loft-sh
diff --git a/‎config/config.go
Lines changed: 108 additions & 23 deletions b/‎config/config.go
Lines changed: 108 additions & 23 deletions
diff --git a/‎config/config_test.go
Lines changed: 128 additions & 0 deletions b/‎config/config_test.go
Lines changed: 128 additions & 0 deletions
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/invopop/jsonschema"
+	yamlv3 "gopkg.in/yaml.v3"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -173,6 +174,10 @@ type Standalone struct {
 	// Enabled defines if standalone mode should be enabled.
 	Enabled bool `json:"enabled,omitempty"`
 
+	// SyncConfig allows controlling the vCluster config through a secret "vcluster-config" in the namespace "kube-system". vCluster will watch for changes in this secret and
+	// update the local config accordingly and restart vCluster if needed.
+	SyncConfig StandaloneSyncConfig `json:"syncConfig,omitempty"`
+
 	// DataDir defines the data directory for the standalone mode.
 	DataDir string `json:"dataDir,omitempty"`
 
@@ -186,13 +191,15 @@ type Standalone struct {
 	JoinNode StandaloneJoinNode `json:"joinNode,omitempty"`
 }
 
+type StandaloneSyncConfig struct {
+	// Enabled defines if config syncing should be enabled.
+	Enabled bool `json:"enabled,omitempty"`
+}
+
 type StandaloneJoinNode struct {
 	// Enabled defines if the standalone node should be joined into the cluster. If false, only the control plane binaries will be executed and no node will show up in the actual cluster.
 	Enabled bool `json:"enabled,omitempty"`
 
-	// Name defines the name of the standalone node. If empty the node will get the hostname as name.
-	Name string `json:"name,omitempty"`
-
 	JoinConfiguration `json:",inline"`
 }
 
@@ -376,8 +383,9 @@ type AutoUpgrade struct {
 }
 
 type Kubelet struct {
-	// CgroupDriver defines the cgroup driver to use for the kubelet.
-	CgroupDriver string `json:"cgroupDriver,omitempty"`
+	// Config is the config for the kubelet that will be merged into the default kubelet config. More information can be found here:
+	// https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration
+	Config map[string]interface{} `json:"config,omitempty"`
 }
 
 type KubeProxy struct {
@@ -404,6 +412,10 @@ type KubeProxy struct {
 
 	// ExtraArgs are additional arguments to pass to the kube-proxy.
 	ExtraArgs []string `json:"extraArgs,omitempty"`
+
+	// Config is the config for the kube-proxy that will be merged into the default kube-proxy config. More information can be found here:
+	// https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration
+	Config map[string]interface{} `json:"config,omitempty"`
 }
 
 type Konnectivity struct {
@@ -534,11 +546,17 @@ type ExternalSecrets struct {
 }
 
 type ExternalSecretsSync struct {
+	// ToHost defines what resources are synced from the virtual cluster to the host
+	ToHost ExternalSecretsSyncToHostConfig `json:"toHost,omitempty"`
+	// FromHost defines what resources are synced from the host cluster to the virtual cluster
+	FromHost ExternalSecretsSyncFromHostConfig `json:"fromHost,omitempty"`
 	// ExternalSecrets defines if external secrets should get synced from the virtual cluster to the host cluster.
 	ExternalSecrets EnableSwitch `json:"externalSecrets,omitempty"`
 	// Stores defines if secret stores should get synced from the virtual cluster to the host cluster and then bi-directionally.
+	// Deprecated: Use Integrations.ExternalSecrets.Sync.ToHost.Stores instead.
 	Stores EnableSwitch `json:"stores,omitempty"`
 	// ClusterStores defines if cluster secrets stores should get synced from the host cluster to the virtual cluster.
+	// Deprecated: Use Integrations.ExternalSecrets.Sync.FromHost.ClusterStores instead.
 	ClusterStores ClusterStoresSyncConfig `json:"clusterStores,omitempty"`
 }
 
@@ -548,6 +566,27 @@ type ClusterStoresSyncConfig struct {
 	Selector LabelSelector `json:"selector,omitempty"`
 }
 
