 40 | 41 | if [[ $# -lt 1 || $# -gt 2 ]]; then 42 | echo 43 | echo -e "${red}Error${color_off} - Wrong number of arguments" 44 | echo 45 | print_usage 46 | echo 47 | exit 1 48 | fi 49 | 50 | current_branch=$(git rev-parse --abbrev-ref HEAD) 51 | 52 | if [[ $# -eq 1 ]]; then 53 | base_branch=master 54 | message=$1 55 | fi 56 | 57 | if [[ $# -eq 2 ]]; then 58 | base_branch=$1 59 | message=$2 60 | fi 61 | 62 | echo "Current branch: ${green}$current_branch${color_off}" 63 | echo "Base branch: ${green}$base_branch${color_off}" 64 | 65 | git reset "$(git merge-base "$base_branch" "$current_branch")" 66 | git add -A 67 | git commit -m "$message" 68 | -------------------------------------------------------------------------------- /pkg/nsxt/config/config_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "os" 21 | "strings" 22 | "testing" 23 | 24 | "github.com/stretchr/testify/assert" 25 | ) 26 | 27 | func TestFromEnv(t *testing.T) { 28 | cfg := &Config{} 29 | os.Setenv("NSXT_MANAGER_HOST", "nsxt-server") 30 | os.Setenv("NSXT_USERNAME", "admin") 31 | os.Setenv("NSXT_PASSWORD", "secret") 32 | os.Setenv("NSXT_ALLOW_UNVERIFIED_SSL", "false") 33 | os.Setenv("NSXT_CLIENT_AUTH_CERT_FILE", "client-cert") 34 | os.Setenv("NSXT_CLIENT_AUTH_KEY_FILE", "client-key") 35 | os.Setenv("NSXT_CA_FILE", "ca-cert") 36 | os.Setenv("NSXT_SECRET_NAME", "secret-name") 37 | os.Setenv("NSXT_SECRET_NAMESPACE", "secret-ns") 38 | 39 | err := cfg.FromEnv() 40 | if err != nil { 41 | t.Errorf("FromEnv failed: %s", err) 42 | } 43 | assert.Equal(t, "nsxt-server", cfg.Host) 44 | assert.Equal(t, "admin", cfg.User) 45 | assert.Equal(t, "secret", cfg.Password) 46 | assert.Equal(t, false, cfg.InsecureFlag) 47 | assert.Equal(t, "client-cert", cfg.ClientAuthCertFile) 48 | assert.Equal(t, "client-key", cfg.ClientAuthKeyFile) 49 | assert.Equal(t, "ca-cert", cfg.CAFile) 50 | assert.Equal(t, "secret-name", cfg.SecretName) 51 | assert.Equal(t, "secret-ns", cfg.SecretNamespace) 52 | 53 | clearNsxtEnv() 54 | } 55 | 56 | func clearNsxtEnv() { 57 | env := os.Environ() 58 | for _, pair := range env { 59 | if strings.HasPrefix(pair, "NSXT_") { 60 | i := strings.Index(pair, "=") 61 | os.Unsetenv(pair[:i]) 62 | } 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/config/types_common.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | vcfg "k8s.io/cloud-provider-vsphere/pkg/common/config" 21 | ) 22 | 23 | /* 24 | TODO: 25 | When the INI based cloud-config is deprecated. This file should be deleted and 26 | the structs in types_yaml.go will be renamed to replace the ones in this file. 27 | */ 28 | 29 | // Nodes captures internal/external networks 30 | type Nodes struct { 31 | // IP address on VirtualMachine's network interfaces included in the fields' CIDRs 32 | // that will be used in respective status.addresses fields. 33 | InternalNetworkSubnetCIDR string 34 | ExternalNetworkSubnetCIDR string 35 | // IP address on VirtualMachine's VM Network names that will be used to when searching 36 | // for status.addresses fields. Note that if InternalNetworkSubnetCIDR and 37 | // ExternalNetworkSubnetCIDR are not set, then the vNIC associated to this network must 38 | // only have a single IP address assigned to it. 39 | InternalVMNetworkName string 40 | ExternalVMNetworkName string 41 | // IP addresses in these subnet ranges will be excluded when selecting 42 | // the IP address from the VirtualMachine's VM for use in the 43 | // status.addresses fields. 44 | ExcludeInternalNetworkSubnetCIDR string 45 | ExcludeExternalNetworkSubnetCIDR string 46 | } 47 | 48 | // CPIConfig is used to read and store information (related only to the CPI) from the cloud configuration file 49 | type CPIConfig struct { 50 | vcfg.Config 51 | Nodes Nodes 52 | } 53 | -------------------------------------------------------------------------------- /pkg/common/kubernetes/kubernetes.