diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index 7f9b42617c..04c96aee73 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -280,7 +280,6 @@ func TestMinimal_NoneDNS(t *testing.T) { newIntegrationTest("minimal.example.com", "minimal-dns-none"). withAddons( awsEBSCSIAddon, - dnsControllerAddon, awsCCMAddon, ). runTestTerraformAWS(t) diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy index 2d369a7c6b..76b19f59e5 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -64,36 +64,6 @@ "arn:aws-test:s3:::placeholder-write-bucket" ] }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:ListResourceRecordSets", - "route53:GetHostedZone" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, { "Action": "ec2:CreateTags", "Condition": { diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content index 125e1c0589..13afc2cf1f 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content @@ -34,7 +34,6 @@ spec: runc: version: 1.1.4 version: 1.6.9 - dnsZone: Z1AFAKE1ZON3YO docker: skipInstall: true etcdClusters: @@ -58,8 +57,6 @@ spec: memoryRequest: 100Mi name: events version: 3.5.4 - externalDns: - provider: dns-controller iam: allowContainerRegistry: true legacy: false @@ -214,6 +211,6 @@ spec: zone: us-test-1a topology: dns: - type: Public + type: None masters: public nodes: public diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 92e90541b0..82a848687a 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -32,13 +32,6 @@ spec: selector: k8s-addon: limit-range.addons.k8s.io version: 9.99.0 - - id: k8s-1.12 - manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml - manifestHash: 6c8f01b2470d323965dfb22d410f322e0b429f7acc3831f41a763ec072dfc69b - name: dns-controller.addons.k8s.io - selector: - k8s-addon: dns-controller.addons.k8s.io - version: 9.99.0 - id: v1.15.0 manifest: storage-aws.addons.k8s.io/v1.15.0.yaml manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200 diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 2eab063fdb..0000000000 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.26.0-alpha.1 - name: dns-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: dns-controller - strategy: - type: Recreate - template: - metadata: - creationTimestamp: null - labels: - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - kops.k8s.io/managed-by: kops - version: v1.26.0-alpha.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --watch-ingress=false - - --dns=aws-route53 - - --zone=*/Z1AFAKE1ZON3YO - - --internal-ipv4 - - --zone=*/* - - -v=2 - command: null - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - image: registry.k8s.io/kops/dns-controller:1.26.0-alpha.1 - name: dns-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - dnsPolicy: Default - hostNetwork: true - nodeSelector: null - priorityClassName: system-cluster-critical - serviceAccount: dns-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: dns-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - ingress - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops:dns-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:dns-controller diff --git a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml index fe347efaae..0309037be5 100644 --- a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml @@ -52,7 +52,7 @@ spec: zone: us-test-1a topology: dns: - type: Public + type: None masters: public nodes: public diff --git a/tests/integration/update_cluster/minimal-dns-none/kubernetes.tf b/tests/integration/update_cluster/minimal-dns-none/kubernetes.tf index 1e3e93b3e1..958d74c57d 100644 --- a/tests/integration/update_cluster/minimal-dns-none/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-dns-none/kubernetes.tf @@ -142,7 +142,7 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-example-com" propagate_at_launch = true value = "owned" } - target_group_arns = [aws_lb_target_group.tcp-minimal-example-com-5905t8.id] + target_group_arns = [aws_lb_target_group.kops-controller-minimal-e-uvauf3.id, aws_lb_target_group.tcp-minimal-example-com-5905t8.id] vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] } @@ -456,7 +456,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { } resource "aws_lb" "api-minimal-example-com" { - enable_cross_zone_load_balancing = false + enable_cross_zone_load_balancing = true internal = false load_balancer_type = "network" name = "api-minimal-example-com-gecgf7" @@ -470,6 +470,16 @@ resource "aws_lb" "api-minimal-example-com" { } } +resource "aws_lb_listener" "api-minimal-example-com-3988" { + default_action { + target_group_arn = aws_lb_target_group.kops-controller-minimal-e-uvauf3.id + type = "forward" + } + load_balancer_arn = aws_lb.api-minimal-example-com.id + port = 3988 + protocol = "TCP" +} + resource "aws_lb_listener" "api-minimal-example-com-443" { default_action { target_group_arn = aws_lb_target_group.tcp-minimal-example-com-5905t8.id @@ -480,6 +490,24 @@ resource "aws_lb_listener" "api-minimal-example-com-443" { protocol = "TCP" } +resource "aws_lb_target_group" "kops-controller-minimal-e-uvauf3" { + health_check { + healthy_threshold = 2 + interval = 10 + protocol = "TCP" + unhealthy_threshold = 2 + } + name = "kops-controller-minimal-e-uvauf3" + port = 3988 + protocol = "TCP" + tags = { + "KubernetesCluster" = "minimal.example.com" + "Name" = "kops-controller-minimal-e-uvauf3" + "kubernetes.io/cluster/minimal.example.com" = "owned" + } + vpc_id = aws_vpc.minimal-example-com.id +} + resource "aws_lb_target_group" "tcp-minimal-example-com-5905t8" { health_check { healthy_threshold = 2 @@ -510,17 +538,6 @@ resource "aws_route" "route-__--0" { route_table_id = aws_route_table.minimal-example-com.id } -resource "aws_route53_record" "api-minimal-example-com" { - alias { - evaluate_target_health = false - name = aws_lb.api-minimal-example-com.dns_name - zone_id = aws_lb.api-minimal-example-com.zone_id - } - name = "api.minimal.example.com" - type = "A" - zone_id = "/hostedzone/Z1AFAKE1ZON3YO" -} - resource "aws_route_table" "minimal-example-com" { tags = { "KubernetesCluster" = "minimal.example.com" @@ -624,14 +641,6 @@ resource "aws_s3_object" "minimal-example-com-addons-coredns-addons-k8s-io-k8s-1 server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content") - key = "tests/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content") @@ -893,6 +902,15 @@ resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" { type = "ingress" } +resource "aws_security_group_rule" "kops-controller-lb-to-master" { + cidr_blocks = ["172.20.0.0/16"] + from_port = 3988 + protocol = "tcp" + security_group_id = aws_security_group.masters-minimal-example-com.id + to_port = 3988 + type = "ingress" +} + resource "aws_subnet" "us-test-1a-minimal-example-com" { availability_zone = "us-test-1a" cidr_block = "172.20.32.0/19"