d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee551e1c0bea1bdd5a62f04416380e47e5a86f9d
Sankofa/crossplane-provider-proxmox/README.md
defiQUG 7cd7022f6e Update .gitignore, remove package-lock.json, and enhance Cloudflare and Proxmox adapters 
- Added lock file exclusions for pnpm in .gitignore.
- Removed obsolete package-lock.json from the api and portal directories.
- Enhanced Cloudflare adapter with additional interfaces for zones and tunnels.
- Improved Proxmox adapter error handling and logging for API requests.
- Updated Proxmox VM parameters with validation rules in the API schema.
- Enhanced documentation for Proxmox VM specifications and examples.
2025-12-12 19:29:01 -08:00

9.1 KiB
Raw Blame History

Crossplane Provider for Proxmox

A custom Crossplane provider that enables provisioning and management of Proxmox VE resources through Kubernetes.

Features

  • Virtual Machine Management: Create, update, delete VMs
  • Storage Management: Manage storage pools and volumes
  • Network Management: Configure network bridges and interfaces
  • Multi-Site Support: Manage multiple Proxmox clusters
  • Status Reporting: Real-time VM status and IP addresses
  • Reconciliation: Automatic drift detection and correction
  • Retry Logic: Automatic retry for transient failures
  • Error Handling: Comprehensive error handling and reporting

Architecture

crossplane-provider-proxmox/
├── apis/                    # CRD API definitions
│   └── v1alpha1/           # API version
├── pkg/                     # Provider implementation
│   ├── controller/         # Crossplane controllers
│   ├── proxmox/            # Proxmox API client
│   └── managed/            # Managed resource types
├── config/                 # Deployment manifests
│   └── crd/                # CRD definitions
└── examples/               # Usage examples

Installation

Prerequisites

  • Kubernetes cluster with Crossplane installed
  • Proxmox VE cluster with API access
  • Go 1.21+ for building

Build and Install

# Build the provider
make build

# Install CRDs
kubectl apply -f config/crd/bases/

# Deploy the provider
kubectl apply -f config/provider.yaml

# Create ProviderConfig
kubectl apply -f examples/provider-config.yaml

Configuration

Module Path

IMPORTANT: Before building, update the module path in go.mod:

module github.com/sankofa/crossplane-provider-proxmox

Provider Configuration

apiVersion: proxmox.sankofa.nexus/v1alpha1
kind: ProviderConfig
metadata:
  name: proxmox-provider-config
spec:
  credentials:
    source: Secret
    secretRef:
      name: proxmox-credentials
      namespace: crossplane-system
      key: credentials.json
  sites:
    - name: us-sfvalley
      endpoint: https://ml110-01.sankofa.nexus:8006
      node: ML110-01
    - name: eu-west-1
      endpoint: https://r630-01.sankofa.nexus:8006
      node: R630-01

Create a Virtual Machine

apiVersion: proxmox.sankofa.nexus/v1alpha1
kind: ProxmoxVM
metadata:
  name: web-server-01
spec:
  forProvider:
    node: pve1
    name: web-server-01
    cpu: 4
    memory: 8Gi
    disk: 100Gi
    storage: local-lvm
    network: vmbr0
    image: ubuntu-22.04-cloud
    site: us-sfvalley
  providerConfigRef:
    name: proxmox-provider-config

API Reference

ProxmoxVM

Manages a Proxmox virtual machine.

Spec:

  • node: Proxmox node to deploy on (required)
  • name: VM name (required, see validation rules below)
  • cpu: Number of CPU cores (required, min: 1, max: 1024, default: 2)
  • memory: Memory size (required, see validation rules below)
  • disk: Disk size (required, see validation rules below)
  • storage: Storage pool name (default: "local-lvm")
  • network: Network bridge (default: "vmbr0", see validation rules below)
  • image: OS template/image (required, see validation rules below)
  • site: Site identifier (required, must match ProviderConfig)
  • userData: Optional cloud-init user data in YAML format

Status:

  • vmId: Proxmox VM ID
  • state: VM state (running, stopped, etc.)
  • ipAddress: VM IP address
  • conditions: Resource conditions

Validation Rules

The provider includes comprehensive input validation:

VM Name

  • Length: 1-100 characters
  • Characters: Alphanumeric, hyphen, underscore, dot, space
  • Restrictions: Cannot start or end with spaces
  • Example: "web-server-01", "vm.001", "my vm"

Memory

  • Format: Supports Gi, Mi, Ki, G, M, K or plain numbers (assumed MB)
  • Range: 128 MB - 2 TB
  • Case-insensitive: "4Gi", "4gi", "4GI" all work
  • Examples: "4Gi", "8192Mi", "4096"

Disk

  • Format: Supports Ti, Gi, Mi, T, G, M or plain numbers (assumed GB)
  • Range: 1 GB - 100 TB
  • Case-insensitive: "50Gi", "50gi", "50GI" all work
  • Examples: "50Gi", "1Ti", "100"

