[WIP][DoNotReview] infra: add k8s-infra-vsphere for vSphere based CI

groups/restrictions.yaml

@@ -261,6 +261,7 @@ restrictions:
       - "^k8s-infra-sandbox-capg@kubernetes.io$"
       - "^k8s-infra-staging-infra-tools@kubernetes.io$"
       - "^k8s-infra-yt-admins@kubernetes.io$"
+      - "^k8s-infra-vsphere@kubernetes.io$"
       - "^sig-k8s-infra@kubernetes.io$"
       - "^sig-k8s-infra-leads@kubernetes.io$"
       - "^sig-k8s-infra-private@kubernetes.io$"

groups/sig-k8s-infra/groups.yaml

@@ -544,3 +544,17 @@ groups:
       - atharvashinde179@gmail.com
       - ankita.swamy20@gmail.com
       - richmcase@gmail.com
+
+  # Owners of the GCP project k8s-infra-vsphere:
+  - email-id: k8s-infra-vsphere@kubernetes.io
+    name: k8s-infra-vsphere
+    description: |-
+      ACL for vSphere project on GCP
+    settings:
+      WhoCanPostMessage: "ANYONE_CAN_POST"
+      ReconcileMembers: "true"
+    members:
+      - sig-k8s-infra-leads@kubernetes.io
+      - christi.schlotter@gmail.com
+      - stefan.buringer@broadcom.com
+      - fabrizio.pandini@gmail.com

infra/gcp/bash/ensure-main-project.sh

@@ -85,6 +85,7 @@ readonly TERRAFORM_STATE_BUCKET_ENTRIES=(
     k8s-infra-tf-public-pii:"${CLUSTER_ADMINS_GROUP}"
     k8s-infra-tf-sandbox-capg:k8s-infra-sandbox-capg@kubernetes.io
     k8s-infra-tf-sandbox-ii:k8s-infra-ii-coop@kubernetes.io
+    k8s-infra-tf-vsphere:k8s-infra-vsphere@kubernetes.io
 )
 
 # The services we explicitly want enabled for the main project

infra/gcp/terraform/k8s-infra-vsphere/OWNERS

@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+- chrischdi
+- sbueringer
+- fabriziopandini

infra/gcp/terraform/k8s-infra-vsphere/main.tf

@@ -0,0 +1,53 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+locals {
+  project_id = "k8s-infra-vsphere"
+}
+
+
+data "google_billing_account" "account" {
+  billing_account = "TODO"
+}
+
+data "google_organization" "org" {
+  domain = "kubernetes.io"
+}
+
+resource "google_project" "project" {
+  name            = local.project_id
+  project_id      = local.project_id
+  org_id          = data.google_organization.org.org_id
+  billing_account = data.google_billing_account.account.id
+}
+
+
+resource "google_project_service" "project" {
+  project = google_project.project.id
+
+  for_each = toset([
+    "vmwareengine.googleapis.com"
+  ])
+
+  service = each.key
+}
+
+// Ensure k8s-infra-vsphere@kubernetes.io has owner access to this project
+resource "google_project_iam_member" "k8s_infra_vsphere" {
+  project = google_project.project.id
+  role    = "roles/owner"
+  member  = "group:k8s-infra-vsphere@kubernetes.io"
+}

infra/gcp/terraform/k8s-infra-vsphere/provider.tf

@@ -0,0 +1,41 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+This file defines:
+- Required provider versions
+- Storage backend details
+*/
+
+terraform {
+
+  backend "gcs" {
+    bucket = "k8s-infra-tf-vsphere"
+    prefix = "k8s-infra-vsphere"
+  }
+
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.90.1"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 3.90.1"
+    }
+  }
+}

infra/gcp/terraform/k8s-infra-vsphere/versions.tf

@@ -0,0 +1,24 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+This file defines:
+- Required Terraform version
+*/
+
+terraform {
+  required_version = "~> 1.5.0"
+}

infra/gcp/terraform/k8s-infra-vsphere/vmware-engine.tf

@@ -0,0 +1,44 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+# resource "google_vmwareengine_private_cloud" "vsphere-cluster" {
+#   location    = "us-central1"
+#   name        = "sample-pc"
+#   description = "vSphere Cluster for CI."
+#   # TODO: type TIME_LIMITED is for the timely limitted 1 node_count. Change to `STANDARD`.
+#   type        = "TIME_LIMITED"
+#   network_config {
+#     management_cidr       = "192.168.30.0/24"
+#     vmware_engine_network = google_vmwareengine_network.cluster-nw.id
+#   }
+
+#   management_cluster {
+#     cluster_id = "vsphere-ci-cluster"
+#     node_type_configs {
+#       node_type_id = "standard-72"
+#       # TODO: node_count 1 is for the TIME_LIMITED version. Change to `3`.
+#       node_count   = 1
+#     }
+#   }
+# }
+
+# resource "google_vmwareengine_network" "vsphere-network" {
+#   name        = "vsphere-network"
+#   type        = "STANDARD"
+#   # TODO: check if this needs to be set to `global` (it should according tf docs).
+#   location    = "us-central1"
+#   description = "network for vSphere CI."
+# }

infra/gcp/terraform/k8s-infra-vsphere/vsphere/OWNERS

@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- chrischdi
+- sbueringer
+- fabriziopandini

infra/gcp/terraform/k8s-infra-vsphere/vsphere/content-library.tf

@@ -0,0 +1,21 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+resource "vsphere_content_library" "capv" {
+  name            = "capv"
+  description     = "Content Library for CAPV."
+  storage_backing = [data.vsphere_datastore.datastore.id]
+}

infra/gcp/terraform/k8s-infra-vsphere/vsphere/data.tf

@@ -0,0 +1,42 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+data "vsphere_datacenter" "datacenter" {
+  name = var.vsphere_datacenter
+}
+
+data "vsphere_compute_cluster" "compute_cluster" {
+  name          = var.vsphere_cluster
+  datacenter_id = data.vsphere_datacenter.datacenter.id
+}
+
+data "vsphere_datastore" "datastore" {
+  name          = var.vsphere_datastorename
+  datacenter_id = data.vsphere_datacenter.datacenter.id
+}
+
+data "vsphere_role" "read-only" {
+  label = "Read-only"
+}
+
+data "vsphere_role" "no-access" {
+  label = "No access"
+}
+
+data "vsphere_network" "network" {
+  name          = var.vsphere_network_name
+  datacenter_id = data.vsphere_datacenter.datacenter.id
+}

infra/gcp/terraform/k8s-infra-vsphere/vsphere/folders.tf

@@ -0,0 +1,27 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+resource "vsphere_folder" "prow" {
+  path          = "prow"
+  type          = "vm"
+  datacenter_id = data.vsphere_datacenter.datacenter.id
+}
+
+resource "vsphere_folder" "templates" {
+  path          = "${vsphere_folder.prow.path}/templates"
+  type          = "vm"
+  datacenter_id = data.vsphere_datacenter.datacenter.id
+}