kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add AccessLog attribute to CloudFormation and Terraform renderer

This commit is contained in:
AkiraFukushima 2021-08-03 21:34:03 +09:00
parent 2fd69ba3a3
commit 73f7307844
No known key found for this signature in database
GPG Key ID: B6E51BAC4DE1A957
8 changed files with 82 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -1458,6 +1458,20 @@
"Key": "kubernetes.io/cluster/complex.example.com",
"Value": "owned"
}
],
"LoadBalancerAttributes": [
{
"Key": "access_logs.s3.enabled",
"Value": "true"
},
{
"Key": "access_logs.s3.bucket",
"Value": "access-log-example"
},
{
"Key": "access_logs.s3.prefix",
"Value": ""
}
]
}
},

2
tests/integration/update_cluster/complex/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -9,6 +9,8 @@ spec:
- 10.2.0.0/16
api:
loadBalancer:
accessLog:
bucket: access-log-example
additionalSecurityGroups:
- sg-exampleid5
- sg-exampleid6

2
tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml
View File

@ -17,6 +17,8 @@ spec:
subnets:
- name: us-test-1a
allocationId: eipalloc-012345a678b9cdefa
accessLog:
bucket: access-log-example
kubernetesApiAccess:
- 1.1.1.0/24
channel: stable

2
tests/integration/update_cluster/complex/in-v1alpha2.yaml
View File

@ -17,6 +17,8 @@ spec:
subnets:
- name: us-test-1a
allocationId: eipalloc-012345a678b9cdefa
accessLog:
bucket: access-log-example
kubernetesApiAccess:
- 1.1.1.0/24
channel: stable

5
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -523,6 +523,11 @@ resource "aws_launch_template" "nodes-complex-example-com" {
}
resource "aws_lb" "api-complex-example-com" {
access_logs {
bucket = "access-log-example"
enabled = true
prefix = ""
}
enable_cross_zone_load_balancing = true
internal = false
load_balancer_type = "network"

4
upup/pkg/fi/cloudup/awstasks/classic_load_balancer.go
View File

@ -716,7 +716,7 @@ func (_ *ClassicLoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e
}
}
if e.AccessLog != nil {
if e.AccessLog != nil && fi.BoolValue(e.AccessLog.Enabled) {
tf.AccessLog = &terraformLoadBalancerAccessLog{
EmitInterval: e.AccessLog.EmitInterval,
Enabled: e.AccessLog.Enabled,
@ -856,7 +856,7 @@ func (_ *ClassicLoadBalancer) RenderCloudformation(t *cloudformation.Cloudformat
}
}
if e.AccessLog != nil {
if e.AccessLog != nil && fi.BoolValue(e.AccessLog.Enabled) {
tf.AccessLog = &cloudformationClassicLoadBalancerAccessLog{
EmitInterval: e.AccessLog.EmitInterval,
Enabled: e.AccessLog.Enabled,