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package kubernetes 18 | 19 | import ( 20 | "os" 21 | 22 | klog "k8s.io/klog/v2" 23 | 24 | clientset "k8s.io/client-go/kubernetes" 25 | restclient "k8s.io/client-go/rest" 26 | "k8s.io/client-go/tools/clientcmd" 27 | ) 28 | 29 | // NewClient creates a newk8s client based on a service account 30 | func NewClient(name string) (clientset.Interface, error) { 31 | kubecfgPath := os.Getenv(EnvKubeConfig) 32 | if kubecfgPath == "*" { 33 | kubecfgPath = DefaultKubeConfigPath 34 | } 35 | 36 | var config *restclient.Config 37 | if kubecfgPath != "" { 38 | klog.V(2).Info("k8s client using kubeconfig") 39 | var err error 40 | config, err = clientcmd.BuildConfigFromFlags("", kubecfgPath) 41 | if err != nil { 42 | klog.Errorf("BuildConfigFromFlags failed %q", err) 43 | return nil, err 44 | } 45 | } else { 46 | klog.V(2).Info("k8s client using in-cluster config") 47 | var err error 48 | config, err = restclient.InClusterConfig() 49 | if err != nil { 50 | klog.Errorf("InClusterConfig failed %q", err) 51 | return nil, err 52 | } 53 | } 54 | 55 | newConfig := restclient.AddUserAgent(config, name) 56 | 57 | return clientset.NewForConfig(newConfig) 58 | } 59 | 60 | // NewClientOrDie creates a newk8s client based on a service account 61 | func NewClientOrDie(name string) clientset.Interface { 62 | client, err := NewClient(name) 63 | if err != nil { 64 | klog.Fatalf("InClusterConfig failed %q", err) 65 | } 66 | 67 | return client 68 | } 69 | -------------------------------------------------------------------------------- /pkg/common/vclib/custom_errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vclib 18 | 19 | import "errors" 20 | 21 | // Error Messages 22 | const ( 23 | FileAlreadyExistErrMsg = "File requested already exist" 24 | NoDevicesFoundErrMsg = "No devices found" 25 | DiskNotFoundErrMsg = "No vSphere disk ID/Name found" 26 | InvalidVolumeOptionsErrMsg = "VolumeOptions verification failed" 27 | NoVMFoundErrMsg = "No VM found" 28 | MultipleVMsFoundErrMsg = "Multiple VMs found" 29 | NoZoneRegionFoundErrMsg = "Unable to find the Zone/Region pair" 30 | NoDatastoreFoundErrMsg = "Datastore not found" 31 | NoDatacenterFoundErrMsg = "Datacenter not found" 32 | NoDataStoreClustersFoundErrMsg = "No DatastoreClusters Found" 33 | ) 34 | 35 | // Error constants 36 | var ( 37 | ErrFileAlreadyExist = errors.New(FileAlreadyExistErrMsg) 38 | ErrNoDevicesFound = errors.New(NoDevicesFoundErrMsg) 39 | ErrNoDiskIDFound = errors.New(DiskNotFoundErrMsg) 40 | ErrInvalidVolumeOptions = errors.New(InvalidVolumeOptionsErrMsg) 41 | ErrNoVMFound = errors.New(NoVMFoundErrMsg) 42 | ErrMultipleVMsFound = errors.New(MultipleVMsFoundErrMsg) 43 | ErrNoZoneRegionFound = errors.New(NoZoneRegionFoundErrMsg) 44 | ErrNoDatastoreFound = errors.New(NoDatastoreFoundErrMsg) 45 | ErrNoDatacenterFound = errors.New(NoDatacenterFoundErrMsg) 46 | ErrNoDataStoreClustersFound = errors.New(NoDataStoreClustersFoundErrMsg) 47 | ) 48 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/informers/externalversions/nsxnetworking/v1alpha1/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | internalinterfaces "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/client/informers/externalversions/internalinterfaces" 23 | ) 24 | 25 | // Interface provides access to all the informers in this group version. 26 | type Interface interface { 27 | // IPPools returns a IPPoolInformer. 28 | IPPools() IPPoolInformer 29 | // RouteSets returns a RouteSetInformer. 30 | RouteSets() RouteSetInformer 31 | } 32 | 33 | type version struct { 34 | factory internalinterfaces.SharedInformerFactory 35 | namespace string 36 | tweakListOptions internalinterfaces.TweakListOptionsFunc 37 | } 38 | 39 | // New returns a new Interface. 40 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 41 | return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 42 | } 43 | 44 | // IPPools returns a IPPoolInformer. 