Skip to content

Commit

Permalink
feat: add private k8s cluster support (#291)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cristiGuranIonos
cristiGuranIonos authored Feb 7, 2025
1 parent dd8e7ab commit 4104f7b
Show file tree
Hide file tree
Showing 11 changed files with 676 additions and 11 deletions.
31 changes: 31 additions & 0 deletions apis/k8s/v1alpha1/cluster_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,37 @@ type ClusterParameters struct {
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxItems=1
S3Buckets []S3Bucket `json:"s3Buckets,omitempty"`
// The indicator if the cluster is public or private.
// Be aware that setting it to false is currently in beta phase.
//
// +immutable
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="Public is immutable"
Public bool `json:"public"`
// The nat gateway IP of the cluster if the cluster is private. This
// property is immutable. Must be a reserved IP in the same location as
// the cluster's location. This attribute is mandatory if the cluster
// is private.
//
// +immutable
// +kubebuilder:validation:Optional
NATGatewayIPCfg IPConfig `json:"natGatewayIpConfig,omitempty"`
// The node subnet of the cluster, if the cluster is private.
// This attribute is optional and immutable.
// Must be a valid CIDR notation for an IPv4 network prefix of 16 bits length.
//
// +immutable
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="NodeSubnet is immutable"
NodeSubnet string `json:"nodeSubnet,omitempty"`
// This attribute is mandatory if the cluster is private.
// The location must be enabled for your contract, or you must have a data center at that location.
// This attribute is immutable.
// +immutable
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="Location is immutable"
Location string `json:"location,omitempty"`
}

// MaintenanceWindow A weekly window, during which maintenance might occur.
Expand Down
1 change: 1 addition & 0 deletions apis/k8s/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 26 additions & 0 deletions apis/k8s/v1alpha1/zz_generated.resolvers.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions docs/api/compute-engine/s3key.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ In order to configure the IONOS Cloud Resource, the user can set the `spec.forPr

* `active` (boolean)
* description: Whether the IONOS Object Storage is active / enabled or not. Can only be updated to false, by default the key will be created as active. Default value is true.
* default: true
* `userID` (string)
* description: The UUID of the user owning the IONOS Object Storage Key.

