# Nested Provisioning Schema (Phase 4) # # Support for nested VM provisioning (VM → VM → Containers). # Follows KCL idiomatic patterns: schema-first, check blocks, composition. schema VolumeConfig: """ Storage volume configuration for VMs and containers. Defines volumes that can be attached to VMs or mounted in containers. Supports local storage, network mounts, and cloud storage. Examples: # Local volume VolumeConfig { name = "data-volume" type = "local" size_gb = 100 mount_path = "/data" readonly = False } # Network mount VolumeConfig { name = "shared-storage" type = "nfs" host = "storage.example.com" path = "/exports/shared" mount_path = "/mnt/shared" } """ # Volume Identity name: str # Volume name (unique) description?: str # Volume description # Volume Type and Storage (Pattern 8: Union types) type: "local" | "nfs" | "cifs" | "cloud" | "host" = "local" size_gb?: int # Volume size in GB # Mount Configuration mount_path: str # Mount point inside container/VM readonly?: bool = False # Read-only mount mount_mode?: str = "755" # Unix mount mode # Backing Storage (Pattern 9: Optional fields) host?: str # Remote host (for NFS/CIFS) path?: str # Remote path (for NFS/CIFS) username?: str # Username for auth password?: str # Password for auth (use secrets) # Cloud Storage bucket?: str # S3 bucket name provider?: "aws" | "azure" | "gcp" | "minio" = "aws" region?: str # Cloud region # Performance Tuning iops?: int # IOPS limit throughput_mbps?: int # Throughput limit # Validation (Pattern 4: Check blocks) check: len(name) > 0, "Volume name required" len(mount_path) > 0, "Mount path required" mount_path.startswith("/"), "Mount path must be absolute" size_gb == Undefined or size_gb >= 0, "Size must be non-negative" schema NetworkConfig: """ Network configuration for nested VMs and containers. Defines virtual networks, VLANs, and network policies. """ # Network Identity name: str # Network name description?: str # Network description # Network Type (Pattern 8: Union types) type: "bridge" | "overlay" | "host" | "vlan" = "bridge" vlan_id?: int # VLAN ID (if applicable) # Network Configuration subnet: str # Subnet CIDR (e.g., 192.168.1.0/24) gateway?: str # Gateway IP dns_servers?: [str] # DNS servers mtu?: int = 1500 # MTU size # IP Address Management dhcp_enabled?: bool = True # DHCP enabled dhcp_start?: str # DHCP range start dhcp_end?: str # DHCP range end # Network Policy (Pattern 9: Optional fields) allow_outbound?: bool = True # Allow outbound traffic allow_inbound?: bool = False # Allow inbound traffic rules?: [{str: str}] # Network rules # Performance bandwidth_limit_mbps?: int # Bandwidth limit latency_ms?: int # Artificial latency # Validation (Pattern 4: Check blocks) check: len(name) > 0, "Network name required" len(subnet) > 0, "Subnet required" schema NestedVmConfig: """ Configuration for a nested VM (VM inside a VM). Enables multi-level virtualization for complex deployments. """ # VM Identity name: str # VM name description?: str # VM description parent_vm: str # Parent VM name # Virtualization cpu: int = 2 # CPU cores (1-32) memory_mb: int = 2048 # Memory in MB disk_gb: int = 20 # Disk size in GB nested_virt?: bool = True # Enable nested virtualization # Image Configuration base_image?: str = "ubuntu-22.04" # Base image from_golden_image?: str # Golden image to use # Networking (Pattern 3: Composition) networks: [str] # Network names to connect static_ip?: str # Static IP address dns?: [str] # DNS servers # Storage (Pattern 3: Composition) volumes?: [str] # Volume names to attach extra_disks?: [{str: int}] # Additional disks {name: size_gb} # Lifecycle auto_start?: bool = False # Auto-start on parent boot start_order?: int = 100 # Startup order restart_policy?: "no" | "always" | "on-failure" = "always" # Validation (Pattern 4: Check blocks) check: len(name) > 0, "VM name required" len(parent_vm) > 0, "Parent VM required" cpu > 0 and cpu <= 32, "CPU must be 1-32" memory_mb >= 512 and memory_mb <= 65536, "Memory must be 512MB-64GB" disk_gb >= 5 and disk_gb <= 1000, "Disk must be 5-1000GB" schema ContainerConfig: """ Container configuration for running inside nested VMs. Defines container deployments with resource limits and networking. """ # Container Identity name: str # Container name image: str # Container image tag?: