kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix additionalSecurityGroups support for NLB 

We were correctly adding the security groups to the master ASGs but identified them incorrectly.
This commit is contained in:
Peter Rifel 2020-11-03 08:22:24 -06:00
parent be5c344dce
commit 860249f6b7
No known key found for this signature in database
GPG Key ID: BC6469E5B16DB2B6
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/awsmodel/autoscalinggroup.go
View File

@ -203,7 +203,7 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchConfigurationTask(c *fi.ModelB
if b.APILoadBalancerClass() == kops.LoadBalancerClassNetwork { if b.APILoadBalancerClass() == kops.LoadBalancerClassNetwork {
for _, id := range b.Cluster.Spec.API.LoadBalancer.AdditionalSecurityGroups { for _, id := range b.Cluster.Spec.API.LoadBalancer.AdditionalSecurityGroups {
sgTask := &awstasks.SecurityGroup{ sgTask := &awstasks.SecurityGroup{
ID: fi.String("nlb-" + id), ID: fi.String(id),
Lifecycle: b.SecurityLifecycle, Lifecycle: b.SecurityLifecycle,
Name: fi.String("nlb-" + id), Name: fi.String("nlb-" + id),
Shared: fi.Bool(true), Shared: fi.Bool(true),

8
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -271,8 +271,8 @@
{ {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom" "Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
}, },
"nlb-sg-exampleid3", "sg-exampleid3",
"nlb-sg-exampleid4" "sg-exampleid4"
] ]
} }
], ],
@ -404,9 +404,9 @@
{ {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom" "Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
}, },
"nlb-sg-exampleid3",
"nlb-sg-exampleid4",
"sg-exampleid3", "sg-exampleid3",
"sg-exampleid3",
"sg-exampleid4",
"sg-exampleid4" "sg-exampleid4"
] ]
} }

12
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -1,11 +1,11 @@
locals { locals {
cluster_name = "complex.example.com" cluster_name = "complex.example.com"
master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-complex-example-com.id] master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-complex-example-com.id]
master_security_group_ids = [aws_security_group.masters-complex-example-com.id, "nlb-sg-exampleid3", "nlb-sg-exampleid4"] master_security_group_ids = [aws_security_group.masters-complex-example-com.id, "sg-exampleid3", "sg-exampleid4"]
masters_role_arn = aws_iam_role.masters-complex-example-com.arn masters_role_arn = aws_iam_role.masters-complex-example-com.arn
masters_role_name = aws_iam_role.masters-complex-example-com.name masters_role_name = aws_iam_role.masters-complex-example-com.name
node_autoscaling_group_ids = [aws_autoscaling_group.nodes-complex-example-com.id] node_autoscaling_group_ids = [aws_autoscaling_group.nodes-complex-example-com.id]
node_security_group_ids = [aws_security_group.nodes-complex-example-com.id, "nlb-sg-exampleid3", "nlb-sg-exampleid4", "sg-exampleid3", "sg-exampleid4"] node_security_group_ids = [aws_security_group.nodes-complex-example-com.id, "sg-exampleid3", "sg-exampleid3", "sg-exampleid4", "sg-exampleid4"]
node_subnet_ids = [aws_subnet.us-test-1a-complex-example-com.id] node_subnet_ids = [aws_subnet.us-test-1a-complex-example-com.id]
nodes_role_arn = aws_iam_role.nodes-complex-example-com.arn nodes_role_arn = aws_iam_role.nodes-complex-example-com.arn
nodes_role_name = aws_iam_role.nodes-complex-example-com.name nodes_role_name = aws_iam_role.nodes-complex-example-com.name
@ -25,7 +25,7 @@ output "master_autoscaling_group_ids" {
} }
output "master_security_group_ids" { output "master_security_group_ids" {
value = [aws_security_group.masters-complex-example-com.id, "nlb-sg-exampleid3", "nlb-sg-exampleid4"] value = [aws_security_group.masters-complex-example-com.id, "sg-exampleid3", "sg-exampleid4"]
} }
output "masters_role_arn" { output "masters_role_arn" {
@ -41,7 +41,7 @@ output "node_autoscaling_group_ids" {
} }
output "node_security_group_ids" { output "node_security_group_ids" {
value = [aws_security_group.nodes-complex-example-com.id, "nlb-sg-exampleid3", "nlb-sg-exampleid4", "sg-exampleid3", "sg-exampleid4"] value = [aws_security_group.nodes-complex-example-com.id, "sg-exampleid3", "sg-exampleid3", "sg-exampleid4", "sg-exampleid4"]
} }
output "node_subnet_ids" { output "node_subnet_ids" {
@ -301,7 +301,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-complex-example-com" {
network_interfaces { network_interfaces {
associate_public_ip_address = true associate_public_ip_address = true
delete_on_termination = true delete_on_termination = true
security_groups = [aws_security_group.masters-complex-example-com.id, "nlb-sg-exampleid3", "nlb-sg-exampleid4"] security_groups = [aws_security_group.masters-complex-example-com.id, "sg-exampleid3", "sg-exampleid4"]
} }
tag_specifications { tag_specifications {
resource_type = "instance" resource_type = "instance"
@ -375,7 +375,7 @@ resource "aws_launch_template" "nodes-complex-example-com" {
network_interfaces { network_interfaces {
associate_public_ip_address = true associate_public_ip_address = true
delete_on_termination = true delete_on_termination = true
security_groups = [aws_security_group.nodes-complex-example-com.id, "nlb-sg-exampleid3", "nlb-sg-exampleid4", "sg-exampleid3", "sg-exampleid4"] security_groups = [aws_security_group.nodes-complex-example-com.id, "sg-exampleid3", "sg-exampleid3", "sg-exampleid4", "sg-exampleid4"]
} }
tag_specifications { tag_specifications {
resource_type = "instance" resource_type = "instance"