Add backup s3 and powerdns extensions (#356)

control-plane/roles/gardener/README.md

@@ -96,10 +96,14 @@ This includes the metal-stack extension provider called [gardener-extension-prov
 | gardener_extension_networking_cilium_enabled                 |           | If enabled, deploys the gardener-networking-extension-cilium                                                                                |
 | gardener_extension_shoot_cert_service_enabled                |           | If enabled, deploys the gardener-extension-shoot-cert-service                                                                               |
 | gardener_extension_shoot_dns_service_enabled                 |           | If enabled, deploys the gardener-extension-shoot-dns-service                                                                                |
+| gardener_extension_backup_s3_enabled                         |           | If enabled, deploys the gardener-extension-backup-s3                                                                                        |
+| gardener_extension_dns_powerdns_enabled                      |           | If enabled, deploys the gardener-extension-dns-powerdns                                                                                     |
 | gardener_os_controller_repo_ref                              |           | A repo reference for deploying the [os-metal-extension](https://github.com/metal-stack/os-metal-extension/)                                 |
 | gardener_networking_cilium_repo_ref                          |           | A repo reference for deploying the [gardener-extension-networking-cilium](https://github.com/gardener/gardener-extension-networking-cilium) |
 | gardener_extension_provider_metal_repo_ref                   |           | A repo reference for deploying the [gardener-extension-provider-metal](https://github.com/metal-stack/gardener-extension-provider-metal)    |
 | gardener_shoot_dns_service_repo_ref                          |           | A repo reference for deploying the [gardener-extension-shoot-dns-service](https://github.com/gardener/gardener-extension-shoot-dns-service) |
+| gardener_extension_backup_s3_repo_ref                        |           | A repo reference for deploying the [gardener-extension-backup-s3](https://github.com/metal-stack/gardener-extension-backup-s3)              |
+| gardener_extension_dns_powerdns_repo_ref                     |           | A repo reference for deploying the [gardener-extension-dns-powerdns](https://github.com/metal-stack/gardener-extension-dns-powerdns)        |
 | gardener_metal_admission_replicas                            |           | Specifies the amount of metal-admission webhook replicas                                                                                    |
 | gardener_metal_admission_vpa                                 |           | Enables the VPA for the metal-admission webhook                                                                                             |
 | gardener_extension_provider_metal_cluster_audit_enabled      |           | Enables the audit functionality of the GEPM                                                                                                 |
@@ -122,6 +126,10 @@ This includes the metal-stack extension provider called [gardener-extension-prov
 | gardener_shoot_dns_service_image_vector_overwrite            |           | Allows overriding the image vector for the shoot-dns-service extension                                                                      |
 | gardener_shoot_dns_service_dns_controller_manager_image_name |           | Setting an explicit image name for the dns-controller-manager                                                                               |
 | gardener_shoot_dns_service_dns_controller_manager_image_tag  |           | Setting an explicit image tag for the dns-controller-manager                                                                                |
+| gardener_extension_backup_s3_image_name                      |           | Setting an explicit image name for the gardener-extension-backup-s3                                                                         |
+| gardener_extension_backup_s3_image_tag                       |           | Setting an explicit image tag for the gardener-extension-backup-s3                                                                          |
+| gardener_extension_dns_powerdns_image_name                   |           | Setting an explicit image name for the gardener-extension-dns-powerdns                                                                      |
+| gardener_extension_dns_powerdns_image_tag                    |           | Setting an explicit image tag for the  gardener-extension-dns-powerdns                                                                      |
 
 ### Certificates
 

control-plane/roles/gardener/defaults/main/extensions.yaml

@@ -6,11 +6,15 @@ gardener_extension_provider_gcp_enabled: true
 gardener_extension_provider_metal_enabled: true
 gardener_extension_shoot_cert_service_enabled: true
 gardener_extension_shoot_dns_service_enabled: true
+gardener_extension_dns_powerdns_enabled: false
+gardener_extension_backup_s3_enabled: false
 
 gardener_extension_provider_metal_repo_ref: "{{ gardener_extension_provider_metal_image_tag }}"
 gardener_networking_cilium_repo_ref: "gardener/gardener-extension-networking-cilium/{{ gardener_networking_cilium_image_tag }}"
 gardener_os_controller_repo_ref: "{{ gardener_os_controller_image_tag }}"
 gardener_shoot_dns_service_repo_ref: "gardener/gardener-extension-shoot-dns-service/{{ gardener_shoot_dns_service_image_tag }}"
+gardener_extension_backup_s3_repo_ref: "metal-stack/gardener-extension-backup-s3/{{ gardener_extension_backup_s3_image_tag }}"
+gardener_extension_dns_powerdns_repo_ref: "metal-stack/gardener-extension-dns-powerdns/{{ gardener_extension_dns_powerdns_image_tag }}"
 
