forked from gardener/machine-controller-manager-provider-gcp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprovider_spec.go
More file actions
369 lines (317 loc) · 14.9 KB
/
provider_spec.go
File metadata and controls
369 lines (317 loc) · 14.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
const (
// GCPServiceAccountJSON is a constant for a key name that is part of the GCP cloud credentials.
GCPServiceAccountJSON = "serviceAccountJSON"
// GCPAlternativeServiceAccountJSON is a constant for a key name of a secret containing the GCP credentials (service
// account json).
GCPAlternativeServiceAccountJSON = "serviceaccount.json"
// GCPCredentialsConfig is a constant for a key name of a secret containing the GCP credentials configuration.
GCPCredentialsConfig = "credentialsConfig"
// GCPDiskTypeScratch is the SCRATCH disk type
GCPDiskTypeScratch = "SCRATCH"
// GCPDiskTypePersistent is the PERSISTENT disk type
GCPDiskTypePersistent = "PERSISTENT"
// GCPDiskInterfaceNVME is the NVME disk interface
GCPDiskInterfaceNVME = "NVME"
// GCPDiskInterfaceSCSI is the SCSI disk interface
GCPDiskInterfaceSCSI = "SCSI"
)
// +genclient
// GCPProviderSpec contains the fields of
// provider spec that the plugin expects
type GCPProviderSpec struct {
// APIVersion refers to the APIVersion of the object
APIVersion string
// CanIpForward: Allows this instance to send and receive packets with
// non-matching destination or source IPs. This is required if you plan
// to use this instance to forward routes. For more information, see
// Enabling IP Forwarding.
CanIPForward bool `json:"canIpForward"`
// DeletionProtection: Whether the resource should be protected against
// deletion.
DeletionProtection bool `json:"deletionProtection"`
// Description: An optional description of this resource. Provide this
// property when you create the resource.
Description *string `json:"description,omitempty"`
// Disks: Array of disks associated with this instance. Persistent disks
// must be created before you can assign them.
Disks []*GCPDisk `json:"disks,omitempty"`
// Gpu: Configurations related to GPU which would be attached to the instance. Enough
// Quota of the particular GPU should be available.
Gpu *GCPGpu `json:"gpu,omitempty"`
// Labels: Labels to apply to this instance.
Labels map[string]string `json:"labels,omitempty"`
// MachineType: Full or partial URL of the machine type resource to use
// for this instance, in the format:
// zones/zone/machineTypes/machine-type. This is provided by the client
// when the instance is created. For example, the following is a valid
// partial url to a predefined machine
// type:
// zones/us-central1-f/machineTypes/n1-standard-1
//
//
// To create a custom machine type, provide a URL to a machine type in
// the following format, where CPUS is 1 or an even number up to 32 (2,
// 4, 6, ... 24, etc), and MEMORY is the total memory for this instance.
// Memory must be a multiple of 256 MB and must be supplied in MB (e.g.
// 5 GB of memory is 5120
// MB):
// zones/zone/machineTypes/custom-CPUS-MEMORY
//
//
// For example: zones/us-central1-f/machineTypes/custom-4-5120
//
// For a full list of restrictions, read the Specifications for custom
// machine types.
MachineType string `json:"machineType"`
// Metadata: The metadata key/value pairs assigned to this instance.
// This includes custom metadata and predefined keys.
Metadata []*GCPMetadata `json:"metadata,omitempty"`
// MinCpuPlatform: The name of the minimum CPU platform that is requested
// for this instance.
MinCPUPlatform string `json:"minCpuPlatform,omitempty"`
// NetworkInterfaces: An array of network configurations for this
// instance. These specify how interfaces are configured to interact
// with other network services, such as connecting to the internet.
// Multiple interfaces are supported per instance.
NetworkInterfaces []*GCPNetworkInterface `json:"networkInterfaces,omitempty"`
// Region: in which instance is to be deployed
Region string `json:"region"`
// Scheduling: Sets the scheduling options for this instance.
Scheduling GCPScheduling `json:"scheduling"`
// ServiceAccounts: A list of service accounts, with their specified
// scopes, authorized for this instance. Only one service account per VM
// instance is supported.
//
// Service accounts generate access tokens that can be accessed through
// the metadata server and used to authenticate applications on the
// instance. See Service Accounts for more information.
