k8c.io/api/v3@v3.0.0-20230904060738-b0a93889c0b6/pkg/apis/ee.kubermatic/v1/preset.go (about) 1 /* 2 Copyright 2023 The Kubermatic Kubernetes Platform contributors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1 18 19 import ( 20 kubermaticv1 "k8c.io/api/v3/pkg/apis/kubermatic/v1" 21 22 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 ) 24 25 // +kubebuilder:object:generate=true 26 // +kubebuilder:object:root=true 27 // +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name="Age",type="date" 28 29 // PresetList is the type representing a PresetList. 30 type PresetList struct { 31 metav1.TypeMeta `json:",inline"` 32 metav1.ListMeta `json:"metadata,omitempty"` 33 34 // List of presets 35 Items []Preset `json:"items"` 36 } 37 38 // +genclient 39 // +kubebuilder:resource:scope=Cluster 40 // +kubebuilder:object:generate=true 41 // +kubebuilder:object:root=true 42 43 // Presets are preconfigured cloud provider credentials that can be applied 44 // to new clusters. This frees end users from having to know the actual 45 // credentials used for their clusters. 46 type Preset struct { 47 metav1.TypeMeta `json:",inline"` 48 metav1.ObjectMeta `json:"metadata,omitempty"` 49 50 Spec PresetSpec `json:"spec"` 51 } 52 53 // Presets specifies default presets for supported providers. 54 type PresetSpec struct { 55 Digitalocean *DigitaloceanPreset `json:"digitalocean,omitempty"` 56 Hetzner *HetznerPreset `json:"hetzner,omitempty"` 57 Azure *AzurePreset `json:"azure,omitempty"` 58 VSphere *VSpherePreset `json:"vsphere,omitempty"` 59 AWS *AWSPreset `json:"aws,omitempty"` 60 OpenStack *OpenStackPreset `json:"openstack,omitempty"` 61 Packet *PacketPreset `json:"packet,omitempty"` 62 GCP *GCPPreset `json:"gcp,omitempty"` 63 KubeVirt *KubeVirtPreset `json:"kubevirt,omitempty"` 64 Alibaba *AlibabaPreset `json:"alibaba,omitempty"` 65 Anexia *AnexiaPreset `json:"anexia,omitempty"` 66 Nutanix *NutanixPreset `json:"nutanix,omitempty"` 67 VMwareCloudDirector *VMwareCloudDirectorPreset `json:"vmwareclouddirector,omitempty"` 68 GKE *GKEPreset `json:"gke,omitempty"` 69 EKS *EKSPreset `json:"eks,omitempty"` 70 AKS *AKSPreset `json:"aks,omitempty"` 71 72 Fake *FakePreset `json:"fake,omitempty"` 73 74 // RequiredEmails is a list of e-mail addresses that this presets should 75 // be restricted to. Each item in the list can be either a full e-mail 76 // address or just a domain name. This restriction is only enforced in the 77 // KKP API. 78 RequiredEmails []string `json:"requiredEmails,omitempty"` 79 80 // Projects is a list of project IDs that this preset is limited to. 81 Projects []string `json:"projects,omitempty"` 82 83 // Only enabled presets will be available in the KKP dashboard. 84 Enabled *bool `json:"enabled,omitempty"` 85 } 86 87 type ProviderPreset struct { 88 // Only enabled presets will be available in the KKP dashboard. 89 Enabled *bool `json:"enabled,omitempty"` 90 // If datacenter is set, this preset is only applicable to the 91 // configured datacenter. 92 Datacenter string `json:"datacenter,omitempty"` 93 } 94 95 type DigitaloceanPreset struct { 96 ProviderPreset `json:",inline"` 97 98 // Token is used to authenticate with the DigitalOcean API. 99 Token string `json:"token"` 100 } 101 102 func (s DigitaloceanPreset) IsValid() bool { 103 return len(s.Token) > 0 104 } 105 106 type HetznerPreset struct { 107 ProviderPreset `json:",inline"` 108 109 // Token is used to authenticate with the Hetzner API. 110 Token string `json:"token"` 111 112 // Network is the pre-existing Hetzner network in which the machines are running. 