+type ExternalSecretsSyncToHostConfig struct {
+	// ExternalSecrets allows to configure if only a subset of ExternalSecrets matching a label selector should get synced from the virtual cluster to the host cluster.
+	ExternalSecrets SelectorConfig `json:"externalSecrets,omitempty"`
+	// Stores defines if secret stores should get synced from the virtual cluster to the host cluster and then bi-directionally.
+	Stores EnableSwitchSelector `json:"stores,omitempty"`
+}
+
+type ExternalSecretsSyncFromHostConfig struct {
+	// ClusterStores defines if cluster secrets stores should get synced from the host cluster to the virtual cluster.
+	ClusterStores EnableSwitchSelector `json:"clusterStores,omitempty"`
+}
+
+type SelectorConfig struct {
+	Selector StandardLabelSelector `json:"selector,omitempty"`
+}
+
+type EnableSwitchSelector struct {
+	SelectorConfig
+	EnableSwitch
+}
+
 type LabelSelector struct {
 	// Labels defines what labels should be looked for
 	Labels map[string]string `json:"labels,omitempty"`
@@ -835,6 +874,10 @@ func (c *Config) IsProFeatureEnabled() bool {
 		return true
 	}
 
+	if c.PrivateNodes.Enabled {
+		return true
+	}
+
 	return false
 }
 
@@ -1278,7 +1321,7 @@ type SyncRewriteHosts struct {
 
 type SyncRewriteHostsInitContainer struct {
 	// Image is the image virtual cluster should use to rewrite this FQDN.
-	Image string `json:"image,omitempty"`
+	Image Image `json:"image,omitempty"`
 
 	// Resources are the resources that should be assigned to the init container for each stateful set init container.
 	Resources Resources `json:"resources,omitempty"`
@@ -1572,7 +1615,9 @@ type ControlPlaneStatefulSet struct {
 	Pods LabelsAndAnnotations `json:"pods,omitempty"`
 
 	// Image is the image for the controlPlane statefulSet container
-	Image StatefulSetImage `json:"image,omitempty"`
+	// It defaults to the vCluster pro repository that includes the optional pro modules that are turned off by default.
+	// If you still want to use the pure OSS build, set the repository to 'loft-sh/vcluster-oss'.
+	Image Image `json:"image,omitempty"`
 
 	// ImagePullPolicy is the policy how to pull the image.
 	ImagePullPolicy string `json:"imagePullPolicy,omitempty"`
@@ -1629,7 +1674,7 @@ type DistroK8s struct {
 	// ControllerManager holds configuration specific to starting the controller manager.
 	ControllerManager DistroContainerEnabled `json:"controllerManager,omitempty"`
 
-	// Scheduler holds configuration specific to starting the scheduler. Enable this via controlPlane.advanced.virtualScheduler.enabled
+	// Scheduler holds configuration specific to starting the scheduler.
 	Scheduler DistroContainerEnabled `json:"scheduler,omitempty"`
 
 	DistroCommon `json:",inline"`
@@ -1670,20 +1715,6 @@ type DistroContainerEnabled struct {
 	ExtraArgs []string `json:"extraArgs,omitempty"`
 }
 
-type StatefulSetImage struct {
-	// Configure the registry of the container image, e.g. my-registry.com or ghcr.io
-	// It defaults to ghcr.io and can be overriding either by using this field or controlPlane.advanced.defaultImageRegistry
-	Registry string `json:"registry,omitempty"`
-
-	// Configure the repository of the container image, e.g. my-repo/my-image.
-	// It defaults to the vCluster pro repository that includes the optional pro modules that are turned off by default.
-	// If you still want to use the pure OSS build, use 'loft-sh/vcluster-oss' instead.
-	Repository string `json:"repository,omitempty"`
-
-	// Tag is the tag of the container image, e.g. latest
-	Tag string `json:"tag,omitempty"`
-}
-
 type Image struct {
 	// Registry is the registry of the container image, e.g. my-registry.com or ghcr.io. This setting can be globally
 	// overridden via the controlPlane.advanced.defaultImageRegistry option. Empty means docker hub.
@@ -1692,10 +1723,64 @@ type Image struct {
 	// Repository is the repository of the container image, e.g. my-repo/my-image
 	Repository string `json:"repository,omitempty"`
 
-	// Tag is the tag of the container image, e.g. latest. If set to the default, it will use the host Kubernetes version.
+	// Tag is the tag of the container image, and is the default version.
 	Tag string `json:"tag,omitempty"`
 }
 
