chore: sync config/*.go and values.schema.json to vCluster version v0.27.0-beta.1

Author: loft-bot

config/config.go

@@ -173,6 +173,10 @@ type Standalone struct {
 	// Enabled defines if standalone mode should be enabled.
 	Enabled bool `json:"enabled,omitempty"`
 
+	// SyncConfig allows controlling the vCluster config through a secret "vcluster-config" in the namespace "kube-system". vCluster will watch for changes in this secret and
+	// update the local config accordingly and restart vCluster if needed.
+	SyncConfig StandaloneSyncConfig `json:"syncConfig,omitempty"`
+
 	// DataDir defines the data directory for the standalone mode.
 	DataDir string `json:"dataDir,omitempty"`
 
@@ -186,13 +190,15 @@ type Standalone struct {
 	JoinNode StandaloneJoinNode `json:"joinNode,omitempty"`
 }
 
+type StandaloneSyncConfig struct {
+	// Enabled defines if config syncing should be enabled.
+	Enabled bool `json:"enabled,omitempty"`
+}
+
 type StandaloneJoinNode struct {
 	// Enabled defines if the standalone node should be joined into the cluster. If false, only the control plane binaries will be executed and no node will show up in the actual cluster.
 	Enabled bool `json:"enabled,omitempty"`
 
-	// Name defines the name of the standalone node. If empty the node will get the hostname as name.
-	Name string `json:"name,omitempty"`
-
 	JoinConfiguration `json:",inline"`
 }
 
@@ -534,11 +540,17 @@ type ExternalSecrets struct {
 }
 
 type ExternalSecretsSync struct {
+	// ToHost defines what resources are synced from the virtual cluster to the host
+	ToHost ExternalSecretsSyncToHostConfig `json:"toHost,omitempty"`
+	// FromHost defines what resources are synced from the host cluster to the virtual cluster
+	FromHost ExternalSecretsSyncFromHostConfig `json:"fromHost,omitempty"`
 	// ExternalSecrets defines if external secrets should get synced from the virtual cluster to the host cluster.
 	ExternalSecrets EnableSwitch `json:"externalSecrets,omitempty"`
 	// Stores defines if secret stores should get synced from the virtual cluster to the host cluster and then bi-directionally.
+	// Deprecated: Use Integrations.ExternalSecrets.Sync.ToHost.Stores instead.
 	Stores EnableSwitch `json:"stores,omitempty"`
 	// ClusterStores defines if cluster secrets stores should get synced from the host cluster to the virtual cluster.
+	// Deprecated: Use Integrations.ExternalSecrets.Sync.FromHost.ClusterStores instead.
 	ClusterStores ClusterStoresSyncConfig `json:"clusterStores,omitempty"`
 }
 
@@ -548,6 +560,27 @@ type ClusterStoresSyncConfig struct {
 	Selector LabelSelector `json:"selector,omitempty"`
 }
 
+type ExternalSecretsSyncToHostConfig struct {
+	// ExternalSecrets allows to configure if only a subset of ExternalSecrets matching a label selector should get synced from the virtual cluster to the host cluster.
+	ExternalSecrets SelectorConfig `json:"externalSecrets,omitempty"`
+	// Stores defines if secret stores should get synced from the virtual cluster to the host cluster and then bi-directionally.
+	Stores EnableSwitchSelector `json:"stores,omitempty"`
+}
+
+type ExternalSecretsSyncFromHostConfig struct {
+	// ClusterStores defines if cluster secrets stores should get synced from the host cluster to the virtual cluster.
+	ClusterStores EnableSwitchSelector `json:"clusterStores,omitempty"`
+}
+
+type SelectorConfig struct {
+	Selector StandardLabelSelector `json:"selector,omitempty"`
+}
+
+type EnableSwitchSelector struct {
+	SelectorConfig
+	EnableSwitch
+}
+
 type LabelSelector struct {
 	// Labels defines what labels should be looked for
 	Labels map[string]string `json:"labels,omitempty"`
@@ -835,6 +868,10 @@ func (c *Config) IsProFeatureEnabled() bool {
 		return true
 	}
 
+	if c.PrivateNodes.Enabled {
+		return true
+	}
+
 	return false
 }
 
@@ -1278,7 +1315,7 @@ type SyncRewriteHosts struct {
 
 type SyncRewriteHostsInitContainer struct {
 	// Image is the image virtual cluster should use to rewrite this FQDN.
-	Image string `json:"image,omitempty"`
+	Image Image `json:"image,omitempty"`
 