113 // While machines can be in multiple networks, a single one must be chosen for the 114 // HCloud CCM to work. 115 // If this is empty, the network configured on the datacenter will be used. 116 Network string `json:"network,omitempty"` 117 } 118 119 func (s HetznerPreset) IsValid() bool { 120 return len(s.Token) > 0 121 } 122 123 type AzurePreset struct { 124 ProviderPreset `json:",inline"` 125 126 TenantID string `json:"tenantID"` 127 SubscriptionID string `json:"subscriptionID"` 128 ClientID string `json:"clientID"` 129 ClientSecret string `json:"clientSecret"` 130 131 ResourceGroup string `json:"resourceGroup,omitempty"` 132 VNetResourceGroup string `json:"vnetResourceGroup,omitempty"` 133 VNetName string `json:"vnet,omitempty"` 134 SubnetName string `json:"subnet,omitempty"` 135 RouteTableName string `json:"routeTable,omitempty"` 136 SecurityGroup string `json:"securityGroup,omitempty"` 137 // LoadBalancerSKU sets the LB type that will be used for the Azure cluster; 138 // if empty, "basic" will be used. 139 LoadBalancerSKU kubermaticv1.AzureLBSKU `json:"loadBalancerSKU"` //nolint:tagliatelle 140 } 141 142 func (s AzurePreset) IsValid() bool { 143 return len(s.TenantID) > 0 && 144 len(s.SubscriptionID) > 0 && 145 len(s.ClientID) > 0 && 146 len(s.ClientSecret) > 0 147 } 148 149 type VSpherePreset struct { 150 ProviderPreset `json:",inline"` 151 152 Username string `json:"username"` 153 Password string `json:"password"` 154 155 VMNetName string `json:"vmNetName,omitempty"` 156 Datastore string `json:"datastore,omitempty"` 157 DatastoreCluster string `json:"datastoreCluster,omitempty"` 158 ResourcePool string `json:"resourcePool,omitempty"` 159 } 160 161 func (s VSpherePreset) IsValid() bool { 162 return len(s.Username) > 0 && len(s.Password) > 0 163 } 164 165 type VMwareCloudDirectorPreset struct { 166 ProviderPreset `json:",inline"` 167 168 Username string `json:"username"` 169 Password string `json:"password"` 170 VDC string `json:"vdc"` 171 Organization string `json:"organization"` 172 OVDCNetwork string `json:"ovdcNetwork"` 173 } 174 175 func (s VMwareCloudDirectorPreset) IsValid() bool { 176 return len(s.Username) > 0 && 177 len(s.Password) > 0 && 178 len(s.VDC) > 0 && 179 len(s.Organization) > 0 && 180 len(s.OVDCNetwork) > 0 181 } 182 183 type AWSPreset struct { 184 ProviderPreset `json:",inline"` 185 186 // Access Key ID to authenticate against AWS. 187 AccessKeyID string `json:"accessKeyID"` 188 // Secret Access Key to authenticate against AWS. 189 SecretAccessKey string `json:"secretAccessKey"` 190 191 AssumeRoleARN string `json:"assumeRoleARN,omitempty"` //nolint:tagliatelle 192 AssumeRoleExternalID string `json:"assumeRoleExternalID,omitempty"` 193 194 // AWS VPC to use. Must be configured. 195 VPCID string `json:"vpcID,omitempty"` 196 // Route table to use. This can be configured, but if left empty will be 197 // automatically filled in during reconciliation. 198 RouteTableID string `json:"routeTableID,omitempty"` 199 // Instance profile to use. This can be configured, but if left empty will be 200 // automatically filled in during reconciliation. 201 InstanceProfileName string `json:"instanceProfileName,omitempty"` 202 // Security group to use. This can be configured, but if left empty will be 203 // automatically filled in during reconciliation. 204 SecurityGroupID string `json:"securityGroupID,omitempty"` 205 // ARN to use. This can be configured, but if left empty will be 206 // automatically filled in during reconciliation. 207 ControlPlaneRoleARN string `json:"roleARN,omitempty"` //nolint:tagliatelle 208 } 209 210 func (s AWSPreset) IsValid() bool { 211 return len(s.AccessKeyID) > 0 && len(s.SecretAccessKey) > 0 212 } 213 214 type OpenStackPreset struct { 215 ProviderPreset `json:",inline"` 216 217 UseToken bool `json:"useToken,omitempty"` 218 219 ApplicationCredentialID string `json:"applicationCredentialID,omitempty"` 220 ApplicationCredentialSecret string `json:"applicationCredentialSecret,omitempty"` 221 222 Username string `json:"username,omitempty"` 223 Password string `json:"password,omitempty"` 224 Project string `json:"project,omitempty"` 225 ProjectID string `json:"projectID,omitempty"` 226 Domain string `json:"domain"` 227 228 Network string `json:"network,omitempty"` 229 SecurityGroups string `json:"securityGroups,omitempty"` 230 FloatingIPPool string `json:"floatingIPPool,omitempty"` 231 RouterID string `json:"routerID,omitempty"` 232 SubnetID string `json:"subnetID,omitempty"` 233 } 234 235 func (s OpenStackPreset) IsValid() bool { 236 if s.UseToken { 237 return true 238 } 239 240 if len(s.ApplicationCredentialID) > 0 { 241 return len(s.ApplicationCredentialSecret) > 0 242 } 243 244 return len(s.Username) > 0 && 245 len(s.Password) > 0 && 