+// UnmarshalJSON makes the schema change from string to Image backwards compatible
+func (i *Image) UnmarshalJSON(data []byte) error {
+	var str string
+	if err := json.Unmarshal(data, &str); err == nil {
+		ParseImageRef(str, i)
+		return nil
+	}
+
+	type Alias Image
+	var aux Alias
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+	*i = Image(aux)
+	return nil
+}
+
+// UnmarshalYAML makes the schema change from string to Image backwards compatible
+func (i *Image) UnmarshalYAML(node *yamlv3.Node) error {
+	if node.Kind == yamlv3.ScalarNode {
+		ParseImageRef(node.Value, i)
+		return nil
+	}
+
+	type Alias Image
+	var aux Alias
+	if err := node.Decode(&aux); err != nil {
+		return err
+	}
+	*i = Image(aux)
+	return nil
+}
+
+func (i *Image) String() (ref string) {
+	if i == nil {
+		return
+	}
+
+	if i.Registry != "" {
+		ref = i.Registry + "/"
+	}
+
+	if i.Registry != "" && i.Repository != "" && !strings.ContainsRune(i.Repository, '/') {
+		ref += "library/"
+	}
+	ref += i.Repository
+
+	if i.Tag != "" {
+		ref += ":" + i.Tag
+	}
+
+	return ref
+}
+
 type ImagePullSecretName struct {
 	// Name of the image pull secret to use.
 	Name string `json:"name,omitempty"`
 
@@ -6,6 +6,8 @@ import (
 	"testing"
 
 	"gotest.tools/assert"
+	"gotest.tools/assert/cmp"
+	"sigs.k8s.io/yaml"
 )
 
 func TestConfig_Diff(t *testing.T) {
@@ -385,3 +387,129 @@ func TestConfig_IsProFeatureEnabled(t *testing.T) {
 		})
 	}
 }
+
+// We changed sync.toHost.pods.rewriteHosts.initContainer.image from a string to an object in 0.27.0.
+// We parse the previously used config on upgrade, so it must be backwards compatible.
+func TestImage_UnmarshalYAML(t *testing.T) {
+	tests := []struct {
+		name     string
+		yaml     string
+		expected Image
+	}{
+		{
+			name: "image as object",
+			yaml: `registry: registry:5000
+repository: some/repo
+tag: sometag`,
+			expected: Image{
+				Registry:   "registry:5000",
+				Repository: "some/repo",
+				Tag:        "sometag",
+			},
+		},
+		{
+			name: "image as string",
+			yaml: "registry:5000/some/repo:sometag",
+			expected: Image{
+				Registry:   "registry:5000",
+				Repository: "some/repo",
+				Tag:        "sometag",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var actual Image
+			err := yaml.Unmarshal([]byte(tt.yaml), &actual)
+			assert.NilError(t, err)
+			assert.DeepEqual(t, actual, tt.expected)
+		})
+	}
+}
+
+func TestImage_String(t *testing.T) {
+	testCases := []struct {
+		name     string
+		image    Image
+		expected string
+	}{
+		{
+			name: "complete image reference",
+			image: Image{
+				Registry:   "registry.k8s.io",
+				Repository: "coredns/coredns",
+				Tag:        "1.11.3",
+			},
+			expected: "registry.k8s.io/coredns/coredns:1.11.3",
+		},
+		{
+			name: "may omit registry",
+			image: Image{
+				Repository: "coredns/coredns",
+				Tag:        "1.11.3",
+			},
+			expected: "coredns/coredns:1.11.3",
+		},
+		{
+			name: "may omit registry and repo",
+			image: Image{
+				Repository: "alpine",
+				Tag:        "3.20",
+			},
+			expected: "alpine:3.20",
+		},
+		{
+			name: "may omit tag",
+			image: Image{
+				Repository: "alpine",
+			},
+			expected: "alpine",
+		},
+		{
+			name: "omit repo but not registry is library",
+			image: Image{
+				Registry:   "ghcr.io",
+				Repository: "alpine",
+				Tag:        "3.20",
+			},
+			expected: "ghcr.io/library/alpine:3.20",
+		},
+		{
+			name: "registry may have port",
+			image: Image{
+				Registry:   "host.docker.internal:5000",
+				Repository: "coredns/coredns",
+				Tag:        "1.11.3",
+			},
+			expected: "host.docker.internal:5000/coredns/coredns:1.11.3",
+		},
+		{
+			name: "registry with port and omit tag",
+			image: Image{
+				Registry:   "localhost:5000",
+				Repository: "coredns/coredns",
+			},
+			expected: "localhost:5000/coredns/coredns",
+		},
+		{
+			name:     "empty image is nil value",
+			image:    Image{},
+			expected: "",
+		},
+	}
+
+	for _, tt := range testCases {
+		t.Run("String(): "+tt.name, func(t *testing.T) {
+			if actual := tt.image.String(); actual != tt.expected {
+				t.Errorf("Expected %s, got %s", tt.expected, actual)
+			}
+		})
+
+		t.Run("ParseImageRef(): "+tt.name, func(t *testing.T) {
+			var image Image
+			ParseImageRef(tt.expected, &image)
+			assert.Check(t, cmp.DeepEqual(tt.image, image))
+		})
+	}
+}