CPU

  • Range: 1-1024 cores
  • Example: 2, 4, 8

Network Bridge

  • Format: Alphanumeric, hyphen, underscore
  • Validation: Bridge must exist on the target node (validated before VM creation)
  • Example: "vmbr0", "custom-bridge", "bridge_01"

Image

Three formats are supported:

  1. Template VMID: Numeric VMID (100-999999999) for template cloning
    • Example: "100", "1000"
  2. Volume ID: storage:path/to/image format
    • Example: "local:iso/ubuntu-22.04.iso"
  3. Image Name: Named image in storage
    • Example: "ubuntu-22.04-cloud"
    • Maximum length: 255 characters

Multi-Tenancy

The provider supports tenant isolation through tags:

  • Tenant ID: Set via Kubernetes label tenant-id or tenant.sankofa.nexus/id
  • Tag Format: tenant_{id} (underscore separator)
  • Filtering: Use ListVMs() with tenant ID filter
  • Example: 
    metadata:
  labels:
    tenant-id: "customer-123"
# Results in Proxmox tag: tenant_customer-123

Error Handling and Retry Logic

The provider includes comprehensive error handling and automatic retry logic:

Error Categories

  • Network Errors: Automatically retried with exponential backoff
    • Connection failures, timeouts, 502/503 errors
  • Authentication Errors: Not retried (requires credential fix)
    • Invalid credentials, 401/403 errors
  • Configuration Errors: Not retried (requires manual intervention)
    • Missing ProviderConfig, invalid site configuration
  • Quota Errors: Not retried (requires resource adjustment)
    • Resource quota exceeded
  • API Not Supported: Not retried
    • importdisk API not available (falls back to template cloning)

Retry Configuration

  • Max Retries: 3 (configurable)
  • Backoff: Exponential with jitter
  • Max Delay: 30 seconds
  • Retryable Errors: Network, temporary failures

Error Reporting

Errors are reported via Kubernetes Conditions:

  • ValidationFailed: Input validation errors
  • ConfigurationError: Configuration issues
  • NetworkError: Network connectivity problems
  • AuthenticationError: Authentication failures
  • QuotaExceeded: Resource quota violations
  • NodeUnhealthy: Node health check failures

Development

Building

go mod download
go build -o bin/provider ./cmd/provider

Testing

Unit Tests

# Run all unit tests
go test ./pkg/...

# Run with coverage
go test -cover ./pkg/...
go test -coverprofile=coverage.out ./pkg/...
go tool cover -html=coverage.out

# Run specific package tests
go test ./pkg/utils/...
go test ./pkg/proxmox/...
go test ./pkg/controller/virtualmachine/...

Integration Tests

# Run integration tests (requires Proxmox test environment)
go test -tags=integration ./pkg/controller/virtualmachine/...

# Skip integration tests
go test -short ./pkg/...

See docs/TESTING.md for detailed testing guidelines.

Running Locally

# Set up local development environment
export PROXMOX_ENDPOINT=https://pve1.local:8006
export PROXMOX_USERNAME=root@pam
export PROXMOX_PASSWORD=your-password

# Run the provider
./bin/provider

Troubleshooting

Common Issues

Validation Errors

VM Name Invalid

Error: VM name contains invalid characters
  • Solution: Ensure VM name only contains alphanumeric, hyphen, underscore, dot, or space characters

Memory/Disk Out of Range

Error: memory 64Mi is below minimum of 128 MB
  • Solution: Increase memory/disk values to meet minimum requirements (128 MB memory, 1 GB disk)

Network Bridge Not Found

Error: network bridge 'vmbr999' does not exist on node 'test-node'
  • Solution: Verify network bridge exists using pvesh get /nodes/{node}/network or create the bridge

Authentication Errors

401 Unauthorized

  • Solution: Verify credentials in ProviderConfig secret are correct
  • Check API token format: PVEAPIToken ${token} (space, not equals sign)

Image Import Errors

importdisk API Not Supported

Error: importdisk API is not supported in this Proxmox version
  • Solution: Use template cloning (numeric VMID) or pre-imported images instead
  • Or upgrade Proxmox to version 6.0+

Network Errors

Connection Timeout

  • Solution: Verify Proxmox API endpoint is accessible
  • Check firewall rules and network connectivity

Debugging

Enable verbose logging:

# Set log level
export LOG_LEVEL=debug

# Run provider with debug logging
./bin/provider --log-level=debug

Check VM status:

# Get VM details
kubectl get proxmoxvm <vm-name> -o yaml

# Check conditions
kubectl describe proxmoxvm <vm-name>

# View controller logs
kubectl logs -n crossplane-system -l app=provider-proxmox

Additional Resources

License

Apache 2.0

Reference in New Issue View Git Blame Copy Permalink