kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add AccessLog attribute to CloudFormation and Terraform renderer

This commit is contained in:
AkiraFukushima 2021-08-03 21:34:03 +09:00
parent 2fd69ba3a3
commit 73f7307844
No known key found for this signature in database
GPG Key ID: B6E51BAC4DE1A957
8 changed files with 82 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -1458,6 +1458,20 @@
"Key": "kubernetes.io/cluster/complex.example.com", "Key": "kubernetes.io/cluster/complex.example.com",
"Value": "owned" "Value": "owned"
} }
],
"LoadBalancerAttributes": [
{
"Key": "access_logs.s3.enabled",
"Value": "true"
},
{
"Key": "access_logs.s3.bucket",
"Value": "access-log-example"
},
{
"Key": "access_logs.s3.prefix",
"Value": ""
}
] ]
} }
}, },

2
tests/integration/update_cluster/complex/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -9,6 +9,8 @@ spec:
- 10.2.0.0/16 - 10.2.0.0/16
api: api:
loadBalancer: loadBalancer:
accessLog:
bucket: access-log-example
additionalSecurityGroups: additionalSecurityGroups:
- sg-exampleid5 - sg-exampleid5
- sg-exampleid6 - sg-exampleid6

2
tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml
View File

@ -17,6 +17,8 @@ spec:
subnets: subnets:
- name: us-test-1a - name: us-test-1a
allocationId: eipalloc-012345a678b9cdefa allocationId: eipalloc-012345a678b9cdefa
accessLog:
bucket: access-log-example
kubernetesApiAccess: kubernetesApiAccess:
- 1.1.1.0/24 - 1.1.1.0/24
channel: stable channel: stable

2
tests/integration/update_cluster/complex/in-v1alpha2.yaml
View File

@ -17,6 +17,8 @@ spec:
subnets: subnets:
- name: us-test-1a - name: us-test-1a
allocationId: eipalloc-012345a678b9cdefa allocationId: eipalloc-012345a678b9cdefa
accessLog:
bucket: access-log-example
kubernetesApiAccess: kubernetesApiAccess:
- 1.1.1.0/24 - 1.1.1.0/24
channel: stable channel: stable

5
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -523,6 +523,11 @@ resource "aws_launch_template" "nodes-complex-example-com" {
} }
resource "aws_lb" "api-complex-example-com" { resource "aws_lb" "api-complex-example-com" {
access_logs {
bucket = "access-log-example"
enabled = true
prefix = ""
}
enable_cross_zone_load_balancing = true enable_cross_zone_load_balancing = true
internal = false internal = false
load_balancer_type = "network" load_balancer_type = "network"

4
upup/pkg/fi/cloudup/awstasks/classic_load_balancer.go
View File

@ -716,7 +716,7 @@ func (_ *ClassicLoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e
} }
} }
if e.AccessLog != nil { if e.AccessLog != nil && fi.BoolValue(e.AccessLog.Enabled) {
tf.AccessLog = &terraformLoadBalancerAccessLog{ tf.AccessLog = &terraformLoadBalancerAccessLog{
EmitInterval: e.AccessLog.EmitInterval, EmitInterval: e.AccessLog.EmitInterval,
Enabled: e.AccessLog.Enabled, Enabled: e.AccessLog.Enabled,
@ -856,7 +856,7 @@ func (_ *ClassicLoadBalancer) RenderCloudformation(t *cloudformation.Cloudformat
} }
} }
if e.AccessLog != nil { if e.AccessLog != nil && fi.BoolValue(e.AccessLog.Enabled) {
tf.AccessLog = &cloudformationClassicLoadBalancerAccessLog{ tf.AccessLog = &cloudformationClassicLoadBalancerAccessLog{
EmitInterval: e.AccessLog.EmitInterval, EmitInterval: e.AccessLog.EmitInterval,
Enabled: e.AccessLog.Enabled, Enabled: e.AccessLog.Enabled,