ServiceAccounts []GCPServiceAccount `json:"serviceAccounts"`
// Tags: to be placed on the VM
// +optional
Tags []string `json:"tags,omitempty"`
// Zone: in which instance is to be deployed
Zone string `json:"zone"`
// ShieldedInstanceConfiguration is a shielded instance configuration
// +optional
ShieldedInstanceConfiguration *ShieldedInstanceConfiguration `json:"shieldedInstanceConfiguration,omitempty"`
}
// ShieldedInstanceConfiguration describes the shielded instance configuration for GCE VMs
type ShieldedInstanceConfiguration struct {
// IntegrityMonitoring enables integrity monitoring
// +optional
IntegrityMonitoring *bool `json:"integrityMonitoring,omitempty"`
// SecureBoot enables secure boot
// +optional
SecureBoot *bool `json:"secureBoot,omitempty"`
// Vtpm enables vTPM
// +optional
Vtpm *bool `json:"vtpm,omitempty"`
}
// GCPDisk describes disks for GCP.
type GCPDisk struct {
// AutoDelete: Specifies whether the disk will be auto-deleted when the
// instance is deleted (but not when the disk is detached from the
// instance).
AutoDelete *bool `json:"autoDelete"`
// Boot: Indicates that this is a boot disk. The virtual machine will
// use the first partition of the disk for its root filesystem.
Boot bool `json:"boot"`
// SizeGb: Specifies the size of the disk in base-2 GB.
SizeGb int64 `json:"sizeGb"`
// Type: Specifies the disk type to use to create the instance. If
// not specified, the default is pd-standard, specified using the full
// URL. For
// example:
// https://www.googleapis.com/compute/v1/projects/project/zones/
// zone/diskTypes/pd-standard
//
//
// Other values include pd-ssd and local-ssd. If you define this field,
// you can provide either the full or partial URL. For example, the
// following are valid values:
// - https://www.googleapis.com/compute/v1/projects/project/zones/zone/diskTypes/diskType
// - projects/project/zones/zone/diskTypes/diskType
// - zones/zone/diskTypes/diskType Note that for InstanceTemplate, this
// is the name of the disk type, not URL.
// If you use "SCRATCH" as the value, it is defaulted to local-ssd
Type string `json:"type"`
// Interface: Specifies the disk interface to use for attaching this
// disk, which is either SCSI or NVME. The default is SCSI. Persistent
// disks must always use SCSI and the request will fail if you attempt
// to attach a persistent disk in any other format than SCSI. Local SSDs
// can use either NVME or SCSI. For performance characteristics of SCSI
// over NVMe, see Local SSD performance.
//
// Possible values:
// "NVME"
// "SCSI"
// This is only applied when the disk type is "SCRATCH" currently
Interface string `json:"interface"`
// Image: The source image to create this disk. When creating a
// new instance, one of initializeParams.sourceImage or disks.source is
// required except for local SSD.
//
// To create a disk with one of the public operating system images,
// specify the image by its family name. For example, specify
// family/debian-9 to use the latest Debian 9
// image:
// projects/debian-cloud/global/images/family/debian-9
//
//
// Alternatively, use a specific version of a public operating system
// image:
// projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD
//
//
//
// To create a disk with a custom image that you created, specify the
// image name in the following
// format:
// global/images/my-custom-image
//
//
// You can also specify a custom image by its image family, which
// returns the latest version of the image in that family. Replace the
// image name with
// family/family-name:
// global/images/family/my-image-family
//
//
// If the source image is deleted later, this field will not be set.
Image string `json:"image"`
// Encryption: Encryption details for this disk
Encryption *GCPDiskEncryption `json:"encryption"`
// Labels: Labels to apply to this disk. These can be later modified by
// the disks.setLabels method. This field is only applicable for
// persistent disks.
Labels map[string]string `json:"labels"`
// ProvisionedIops of disk to create.
// Only for use with disks of type pd-extreme and hyperdisk-extreme.
// The IOPS must be specified within defined limits
// the value zero will be omitted from the request because GCP client
// will not write any "empty" values to the request
ProvisionedIops int64 `json:"provisionedIops,omitempty"`
// ProvisionedThroughput of disk to create.
// Only for hyperdisk-balanced or hyperdisk-throughput volumes,
// measured in MiB per second, that the disk can handle.
// The throughput must be specified within defined limits
// the value zero will be omitted from the request because GCP client
// will not write any "empty" values to the request
ProvisionedThroughput int64 `json:"provisionedThroughput,omitempty"`
// StoragePool in which the new disk is created.
// You can provide this as a partial or full URL to the resource. For example
// https://www.googleapis.com/compute/v1/projects/project/zones/zone
StoragePool string `json:"storagePool,omitempty"`
}
// GCPDiskEncryption holds references to encryption data
type GCPDiskEncryption struct {
// KmsKeyName: key name of the cloud kms disk encryption key. Not optional
KmsKeyName string `json:"kmsKeyName"`
// KmsKeyServiceAccount: The service account granted the `roles/cloudkms.cryptoKeyEncrypterDecrypter` for the key name.
