kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix staticcheck

This commit is contained in:
Jason Haugen 2021-03-24 12:57:37 -05:00
parent 10df4a9a14
commit 318a116ba6
10 changed files with 759 additions and 19398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cloudmock/aws/mockeventbridge/api.go
View File

@ -17,8 +17,6 @@ limitations under the License.
package mockeventbridge
import (
"sync"
"github.com/aws/aws-sdk-go/service/eventbridge"
"github.com/aws/aws-sdk-go/service/eventbridge/eventbridgeiface"
)
@ -26,7 +24,6 @@ import (
type MockEventBridge struct {
eventbridgeiface.EventBridgeAPI
mutex sync.Mutex
Rules []*eventbridge.Rule
}

3
cloudmock/aws/mocksqs/api.go
View File

@ -17,8 +17,6 @@ limitations under the License.
package mocksqs
import (
"sync"
"github.com/aws/aws-sdk-go/service/sqs"
"github.com/aws/aws-sdk-go/service/sqs/sqsiface"
)
@ -26,7 +24,6 @@ import (
type MockSQS struct {
sqsiface.SQSAPI
mutex sync.Mutex
QueueUrls []*string
}

3
pkg/model/awsmodel/nodeterminationhandler.go
View File

@ -148,13 +148,14 @@ func (b *NodeTerminationHandlerBuilder) buildEventBridgeRules(c *fi.ModelBuilder
for _, event := range events {
// build rule
ruleName := aws.String(clusterName + "-" + event.name)
pattern := event.pattern
ruleTask := &awstasks.EventBridgeRule{
Name: ruleName,
Lifecycle: b.Lifecycle,
Tags: b.CloudTags(*ruleName, false),
EventPattern: &event.pattern,
EventPattern: &pattern,
TargetArn: &targetArn,
}

4
tests/integration/update_cluster/nodeterminationhandler_sqs_resources/cloudformation.json
View File

@ -916,7 +916,7 @@
"Type": "AWS::Events::Rule",
"Properties": {
"Name": "queueprocessor.example.com-ASGLifecycle",
"EventPattern": "{"source": ["aws.ec2"],"detail-type": ["EC2 Instance Rebalance Recommendation"]}",
"EventPattern": "{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]}",
"Targets": [
{
"Id": "1",
@ -942,7 +942,7 @@
"Type": "AWS::Events::Rule",
"Properties": {
"Name": "queueprocessor.example.com-SpotInterruption",
"EventPattern": "{"source": ["aws.ec2"],"detail-type": ["EC2 Instance Rebalance Recommendation"]}",
"EventPattern": "{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]}",
"Targets": [
{
"Id": "1",

2
tests/integration/update_cluster/nodeterminationhandler_sqs_resources/data/aws_cloudwatch_event_rule_queueprocessor.example.com-ASGLifecycle_event_pattern
View File

@ -1 +1 @@
{"source": ["aws.ec2"],"detail-type": ["EC2 Instance Rebalance Recommendation"]}
{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]}

2
tests/integration/update_cluster/nodeterminationhandler_sqs_resources/data/aws_cloudwatch_event_rule_queueprocessor.example.com-SpotInterruption_event_pattern
View File

@ -1 +1 @@
{"source": ["aws.ec2"],"detail-type": ["EC2 Instance Rebalance Recommendation"]}
{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]}

19518
upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template
View File

File diff suppressed because it is too large Load Diff

618
upup/models/cloudup/resources/addons/node-termination-handler.aws/k8s-1.11.yaml.template
View File