45 | func (v *version) IPPools() IPPoolInformer { 46 | return &iPPoolInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 47 | } 48 | 49 | // RouteSets returns a RouteSetInformer. 50 | func (v *version) RouteSets() RouteSetInformer { 51 | return &routeSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 52 | } 53 | -------------------------------------------------------------------------------- /pkg/nsxt/config/types_yaml.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | /* 20 | TODO: 21 | When the INI based cloud-config is deprecated, this file should be renamed 22 | from types_yaml.go to types.go and the structs within this file should be named: 23 | 24 | NsxtConfigYAML -> NsxtConfig 25 | */ 26 | 27 | // NsxtConfigYAML is used to read and store information from the cloud configuration file 28 | type NsxtConfigYAML struct { 29 | NSXT NsxtYAML `yaml:"nsxt"` 30 | } 31 | 32 | // NsxtYAML contains the NSX-T specific configuration 33 | type NsxtYAML struct { 34 | // NSX-T username. 35 | User string `yaml:"user"` 36 | // NSX-T password in clear text. 37 | Password string `yaml:"password"` 38 | // NSX-T host. 39 | Host string `yaml:"host"` 40 | // InsecureFlag is to be set to true if NSX-T uses self-signed cert. 41 | InsecureFlag bool `yaml:"insecureFlag"` 42 | // RemoteAuth is to be set to true if NSX-T uses remote authentication (authentication done through the vIDM). 43 | RemoteAuth bool `yaml:"remoteAuth"` 44 | // SecretName is the secret name for NSX-T username and password 45 | SecretName string `yaml:"secretName"` 46 | // SecretNamespace is the secret namespace for NSX-T username and password 47 | SecretNamespace string `yaml:"secretNamespace"` 48 | 49 | VMCAccessToken string `yaml:"vmcAccessToken"` 50 | VMCAuthHost string `yaml:"vmcAuthHost"` 51 | ClientAuthCertFile string `yaml:"clientAuthCertFile"` 52 | ClientAuthKeyFile string `yaml:"clientAuthKeyFile"` 53 | CAFile string `yaml:"caFile"` 54 | } 55 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/vmservice/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vmservice 18 | 19 | import ( 20 | "context" 21 | 22 | v1 "k8s.io/api/core/v1" 23 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | "k8s.io/klog/v2/klogr" 25 | 26 | vmopv1 "github.com/vmware-tanzu/vm-operator/api/v1alpha2" 27 | vmop "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/vmoperator" 28 | ) 29 | 30 | var log = klogr.New().WithName("vmservice") 31 | 32 | // VMService is an interface for VirtualMachineService operations 33 | type VMService interface { 34 | GetVMServiceName(service *v1.Service, clusterName string) string 35 | Get(ctx context.Context, service *v1.Service, clusterName string) (*vmopv1.VirtualMachineService, error) 36 | Create(ctx context.Context, service *v1.Service, clusterName string) (*vmopv1.VirtualMachineService, error) 37 | CreateOrUpdate(ctx context.Context, service *v1.Service, clusterName string) (*vmopv1.VirtualMachineService, error) 38 | Update(ctx context.Context, service *v1.Service, clusterName string, vmService *vmopv1.VirtualMachineService) (*vmopv1.VirtualMachineService, error) 39 | Delete(ctx context.Context, service *v1.Service, clusterName string) error 40 | } 41 | 42 | // vmService takes care of mapping of LB type of service to VM service in supervisor cluster 43 | type vmService struct { 44 | vmClient vmop.Interface 45 | namespace string 46 | ownerReference *metav1.OwnerReference 47 | serviceAnnotationPropagationEnabled bool 48 | } 49 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/fake/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package fake 20 | 21 | import ( 22 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 | runtime "k8s.io/apimachinery/pkg/runtime" 24 | schema "k8s.io/apimachinery/pkg/runtime/schema" 25 | serializer "k8s.io/apimachinery/pkg/runtime/serializer" 26 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 27 | nsxv1alpha1 "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/apis/nsxnetworking/v1alpha1" 28 | ) 29 | 30 | var scheme = runtime.NewScheme() 31 | var codecs = serializer.NewCodecFactory(scheme) 32 | 33 | var localSchemeBuilder = runtime.SchemeBuilder{ 34 | nsxv1alpha1.AddToScheme, 35 | } 36 | 37 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition 38 | // of clientsets, like in: 39 | // 40 | // import ( 41 | // "k8s.io/client-go/kubernetes" 42 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme" 43 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" 44 | // ) 45 | // 46 | // kclientset, _ := kubernetes.NewForConfig(c) 47 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) 48 | // 49 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types 50 | // correctly. 51 | var AddToScheme = localSchemeBuilder.AddToScheme 52 | 53 | func init() { 54 | v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) 55 | utilruntime.Must(AddToScheme(scheme)) 56 | } 57 | -------------------------------------------------------------------------------- /hack/check-format.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Change directories to the parent directory of the one in which this 22 | # script is located. 23 | cd "$(dirname "${BASH_SOURCE[0]}")/.." 24 | 25 | # Ensure the temp out file is removed when this program exits. 26 | out="$(mktemp)" 27 | on_exit() { 28 | [ -z "${out}" ] || [ ! -e "${out}" ] || rm -f "${out}" 29 | } 30 | trap on_exit EXIT 31 | 32 | # Run goformat on all the sources. 33 | flags="-e -s -w" 34 | [ -z "${PROW_JOB_ID-}" ] || flags="-d ${flags}" 35 | eval "gofmt ${flags} ./cmd/ ./pkg/" | tee "${out}" 36 | 37 | # Check to see if there any suggestions. 38 | goformat_exit_code=0; test -z "$(head -n 1 "${out}")" || goformat_exit_code=1 39 | 40 | # Truncate the out file. 41 | rm -f "${out}" && touch "${out}" 42 | 43 | # Run goimports on all the sources. 44 | go get golang.org/x/tools/cmd/goimports 45 | go install golang.org/x/tools/cmd/goimports 46 | cmd=$(go list -f \{\{\.Target\}\} golang.org/x/tools/cmd/goimports) 47 | flags="-e -w" 48 | [ -z "${PROW_JOB_ID-}" ] || flags="-d ${flags}" 49 | eval "${cmd} ${flags} ./cmd/ ./pkg/" | tee "${out}" 50 | 51 | # Check to see if there any suggestions. 52 | goimports_exit_code=0; test -z "$(head -n 1 "${out}")" || goimports_exit_code=1 53 | 54 | # If running on Prow, exit with a non-zero code if either of the tests failed. 55 | if [ -n "${PROW_JOB_ID-}" ]; then 56 | [ "${goformat_exit_code}" -eq "0" ] || exit "${goformat_exit_code}" 57 | [ "${goimports_exit_code}" -eq "0" ] || exit "${goimports_exit_code}" 58 | fi 59 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/config/types_ini_legacy.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | vcfg "k8s.io/cloud-provider-vsphere/pkg/common/config" 21 | ) 22 | 23 | /* 24 | TODO: 25 | When the INI based cloud-config is deprecated. This file should be deleted. 26 | */ 27 | 28 | // NodesINI captures internal/external networks 29 | type NodesINI struct { 30 | // IP address on VirtualMachine's network interfaces included in the fields' CIDRs 31 | // that will be used in respective status.addresses fields. 32 | InternalNetworkSubnetCIDR string `gcfg:"internal-network-subnet-cidr"` 33 | ExternalNetworkSubnetCIDR string `gcfg:"external-network-subnet-cidr"` 34 | // IP address on VirtualMachine's VM Network names that will be used to when searching 35 | // for status.addresses fields. Note that if InternalNetworkSubnetCIDR and 36 | // ExternalNetworkSubnetCIDR are not set, then the vNIC associated to this network must 37 | // only have a single IP address assigned to it. 38 | InternalVMNetworkName string `gcfg:"internal-vm-network-name"` 39 | ExternalVMNetworkName string `gcfg:"external-vm-network-name"` 40 | // IP addresses in these subnet ranges will be excluded when selecting 41 | // the IP address from the VirtualMachine's VM for use in the 42 | // status.addresses fields. 