321 lines
12 KiB
Plaintext
321 lines
12 KiB
Plaintext
# Nested Provisioning Schema (Phase 4)
|
|
#
|
|
# Support for nested VM provisioning (VM → VM → Containers).
|
|
# Follows KCL idiomatic patterns: schema-first, check blocks, composition.
|
|
|
|
schema VolumeConfig:
|
|
"""
|
|
Storage volume configuration for VMs and containers.
|
|
|
|
Defines volumes that can be attached to VMs or mounted in containers.
|
|
Supports local storage, network mounts, and cloud storage.
|
|
|
|
Examples:
|
|
# Local volume
|
|
VolumeConfig {
|
|
name = "data-volume"
|
|
type = "local"
|
|
size_gb = 100
|
|
mount_path = "/data"
|
|
readonly = False
|
|
}
|
|
|
|
# Network mount
|
|
VolumeConfig {
|
|
name = "shared-storage"
|
|
type = "nfs"
|
|
host = "storage.example.com"
|
|
path = "/exports/shared"
|
|
mount_path = "/mnt/shared"
|
|
}
|
|
"""
|
|
|
|
# Volume Identity
|
|
name: str # Volume name (unique)
|
|
description?: str # Volume description
|
|
|
|
# Volume Type and Storage (Pattern 8: Union types)
|
|
type: "local" | "nfs" | "cifs" | "cloud" | "host" = "local"
|
|
size_gb?: int # Volume size in GB
|
|
|
|
# Mount Configuration
|
|
mount_path: str # Mount point inside container/VM
|
|
readonly?: bool = False # Read-only mount
|
|
mount_mode?: str = "755" # Unix mount mode
|
|
|
|
# Backing Storage (Pattern 9: Optional fields)
|
|
host?: str # Remote host (for NFS/CIFS)
|
|
path?: str # Remote path (for NFS/CIFS)
|
|
username?: str # Username for auth
|
|
password?: str # Password for auth (use secrets)
|
|
|
|
# Cloud Storage
|
|
bucket?: str # S3 bucket name
|
|
provider?: "aws" | "azure" | "gcp" | "minio" = "aws"
|
|
region?: str # Cloud region
|
|
|
|
# Performance Tuning
|
|
iops?: int # IOPS limit
|
|
throughput_mbps?: int # Throughput limit
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "Volume name required"
|
|
len(mount_path) > 0, "Mount path required"
|
|
mount_path.startswith("/"), "Mount path must be absolute"
|
|
size_gb == Undefined or size_gb >= 0, "Size must be non-negative"
|
|
|
|
|
|
schema NetworkConfig:
|
|
"""
|
|
Network configuration for nested VMs and containers.
|
|
|
|
Defines virtual networks, VLANs, and network policies.
|
|
"""
|
|
|
|
# Network Identity
|
|
name: str # Network name
|
|
description?: str # Network description
|
|
|
|
# Network Type (Pattern 8: Union types)
|
|
type: "bridge" | "overlay" | "host" | "vlan" = "bridge"
|
|
vlan_id?: int # VLAN ID (if applicable)
|
|
|
|
# Network Configuration
|
|
subnet: str # Subnet CIDR (e.g., 192.168.1.0/24)
|
|
gateway?: str # Gateway IP
|
|
dns_servers?: [str] # DNS servers
|
|
mtu?: int = 1500 # MTU size
|
|
|
|
# IP Address Management
|
|
dhcp_enabled?: bool = True # DHCP enabled
|
|
dhcp_start?: str # DHCP range start
|
|
dhcp_end?: str # DHCP range end
|
|
|
|
# Network Policy (Pattern 9: Optional fields)
|
|
allow_outbound?: bool = True # Allow outbound traffic
|
|
allow_inbound?: bool = False # Allow inbound traffic
|
|
rules?: [{str: str}] # Network rules
|
|
|
|
# Performance
|
|
bandwidth_limit_mbps?: int # Bandwidth limit
|
|
latency_ms?: int # Artificial latency
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "Network name required"
|
|
len(subnet) > 0, "Subnet required"
|
|
|
|
|
|
schema NestedVmConfig:
|
|
"""
|
|
Configuration for a nested VM (VM inside a VM).
