Skip to content

WIP: Nutanix platform passthrough #432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
yannickstruyf3 wants to merge 2 commits into from
Closed

WIP: Nutanix platform passthrough #432

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b9c18d5
Added Nutanix passthrough to cloud-credential-operator
yannickstruyf3 Dec 10, 2021
e7220c4
Adding autogenerated code changes
yannickstruyf3 Dec 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ instance roles)

# Cloud Providers

Currently the operator supports AWS, Azure, GCP, KubeVirt, OpenStack. oVirt and VMWare.
Currently the operator supports AWS, Azure, GCP, KubeVirt, OpenStack, oVirt, Nutanix and VMWare.

## Credentials Root Secret Formats

Expand Down Expand Up @@ -125,6 +125,21 @@ data:
{{VCenter.password}}: Base64encodePassword
```

### Nutanix

```yaml
apiVersion: v1
kind: Secret
metadata:
namespace: kube-system
name: nutanix-credentials
data:
NUTANIX_ENDPOINT: Base64encodeEndpoint
NUTANIX_PORT: Base64encodePort
NUTANIX_USER: Base64encodeUsername
NUTANIX_PASSWORD: Base64encodePassword
```

Source of templates:
* https://github.com/openshift/installer/blob/master/data/data/manifests/openshift/cloud-creds-secret.yaml.template

Expand Down Expand Up @@ -174,7 +189,7 @@ Cons:
* Credential permissions may need to be manually updated prior to any upgrade.
* Each component has permissions used by all other components.

Supported clouds: AWS, GCP, Azure, VMWare, OpenStack, oVirt, KubeVirt
Supported clouds: AWS, GCP, Azure, VMWare, OpenStack, oVirt, KubeVirt, Nutanix

## 3. Manual Credentials Management

Expand Down
286 changes: 127 additions & 159 deletions bindata/bootstrap/cloudcredential_v1_operator_config_custresdef.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,174 +1,142 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cloudcredentials.operator.openshift.io
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/692
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: cloudcredentials.operator.openshift.io
spec:
scope: Cluster
group: operator.openshift.io
names:
kind: CloudCredential
listKind: CloudCredentialList
plural: cloudcredentials
singular: cloudcredential
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: CloudCredential provides a means to configure an operator to
manage CredentialsRequests.
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CloudCredentialSpec is the specification of the desired behavior
of the cloud-credential-operator.
type: object
properties:
credentialsMode:
description: CredentialsMode allows informing CCO that it should not
attempt to dynamically determine the root cloud credentials capabilities,
and it should just run in the specified mode. It also allows putting
the operator into "manual" mode if desired. Leaving the field in
default mode runs CCO so that the cluster's cloud credentials will
be dynamically probed for capabilities (on supported clouds/platforms).
type: string
enum:
- ""
- Manual
- Mint
- Passthrough
logLevel:
description: "logLevel is an intent based logging for an overall component.
\ It does not give fine grained control, but it is a simple way
to manage coarse grained logging choices that operators have to
interpret for their operands. \n Valid values are: \"Normal\", \"Debug\",
\"Trace\", \"TraceAll\". Defaults to \"Normal\"."
type: string
default: Normal
enum:
- ""
- Normal
- Debug
- Trace
- TraceAll
managementState:
description: managementState indicates whether and how the operator
should manage the component
type: string
pattern: ^(Managed|Unmanaged|Force|Removed)$
observedConfig:
description: observedConfig holds a sparse config that controller
has observed from the cluster state. It exists in spec because
it is an input to the level for the operator
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
operatorLogLevel:
description: "operatorLogLevel is an intent based logging for the
operator itself. It does not give fine grained control, but it
is a simple way to manage coarse grained logging choices that operators
have to interpret for themselves. \n Valid values are: \"Normal\",
\"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
type: string
default: Normal
enum:
- ""
- Normal
- Debug
- Trace
- TraceAll
unsupportedConfigOverrides:
description: 'unsupportedConfigOverrides holds a sparse config that
will override any previously set options. It only needs to be the
fields to override it will end up overlaying in the following order:
1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides'
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
status:
description: CloudCredentialStatus defines the observed status of the
cloud-credential-operator.
type: object
properties:
conditions:
description: conditions is a list of conditions and their status
type: array
items:
description: OperatorCondition is just the standard condition fields.
- name: v1
schema:
openAPIV3Schema:
description: "CloudCredential provides a means to configure an operator to manage CredentialsRequests. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.
type: object
properties:
credentialsMode:
description: 'CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into "manual" mode if desired. Leaving the field in default mode runs CCO so that the cluster''s cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" Others: Do not set value as other platforms only support running in "Passthrough"'
type: string
enum:
- ""
- Manual
- Mint
- Passthrough
logLevel:
description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
type: string
default: Normal
enum:
- ""
- Normal
- Debug
- Trace
- TraceAll
managementState:
description: managementState indicates whether and how the operator should manage the component
type: string
pattern: ^(Managed|Unmanaged|Force|Removed)$
observedConfig:
description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator
type: object
properties:
lastTransitionTime:
type: string
format: date-time
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
generations:
description: generations are used to determine when an item needs
to be reconciled or has changed in a way that needs a reaction.
type: array
items:
description: GenerationStatus keeps track of the generation for
a given resource so that decisions about forced updates can be
made.
nullable: true
x-kubernetes-preserve-unknown-fields: true
operatorLogLevel:
description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
type: string
default: Normal
enum:
- ""
- Normal
- Debug
- Trace
- TraceAll
unsupportedConfigOverrides:
description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides'
type: object
properties:
group:
description: group is the group of the thing you're tracking
type: string
hash:
description: hash is an optional field set for resources without
generation that are content sensitive like secrets and configmaps
type: string
lastGeneration:
description: lastGeneration is the last generation of the workload
controller involved
type: integer
format: int64
name:
description: name is the name of the thing you're tracking
type: string
namespace:
description: namespace is where the thing you're tracking is
type: string
resource:
description: resource is the resource type of the thing you're
tracking
type: string
observedGeneration:
description: observedGeneration is the last generation change you've
dealt with
type: integer
format: int64
readyReplicas:
description: readyReplicas indicates how many replicas are ready and
at the desired state
type: integer
format: int32
version:
description: version is the level this availability applies to
type: string
nullable: true
x-kubernetes-preserve-unknown-fields: true
status:
description: CloudCredentialStatus defines the observed status of the cloud-credential-operator.
type: object
properties:
conditions:
description: conditions is a list of conditions and their status
type: array
items:
description: OperatorCondition is just the standard condition fields.
type: object
properties:
lastTransitionTime:
type: string
format: date-time
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
generations:
description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
type: array
items:
description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
type: object
properties:
group:
description: group is the group of the thing you're tracking
type: string
hash:
description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps
type: string
lastGeneration:
description: lastGeneration is the last generation of the workload controller involved
type: integer
format: int64
name:
description: name is the name of the thing you're tracking
type: string
namespace:
description: namespace is where the thing you're tracking is
type: string
resource:
description: resource is the resource type of the thing you're tracking
type: string
observedGeneration:
description: observedGeneration is the last generation change you've dealt with
type: integer
format: int64
readyReplicas:
description: readyReplicas indicates how many replicas are ready and at the desired state
type: integer
format: int32
version:
description: version is the level this availability applies to
type: string
served: true
storage: true
subresources:
status: {}
Loading