72
upup/pkg/fi/cloudup/awstasks/network_load_balancer.go
View File

@ -371,29 +371,20 @@ func (e *NetworkLoadBalancer) Find(c *fi.Context) (*NetworkLoadBalancer, error)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if actual.AccessLog != nil { if actual.AccessLog == nil {
actual.AccessLog.Enabled = fi.Bool(b) actual.AccessLog = &NetworkLoadBalancerAccessLog{}
} else {
actual.AccessLog = &NetworkLoadBalancerAccessLog{
Enabled: fi.Bool(b),
}
} }
actual.AccessLog.Enabled = fi.Bool(b)
case "access_logs.s3.bucket": case "access_logs.s3.bucket":
if actual.AccessLog != nil { if actual.AccessLog == nil {
actual.AccessLog.S3BucketName = value actual.AccessLog = &NetworkLoadBalancerAccessLog{}
} else {
actual.AccessLog = &NetworkLoadBalancerAccessLog{
S3BucketName: value,
}
} }
actual.AccessLog.S3BucketName = value
case "access_logs.s3.prefix": case "access_logs.s3.prefix":
if actual.AccessLog != nil { if actual.AccessLog == nil {
actual.AccessLog.S3BucketPrefix = value actual.AccessLog = &NetworkLoadBalancerAccessLog{}
} else {
actual.AccessLog = &NetworkLoadBalancerAccessLog{
S3BucketPrefix: value,
}
} }
actual.AccessLog.S3BucketPrefix = value
default: default:
klog.V(2).Infof("unsupported key -- ignoring, %v.\n", key) klog.V(2).Infof("unsupported key -- ignoring, %v.\n", key)
} }
@ -706,6 +697,7 @@ type terraformNetworkLoadBalancer struct {
Type string `json:"load_balancer_type" cty:"load_balancer_type"` Type string `json:"load_balancer_type" cty:"load_balancer_type"`
SubnetMappings []terraformNetworkLoadBalancerSubnetMapping `json:"subnet_mapping" cty:"subnet_mapping"` SubnetMappings []terraformNetworkLoadBalancerSubnetMapping `json:"subnet_mapping" cty:"subnet_mapping"`
CrossZoneLoadBalancing bool `json:"enable_cross_zone_load_balancing" cty:"enable_cross_zone_load_balancing"` CrossZoneLoadBalancing bool `json:"enable_cross_zone_load_balancing" cty:"enable_cross_zone_load_balancing"`
AccessLog *terraformNetworkLoadBalancerAccessLog `json:"access_logs,omitempty" cty:"access_logs"`
Tags map[string]string `json:"tags" cty:"tags"` Tags map[string]string `json:"tags" cty:"tags"`
} }
@ -747,6 +739,14 @@ func (_ *NetworkLoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e
}) })
} }
if e.AccessLog != nil && fi.BoolValue(e.AccessLog.Enabled) {
nlbTF.AccessLog = &terraformNetworkLoadBalancerAccessLog{
Enabled: e.AccessLog.Enabled,
S3BucketName: e.AccessLog.S3BucketName,
S3BucketPrefix: e.AccessLog.S3BucketPrefix,
}
}
err := t.RenderResource("aws_lb", *e.Name, nlbTF) err := t.RenderResource("aws_lb", *e.Name, nlbTF)
if err != nil { if err != nil {
return err return err
@ -788,6 +788,7 @@ func (_ *NetworkLoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e
return err return err
} }
} }
return nil return nil
} }
@ -800,11 +801,12 @@ func (e *NetworkLoadBalancer) TerraformLink(params ...string) *terraformWriter.L
} }
type cloudformationNetworkLoadBalancer struct { type cloudformationNetworkLoadBalancer struct {
Name string `json:"Name"` Name string `json:"Name"`
Scheme string `json:"Scheme"` Scheme string `json:"Scheme"`