 	// Resources are the resources that should be assigned to the init container for each stateful set init container.
 	Resources Resources `json:"resources,omitempty"`
@@ -1572,7 +1609,9 @@ type ControlPlaneStatefulSet struct {
 	Pods LabelsAndAnnotations `json:"pods,omitempty"`
 
 	// Image is the image for the controlPlane statefulSet container
-	Image StatefulSetImage `json:"image,omitempty"`
+	// It defaults to the vCluster pro repository that includes the optional pro modules that are turned off by default.
+	// If you still want to use the pure OSS build, set the repository to 'loft-sh/vcluster-oss'.
+	Image Image `json:"image,omitempty"`
 
 	// ImagePullPolicy is the policy how to pull the image.
 	ImagePullPolicy string `json:"imagePullPolicy,omitempty"`
@@ -1670,20 +1709,6 @@ type DistroContainerEnabled struct {
 	ExtraArgs []string `json:"extraArgs,omitempty"`
 }
 
-type StatefulSetImage struct {
-	// Configure the registry of the container image, e.g. my-registry.com or ghcr.io
-	// It defaults to ghcr.io and can be overriding either by using this field or controlPlane.advanced.defaultImageRegistry
-	Registry string `json:"registry,omitempty"`
-
-	// Configure the repository of the container image, e.g. my-repo/my-image.
-	// It defaults to the vCluster pro repository that includes the optional pro modules that are turned off by default.
-	// If you still want to use the pure OSS build, use 'loft-sh/vcluster-oss' instead.
-	Repository string `json:"repository,omitempty"`
-
-	// Tag is the tag of the container image, e.g. latest
-	Tag string `json:"tag,omitempty"`
-}
-
 type Image struct {
 	// Registry is the registry of the container image, e.g. my-registry.com or ghcr.io. This setting can be globally
 	// overridden via the controlPlane.advanced.defaultImageRegistry option. Empty means docker hub.
@@ -1692,10 +1717,27 @@ type Image struct {
 	// Repository is the repository of the container image, e.g. my-repo/my-image
 	Repository string `json:"repository,omitempty"`
 
-	// Tag is the tag of the container image, e.g. latest. If set to the default, it will use the host Kubernetes version.
+	// Tag is the tag of the container image, and is the default version.
 	Tag string `json:"tag,omitempty"`
 }
 
+func (i Image) String() (ref string) {
+	if i.Registry != "" {
+		ref = i.Registry + "/"
+	}
+
+	if i.Registry != "" && i.Repository != "" && !strings.ContainsRune(i.Repository, '/') {
+		ref += "library/"
+	}
+	ref += i.Repository
+
+	if i.Tag != "" {
+		ref += ":" + i.Tag
+	}
+
+	return ref
+}
+
 type ImagePullSecretName struct {
 	// Name of the image pull secret to use.
 	Name string `json:"name,omitempty"`

config/config_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"gotest.tools/assert"
+	"gotest.tools/assert/cmp"
 )
 
 func TestConfig_Diff(t *testing.T) {
@@ -385,3 +386,89 @@ func TestConfig_IsProFeatureEnabled(t *testing.T) {
 		})
 	}
 }
+
+func TestImage_String(t *testing.T) {
+	testCases := []struct {
+		name     string
+		image    Image
+		expected string
+	}{
+		{
+			name: "complete image reference",
+			image: Image{
+				Registry:   "registry.k8s.io",
+				Repository: "coredns/coredns",
+				Tag:        "1.11.3",
+			},
+			expected: "registry.k8s.io/coredns/coredns:1.11.3",
+		},
+		{
+			name: "may omit registry",
+			image: Image{
+				Repository: "coredns/coredns",
+				Tag:        "1.11.3",
+			},
+			expected: "coredns/coredns:1.11.3",
+		},
+		{
+			name: "may omit registry and repo",
+			image: Image{
+				Repository: "alpine",
+				Tag:        "3.20",
+			},
+			expected: "alpine:3.20",
+		},
+		{
+			name: "may omit tag",
+			image: Image{
+				Repository: "alpine",
+			},
+			expected: "alpine",
+		},
+		{
+			name: "omit repo but not registry is library",
+			image: Image{
+				Registry:   "ghcr.io",
+				Repository: "alpine",
+				Tag:        "3.20",
+			},
+			expected: "ghcr.io/library/alpine:3.20",
+		},
+		{
+			name: "registry may have port",
+			image: Image{
+				Registry:   "host.docker.internal:5000",
+				Repository: "coredns/coredns",
+				Tag:        "1.11.3",
+			},
+			expected: "host.docker.internal:5000/coredns/coredns:1.11.3",
+		},
+		{
+			name: "registry with port and omit tag",
+			image: Image{
+				Registry:   "localhost:5000",
+				Repository: "coredns/coredns",
+			},
+			expected: "localhost:5000/coredns/coredns",
+		},
+		{
+			name:     "empty image is nil value",
+			image:    Image{},
+			expected: "",
+		},
+	}
+
+	for _, tt := range testCases {
+		t.Run("String(): "+tt.name, func(t *testing.T) {
+			if actual := tt.image.String(); actual != tt.expected {
+				t.Errorf("Expected %s, got %s", tt.expected, actual)
+			}
+		})
+
+		t.Run("ParseImageRef(): "+tt.name, func(t *testing.T) {
+			var image Image
+			ParseImageRef(tt.expected, &image)
+			assert.Check(t, cmp.DeepEqual(tt.image, image))
+		})
+	}
+}