@ -1,457 +1,179 @@
{{ with .NodeTerminationHandler }}
{{ if .EnableSqsTermiantionDraining }}
# Sourced from https://github.com/aws/aws-node-termination-handler/releases/download/v1.12.1/all-resources-queue-processor.yaml
---
# Source: aws-node-termination-handler/templates/psp.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: aws-node-termination-handler
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.1"
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
privileged: false
hostIPC: false
hostNetwork: true
hostPID: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
# Source: aws-node-termination-handler/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-node-termination-handler
namespace: kube-system
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.1"
---
# Source: aws-node-termination-handler/templates/clusterrole.yaml
# Sourced from https://github.com/aws/aws-node-termination-handler/releases/download/v1.12.0/all-resources.yaml
---
# Source: aws-node-termination-handler/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-node-termination-handler
namespace: kube-system
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.0"
---
# Source: aws-node-termination-handler/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
- apiGroups:
- extensions
resources:
- daemonsets
verbs:
- get
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
---
# Source: aws-node-termination-handler/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler
subjects:
- kind: ServiceAccount
name: aws-node-termination-handler
namespace: kube-system
roleRef:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
- apiGroups:
- extensions
resources:
- daemonsets
verbs:
- get
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
---
# Source: aws-node-termination-handler/templates/psp.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler-psp
labels:
name: aws-node-termination-handler
apiGroup: rbac.authorization.k8s.io
---
# Source: aws-node-termination-handler/templates/daemonset.linux.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: aws-node-termination-handler
namespace: kube-system
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.0"
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.1"
rules:
- apiGroups: [ 'policy' ]
resources: [ 'podsecuritypolicies' ]
verbs: [ 'use' ]
resourceNames:
- aws-node-termination-handler
---
# Source: aws-node-termination-handler/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler
subjects:
- kind: ServiceAccount
name: aws-node-termination-handler
namespace: kube-system
roleRef:
kind: ClusterRole
name: aws-node-termination-handler
apiGroup: rbac.authorization.k8s.io
---
# Source: aws-node-termination-handler/templates/psp.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: aws-node-termination-handler-psp
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aws-node-termination-handler-psp
subjects:
- kind: ServiceAccount
name: aws-node-termination-handler
namespace: kube-system
---
# Source: aws-node-termination-handler/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: aws-node-termination-handler
namespace: kube-system
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.1"
spec:
replicas: 1
selector:
matchLabels:
kubernetes.io/os: linux
template:
metadata:
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
kubernetes.io/os: linux
template:
metadata:
annotations:
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
kubernetes.io/os: linux
spec:
priorityClassName: "system-node-critical"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/os"
operator: In
values:
- linux
- key: "kubernetes.io/arch"
operator: In
values:
- amd64
- arm64
- arm
serviceAccountName: aws-node-termination-handler
hostNetwork: false
dnsPolicy: ""
securityContext:
fsGroup: 1000
containers:
- name: aws-node-termination-handler
image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.12.1
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SPOT_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: DELETE_LOCAL_DATA
value: ""
- name: IGNORE_DAEMON_SETS
value: ""
- name: POD_TERMINATION_GRACE_PERIOD
value: ""
- name: INSTANCE_METADATA_URL
value: ""
- name: NODE_TERMINATION_GRACE_PERIOD
value: ""
- name: WEBHOOK_URL
value: ""
- name: WEBHOOK_HEADERS
value: ""
- name: WEBHOOK_TEMPLATE
value: ""
- name: DRY_RUN
value: "false"
- name: METADATA_TRIES
value: "3"
- name: CORDON_ONLY
value: "false"
- name: TAINT_NODE
value: "false"
- name: JSON_LOGGING
value: "false"
- name: LOG_LEVEL
value: "info"
- name: WEBHOOK_PROXY
value: ""
- name: ENABLE_PROMETHEUS_SERVER
value: "false"
- name: ENABLE_SPOT_INTERRUPTION_DRAINING
value: "false"
- name: ENABLE_SCHEDULED_EVENT_DRAINING
value: "false"
- name: ENABLE_REBALANCE_MONITORING
value: "false"
- name: ENABLE_SQS_TERMINATION_DRAINING
value: "true"
- name: QUEUE_URL