|
|
|
|
Enables multi-level virtualization for complex deployments.
|
|
"""
|
|
|
|
# VM Identity
|
|
name: str # VM name
|
|
description?: str # VM description
|
|
parent_vm: str # Parent VM name
|
|
|
|
# Virtualization
|
|
cpu: int = 2 # CPU cores (1-32)
|
|
memory_mb: int = 2048 # Memory in MB
|
|
disk_gb: int = 20 # Disk size in GB
|
|
nested_virt?: bool = True # Enable nested virtualization
|
|
|
|
# Image Configuration
|
|
base_image?: str = "ubuntu-22.04" # Base image
|
|
from_golden_image?: str # Golden image to use
|
|
|
|
# Networking (Pattern 3: Composition)
|
|
networks: [str] # Network names to connect
|
|
static_ip?: str # Static IP address
|
|
dns?: [str] # DNS servers
|
|
|
|
# Storage (Pattern 3: Composition)
|
|
volumes?: [str] # Volume names to attach
|
|
extra_disks?: [{str: int}] # Additional disks {name: size_gb}
|
|
|
|
# Lifecycle
|
|
auto_start?: bool = False # Auto-start on parent boot
|
|
start_order?: int = 100 # Startup order
|
|
restart_policy?: "no" | "always" | "on-failure" = "always"
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "VM name required"
|
|
len(parent_vm) > 0, "Parent VM required"
|
|
cpu > 0 and cpu <= 32, "CPU must be 1-32"
|
|
memory_mb >= 512 and memory_mb <= 65536, "Memory must be 512MB-64GB"
|
|
disk_gb >= 5 and disk_gb <= 1000, "Disk must be 5-1000GB"
|
|
|
|
|
|
schema ContainerConfig:
|
|
"""
|
|
Container configuration for running inside nested VMs.
|
|
|
|
Defines container deployments with resource limits and networking.
|
|
"""
|
|
|
|
# Container Identity
|
|
name: str # Container name
|
|
image: str # Container image
|
|
tag?: str = "latest" # Image tag
|
|
|
|
# Runtime Environment (Pattern 3: Composition)
|
|
parent_vm: str # Parent VM name
|
|
runtime: "docker" | "podman" | "containerd" = "containerd"
|
|
|
|
# Resources (Pattern 5: Explicit types)
|
|
cpu_millicores?: int = 1000 # CPU in millicores
|
|
memory_mb?: int = 512 # Memory in MB
|
|
disk_gb?: int = 10 # Disk space
|
|
|
|
# Networking
|
|
networks?: [str] # Networks to connect
|
|
expose_ports?: [{int: int}] # Port mappings {host: container}
|
|
environment?: {str: str} # Environment variables
|
|
|
|
# Storage (Pattern 9: Optional fields)
|
|
volumes?: [{str: str}] # Volume mounts {name: path}
|
|
tmpfs?: int # Tmpfs size in MB
|
|
|
|
# Lifecycle
|
|
auto_start?: bool = False # Auto-start on VM boot
|
|
restart_policy?: "no" | "unless-stopped" | "always" = "unless-stopped"
|
|
health_check?: {str: str} # Health check config
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "Container name required"
|
|
len(image) > 0, "Image required"
|
|
cpu_millicores > 0, "CPU must be positive"
|
|
memory_mb >= 256, "Memory must be at least 256MB"
|
|
|
|
|
|
schema MultiTierDeployment:
|
|
"""
|
|
Multi-tier application deployment specification.
|
|
|
|
Defines complete application stack with multiple VMs and containers.