Expand Down
180 changes: 180 additions & 0 deletions docs/api/compute-engine/serverset.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,186 @@ available CPU architectures can be retrieved from the datacenter resource.
* properties:
* `dhcp` (boolean)
* `dhcpv6` (boolean)
* `firewallActive` (boolean)
* `firewallRules` (array)
* properties:
* `icmpCode` (integer)
* description: Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
* format: int32
* minimum: 0.000000
* maximum: 254.000000
* `icmpType` (integer)
* description: Defines the allowed type (from 0 to 254) if the protocol ICMP is chosen. Value null allows all types.
* format: int32
* minimum: 0.000000
* maximum: 254.000000
* `name` (string)
* description: The name of the resource.
* `portRangeEnd` (integer)
* description: Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen.
Leave portRangeStart and portRangeEnd null to allow all ports.
* format: int32
* minimum: 1.000000
* maximum: 65534.000000
* `portRangeStart` (integer)
* description: Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen.
Leave portRangeStart and portRangeEnd value null to allow all ports.
* format: int32
* minimum: 1.000000
* maximum: 65534.000000
* `protocol` (string)
* description: The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests).
* possible values: "TCP";"UDP";"ICMP";"ANY"
* `sourceIpConfig` (object)
* description: Only traffic originating from the respective IPv4 address is allowed.
Value null allows traffic from any IP address.
SourceIP can be set directly or via reference to an IP Block and index.
* properties:
* `ip` (string)
* description: Use IP or CIDR to set specific IP or CIDR to the resource. If both IP and IPBlockConfig are set,
only `ip` field will be considered.
* pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$
* `ipBlockConfig` (object)
* description: Use IpBlockConfig to reference existing IPBlock, and to mention the index for the IP.
Index starts from 0 and it must be provided.
* properties:
* `index` (integer)
* description: Index is referring to the IP index retrieved from the IPBlock.
Index is starting from 0.
* `ipBlockId` (string)
* description: IPBlockID is the ID of the IPBlock on which the resource will be created.
It needs to be provided via directly or via reference.
* format: uuid
* `ipBlockIdRef` (object)
* description: IPBlockIDRef references to a IPBlock to retrieve its ID.
* properties:
* `name` (string)
* description: Name of the referenced object.
* `policy` (object)
* description: Policies for referencing.
* properties:
* `resolution` (string)
* description: Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.
* default: "Required"
* possible values: "Required";"Optional"
* `resolve` (string)
* description: Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.
* possible values: "Always";"IfNotPresent"
* required properties:
* `name`
* `ipBlockIdSelector` (object)
* description: IPBlockIDSelector selects reference to a IPBlock to retrieve its IPBlockID.
* properties:
* `matchControllerRef` (boolean)
* description: MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.
* `matchLabels` (object)
* description: MatchLabels ensures an object with matching labels is selected.
* `policy` (object)
* description: Policies for selection.
* properties:
* `resolution` (string)
* description: Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.
* default: "Required"
* possible values: "Required";"Optional"
* `resolve` (string)
* description: Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.
* possible values: "Always";"IfNotPresent"
* required properties:
* `index`
* `sourceMac` (string)
* description: Only traffic originating from the respective MAC address is allowed.
Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.
* pattern: ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$
* `targetIpConfig` (object)
* description: If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address of the NIC is allowed.
Value null allows traffic to any target IP address.
TargetIP can be set directly or via reference to an IP Block and index.
* properties:
* `ip` (string)
* description: Use IP or CIDR to set specific IP or CIDR to the resource. If both IP and IPBlockConfig are set,
only `ip` field will be considered.
* pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$
* `ipBlockConfig` (object)
* description: Use IpBlockConfig to reference existing IPBlock, and to mention the index for the IP.
Index starts from 0 and it must be provided.
* properties:
* `index` (integer)
* description: Index is referring to the IP index retrieved from the IPBlock.
Index is starting from 0.
* `ipBlockId` (string)
* description: IPBlockID is the ID of the IPBlock on which the resource will be created.
It needs to be provided via directly or via reference.
* format: uuid
* `ipBlockIdRef` (object)
* description: IPBlockIDRef references to a IPBlock to retrieve its ID.
* properties:
* `name` (string)
* description: Name of the referenced object.
* `policy` (object)
* description: Policies for referencing.
* properties:
* `resolution` (string)
* description: Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.
* default: "Required"
* possible values: "Required";"Optional"
* `resolve` (string)
* description: Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.
* possible values: "Always";"IfNotPresent"
* required properties:
* `name`
* `ipBlockIdSelector` (object)
* description: IPBlockIDSelector selects reference to a IPBlock to retrieve its IPBlockID.
* properties:
* `matchControllerRef` (boolean)
* description: MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.
* `matchLabels` (object)
* description: MatchLabels ensures an object with matching labels is selected.
* `policy` (object)
* description: Policies for selection.
* properties:
* `resolution` (string)
* description: Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.
* default: "Required"
* possible values: "Required";"Optional"
* `resolve` (string)
* description: Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.
* possible values: "Always";"IfNotPresent"
* required properties:
* `index`
* `type` (string)
* description: The type of the firewall rule. If not specified, the default INGRESS value is used.
* possible values: "INGRESS";"EGRESS"
* required properties:
* `protocol`
* `firewallType` (string)
* description: The type of firewall rules that will be allowed on the NIC. If not specified, the default INGRESS value is used.
* possible values: "BIDIRECTIONAL";"EGRESS";"INGRESS"
* `lanReference` (string)
* description: The Referenced LAN must be created before the ServerSet is applied
* `name` (string)
Expand Down
Loading

0 comments on commit 4104f7b

Please sign in to comment.