SubnetMappings []*cloudformationSubnetMapping `json:"SubnetMappings"` SubnetMappings []*cloudformationSubnetMapping `json:"SubnetMappings"`
Type string `json:"Type"` Type string `json:"Type"`
Tags []cloudformationTag `json:"Tags"` Tags []cloudformationTag `json:"Tags"`
LoadBalancerAttributes []cloudformationLoadBalancerAttribute `json:"LoadBalancerAttributes,omitempty"`
} }
type cloudformationSubnetMapping struct { type cloudformationSubnetMapping struct {
@ -813,6 +815,11 @@ type cloudformationSubnetMapping struct {
PrivateIPv4Address *string `json:"PrivateIPv4Address,omitempty"` PrivateIPv4Address *string `json:"PrivateIPv4Address,omitempty"`
} }
type cloudformationLoadBalancerAttribute struct {
Key *string `json:"Key"`
Value *string `json:"Value,omitempty"`
}
type cloudformationNetworkLoadBalancerListener struct { type cloudformationNetworkLoadBalancerListener struct {
Certificates []cloudformationNetworkLoadBalancerListenerCertificate `json:"Certificates,omitempty"` Certificates []cloudformationNetworkLoadBalancerListenerCertificate `json:"Certificates,omitempty"`
DefaultActions []cloudformationNetworkLoadBalancerListenerAction `json:"DefaultActions"` DefaultActions []cloudformationNetworkLoadBalancerListenerAction `json:"DefaultActions"`
@ -849,6 +856,25 @@ func (_ *NetworkLoadBalancer) RenderCloudformation(t *cloudformation.Cloudformat
} else { } else {
nlbCF.Scheme = elbv2.LoadBalancerSchemeEnumInternetFacing nlbCF.Scheme = elbv2.LoadBalancerSchemeEnumInternetFacing
} }
if e.AccessLog != nil && *e.AccessLog.Enabled {
var attributes []cloudformationLoadBalancerAttribute
attributes = append(attributes, cloudformationLoadBalancerAttribute{
Key: aws.String("access_logs.s3.enabled"),
Value: aws.String(strconv.FormatBool(aws.BoolValue(e.AccessLog.Enabled))),
})
attributes = append(attributes, cloudformationLoadBalancerAttribute{
Key: aws.String("access_logs.s3.bucket"),
Value: e.AccessLog.S3BucketName,
})
attributes = append(attributes, cloudformationLoadBalancerAttribute{
Key: aws.String("access_logs.s3.prefix"),
Value: e.AccessLog.S3BucketPrefix,
})
nlbCF.LoadBalancerAttributes = attributes
}
err := t.RenderResource("AWS::ElasticLoadBalancingV2::LoadBalancer", *e.Name, nlbCF) err := t.RenderResource("AWS::ElasticLoadBalancingV2::LoadBalancer", *e.Name, nlbCF)
if err != nil { if err != nil {
return err return err

6
upup/pkg/fi/cloudup/awstasks/networkloadbalancer_attributes.go
View File

@ -37,6 +37,12 @@ func (_ *NetworkLoadBalancerAccessLog) GetDependencies(tasks map[string]fi.Task)
return nil return nil
} }
type terraformNetworkLoadBalancerAccessLog struct {
Enabled *bool `json:"enabled,omitempty" cty:"enabled"`
S3BucketName *string `json:"bucket,omitempty" cty:"bucket"`
S3BucketPrefix *string `json:"bucket_prefix,omitempty" cty:"prefix"`
}
func findNetworkLoadBalancerAttributes(cloud awsup.AWSCloud, LoadBalancerArn string) ([]*elbv2.LoadBalancerAttribute, error) { func findNetworkLoadBalancerAttributes(cloud awsup.AWSCloud, LoadBalancerArn string) ([]*elbv2.LoadBalancerAttribute, error) {
request := &elbv2.DescribeLoadBalancerAttributesInput{ request := &elbv2.DescribeLoadBalancerAttributesInput{