43 | ExcludeInternalNetworkSubnetCIDR string `gcfg:"exclude-internal-network-subnet-cidr"` 44 | ExcludeExternalNetworkSubnetCIDR string `gcfg:"exclude-external-network-subnet-cidr"` 45 | } 46 | 47 | // CPIConfigINI is the INI representation 48 | type CPIConfigINI struct { 49 | vcfg.CommonConfigINI 50 | Nodes NodesINI 51 | } 52 | -------------------------------------------------------------------------------- /hack/kpromo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2024 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # ========== install kpromo ========== 22 | KPROMO_VER=v4.0.5 23 | KPROMO_PKG=sigs.k8s.io/promo-tools/v4/cmd/kpromo 24 | 25 | go install ${KPROMO_PKG}@${KPROMO_VER} 26 | 27 | KPROMO_BIN="$(go env GOPATH)/bin/kpromo" 28 | 29 | # ========== find user's fork ========== 30 | USER_FORK=${1:-} 31 | if [ -z "${USER_FORK}" ]; then 32 | # for git@github.com:/cloud-provider-vsphere.git style URLs 33 | USER_FORK=$(git config --get remote.origin.url | cut -d: -f2 | cut -d/ -f1) 34 | fi 35 | if [ -z "${USER_FORK}" ]; then 36 | # only works on https://github.com//cluster-api.git style URLs 37 | USER_FORK=$(git config --get remote.origin.url | cut -d/ -f4) 38 | fi 39 | 40 | # ========== extract all the reviewers ========== 41 | APPROVERS_URL="https://raw.githubusercontent.com/kubernetes/k8s.io/main/registry.k8s.io/images/k8s-staging-cloud-pv-vsphere/OWNERS" 42 | REVIEWERS_ARR=$(curl -sSL "${APPROVERS_URL}" | sed -n '/approvers:/,/^$/ {/^approvers:/!p;}' | sed 's/^- //g' | tr -s '\n' ) 43 | REVIEWERS=$(echo "${REVIEWERS_ARR}" | awk '{print "@" $0}' | tr '\n' ' ' ) 44 | 45 | # ========== git current tag ========== 46 | TAG=$(git describe --always) 47 | 48 | # ========== run kpromo command to sumbit PR ========== 49 | GCP_PROJECT=cloud-pv-vsphere 50 | IMAGE_NAME=cloud-provider-vsphere 51 | KPROMO_CMD="${KPROMO_BIN} pr --fork ${USER_FORK} --project ${GCP_PROJECT} --reviewers ${REVIEWERS} --tag ${TAG} --image ${IMAGE_NAME}" 52 | echo "Run KPROMO Command: ${KPROMO_CMD}" 53 | $KPROMO_CMD 54 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphereparavirtual/client/clientset/versioned/scheme/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package scheme 20 | 21 | import ( 22 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 | runtime "k8s.io/apimachinery/pkg/runtime" 24 | schema "k8s.io/apimachinery/pkg/runtime/schema" 25 | serializer "k8s.io/apimachinery/pkg/runtime/serializer" 26 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 27 | nsxv1alpha1 "k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual/apis/nsxnetworking/v1alpha1" 28 | ) 29 | 30 | var Scheme = runtime.NewScheme() 31 | var Codecs = serializer.NewCodecFactory(Scheme) 32 | var ParameterCodec = runtime.NewParameterCodec(Scheme) 33 | var localSchemeBuilder = runtime.SchemeBuilder{ 34 | nsxv1alpha1.AddToScheme, 35 | } 36 | 37 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition 38 | // of clientsets, like in: 39 | // 40 | // import ( 41 | // "k8s.io/client-go/kubernetes" 42 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme" 43 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" 44 | // ) 45 | // 46 | // kclientset, _ := kubernetes.NewForConfig(c) 47 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) 48 | // 49 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types 50 | // correctly. 