Add a specific resource and data source to create, read, update and d…

…elete CSE Kubernetes clusters (#1195)

* New Resource: 'vcd_cse_kubernetes_cluster' to create and manage Kubernetes clusters in a VCD with Container Service Extension 4.2.1, 4.2.0, 4.1.1 or 4.1.0 installed and running
* New Data Source: 'vcd_cse_kubernetes_cluster' to read Kubernetes clusters from a VCD with Container Service Extension 4.2.1, 4.2.0, 4.1.1 or 4.1.0 installed and running
* New Data Source: 'vcd_version' to get the VCD version and perform additional checks with version constraints

Signed-off-by: abarreiro <[email protected]>

.changes/v3.12.0/1195-deprecations.md

@@ -0,0 +1,2 @@
+* Resource `vcd_cse_kubernetes_cluster` deprecates the Container Service Extension cluster management guide,
+  so users should not use `vcd_rde` resources to create a Kubernetes cluster anymore [GH-1195]

.changes/v3.12.0/1195-features.md

@@ -0,0 +1,5 @@
+* **New Resource:** `vcd_cse_kubernetes_cluster` to create and manage Kubernetes clusters in a VCD with Container Service Extension
+  4.2.1, 4.2.0, 4.1.1 or 4.1.0 installed and running [GH-1195]
+* **New Data Source:** `vcd_cse_kubernetes_cluster` to read Kubernetes clusters from a VCD with Container Service Extension
+  4.2.1, 4.2.0, 4.1.1 or 4.1.0 installed and running [GH-1195]
+* **New Data Source:** `vcd_version` to get the VCD version and perform additional checks with version constraints [GH-1195]

examples/container-service-extension/v4.1/cluster/3.11-cluster-creation.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE 4.1 TKGm cluster creation:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_cluster_management
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_cluster_management
 #   before applying this configuration.
 #
 # * Please make sure to have CSE v4.1 installed in your VCD appliance and the CSE Server is correctly running.

examples/container-service-extension/v4.1/cluster/variables.tf

@@ -36,7 +36,7 @@ variable "k8s_cluster_name" {
   description = "The name of the Kubernetes cluster. Name must contain only lowercase alphanumeric characters or '-' start with an alphabetic character, end with an alphanumeric, and contain at most 31 characters (Example: 'MyCluster')"
   type        = string
   validation {
-    condition     = can(regex("^[a-z][a-z0-9-]{0,29}[a-z0-9]$", var.k8s_cluster_name))
+    condition     = can(regex("^[a-z](?:[a-z0-9-]{0,29}[a-z0-9])?$", var.k8s_cluster_name))
     error_message = "Name must contain only lowercase alphanumeric characters or '-', start with an alphabetic character, end with an alphanumeric, and contain at most 31 characters."
   }
 }

examples/container-service-extension/v4.1/install/step1/3.11-cse-install-1-provider-config.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation, step 1:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * The installation process is split into two steps as the first one creates a CSE admin user that needs to be
@@ -11,12 +11,12 @@
 #   Other than that, this snippet should be applied as it is.
 # ------------------------------------------------------------------------------------------------------------
 
-# VCD Provider configuration. It must be at least v3.11.0 and configured with a System administrator account.
+# VCD Provider configuration. It must be at least v3.12.0 and configured with a System administrator account.
 terraform {
   required_providers {
     vcd = {
       source  = "vmware/vcd"
-      version = ">= 3.11"
+      version = ">= 3.12"
     }
   }
 }
@@ -32,3 +32,15 @@ provider "vcd" {
   logging              = true
   logging_file         = "cse_install_step1.log"
 }
+
+# Minimum supported version for CSE
+data "vcd_version" "cse_minimum_supported" {
+  condition         = ">= 10.4.2"
+  fail_if_not_match = true
+}
+
+# There are some special rights and elements introduced in VCD 10.5.1
+data "vcd_version" "gte_1051" {
+  condition         = ">= 10.5.1"
+  fail_if_not_match = false
+}