72
upup/pkg/fi/cloudup/awstasks/network_load_balancer.go
View File

@ -371,29 +371,20 @@ func (e *NetworkLoadBalancer) Find(c *fi.Context) (*NetworkLoadBalancer, error)
if err != nil {
return nil, err
}
if actual.AccessLog != nil {
actual.AccessLog.Enabled = fi.Bool(b)
} else {
actual.AccessLog = &NetworkLoadBalancerAccessLog{
Enabled: fi.Bool(b),
}
if actual.AccessLog == nil {
actual.AccessLog = &NetworkLoadBalancerAccessLog{}
}
actual.AccessLog.Enabled = fi.Bool(b)
case "access_logs.s3.bucket":
if actual.AccessLog != nil {
actual.AccessLog.S3BucketName = value
} else {
actual.AccessLog = &NetworkLoadBalancerAccessLog{
S3BucketName: value,
}
if actual.AccessLog == nil {
actual.AccessLog = &NetworkLoadBalancerAccessLog{}
}
actual.AccessLog.S3BucketName = value
case "access_logs.s3.prefix":
if actual.AccessLog != nil {
actual.AccessLog.S3BucketPrefix = value
} else {
actual.AccessLog = &NetworkLoadBalancerAccessLog{
S3BucketPrefix: value,
}
if actual.AccessLog == nil {
actual.AccessLog = &NetworkLoadBalancerAccessLog{}
}
actual.AccessLog.S3BucketPrefix = value
default:
klog.V(2).Infof("unsupported key -- ignoring, %v.\n", key)
}
@ -706,6 +697,7 @@ type terraformNetworkLoadBalancer struct {
Type string `json:"load_balancer_type" cty:"load_balancer_type"`
SubnetMappings []terraformNetworkLoadBalancerSubnetMapping `json:"subnet_mapping" cty:"subnet_mapping"`
CrossZoneLoadBalancing bool `json:"enable_cross_zone_load_balancing" cty:"enable_cross_zone_load_balancing"`
AccessLog *terraformNetworkLoadBalancerAccessLog `json:"access_logs,omitempty" cty:"access_logs"`
Tags map[string]string `json:"tags" cty:"tags"`
}
@ -747,6 +739,14 @@ func (_ *NetworkLoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e
})
}
if e.AccessLog != nil && fi.BoolValue(e.AccessLog.Enabled) {
nlbTF.AccessLog = &terraformNetworkLoadBalancerAccessLog{
Enabled: e.AccessLog.Enabled,
S3BucketName: e.AccessLog.S3BucketName,
S3BucketPrefix: e.AccessLog.S3BucketPrefix,
}
}
err := t.RenderResource("aws_lb", *e.Name, nlbTF)
if err != nil {
return err
@ -788,6 +788,7 @@ func (_ *NetworkLoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e
return err
}
}
return nil
}
@ -800,11 +801,12 @@ func (e *NetworkLoadBalancer) TerraformLink(params ...string) *terraformWriter.L
}
type cloudformationNetworkLoadBalancer struct {
Name string `json:"Name"`
Scheme string `json:"Scheme"`
SubnetMappings []*cloudformationSubnetMapping `json:"SubnetMappings"`
Type string `json:"Type"`
Tags []cloudformationTag `json:"Tags"`
Name string `json:"Name"`
Scheme string `json:"Scheme"`
SubnetMappings []*cloudformationSubnetMapping `json:"SubnetMappings"`
Type string `json:"Type"`
Tags []cloudformationTag `json:"Tags"`
LoadBalancerAttributes []cloudformationLoadBalancerAttribute `json:"LoadBalancerAttributes,omitempty"`
}
type cloudformationSubnetMapping struct {
@ -813,6 +815,11 @@ type cloudformationSubnetMapping struct {
PrivateIPv4Address *string `json:"PrivateIPv4Address,omitempty"`
}
type cloudformationLoadBalancerAttribute struct {
Key *string `json:"Key"`
Value *string `json:"Value,omitempty"`
}
type cloudformationNetworkLoadBalancerListener struct {
Certificates []cloudformationNetworkLoadBalancerListenerCertificate `json:"Certificates,omitempty"`
DefaultActions []cloudformationNetworkLoadBalancerListenerAction `json:"DefaultActions"`
@ -849,6 +856,25 @@ func (_ *NetworkLoadBalancer) RenderCloudformation(t *cloudformation.Cloudformat
} else {
nlbCF.Scheme = elbv2.LoadBalancerSchemeEnumInternetFacing
}
if e.AccessLog != nil && *e.AccessLog.Enabled {
var attributes []cloudformationLoadBalancerAttribute
attributes = append(attributes, cloudformationLoadBalancerAttribute{
Key: aws.String("access_logs.s3.enabled"),
Value: aws.String(strconv.FormatBool(aws.BoolValue(e.AccessLog.Enabled))),
})
attributes = append(attributes, cloudformationLoadBalancerAttribute{
Key: aws.String("access_logs.s3.bucket"),
Value: e.AccessLog.S3BucketName,
})
attributes = append(attributes, cloudformationLoadBalancerAttribute{
Key: aws.String("access_logs.s3.prefix"),
Value: e.AccessLog.S3BucketPrefix,
})
nlbCF.LoadBalancerAttributes = attributes
}
err := t.RenderResource("AWS::ElasticLoadBalancingV2::LoadBalancer", *e.Name, nlbCF)
if err != nil {
return err

6
upup/pkg/fi/cloudup/awstasks/networkloadbalancer_attributes.go
View File

@ -37,6 +37,12 @@ func (_ *NetworkLoadBalancerAccessLog) GetDependencies(tasks map[string]fi.Task)
return nil
}
type terraformNetworkLoadBalancerAccessLog struct {
Enabled *bool `json:"enabled,omitempty" cty:"enabled"`
S3BucketName *string `json:"bucket,omitempty" cty:"bucket"`
S3BucketPrefix *string `json:"bucket_prefix,omitempty" cty:"prefix"`
}
func findNetworkLoadBalancerAttributes(cloud awsup.AWSCloud, LoadBalancerArn string) ([]*elbv2.LoadBalancerAttribute, error) {
request := &elbv2.DescribeLoadBalancerAttributesInput{