Merge branch 'master' into machine-config-harvester-vgpu

Author: walkafwalka

docs/guides/apps_marketplace.md

@@ -189,6 +189,59 @@ resource "rancher2_app_v2" "rancher-istio" {
 }
 ```
 
+* `prometheus-federator` - Deploy Prometheus Federator
+
+```hcl
+resource "rancher2_app_v2" "prometheus-federator" {  
+  cluster_id = "<CLUSTER_ID>"
+  name = "prometheus-federator"
+  namespace = "cattle-monitoring-system"
+  repo_name = "rancher-charts"
+  chart_name = "prometheus-federator"
+  chart_version = "104.0.2+up0.4.2" 
+  values = <<EOF
+global:
+  cattle:
+    clusterId: <CLUSTER_ID>
+    projectLabel: field.cattle.io/projectId
+    psp:
+      enabled: false
+    systemDefaultRegistry: registry.rancher.com
+    systemProjectId: <PROJECT_ID>
+    url: <RANCHER_SERVER_URL>
+    clusterName: custom
+    rkePathPrefix: ''
+    rkeWindowsPathPrefix: ''
+  imagePullSecrets: []
+  rbac:
+    pspAnnotations: {}
+    pspEnabled: true
+  systemDefaultRegistry: registry.rancher.com
+EOF
+}
+
+# About the variables of the values.yaml file
+#
+# CLUSTER_ID
+# When viewing a specific cluster in the Rancher UI, the cluster ID (formatted as c-xxxxx) is visible in the browser's URL bar
+# You can also get the ID through Rancher API:
+#
+#  curl -s "https://${RANCHER_SERVER}/v3/clusters?name=${CLUSTER_NAME}" \
+#  -H 'content-type: application/json' \
+#  -H "Authorization: Bearer $APITOKEN" \
+#  --insecure | jq -r .data[0].id
+#
+#
+# PROJECT_ID
+# Go to Cluster Management>Explore>Cluster>Projects/Namespaces 
+# then go to the ellipsis button (three dots) to the right of the project name and select "View YAML." 
+# In the displayed YAML, the metadata.name field contains the Rancher Project ID (formatted as p-xxxxx)
+#
+#
+# RANCHER_SERVER_URL
+# It's the protocol and hostname of your Rancher server, e.g. https://rancher.my.org, configured during the installation with Helm
+```
+
 * `rancher-cis-benchmark` - Deploy Rancher cis benchmark
 
 ```hcl

docs/resources/cluster.md

@@ -22,6 +22,8 @@ resource "rancher2_cluster" "foo-imported" {
 
 ### Creating Rancher v2 imported cluster with custom configuration. For Rancher v2.11.x and above.
 
+This configuration can be used to indicate that system images (such as the rancher-agent) should be pulled from an unauthenticated private registry. This can be used for all imported cluster types, including imported hosted clusters (AKS, EKS, GKE).
+
 ```hcl
 # Create a new rancher2 imported Cluster with custom configuration 
 resource "rancher2_cluster" "foo-imported" {
@@ -411,6 +413,32 @@ resource "rancher2_cluster" "foo" {
 }
 ```
 
+### Importing EKS cluster to Rancher v2, using `eks_config_v2`, while specifying an unauthenticated private registry. For Rancher v2.11.0 and above.
+
+```hcl
+resource "rancher2_cloud_credential" "foo" {
+  name = "foo"
+  description = "foo test"
+  amazonec2_credential_config {
+    access_key = "<aws-access-key>"
+    secret_key = "<aws-secret-key>"
+  }
+}
+resource "rancher2_cluster" "foo" {
+  name = "foo"
+  description = "Terraform EKS cluster"
+  eks_config_v2 {
+    cloud_credential_id = rancher2_cloud_credential.foo.id
+    name = "<cluster-name>"
+    region = "<eks-region>"
+    imported = true
+  }
+  imported_config {
+    private_registry_url = <private_registry>
+  }
+}
+```
+
 ### Creating EKS cluster from Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above.
 
 ```hcl
@@ -509,6 +537,32 @@ resource "rancher2_cluster" "foo" {
 }
 ```
 
+### Importing GKE cluster from Rancher v2, using `gke_config_v2`, while specifying an unauthenticated private registry. For Rancher v2.11.0 above.
+
+```hcl
+resource "rancher2_cloud_credential" "foo-google" {
+  name = "foo-google"
+  description= "Terraform cloudCredential acceptance test"
+  google_credential_config {
+    auth_encoded_json = file(<GOOGLE_AUTH_ENCODED_JSON>)
+  }
+}
+
+resource "rancher2_cluster" "foo" {
+  name = "foo"
+  description = "Terraform imported GKE cluster"
+  gke_config_v2 {
+    name = "foo"
+    google_credential_secret = rancher2_cloud_credential.foo-google.id
+    region = <region> # Zone argument could also be used instead of region
+    project_id = <project-id>
+    imported = true
+  }
+  imported_config {
+    private_registry_url = <private_registry>
+  }
+}
+```
 ### Creating GKE cluster from Rancher v2, using `gke_config_v2`. For Rancher v2.5.8 and above.
 
