Skip to content

Commit

Permalink
Merge pull request #3430 from amorenoz/wip/gcp_nested
Browse files Browse the repository at this point in the history
Add nested support for GCP
  • Loading branch information
openshift-merge-robot authored Jun 4, 2020
2 parents 05dc9d6 + 7827bab commit 64f1a13
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 0 deletions.
2 changes: 2 additions & 0 deletions data/data/gcp/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,6 @@ resource "google_compute_image" "cluster" {
raw_disk {
source = var.gcp_image_uri
}

licenses = var.gcp_image_licenses
}
7 changes: 7 additions & 0 deletions data/data/gcp/variables-gcp.tf
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,10 @@ variable "gcp_publish_strategy" {
type = string
description = "The cluster publishing strategy, either Internal or External"
}

variable "gcp_image_licenses" {
type = list(string)
description = "The licenses to use when creating compute instances"
default = []
}

19 changes: 19 additions & 0 deletions docs/user/gcp/customization.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ Beyond the [platform-agnostic `install-config.yaml` properties](../customization
* `controlPlaneSubnet` (optional string): The name of an existing GCP subnet which should be used by the cluster control plane.
* `computeSubnet` (optional string): The name of an existing GCP subnet which should be used by the cluster nodes.
* `defaultMachinePlatform` (optional object): Default [GCP-specific machine pool properties](#machine-pools) which apply to [machine pools](../customization.md#machine-pools) that do not define their own GCP-specific properties.
* `licenses` (optional list of strings): A list of license URLs (https) that should be applied to the compute images (as defined in [the API][compute-images]). The use of this property in combination with any mechanism that results in using pre-built images (such as the current OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE) is forbidden. Also, note that use of these URLs will force the installer to copy the source image before being used. An example of this license is the one that enables [nested virtualization][gcp-nested]. A full list of available licenses can be retrieved using [the license API][license-api].

## Machine pools

Expand Down Expand Up @@ -115,4 +116,22 @@ pullSecret: '{"auths": ...}'
sshKey: ssh-ed25519 AAAA...
```
### Nested virtualization
An example GCP install config enabling [GCP's nested virtualization license][gcp-nested]:
```yaml
apiVersion: v1
baseDomain: example.com
platform:
gcp:
projectID: example-project
region: us-east1
licenses:
- https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx
```
[machine-type]: https://cloud.google.com/compute/docs/machine-types
[compute-images]: https://cloud.google.com/compute/docs/reference/rest/v1/images
[gcp-nested]: https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances
[license-api]: https://cloud.google.com/compute/docs/reference/rest/v1/licenses/list
1 change: 1 addition & 0 deletions pkg/asset/cluster/tfvars.go
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,7 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
MasterConfigs: masterConfigs,
WorkerConfigs: workerConfigs,
ImageURI: string(*rhcosImage),
ImageLicenses: installConfig.Config.GCP.Licenses,
PublicZoneName: publicZoneName,
PublishStrategy: installConfig.Config.Publish,
PreexistingNetwork: preexistingnetwork,
Expand Down
3 changes: 3 additions & 0 deletions pkg/tfvars/gcp/gcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ type config struct {
MasterInstanceType string `json:"gcp_master_instance_type,omitempty"`
MasterAvailabilityZones []string `json:"gcp_master_availability_zones"`
ImageURI string `json:"gcp_image_uri,omitempty"`
ImageLicenses []string `json:"gcp_image_licenses,omitempty"`
VolumeType string `json:"gcp_master_root_volume_type"`
VolumeSize int64 `json:"gcp_master_root_volume_size"`
PublicZoneName string `json:"gcp_public_dns_zone_name,omitempty"`
Expand All @@ -35,6 +36,7 @@ type config struct {
type TFVarsSources struct {
Auth Auth
ImageURI string
ImageLicenses []string `json:"gcp_image_licenses,omitempty"`
MasterConfigs []*gcpprovider.GCPMachineProviderSpec
WorkerConfigs []*gcpprovider.GCPMachineProviderSpec
PublicZoneName string
Expand All @@ -59,6 +61,7 @@ func TFVars(sources TFVarsSources) ([]byte, error) {
VolumeType: masterConfig.Disks[0].Type,
VolumeSize: masterConfig.Disks[0].SizeGb,
ImageURI: sources.ImageURI,
ImageLicenses: sources.ImageLicenses,
PublicZoneName: sources.PublicZoneName,
PublishStrategy: string(sources.PublishStrategy),
ClusterNetwork: masterConfig.NetworkInterfaces[0].Network,
Expand Down
8 changes: 8 additions & 0 deletions pkg/types/gcp/platform.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,12 @@ type Platform struct {
// The value should be the name of the subnet.
// +optional
ComputeSubnet string `json:"computeSubnet,omitempty"`

// Licenses is a list of licenses to apply to the compute images
// The value should a list of strings (https URLs only) representing the license keys.
// When set, this will cause the installer to copy the image into user's project.
// This option is incompatible with any mechanism that makes use of pre-built images
// such as the current env OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE
// +optional
Licenses []string `json:"licenses,omitempty"`
}
14 changes: 14 additions & 0 deletions pkg/types/gcp/validation/platform.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
package validation

import (
"os"

"sort"

"k8s.io/apimachinery/pkg/util/validation/field"

"github.com/openshift/installer/pkg/types/gcp"

"github.com/openshift/installer/pkg/validate"
)

var (
Expand Down Expand Up @@ -69,5 +73,15 @@ func ValidatePlatform(p *gcp.Platform, fldPath *field.Path) field.ErrorList {
allErrs = append(allErrs, field.Required(fldPath.Child("network"), "must provide a VPC network when supplying subnets"))
}

if oi, ok := os.LookupEnv("OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE"); ok && oi != "" && len(p.Licenses) > 0 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("licenses"), "the use of custom image licenses is forbidden if an OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE is specified"))
}

for i, license := range p.Licenses {
if validate.URIWithProtocol(license, "https") != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("licenses").Index(i), license, "licenses must be URLs (https) only"))
}
}

return allErrs
}

0 comments on commit 64f1a13

Please sign in to comment.