config/default_extra_values.go

@@ -23,20 +23,23 @@ const (
 
 // K3SVersionMap holds the supported k3s versions
 var K3SVersionMap = map[string]string{
+	"1.33": "rancher/k3s:v1.33.1-k3s1",
 	"1.32": "rancher/k3s:v1.32.1-k3s1",
 	"1.31": "rancher/k3s:v1.31.1-k3s1",
 	"1.30": "rancher/k3s:v1.30.2-k3s1",
 }
 
 // K8SVersionMap holds the supported k8s api servers
 var K8SVersionMap = map[string]string{
+	"1.33": "ghcr.io/loft-sh/kubernetes:v1.33.1",
 	"1.32": "ghcr.io/loft-sh/kubernetes:v1.32.1",
 	"1.31": "ghcr.io/loft-sh/kubernetes:v1.31.1",
 	"1.30": "ghcr.io/loft-sh/kubernetes:v1.30.2",
 }
 
 // K8SEtcdVersionMap holds the supported etcd
 var K8SEtcdVersionMap = map[string]string{
+	"1.33": "registry.k8s.io/etcd:3.5.21-0",
 	"1.32": "registry.k8s.io/etcd:3.5.21-0",
 	"1.31": "registry.k8s.io/etcd:3.5.15-0",
 	"1.30": "registry.k8s.io/etcd:3.5.13-0",
@@ -87,26 +90,31 @@ func getExtraValues(options *ExtraValuesOptions) (*Config, error) {
 	return vConfig, nil
 }
 
-func SplitImage(image string) (string, string, string) {
-	imageSplitted := strings.Split(image, ":")
-	if len(imageSplitted) == 1 {
-		return "", "", ""
+func ParseImageRef(ref string, image *Image) {
+	*image = Image{}
+
+	splitRepoAndTag := func(s string) {
+		split := strings.SplitN(s, ":", 2)
+		switch len(split) {
+		case 1:
+			image.Repository = s
+		case 2:
+			image.Repository = split[0]
+			image.Tag = split[1]
+		}
+		image.Repository = strings.TrimPrefix(image.Repository, "library/")
 	}
 
-	// check if registry needs to be filled
-	registryAndRepository := strings.Join(imageSplitted[:len(imageSplitted)-1], ":")
-	parts := strings.Split(registryAndRepository, "/")
-	registry := ""
-	repository := strings.Join(parts, "/")
-	if len(parts) >= 2 && (strings.ContainsRune(parts[0], '.') || strings.ContainsRune(parts[0], ':')) {
-		// The first part of the repository is treated as the registry domain
-		// iff it contains a '.' or ':' character, otherwise it is all repository
-		// and the domain defaults to Docker Hub.
-		registry = parts[0]
-		repository = strings.Join(parts[1:], "/")
+	parts := strings.SplitN(ref, "/", 2)
+	switch {
+	case len(parts) == 1: // <repo>[:<tag>]
+		splitRepoAndTag(parts[0])
+	case strings.ContainsAny(parts[0], ".:"): // <registry>/<repo>[:<tag>]
+		image.Registry = parts[0]
+		splitRepoAndTag(parts[1])
+	default: // <repo/repo>[:<tag]
+		splitRepoAndTag(ref)
 	}
-
-	return registry, repository, imageSplitted[len(imageSplitted)-1]
 }
 