 gardener_metal_admission_replicas: 1
 gardener_metal_admission_vpa: true

control-plane/roles/gardener/tasks/extensions.yaml

@@ -100,3 +100,32 @@
     - controller-deployment.yaml
     - controller-registration.yaml
   when: gardener_extension_shoot_dns_service_enabled
+
+- name: "Register controller: dns powerdns"
+  k8s:
+    definition: "{{ lookup('template', 'powerdns/{{ item }}', split_lines=False) }}"
+    kubeconfig: "{{ gardener_kube_apiserver_kubeconfig_path }}"
+    apply: yes
+  register: result
+  until: result is success
+  retries: 10
+  delay: 6
+  loop:
+    - controller-deployment.yaml
+    - controller-registration.yaml
+  when: gardener_extension_dns_powerdns_enabled
+
+- name: "Register controller: backup s3"
+  k8s:
+    definition: "{{ lookup('template', 'backup-s3/{{ item }}', split_lines=False) }}"
+    kubeconfig: "{{ gardener_kube_apiserver_kubeconfig_path }}"
+    apply: yes
+  tags: shoot-dns-service
+  register: result
+  until: result is success
+  retries: 10
+  delay: 6
+  loop:
+    - controller-deployment.yaml
+    - controller-registration.yaml
+  when: gardener_extension_backup_s3_enabled

control-plane/roles/gardener/templates/backup-s3/controller-deployment.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: core.gardener.cloud/v1
+kind: ControllerDeployment
+metadata:
+  name: backup-s3
+helm:
+  rawChart: "{{ (lookup('url', 'https://raw.githubusercontent.com/' + gardener_extension_backup_s3_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].helm.rawChart }}"
+  values:
+    image:
+      repository: "{{ gardener_extension_backup_s3_image_name }}"
+      tag: "{{ gardener_extension_backup_s3_image_tag }}"

control-plane/roles/gardener/templates/backup-s3/controller-registration.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: core.gardener.cloud/v1beta1
+kind: ControllerRegistration
+metadata:
+  name: backup-s3
+  annotations:
+    security.gardener.cloud/pod-security-enforce: baseline
+spec:
+  deployment:
+    deploymentRefs:
+    - name: backup-s3
+  resources:
+  - kind: BackupBucket
+    type: S3
+  - kind: BackupEntry
+    type: S3

control-plane/roles/gardener/templates/powerdns/controller-deployment.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: core.gardener.cloud/v1
+kind: ControllerDeployment
+metadata:
+  name: powerdns
+helm:
+  rawChart: "{{ (lookup('url', 'https://raw.githubusercontent.com/' + gardener_extension_dns_powerdns_repo_ref + '/example/controller-registration.yaml', split_lines=False) | from_yaml_all | list)[0].helm.rawChart }}"
+  values:
+    image:
+      repository: "{{ gardener_extension_dns_powerdns_image_name }}"
+      tag: "{{ gardener_extension_dns_powerdns_image_tag }}"

control-plane/roles/gardener/templates/powerdns/controller-registration.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: core.gardener.cloud/v1beta1
+kind: ControllerRegistration
+metadata:
+  name: powerdns
+  annotations:
+    security.gardener.cloud/pod-security-enforce: baseline
+spec:
+  deployment:
+    deploymentRefs:
+    - name: powerdns
+  resources:
+  - kind: DNSRecord
+    type: powerdns

defaults/main.yaml

@@ -58,6 +58,10 @@ metal_stack_release:
     gardener_mcm_provider_metal_image_tag: "docker-images.metal-stack.gardener.machine-controller-manager-provider-metal.tag"
     gardener_extension_audit_image_name: "docker-images.metal-stack.gardener.gardener-extension-audit.name"
     gardener_extension_audit_image_tag: "docker-images.metal-stack.gardener.gardener-extension-audit.tag"
+    gardener_extension_backup_s3_image_tag: "docker-images.metal-stack.gardener.gardener-extension-backup-s3.tag"
+    gardener_extension_backup_s3_image_name: "docker-images.metal-stack.gardener.gardener-extension-backup-s3.name"
+    gardener_extension_dns_powerdns_image_tag: "docker-images.metal-stack.gardener.gardener-extension-dns-powerdns.tag"
+    gardener_extension_dns_powerdns_image_name: "docker-images.metal-stack.gardener.gardener-extension-dns-powerdns.name"
     # kubernetes
     csi_lvm_controller_image_tag: "docker-images.metal-stack.kubernetes.csi-lvm-controller.tag"
     csi_lvm_controller_image_name: "docker-images.metal-stack.kubernetes.csi-lvm-controller.name"