// If empty, then the role should be given to the Compute Engine Service Agent Account. This usually has the format
// service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com. See: https://cloud.google.com/iam/docs/service-agents#compute-engine-service-agent
// One can add IAM roles using the gcloud CLI:
// gcloud projects add-iam-policy-binding projectId --member
// serviceAccount:name@projectIdgserviceaccount.com --role roles/cloudkms.cryptoKeyEncrypterDecrypter
KmsKeyServiceAccount string `json:"kmsKeyServiceAccount"`
}
// GCPMetadata describes metadata for GCP.
type GCPMetadata struct {
// Key: Key for the metadata entry. Keys must conform to the following
// regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is
// reflected as part of a URL in the metadata server. Additionally, to
// avoid ambiguity, keys must not conflict with any other metadata keys
// for the project.
Key string `json:"key"`
// Value: Value for the metadata entry. These are free-form strings, and
// only have meaning as interpreted by the image running in the
// instance. The only restriction placed on values is that their size
// must be less than or equal to 262144 bytes (256 KiB).
Value *string `json:"value"`
}
// GCPNetworkInterface describes network interfaces for GCP
type GCPNetworkInterface struct {
// DisableExternalIP: is false, implies Attach an external IP to VM
DisableExternalIP bool `json:"disableExternalIP,omitempty"`
// Network: URL of the network resource for this instance. When creating
// an instance, if neither the network nor the subnetwork is specified,
// the default network global/networks/default is used; if the network
// is not specified but the subnetwork is specified, the network is
// inferred.
//
// This field is optional when creating a firewall rule. If not
// specified when creating a firewall rule, the default network
// global/networks/default is used.
//
// If you specify this property, you can specify the network as a full
// or partial URL. For example, the following are all valid URLs:
// - https://www.googleapis.com/compute/v1/projects/project/global/networks/network
// - projects/project/global/networks/network
// - global/networks/default
Network string `json:"network,omitempty"`
// Subnetwork: The URL of the Subnetwork resource for this instance. If
// the network resource is in legacy mode, do not provide this property.
// If the network is in auto subnet mode, providing the subnetwork is
// optional. If the network is in custom subnet mode, then this field
// should be specified. If you specify this property, you can specify
// the subnetwork as a full or partial URL. For example, the following
// are all valid URLs:
// - https://www.googleapis.com/compute/v1/projects/project/regions/region/subnetworks/subnetwork
// - regions/region/subnetworks/subnetwork
Subnetwork string `json:"subnetwork,omitempty"`
// StackType specifies the network stack type, such as IPV4_ONLY or IPV4_IPV6,
// to indicate the protocol version(s) supported for this network.
StackType string `json:"stackType"`
// Ipv6AccessType defines the type of IPv6 access enabled, such as
// "INTERNAL" or "EXTERNAL", to control IPv6 connectivity.
Ipv6AccessType string `json:"ipv6accessType"`
// IpCidrRange represents the mask size of the secondary range in a GCP subnet,
// which will be allocated and used by the virtual machines for internal networking.
IpCidrRange string `json:"ipCidrRange"`
// SubnetworkRangeName specifies the secondary IPv4 range in the subnetwork,
// which will serve as the IPv4 Pod CIDR for the dual-stack shoot cluster.
SubnetworkRangeName string `json:"subnetworkRangeName"`
}
// GCPScheduling describes scheduling configuration for GCP.
type GCPScheduling struct {
// AutomaticRestart: Specifies whether the instance should be
// automatically restarted if it is terminated by Compute Engine (not
// terminated by a user). You can only set the automatic restart option
// for standard instances. Preemptible instances cannot be automatically
// restarted.
//
// By default, this is set to true so an instance is automatically
// restarted if it is terminated by Compute Engine.
AutomaticRestart bool `json:"automaticRestart"`
// OnHostMaintenance: Defines the maintenance behavior for this
// instance. For standard instances, the default behavior is MIGRATE.
// For preemptible instances, the default and only possible behavior is
// TERMINATE. For more information, see Setting Instance Scheduling
// Options.
//
// Possible values:
// "MIGRATE"
// "TERMINATE"
OnHostMaintenance string `json:"onHostMaintenance"`
// Preemptible: Defines whether the instance is preemptible. This can
// only be set during instance creation, it cannot be set or changed
// after the instance has been created.
Preemptible bool `json:"preemptible"`
}
// GCPServiceAccount describes service accounts for GCP.
type GCPServiceAccount struct {
// Email: Email address of the service account.
Email string `json:"email"`
// Scopes: The list of scopes to be made available for this service
// account.
Scopes []string `json:"scopes"`
}
// GCPGpu describes gpu configurations for GCP
type GCPGpu struct {
AcceleratorType string `json:"acceleratorType"`
Count int64 `json:"count"`
}