 func addCommonReleaseValues(config *Config, options *ExtraValuesOptions) {

config/legacyconfig/migrate.go

@@ -63,7 +63,7 @@ func migrateK8sAndEKS(oldValues string, newConfig *config.Config) error {
 		if oldConfig.API.ImagePullPolicy != "" {
 			newConfig.ControlPlane.Distro.K8S.ImagePullPolicy = oldConfig.API.ImagePullPolicy
 		}
-		convertImage(oldConfig.API.Image, &newConfig.ControlPlane.Distro.K8S.Image)
+		config.ParseImageRef(oldConfig.API.Image, &newConfig.ControlPlane.Distro.K8S.Image)
 	}
 	convertAPIValues(oldConfig.API, &newConfig.ControlPlane.Distro.K8S.APIServer)
 	convertControllerValues(oldConfig.Controller, &newConfig.ControlPlane.Distro.K8S.ControllerManager)
@@ -170,7 +170,7 @@ func convertEtcd(oldConfig EtcdValues, newConfig *config.Config) error {
 		newConfig.ControlPlane.BackingStore.Etcd.Deploy.StatefulSet.ImagePullPolicy = oldConfig.ImagePullPolicy
 	}
 	if oldConfig.Image != "" {
-		convertImage(oldConfig.Image, &newConfig.ControlPlane.BackingStore.Etcd.Deploy.StatefulSet.Image)
+		config.ParseImageRef(oldConfig.Image, &newConfig.ControlPlane.BackingStore.Etcd.Deploy.StatefulSet.Image)
 	}
 	newConfig.ControlPlane.BackingStore.Etcd.Deploy.StatefulSet.ExtraArgs = oldConfig.ExtraArgs
 	if oldConfig.Resources != nil {
@@ -668,7 +668,9 @@ func convertK8sSyncerConfig(distro string, oldConfig K8sSyncerValues, newConfig
 }
 
 func convertSyncerConfig(distro string, oldConfig SyncerValues, newConfig *config.Config) error {
-	convertStatefulSetImage(oldConfig.Image, &newConfig.ControlPlane.StatefulSet.Image)
+	if oldConfig.Image != "" {
+		config.ParseImageRef(oldConfig.Image, &newConfig.ControlPlane.StatefulSet.Image)
+	}
 	if oldConfig.ImagePullPolicy != "" {
 		newConfig.ControlPlane.StatefulSet.ImagePullPolicy = oldConfig.ImagePullPolicy
 	}
@@ -927,7 +929,7 @@ func migrateFlag(distro, key, value string, newConfig *config.Config) error {
 			return fmt.Errorf("value is missing")
 		}
 
-		newConfig.Sync.ToHost.Pods.RewriteHosts.InitContainer.Image = value
+		config.ParseImageRef(value, &newConfig.Sync.ToHost.Pods.RewriteHosts.InitContainer.Image)
 	case "cluster-domain":
 		if value == "" {
 			return fmt.Errorf("value is missing")
@@ -1109,7 +1111,9 @@ func applyStorage(oldConfig Storage, newConfig *config.Config) {
 
 func convertVClusterConfig(oldConfig VClusterValues, retDistroCommon *config.DistroCommon, retDistroContainer *config.DistroContainer, newConfig *config.Config) error {
 	retDistroCommon.Env = oldConfig.Env
-	convertImage(oldConfig.Image, &retDistroCommon.Image)
+	if oldConfig.Image != "" {
+		config.ParseImageRef(oldConfig.Image, &retDistroCommon.Image)
+	}
 	if len(oldConfig.Resources) > 0 {
 		retDistroCommon.Resources = mergeMaps(retDistroCommon.Resources, oldConfig.Resources)
 	}
@@ -1133,22 +1137,6 @@ func convertVClusterConfig(oldConfig VClusterValues, retDistroCommon *config.Dis
 	return nil
 }
 
-func convertStatefulSetImage(image string, into *config.StatefulSetImage) {
-	if image == "" {
-		return
-	}
-
-	into.Registry, into.Repository, into.Tag = config.SplitImage(image)
-}
-
-func convertImage(image string, into *config.Image) {
-	if image == "" {
-		return
-	}
-
-	into.Registry, into.Repository, into.Tag = config.SplitImage(image)
-}
-
 func mergeIntoMap(retMap map[string]string, arr []string) map[string]string {
 	if retMap == nil {
 		retMap = map[string]string{}