 **Note:** At the moment, routed-based GKE clusters are not supported due to [rancher/issues/32585](https://github.com/rancher/rancher/issues/32585)
@@ -568,6 +622,34 @@ resource "rancher2_cluster" "foo" {
 }
 ```
 
+### Importing AKS cluster from Rancher v2, using `aks_config_v2`, while specifying an unauthenticated private registry. For Rancher v2.11.0 and above.
+
+```hcl
+resource "rancher2_cloud_credential" "foo-aks" {
+  name = "foo-aks"
+  azure_credential_config {
+    client_id = "<client-id>"
+    client_secret = "<client-secret>"
+    subscription_id = "<subscription-id>"
+  }
+}
+# For imported AKS clusters, don't add any other aks_config_v2 field
+resource "rancher2_cluster" "foo" {
+  name = <cluster-name>
+  description = "Terraform AKS cluster"
+  aks_config_v2 {
+    cloud_credential_id = rancher2_cloud_credential.foo-aks.id
+    resource_group = "<resource-group>"
+    resource_location = "<resource-location"
+    imported = true
+  }
+  imported_config {
+    private_registry_url = "<private_registry>"
+  }
+}
+```
+
+
 ### Creating AKS cluster from Rancher v2, using `aks_config_v2`. For Rancher v2.6.0 and above.
 
 ```hcl

rancher2/data_source_rancher2_cluster.go

@@ -170,6 +170,13 @@ func dataSourceRancher2Cluster() *schema.Resource {
 				Type:     schema.TypeMap,
 				Computed: true,
 			},
+			"imported_config": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: clusterImportedConfigFields(),
+				},
+			},
 		},
 	}
 }

rancher2/import_rancher2_namespace.go

@@ -19,7 +19,7 @@ func resourceRancher2NamespaceImport(d *schema.ResourceData, meta interface{}) (
 
 	client, err := meta.(*Config).ClusterClient(clusterID)
 	if err != nil {
-		log.Printf("[INFO] Problem getting cluster client for cluster with id \"%s\"", clusterID)
+		log.Printf("[ERROR] Problem getting cluster client for cluster with id \"%s\"", clusterID)
 		return []*schema.ResourceData{}, err
 	}
 

rancher2/resource_rancher2_cluster.go

@@ -48,6 +48,15 @@ func resourceRancher2Cluster() *schema.Resource {
 				}
 			}
 
+			// Allow the configuration of the imported_config field only if the
+			// cluster is an imported generic cluster or an imported hosted cluster (e.g. AKS, GKE, EKS).
+			// Previously defined 'conflictsWith' entries already handle other cluster types (rke, rke2, k3s)
+			// so they do not need to be reconsidered here.
+			importCnf, ok := d.Get("imported_config").([]interface{})
+			if ok && len(importCnf) > 0 && !isImportedCluster(d) {
+				return fmt.Errorf("The rancher2_cluster.imported_config field can only be used when working with generic imported clusters or imported hosted clusters (e.g. AKS, GKE, EKS)")
+			}
+
 			return nil
 		},
 		Schema:        clusterFields(),
@@ -547,7 +556,11 @@ func isKubeConfigValid(c *Config, config string) (string, bool, error) {
 	if err != nil {
 		return "", false, fmt.Errorf("checking Kubeconfig: %v", err)
 	}
-	_, err = kubernetes.NewForConfig(kubeconfig)
+	client, err := kubernetes.NewForConfig(kubeconfig)
+	if err != nil {
+		return token, false, nil
+	}
+	_, err = client.DiscoveryClient.ServerVersion()
 	if err != nil {
 		return token, false, nil
 	}
@@ -671,3 +684,32 @@ func getClusterKubeconfig(c *Config, id, origconfig string) (*managementClient.G
 		}
 	}
 }
+
+func isImportedCluster(d *schema.ResourceDiff) bool {
+	eks := d.Get("eks_config_v2")
+	newEksArray, ok := eks.([]interface{})
+	isEks := ok && len(newEksArray) > 0
+	if isEks {
+		return expandClusterEKSConfigV2(newEksArray).Imported
+	}
+
+	gke := d.Get("gke_config_v2")
+	newGkeArray, ok := gke.([]interface{})
+	isGke := ok && len(newGkeArray) > 0
+	if isGke {
+		return expandClusterGKEConfigV2(newGkeArray).Imported
+	}
+
+	aks := d.Get("aks_config_v2")
+	newAksArray, ok := aks.([]interface{})
+	isAks := ok && len(newAksArray) > 0
+	if isAks {
+		return expandClusterAKSConfigV2(newAksArray).Imported
+	}
+
+	// if this is a generic imported cluster,
+	// we should always allow for the field to be used.
+	// Other non-imported cluster types (rke, rke2, k3s, etc.)
+	// are already being blocked via the static ConflictsWith field.
+	return true
+}