51 | var AddToScheme = localSchemeBuilder.AddToScheme 52 | 53 | func init() { 54 | v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) 55 | utilruntime.Must(AddToScheme(Scheme)) 56 | } 57 | -------------------------------------------------------------------------------- /hack/update-codegen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # SCRIPT_ROOT: the directory in which this script is located 22 | SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 23 | # CODEGEN_PKG: the codegen package which we use to generate client code 24 | CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)} 25 | # ROOT_DIR: the root directory in which the apis are defined 26 | ROOT_DIR="k8s.io/cloud-provider-vsphere/pkg/cloudprovider/vsphereparavirtual" 27 | # CUSTOM_RESOURCE_PACKAGE: the name of the custom resource package that we are generating client code for 28 | CUSTOM_RESOURCE_PACKAGE="nsxnetworking" 29 | # CUSTOM_RESOURCE_VERSION: the version of the resource 30 | CUSTOM_RESOURCE_VERSION="v1alpha1" 31 | 32 | # emojis to make nice output 33 | printf "\xF0\x9F\x94\x8D\n" 34 | 35 | # generate the code with: 36 | # --output-base because this script should also be able to run inside the vendor dir of 37 | # k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir 38 | # instead of the $GOPATH directly. For normal projects this can be dropped. 39 | # This generates deepcopy, client, informer and lister for the resource package 40 | bash "${CODEGEN_PKG}"/generate-groups.sh all \ 41 | "${ROOT_DIR}"/client "${ROOT_DIR}"/apis \ 42 | "$CUSTOM_RESOURCE_PACKAGE:$CUSTOM_RESOURCE_VERSION" \ 43 | --output-base "$(dirname "${BASH_SOURCE[0]}")/../../.." \ 44 | --go-header-file "${SCRIPT_ROOT}"/hack/boilerplate.go.txt 45 | -------------------------------------------------------------------------------- /docs/book/concepts/vmware_vsphere_storage.md: -------------------------------------------------------------------------------- 1 | # VMware vSphere Storage Concepts 2 | 3 | vSphere provides a software-defined storage platform that integrates with block, file, and hyper-converged offerings such as [VMware vSAN](https://storagehub.vmware.com/t/vmware-vsan/). These storage offerings can be exposed as VMFS, NFS, vVols, or vSAN datastores. 4 | 5 | vSphere has enterprise grade features, such as [Storage Policy Based Management (SPBM)](https://www.youtube.com/watch?v=e0wkMPDvKPQ), that enable users to define performance, availability, and redundancy levels requested by their business critical applications and ensure compliance with these requirements. vSphere provides high availability and redundancy at a compute and data level for all workloads. 6 | 7 | A vSphere datastore is an abstraction that hides storage details, such as LUNs, and provides a uniform interface for storing persistent data. Datastores enable simplified storage management and data services for storage presented to vSphere. Depending on the backend storage, the datastores can be of one of the following types: vSAN, VMFS, NFS, and vVols. Volumes, or VMDKs, provisioned on top of the datastore are presented as block, or ReadWriteOnce, volumes to K8s pods. 8 | 9 | * vSAN is a software-defined enterprise storage solution that supports hyper-converged infrastructure (HCI) systems. vSAN aggregates local or direct-attached storage devices to create a single storage pool shared across all hosts in a vSAN cluster. 10 | * VMFS (Virtual Machine File System) is a cluster file system that allows virtualization to scale beyond a single node for multiple ESXi servers. VMFS increases resource utilization by providing multiple virtual machines with shared access to a pool of storage. 11 | * NFS (Network File System) is a distributed file protocol that ESXi hosts use to communicate with NAS storage over TCP/IP. ESXi hosts can mount an NFS datastore and use it to store and boot virtual machines. 12 | * vVols (Virtual Volumes) is an integration and management framework that virtualizes SAN and NAS arrays. It enables a more efficient operational model that is optimized for virtualized environments and centered on the application instead of the infrastructure. 