246 (len(s.Project) > 0 || len(s.ProjectID) > 0) && 247 len(s.Domain) > 0 248 } 249 250 type PacketPreset struct { 251 ProviderPreset `json:",inline"` 252 253 APIKey string `json:"apiKey"` 254 ProjectID string `json:"projectID"` 255 256 BillingCycle string `json:"billingCycle,omitempty"` 257 } 258 259 func (s PacketPreset) IsValid() bool { 260 return len(s.APIKey) > 0 && len(s.ProjectID) > 0 261 } 262 263 type GCPPreset struct { 264 ProviderPreset `json:",inline"` 265 266 ServiceAccount string `json:"serviceAccount"` 267 268 Network string `json:"network,omitempty"` 269 Subnetwork string `json:"subnetwork,omitempty"` 270 } 271 272 func (s GCPPreset) IsValid() bool { 273 return len(s.ServiceAccount) > 0 274 } 275 276 type FakePreset struct { 277 ProviderPreset `json:",inline"` 278 279 Token string `json:"token"` 280 } 281 282 func (s FakePreset) IsValid() bool { 283 return len(s.Token) > 0 284 } 285 286 type KubeVirtPreset struct { 287 ProviderPreset `json:",inline"` 288 289 Kubeconfig string `json:"kubeconfig"` 290 } 291 292 func (s KubeVirtPreset) IsValid() bool { 293 return len(s.Kubeconfig) > 0 294 } 295 296 type AlibabaPreset struct { 297 ProviderPreset `json:",inline"` 298 299 // Access Key ID to authenticate against Alibaba. 300 AccessKeyID string `json:"accessKeyID"` 301 // Access Key Secret to authenticate against Alibaba. 302 AccessKeySecret string `json:"accessKeySecret"` 303 } 304 305 func (s AlibabaPreset) IsValid() bool { 306 return len(s.AccessKeyID) > 0 && 307 len(s.AccessKeySecret) > 0 308 } 309 310 type AnexiaPreset struct { 311 ProviderPreset `json:",inline"` 312 313 // Token is used to authenticate with the Anexia API. 314 Token string `json:"token"` 315 } 316 317 func (s AnexiaPreset) IsValid() bool { 318 return len(s.Token) > 0 319 } 320 321 type NutanixPreset struct { 322 ProviderPreset `json:",inline"` 323 324 // ProxyURL is used to optionally configure a HTTP proxy to access Nutanix Prism Central. 325 ProxyURL string `json:"proxyURL,omitempty"` 326 // Username is the username to access the Nutanix Prism Central API. 327 Username string `json:"username"` 328 // Password is the password corresponding to the provided user. 329 Password string `json:"password"` 330 331 // ClusterName is the Nutanix cluster to deploy resources and nodes to. 332 ClusterName string `json:"clusterName"` 333 // ProjectName is the optional Nutanix project to use. If none is given, 334 // no project will be used. 335 ProjectName string `json:"projectName,omitempty"` 336 337 // Prism Element Username for csi driver 338 CSIUsername string `json:"csiUsername,omitempty"` 339 340 // Prism Element Password for csi driver 341 CSIPassword string `json:"csiPassword,omitempty"` 342 343 // CSIEndpoint to access Nutanix Prism Element for csi driver 344 CSIEndpoint string `json:"csiEndpoint,omitempty"` 345 346 // CSIPort to use when connecting to the Nutanix Prism Element endpoint (defaults to 9440) 347 CSIPort *int32 `json:"csiPort,omitempty"` 348 } 349 350 func (s NutanixPreset) IsValid() bool { 351 return len(s.Username) > 0 && len(s.Password) > 0 352 } 353 354 type GKEPreset struct { 355 ProviderPreset `json:",inline"` 356 357 ServiceAccount string `json:"serviceAccount"` 358 } 359 360 func (s GKEPreset) IsValid() bool { 361 return len(s.ServiceAccount) > 0 362 } 363 364 type EKSPreset struct { 365 ProviderPreset `json:",inline"` 366 367 AccessKeyID string `json:"accessKeyID"` 368 SecretAccessKey string `json:"secretAccessKey"` 369 AssumeRoleARN string `json:"assumeRoleARN,omitempty"` //nolint:tagliatelle 370 AssumeRoleExternalID string `json:"assumeRoleExternalID,omitempty"` 371 } 372 373 func (s EKSPreset) IsValid() bool { 374 return len(s.AccessKeyID) > 0 && 375 len(s.SecretAccessKey) > 0 376 } 377 378 type AKSPreset struct { 379 ProviderPreset `json:",inline"` 380 381 TenantID string `json:"tenantID"` 382 SubscriptionID string `json:"subscriptionID"` 383 ClientID string `json:"clientID"` 384 ClientSecret string `json:"clientSecret"` 385 } 386 387 func (s AKSPreset) IsValid() bool { 388 return len(s.TenantID) > 0 && 389 len(s.SubscriptionID) > 0 && 390 len(s.ClientID) > 0 && 391 len(s.ClientSecret) > 0 392 }