rancher2/schema_cluster.go

@@ -335,7 +335,7 @@ func clusterFields() map[string]*schema.Schema {
 			MaxItems:      1,
 			Optional:      true,
 			Computed:      true,
-			ConflictsWith: []string{"aks_config_v2", "gke_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config", "imported_config"},
+			ConflictsWith: []string{"aks_config_v2", "gke_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config"},
 			Elem: &schema.Resource{
 				Schema: clusterEKSConfigV2Fields(),
 			},
@@ -344,7 +344,7 @@ func clusterFields() map[string]*schema.Schema {
 			Type:          schema.TypeList,
 			MaxItems:      1,
 			Optional:      true,
-			ConflictsWith: []string{"eks_config_v2", "gke_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config", "imported_config"},
+			ConflictsWith: []string{"eks_config_v2", "gke_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config"},
 			Elem: &schema.Resource{
 				Schema: clusterAKSConfigV2Fields(),
 			},
@@ -353,7 +353,7 @@ func clusterFields() map[string]*schema.Schema {
 			Type:          schema.TypeList,
 			MaxItems:      1,
 			Optional:      true,
-			ConflictsWith: []string{"aks_config_v2", "eks_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config", "imported_config"},
+			ConflictsWith: []string{"aks_config_v2", "eks_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config"},
 			Elem: &schema.Resource{
 				Schema: clusterGKEConfigV2Fields(),
 			},
@@ -371,7 +371,7 @@ func clusterFields() map[string]*schema.Schema {
 			Type:          schema.TypeList,
 			MaxItems:      1,
 			Optional:      true,
-			ConflictsWith: []string{"aks_config_v2", "eks_config_v2", "gke_config_v2", "k3s_config", "rke_config", "oke_config", "rke2_config"},
+			ConflictsWith: []string{"k3s_config", "rke_config", "oke_config", "rke2_config"},
 			Elem: &schema.Resource{
 				Schema: clusterImportedConfigFields(),
 			},

rancher2/schema_cluster_eks_config_v2.go

@@ -58,7 +58,7 @@ func clusterEKSConfigV2NodeGroupsLaunchTemplateFields() map[string]*schema.Schem
 		"version": {
 			Type:        schema.TypeInt,
 			Optional:    true,
-			Default:     1,
+			Computed:    true,
 			Description: "The EKS node group launch template version",
 		},
 	}

rancher2/schema_cluster_v2_rke_config_machine_pool.go

@@ -1,8 +1,6 @@
 package rancher2
 
 import (
-	"strings"
-
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/rancher/rancher/pkg/capr"
@@ -154,26 +152,24 @@ func clusterV2RKEConfigMachinePoolFields() map[string]*schema.Schema {
 		"machine_labels": {
 			Type:        schema.TypeMap,
 			Optional:    true,
-			Computed:    true,
-			Description: "Labels of the machine",
-			DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
-				// Suppressing diff for labels containing cattle.io/
-				if (strings.Contains(k, commonAnnotationLabelCattle) || strings.Contains(k, commonAnnotationLabelRancher)) && new == "" {
-					return true
-				}
-				return false
-			},
+			Description: "Labels for the machine pool nodes",
 		},
 		"hostname_length_limit": {
 			Type:         schema.TypeInt,
 			Optional:     true,
 			Description:  "maximum length for autogenerated hostname",
 			ValidateFunc: validation.IntBetween(capr.MinimumHostnameLengthLimit, capr.MaximumHostnameLengthLimit),
 		},
-	}
-
-	for k, v := range commonAnnotationLabelFields() {
-		s[k] = v
+		"annotations": {
+			Type:        schema.TypeMap,
+			Optional:    true,
+			Description: "Annotations for the MachineDeployment object",
+		},
+		"labels": {
+			Type:        schema.TypeMap,
+			Optional:    true,
+			Description: "Labels for the MachineDeployment object",
+		},
 	}
 
 	return s