13 | 14 | Both in-tree and out-of-tree solutions from VMware allow Kubernetes Pods to use enterprise grade persistent storage. 15 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/config/types_yaml.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | vcfg "k8s.io/cloud-provider-vsphere/pkg/common/config" 21 | ) 22 | 23 | /* 24 | TODO: 25 | When the INI based cloud-config is deprecated, this file should be renamed 26 | from types_yaml.go to types.go and the structs within this file should be named: 27 | 28 | ConfigYAML -> Config 29 | NodesYAML -> Nodes 30 | */ 31 | 32 | // NodesYAML captures internal/external networks 33 | type NodesYAML struct { 34 | // IP address on VirtualMachine's network interfaces included in the fields' CIDRs 35 | // that will be used in respective status.addresses fields. 36 | InternalNetworkSubnetCIDR string `yaml:"internalNetworkSubnetCidr"` 37 | ExternalNetworkSubnetCIDR string `yaml:"externalNetworkSubnetCidr"` 38 | // IP address on VirtualMachine's VM Network names that will be used to when searching 39 | // for status.addresses fields. Note that if InternalNetworkSubnetCIDR and 40 | // ExternalNetworkSubnetCIDR are not set, then the vNIC associated to this network must 41 | // only have a single IP address assigned to it. 42 | InternalVMNetworkName string `yaml:"internalVmNetworkName"` 43 | ExternalVMNetworkName string `yaml:"externalVmNetworkName"` 44 | // IP addresses in these subnet ranges will be excluded when selecting 45 | // the IP address from the VirtualMachine's VM for use in the 46 | // status.addresses fields. 47 | ExcludeInternalNetworkSubnetCIDR string `yaml:"excludeInternalNetworkSubnetCidr"` 48 | ExcludeExternalNetworkSubnetCIDR string `yaml:"excludeExternalNetworkSubnetCidr"` 49 | } 50 | 51 | // CPIConfigYAML is the YAML representation 52 | type CPIConfigYAML struct { 53 | vcfg.CommonConfigYAML 54 | Nodes NodesYAML 55 | } 56 | -------------------------------------------------------------------------------- /pkg/common/vclib/fixtures/createCerts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2018 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eu 18 | 19 | readonly VALID_DAYS='73000' 20 | readonly RSA_KEY_SIZE='4096' 21 | 22 | createKey() { 23 | openssl genrsa \ 24 | -out "$1" \ 25 | "$RSA_KEY_SIZE" 26 | } 27 | 28 | createCaCert() { 29 | openssl req \ 30 | -x509 \ 31 | -subj "$( getSubj 'someCA' )" \ 32 | -new \ 33 | -nodes \ 34 | -key "$2" \ 35 | -sha256 \ 36 | -days "$VALID_DAYS" \ 37 | -out "$1" 38 | } 39 | 40 | createCSR() { 41 | openssl req \ 42 | -new \ 43 | -sha256 \ 44 | -key "$2" \ 45 | -subj "$( getSubj 'localhost' )" \ 46 | -reqexts SAN \ 47 | -config <( getSANConfig ) \ 48 | -out "$1" 49 | } 50 | 51 | signCSR() { 52 | openssl x509 \ 53 | -req \ 54 | -in "$2" \ 55 | -CA "$3" \ 56 | -CAkey "$4" \ 57 | -CAcreateserial \ 58 | -days "$VALID_DAYS" \ 59 | -sha256 \ 60 | -extfile <( getSAN ) \ 61 | -out "$1" 62 | } 63 | 64 | getSubj() { 65 | local cn="${1:-someRandomCN}" 66 | echo "/C=US/ST=CA/O=Acme, Inc./CN=${cn}" 67 | } 68 | 69 | getSAN() { 70 | printf "subjectAltName=DNS:localhost,IP:127.0.0.1" 71 | } 72 | 73 | getSANConfig() { 74 | cat /etc/ssl/openssl.cnf 75 | printf '\n[SAN]\n' 76 | getSAN 77 | } 78 | 79 | main() { 80 | local caCertPath="./ca.pem" 81 | local caKeyPath="./ca.key" 82 | local serverCsrPath="./server.csr" 83 | local serverCertPath="./server.pem" 84 | local serverKeyPath="./server.key" 85 | 86 | createKey "$caKeyPath" 87 | createCaCert "$caCertPath" "$caKeyPath" 88 | createKey "$serverKeyPath" 89 | createCSR "$serverCsrPath" "$serverKeyPath" 90 | signCSR "$serverCertPath" "$serverCsrPath" "$caCertPath" "$caKeyPath" 91 | } 92 | 93 | main "$@" 94 | -------------------------------------------------------------------------------- /manifests/controller-manager/vsphere-cloud-controller-manager-ds.