str = "latest" # Image tag # Runtime Environment (Pattern 3: Composition) parent_vm: str # Parent VM name runtime: "docker" | "podman" | "containerd" = "containerd" # Resources (Pattern 5: Explicit types) cpu_millicores?: int = 1000 # CPU in millicores memory_mb?: int = 512 # Memory in MB disk_gb?: int = 10 # Disk space # Networking networks?: [str] # Networks to connect expose_ports?: [{int: int}] # Port mappings {host: container} environment?: {str: str} # Environment variables # Storage (Pattern 9: Optional fields) volumes?: [{str: str}] # Volume mounts {name: path} tmpfs?: int # Tmpfs size in MB # Lifecycle auto_start?: bool = False # Auto-start on VM boot restart_policy?: "no" | "unless-stopped" | "always" = "unless-stopped" health_check?: {str: str} # Health check config # Validation (Pattern 4: Check blocks) check: len(name) > 0, "Container name required" len(image) > 0, "Image required" cpu_millicores > 0, "CPU must be positive" memory_mb >= 256, "Memory must be at least 256MB" schema MultiTierDeployment: """ Multi-tier application deployment specification. Defines complete application stack with multiple VMs and containers. """ # Deployment Identity name: str # Deployment name version?: str = "1.0.0" # Version description?: str # Description # Infrastructure (Pattern 3: Composition) networks: [NetworkConfig] # Virtual networks volumes: [VolumeConfig] # Shared volumes # Application Tiers parent_vms: [str] # Parent VMs nested_vms: [NestedVmConfig] # Nested VMs containers: [ContainerConfig] # Containers # Deployment Configuration replicas?: int = 1 # Replicas of deployment strategy?: "rolling" | "blue-green" | "canary" = "rolling" health_check_interval?: int = 30 # Health check interval (s) # Validation (Pattern 4: Check blocks) check: len(name) > 0, "Deployment name required" replicas == Undefined or replicas > 0, "Replicas must be positive" len(networks) > 0, "At least one network required" schema NetworkPolicy: """ Network security policies for nested environments. Controls traffic flow between VMs, containers, and external network. """ # Policy Identity name: str # Policy name description?: str # Description # Traffic Rules (Pattern 8: Union types) direction: "inbound" | "outbound" | "both" = "both" protocol: "tcp" | "udp" | "icmp" | "all" = "all" # Source/Destination source?: str # Source CIDR or name destination?: str # Destination CIDR or name port_range?: str # Port range (e.g., "8000-9000") # Action (Pattern 8: Union types) action: "allow" | "deny" | "log" = "allow" priority?: int = 100 # Rule priority # Validation (Pattern 4: Check blocks) check: len(name) > 0, "Policy name required" schema VolumeSnapshot: """ Snapshot of a volume for backup and disaster recovery. """ # Snapshot Identity name: str # Snapshot name volume_name: str # Source volume name created_at: str # Creation timestamp # Snapshot Metadata size_gb: float # Snapshot size checksum: str # SHA256 checksum description?: str # Description # Retention Policy retention_days?: int = 30 # Retention period auto_delete?: bool = True # Auto-delete after retention # Validation (Pattern 4: Check blocks) check: len(name) > 0, "Snapshot name required" len(volume_name) > 0, "Volume name required" schema NestedProvisioningPolicy: """ Global policy for nested provisioning operations. Controls behavior, limits, and defaults for nested environments. """ # Nesting Limits max_nesting_depth: int = 3 # Maximum nesting levels max_vms_per_parent: int = 10 # Max VMs per parent max_containers_per_vm: int = 50 # Max containers per VM # Resource Limits (Pattern 5: Explicit types) max_cpu_per_vm: int = 16 # Max CPU cores max_memory_per_vm: int = 32768 # Max memory in MB max_disk_per_vm: int = 500 # Max disk in GB # Network Configuration default_network_type: str = "bridge" enable_ipv6?: bool = False enable_vlan_tagging?: bool = False # Storage Configuration default_volume_type: str = "local" snapshot_retention_days: int = 30 # Security enable_security_hardening?: bool = True enable_network_isolation?: bool = True require_auth_between_tiers?: bool = False # Validation (Pattern 4: Check blocks) check: max_nesting_depth >= 1 and max_nesting_depth <= 5, "Nesting depth must be 1-5" max_vms_per_parent > 0, "Max VMs must be positive" max_cpu_per_vm > 0, "Max CPU must be positive"