examples/container-service-extension/v4.1/install/step1/3.11-cse-install-2-cse-server-prerequisites.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation, step 1:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * The installation process is split into two steps as the first one creates a CSE admin user that needs to be
@@ -94,7 +94,7 @@ resource "vcd_role" "cse_admin_role" {
   org         = var.administrator_org
   name        = "CSE Admin Role"
   description = "Used for administrative purposes"
-  rights = [
+  rights = concat([
     "API Tokens: Manage",
     "${vcd_rde_type.vcdkeconfig_type.vendor}:${vcd_rde_type.vcdkeconfig_type.nss}: Administrator Full access",
     "${vcd_rde_type.vcdkeconfig_type.vendor}:${vcd_rde_type.vcdkeconfig_type.nss}: Administrator View",
@@ -106,7 +106,7 @@ resource "vcd_role" "cse_admin_role" {
     "${vcd_rde_type.capvcdcluster_type.vendor}:${vcd_rde_type.capvcdcluster_type.nss}: Full Access",
     "${vcd_rde_type.capvcdcluster_type.vendor}:${vcd_rde_type.capvcdcluster_type.nss}: Modify",
     "${vcd_rde_type.capvcdcluster_type.vendor}:${vcd_rde_type.capvcdcluster_type.nss}: View"
-  ]
+  ], data.vcd_version.gte_1051.matches_condition ? ["Organization: Traversal"] : [])
 }
 
 # This will allow to have a user with a limited set of rights that can access the Provider area of VCD.

examples/container-service-extension/v4.1/install/step1/3.11-cse-install-3-cse-server-settings.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation, step 1:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * The installation process is split into two steps as the first one creates a CSE admin user that needs to be

examples/container-service-extension/v4.1/install/step2/3.11-cse-install-4-provider-config.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation, step 2:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * The installation process is split into two steps as the first one creates a CSE admin user that needs to be
@@ -11,12 +11,12 @@
 #   Other than that, this snippet should be applied as it is.
 # ------------------------------------------------------------------------------------------------------------
 
-# VCD Provider configuration. It must be at least v3.11.0 and configured with a System administrator account.
+# VCD Provider configuration. It must be at least v3.12.0 and configured with a System administrator account.
 terraform {
   required_providers {
     vcd = {
       source  = "vmware/vcd"
-      version = ">= 3.11"
+      version = ">= 3.12"
     }
     time = {
       source  = "hashicorp/time"
@@ -40,3 +40,9 @@ provider "vcd" {
   logging              = true
   logging_file         = "cse_install_step2.log"
 }
+
+# Minimum supported version for CSE
+data "vcd_version" "cse_minimum_supported" {
+  condition         = ">= 10.4.2"
+  fail_if_not_match = true
+}

examples/container-service-extension/v4.1/install/step2/3.11-cse-install-5-infrastructure.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * Rename "terraform.tfvars.example" to "terraform.tfvars" and adapt the values to your needs.

examples/container-service-extension/v4.1/install/step2/3.11-cse-install-6-ovas.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * Rename "terraform.tfvars.example" to "terraform.tfvars" and adapt the values to your needs.

examples/container-service-extension/v4.1/install/step2/3.11-cse-install-7-cse-server-init.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * Rename "terraform.tfvars.example" to "terraform.tfvars" and adapt the values to your needs.

examples/container-service-extension/v4.1/install/step2/3.11-cse-install-8-optionals.tf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------------------------------------
 # CSE v4.1 installation:
 #
-# * Please read the guide present at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
 #   before applying this configuration.
 #
 # * Rename "terraform.tfvars.example" to "terraform.tfvars" and adapt the values to your needs.