|
|
"""
|
|
|
|
# Deployment Identity
|
|
name: str # Deployment name
|
|
version?: str = "1.0.0" # Version
|
|
description?: str # Description
|
|
|
|
# Infrastructure (Pattern 3: Composition)
|
|
networks: [NetworkConfig] # Virtual networks
|
|
volumes: [VolumeConfig] # Shared volumes
|
|
|
|
# Application Tiers
|
|
parent_vms: [str] # Parent VMs
|
|
nested_vms: [NestedVmConfig] # Nested VMs
|
|
containers: [ContainerConfig] # Containers
|
|
|
|
# Deployment Configuration
|
|
replicas?: int = 1 # Replicas of deployment
|
|
strategy?: "rolling" | "blue-green" | "canary" = "rolling"
|
|
health_check_interval?: int = 30 # Health check interval (s)
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "Deployment name required"
|
|
replicas == Undefined or replicas > 0, "Replicas must be positive"
|
|
len(networks) > 0, "At least one network required"
|
|
|
|
|
|
schema NetworkPolicy:
|
|
"""
|
|
Network security policies for nested environments.
|
|
|
|
Controls traffic flow between VMs, containers, and external network.
|
|
"""
|
|
|
|
# Policy Identity
|
|
name: str # Policy name
|
|
description?: str # Description
|
|
|
|
# Traffic Rules (Pattern 8: Union types)
|
|
direction: "inbound" | "outbound" | "both" = "both"
|
|
protocol: "tcp" | "udp" | "icmp" | "all" = "all"
|
|
|
|
# Source/Destination
|
|
source?: str # Source CIDR or name
|
|
destination?: str # Destination CIDR or name
|
|
port_range?: str # Port range (e.g., "8000-9000")
|
|
|
|
# Action (Pattern 8: Union types)
|
|
action: "allow" | "deny" | "log" = "allow"
|
|
priority?: int = 100 # Rule priority
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "Policy name required"
|
|
|
|
|
|
schema VolumeSnapshot:
|
|
"""
|
|
Snapshot of a volume for backup and disaster recovery.
|
|
"""
|
|
|
|
# Snapshot Identity
|
|
name: str # Snapshot name
|
|
volume_name: str # Source volume name
|
|
created_at: str # Creation timestamp
|
|
|
|
# Snapshot Metadata
|
|
size_gb: float # Snapshot size
|
|
checksum: str # SHA256 checksum
|
|
description?: str # Description
|
|
|
|
# Retention Policy
|
|
retention_days?: int = 30 # Retention period
|
|
auto_delete?: bool = True # Auto-delete after retention
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
len(name) > 0, "Snapshot name required"
|
|
len(volume_name) > 0, "Volume name required"
|
|
|
|
|
|
schema NestedProvisioningPolicy:
|
|
"""
|
|
Global policy for nested provisioning operations.
|
|
|
|
Controls behavior, limits, and defaults for nested environments.
|
|
"""
|
|
|
|
# Nesting Limits
|
|
max_nesting_depth: int = 3 # Maximum nesting levels
|
|
max_vms_per_parent: int = 10 # Max VMs per parent
|
|
max_containers_per_vm: int = 50 # Max containers per VM
|
|
|
|
# Resource Limits (Pattern 5: Explicit types)
|
|
max_cpu_per_vm: int = 16 # Max CPU cores
|
|
max_memory_per_vm: int = 32768 # Max memory in MB
|
|
max_disk_per_vm: int = 500 # Max disk in GB
|
|
|
|
# Network Configuration
|
|
default_network_type: str = "bridge"
|
|
enable_ipv6?: bool = False
|
|
enable_vlan_tagging?: bool = False
|
|
|
|
# Storage Configuration
|
|
default_volume_type: str = "local"
|
|
snapshot_retention_days: int = 30
|
|
|
|
# Security
|
|
enable_security_hardening?: bool = True
|
|
enable_network_isolation?: bool = True
|
|
require_auth_between_tiers?: bool = False
|
|
|
|
# Validation (Pattern 4: Check blocks)
|
|
check:
|
|
max_nesting_depth >= 1 and max_nesting_depth <= 5, "Nesting depth must be 1-5"
|
|
max_vms_per_parent > 0, "Max VMs must be positive"
|
|
max_cpu_per_vm > 0, "Max CPU must be positive"
|