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: cloud-controller-manager 6 | namespace: kube-system 7 | --- 8 | apiVersion: apps/v1 9 | kind: DaemonSet 10 | metadata: 11 | annotations: 12 | scheduler.alpha.kubernetes.io/critical-pod: "" 13 | labels: 14 | component: cloud-controller-manager 15 | tier: control-plane 16 | k8s-app: vsphere-cloud-controller-manager 17 | name: vsphere-cloud-controller-manager 18 | namespace: kube-system 19 | spec: 20 | selector: 21 | matchLabels: 22 | k8s-app: vsphere-cloud-controller-manager 23 | updateStrategy: 24 | type: RollingUpdate 25 | template: 26 | metadata: 27 | labels: 28 | k8s-app: vsphere-cloud-controller-manager 29 | spec: 30 | nodeSelector: 31 | node-role.kubernetes.io/master: "" 32 | securityContext: 33 | runAsUser: 1001 34 | tolerations: 35 | - key: node.cloudprovider.kubernetes.io/uninitialized 36 | value: "true" 37 | effect: NoSchedule 38 | - key: node-role.kubernetes.io/master 39 | effect: NoSchedule 40 | - key: node.kubernetes.io/not-ready 41 | effect: NoSchedule 42 | operator: Exists 43 | serviceAccountName: cloud-controller-manager 44 | containers: 45 | - name: vsphere-cloud-controller-manager 46 | image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.35.0 47 | args: 48 | - --v=2 49 | - --cloud-provider=vsphere 50 | - --cloud-config=/etc/cloud/vsphere.conf 51 | volumeMounts: 52 | - mountPath: /etc/cloud 53 | name: vsphere-config-volume 54 | readOnly: true 55 | resources: 56 | requests: 57 | cpu: 200m 58 | hostNetwork: true 59 | volumes: 60 | - name: vsphere-config-volume 61 | configMap: 62 | name: cloud-config 63 | --- 64 | apiVersion: v1 65 | kind: Service 66 | metadata: 67 | labels: 68 | component: cloud-controller-manager 69 | name: vsphere-cloud-controller-manager 70 | namespace: kube-system 71 | spec: 72 | type: NodePort 73 | ports: 74 | - port: 43001 75 | protocol: TCP 76 | targetPort: 43001 77 | selector: 78 | component: cloud-controller-manager 79 | -------------------------------------------------------------------------------- /pkg/cloudprovider/vsphere/route/config/config_ini_legacy.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "errors" 21 | "fmt" 22 | 23 | "gopkg.in/gcfg.v1" 24 | ) 25 | 26 | /* 27 | TODO: 28 | When the INI based cloud-config is deprecated. This file should be deleted. 29 | */ 30 | 31 | // CreateConfig generates a common Config object based on what other structs and funcs 32 | // are already dependent upon in other packages. 33 | func (rci *RouteConfigINI) CreateConfig() *Config { 34 | cfg := &Config{} 35 | cfg.Route.RouterPath = rci.Route.RouterPath 36 | return cfg 37 | } 38 | 39 | func (rci *RouteConfigINI) validateConfig() error { 40 | if rci.Route.RouterPath == "" { 41 | return errors.New("router path is required") 42 | } 43 | return nil 44 | } 45 | 46 | // CompleteAndValidate sets default values, overrides by env and validates the resulting config 47 | func (rci *RouteConfigINI) CompleteAndValidate() error { 48 | return rci.validateConfig() 49 | } 50 | 51 | // ReadRawConfigINI parses vSphere cloud config file and stores it into ConfigINI 52 | func ReadRawConfigINI(configData []byte) (*RouteConfigINI, error) { 53 | if len(configData) == 0 { 54 | return nil, fmt.Errorf("Invalid INI file") 55 | } 56 | 57 | cfg := &RouteConfigINI{} 58 | 59 | if err := gcfg.FatalOnly(gcfg.ReadStringInto(cfg, string(configData))); err != nil { 60 | return nil, err 61 | } 62 | 63 | err := cfg.CompleteAndValidate() 64 | if err != nil { 65 | return nil, err 66 | } 67 | return cfg, nil 68 | } 69 | 70 | // ReadConfigINI parses vSphere cloud config file and stores it into Config 71 | func ReadConfigINI(configData []byte) (*Config, error) { 72 | cfg, err := ReadRawConfigINI(configData) 73 | if err != nil { 74 | return nil, err 75 | } 76 | 77 | return cfg.CreateConfig(), nil 78 | } 79 | --------------------------------------------------------------------------------