examples/container-service-extension/v4.2/entities/vcdkeconfig.json.template

@@ -0,0 +1,94 @@
+{
+    "profiles": [
+        {
+            "name": "production",
+            "active": true,
+            "serverConfig": {
+                "rdePollIntervalInMin": 1,
+                "heartbeatWatcherTimeoutInMin": 10,
+                "staleHeartbeatIntervalInMin": 30
+            },
+            "vcdKeInstances": [
+              {
+                "name": "vcd-container-service-extension"
+              }
+            ],
+            "K8Config": {
+                "certificateAuthorities": [
+                    ${k8s_cluster_certificates}
+                ],
+                "cni": {
+                    "name": "antrea",
+                    "version": ""
+                },
+                "cpi": {
+                    "name": "cpi for cloud director",
+                    "version": "${cpi_version}"
+                },
+                "csi": [
+                    {
+                        "name": "csi for cloud director",
+                        "version": "${csi_version}"
+                    }
+                ],
+                "mhc": {
+                    "maxUnhealthyNodes": ${max_unhealthy_node_percentage},
+                    "nodeStartupTimeout": "${node_startup_timeout}",
+                    "nodeNotReadyTimeout": "${node_not_ready_timeout}",
+                    "nodeUnknownTimeout": "${node_unknown_timeout}"
+                },
+                "rdeProjectorVersion": "${rde_projector_version}"
+            },
+        "vcdConfig": {
+            "sysLogger": {
+                "host": "${syslog_host}",
+                "port": "${syslog_port}"
+            }
+        },
+        "githubConfig": {
+            "githubPersonalAccessToken": ""
+        },
+        "bootstrapClusterConfig": {
+            "capiEcosystem": {
+                "infraProvider": {
+                    "name": "capvcd",
+                    "version": "v${capvcd_version}",
+                    "capvcdRde": {
+                        "nss": "capvcdCluster",
+                        "vendor": "vmware",
+                        "version": "1.3.0"
+                    }
+                },
+                "coreCapiVersion": "v1.4.0",
+                "bootstrapProvider": {
+                    "name": "CAPBK",
+                    "version": "v1.4.0"
+                },
+                "controlPlaneProvider": {
+                    "name": "KCP",
+                    "version": "v1.4.0"
+                },
+                "certManagerVersion": "v1.11.1"
+            },
+            "certificateAuthorities": [
+                ${bootstrap_vm_certificates}
+            ],
+            "clusterctl": {
+                "version": "v1.4.0",
+                "clusterctlyaml": ""
+            },
+            "dockerVersion": "",
+            "kindVersion": "v0.19.0",
+            "kindestNodeVersion": "v1.27.1",
+            "kubectlVersion": "",
+            "proxyConfig": {
+                "noProxy": "${no_proxy}",
+                "httpProxy": "${http_proxy}",
+                "httpsProxy": "${https_proxy}"
+            },
+            "sizingPolicy": "${bootstrap_vm_sizing_policy}"
+        },
+        "containerRegistryUrl": "${container_registry_url}"
+        }
+    ]
+}

examples/container-service-extension/v4.2/install/step1/3.11-cse-install-1-provider-config.tf

@@ -0,0 +1,46 @@
+# ------------------------------------------------------------------------------------------------------------
+# CSE 4.2 installation, step 1:
+#
+# * Please read the guide at https://registry.terraform.io/providers/vmware/vcd/latest/docs/guides/container_service_extension_4_x_install
+#   before applying this configuration.
+#
+# * The installation process is split into two steps as the first one creates a CSE admin user that needs to be
+#   used in a "provider" block in the second one.
+#
+# * Rename "terraform.tfvars.example" to "terraform.tfvars" and adapt the values to your needs.
+#   Other than that, this snippet should be applied as it is.
+# ------------------------------------------------------------------------------------------------------------
+
+# VCD Provider configuration. It must be at least v3.12.0 and configured with a System administrator account.
+terraform {
+  required_providers {
+    vcd = {
+      source  = "vmware/vcd"
+      version = ">= 3.12"
+    }
+  }
+}
+
+provider "vcd" {
+  url                  = "${var.vcd_url}/api"
+  user                 = var.administrator_user
+  password             = var.administrator_password
+  auth_type            = "integrated"
+  sysorg               = var.administrator_org
+  org                  = var.administrator_org
+  allow_unverified_ssl = var.insecure_login
+  logging              = true
+  logging_file         = "cse_install_step1.log"
+}
+
+# Minimum supported version for CSE
+data "vcd_version" "cse_minimum_supported" {
+  condition         = ">= 10.4.2"
+  fail_if_not_match = true
+}
+
+# There are some special rights and elements introduced in VCD 10.5.1
+data "vcd_version" "gte_1051" {
+  condition         = ">= 10.5.1"
+  fail_if_not_match = false
+}