value: {{ DefaultQueueName }}
- name: PROMETHEUS_SERVER_PORT
value: "9092"
- name: AWS_REGION
value: ""
- name: AWS_ENDPOINT
value: ""
- name: CHECK_ASG_TAG_BEFORE_DRAINING
value: "true"
- name: MANAGED_ASG_TAG
value: "aws-node-termination-handler/managed"
- name: WORKERS
value: "10"
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
{{ else }}
# Sourced from https://github.com/aws/aws-node-termination-handler/releases/download/v1.7.0/all-resources.yaml
---
# Source: aws-node-termination-handler/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-node-termination-handler
namespace: kube-system
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.0"
---
# Source: aws-node-termination-handler/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
- apiGroups:
- extensions
resources:
- daemonsets
verbs:
- get
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
---
# Source: aws-node-termination-handler/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aws-node-termination-handler
subjects:
- kind: ServiceAccount
name: aws-node-termination-handler
namespace: kube-system
roleRef:
kind: ClusterRole
name: aws-node-termination-handler
apiGroup: rbac.authorization.k8s.io
---
# Source: aws-node-termination-handler/templates/daemonset.linux.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: aws-node-termination-handler
namespace: kube-system
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
app.kubernetes.io/version: "1.12.0"
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
spec:
volumes:
- name: "uptime"
hostPath:
path: "/proc/uptime"
priorityClassName: "system-node-critical"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/os"
operator: In
values:
- linux
- key: "kubernetes.io/arch"
operator: In
values:
- amd64
- arm64
- arm
serviceAccountName: aws-node-termination-handler
hostNetwork: true
dnsPolicy: "ClusterFirstWithHostNet"
containers:
- name: aws-node-termination-handler
image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.12.0
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
volumeMounts:
- name: "uptime"
mountPath: "/proc/uptime"
readOnly: true
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SPOT_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: DELETE_LOCAL_DATA
value: "true"
- name: IGNORE_DAEMON_SETS
value: "true"
- name: POD_TERMINATION_GRACE_PERIOD
value: "-1"
- name: ENABLE_SPOT_INTERRUPTION_DRAINING
value: "{{ .EnableSpotInterruptionDraining }}"
- name: ENABLE_SCHEDULED_EVENT_DRAINING
value: "{{ .EnableScheduledEventDraining }}"
- name: JSON_LOGGING
value: "true"
- name: ENABLE_PROMETHEUS_SERVER
value: "{{ .EnablePrometheusMetrics }}"
- name: LOG_LEVEL
value: "info"
resources:
limits:
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
nodeSelector:
kubernetes.io/os: linux
template:
metadata:
labels:
app.kubernetes.io/name: aws-node-termination-handler
app.kubernetes.io/instance: aws-node-termination-handler
k8s-app: aws-node-termination-handler
kubernetes.io/os: linux
spec:
volumes:
- name: "uptime"
hostPath:
path: "/proc/uptime"
priorityClassName: "system-node-critical"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/os"
operator: In
values:
- linux
- key: "kubernetes.io/arch"
operator: In
values:
- amd64
- arm64
- arm
serviceAccountName: aws-node-termination-handler
hostNetwork: true
dnsPolicy: "ClusterFirstWithHostNet"
containers:
- name: aws-node-termination-handler
image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.12.0
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
volumeMounts:
- name: "uptime"
mountPath: "/proc/uptime"
readOnly: true
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SPOT_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: DELETE_LOCAL_DATA
value: "true"
- name: IGNORE_DAEMON_SETS
value: "true"
- name: POD_TERMINATION_GRACE_PERIOD
value: "-1"
- name: ENABLE_SPOT_INTERRUPTION_DRAINING
value: "{{ .EnableSpotInterruptionDraining }}"
- name: ENABLE_SCHEDULED_EVENT_DRAINING
value: "{{ .EnableScheduledEventDraining }}"
- name: JSON_LOGGING
value: "true"
- name: ENABLE_PROMETHEUS_SERVER
value: "{{ .EnablePrometheusMetrics }}"
- name: LOG_LEVEL
value: "info"
resources:
limits:
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
{{ end }}
tolerations:
- operator: Exists
{{ end }}

3
upup/pkg/fi/cloudup/awstasks/sqs.go
View File

@ -75,6 +75,9 @@ func (q *SQS) Find(c *fi.Context) (*SQS, error) {
tags, err := cloud.SQS().ListQueueTags(&sqs.ListQueueTagsInput{
QueueUrl: q.URL,
})
if err != nil {
return nil, fmt.Errorf("error listing SQS queue tags: %v", err)
}
actual := &SQS{
Name: q.Name,

1
upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go
View File

@ -538,6 +538,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
}
nth := b.Cluster.Spec.NodeTerminationHandler
if nth != nil && fi.BoolValue(nth.Enabled) {
key := "node-termination-handler.aws"