kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15829 from justinsb/refactor_forapiserver 

Refactor: Replace ForAPIServer with WellKnownServices
This commit is contained in:
Kubernetes Prow Robot 2024-01-20 17:20:53 +01:00 committed by GitHub
parent 2cd79934d5 ae226db932
commit 89b7b14176
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
41 changed files with 344 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/commands/toolbox_enroll.go
View File

@ -47,7 +47,9 @@ import (
"k8s.io/kops/pkg/client/simple"
"k8s.io/kops/pkg/commands/commandutils"
"k8s.io/kops/pkg/featureflag"
"k8s.io/kops/pkg/model"
"k8s.io/kops/pkg/model/resources"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup"
"k8s.io/kops/util/pkg/architectures"
@ -104,7 +106,8 @@ func RunToolboxEnroll(ctx context.Context, f commandutils.Factory, out io.Writer
return err
}
apiserverAdditionalIPs := []string{}
wellKnownAddresses := make(model.WellKnownAddresses)
{
ingresses, err := cloud.GetApiIngressStatus(cluster)
if err != nil {
@ -117,17 +120,21 @@ func RunToolboxEnroll(ctx context.Context, f commandutils.Factory, out io.Writer
// apiserverAdditionalIPs = append(apiserverAdditionalIPs, ingress.Hostname)
// }
if ingress.IP != "" {
apiserverAdditionalIPs = append(apiserverAdditionalIPs, ingress.IP)
wellKnownAddresses[wellknownservices.KubeAPIServer] = append(wellKnownAddresses[wellknownservices.KubeAPIServer], ingress.IP)
}
}
}
if len(apiserverAdditionalIPs) == 0 {
if len(wellKnownAddresses[wellknownservices.KubeAPIServer]) == 0 {
// TODO: Should we support DNS?
return fmt.Errorf("unable to determine IP address for kops-controller")
return fmt.Errorf("unable to determine IP address for kube-apiserver")
}
scriptBytes, err := buildBootstrapData(ctx, clientset, cluster, ig, apiserverAdditionalIPs)
for k := range wellKnownAddresses {
sort.Strings(wellKnownAddresses[k])
}
scriptBytes, err := buildBootstrapData(ctx, clientset, cluster, ig, wellKnownAddresses)
if err != nil {
return err
}
@ -390,7 +397,7 @@ func (s *SSHHost) getHostname(ctx context.Context) (string, error) {
return hostname, nil
}
func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster *kops.Cluster, ig *kops.InstanceGroup, apiserverAdditionalIPs []string) ([]byte, error) {
func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster *kops.Cluster, ig *kops.InstanceGroup, wellknownAddresses model.WellKnownAddresses) ([]byte, error) {
if cluster.Spec.KubeAPIServer == nil {
cluster.Spec.KubeAPIServer = &kops.KubeAPIServerConfig{}
}
@ -451,7 +458,7 @@ func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster
keysets[keyName] = keyset
}
_, bootConfig, err := configBuilder.BuildConfig(ig, apiserverAdditionalIPs, keysets)
_, bootConfig, err := configBuilder.BuildConfig(ig, wellknownAddresses, keysets)
if err != nil {
return nil, err
}

16
pkg/model/awsmodel/api_loadbalancer.go
View File

@ -25,6 +25,7 @@ import (
"k8s.io/klog/v2"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
)
@ -187,10 +188,10 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
Listeners: nlbListeners,
TargetGroups: make([]*awstasks.TargetGroup, 0),
Tags: tags,
ForAPIServer: true,
VPC: b.LinkToVPC(),
Type: fi.PtrTo("network"),
Tags: tags,
WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
VPC: b.LinkToVPC(),
Type: fi.PtrTo("network"),
}
clb = &awstasks.ClassicLoadBalancer{
@ -222,8 +223,8 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
Timeout: fi.PtrTo(int64(300)),
},
Tags: tags,
ForAPIServer: true,
Tags: tags,
WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
}
if b.Cluster.UsesNoneDNS() {
@ -536,6 +537,9 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
ToPort: fi.PtrTo(int64(4)),
})
if b.Cluster.UsesNoneDNS() {
nlb.WellKnownServices = append(nlb.WellKnownServices, wellknownservices.KopsController)
clb.WellKnownServices = append(clb.WellKnownServices, wellknownservices.KopsController)
c.AddTask(&awstasks.SecurityGroupRule{
Name: fi.PtrTo(fmt.Sprintf("kops-controller-elb-to-cp%s", suffix)),
Lifecycle: b.SecurityLifecycle,

33
pkg/model/bootstrapscript.go
View File

@ -30,6 +30,7 @@ import (
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/apis/nodeup"
"k8s.io/kops/pkg/model/resources"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
"k8s.io/kops/upup/pkg/fi/cloudup/scaleway"
@ -40,9 +41,12 @@ import (
)
type NodeUpConfigBuilder interface {
BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error)
BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error)
}
// WellKnownAddresses holds known addresses for well-known services
type WellKnownAddresses map[wellknownservices.WellKnownService][]string
// BootstrapScriptBuilder creates the bootstrap script
type BootstrapScriptBuilder struct {
*KopsModelContext
@ -58,8 +62,9 @@ type BootstrapScript struct {
ig *kops.InstanceGroup
builder *BootstrapScriptBuilder
resource fi.CloudupTaskDependentResource
// alternateNameTasks are tasks that contribute api-server IP addresses.
alternateNameTasks []fi.HasAddress
// hasAddressTasks holds fi.HasAddress tasks, that contribute well-known services.
hasAddressTasks []fi.HasAddress
// caTasks hold the CA tasks, for dependency analysis.
caTasks map[string]*fitasks.Keypair
@ -76,9 +81,9 @@ var (
// kubeEnv returns the boot config for the instance group
func (b *BootstrapScript) kubeEnv(ig *kops.InstanceGroup, c *fi.CloudupContext) (*nodeup.BootConfig, error) {
var alternateNames []string
wellKnownAddresses := make(WellKnownAddresses)
for _, hasAddress := range b.alternateNameTasks {
for _, hasAddress := range b.hasAddressTasks {
addresses, err := hasAddress.FindAddresses(c)
if err != nil {
return nil, fmt.Errorf("error finding address for %v: %v", hasAddress, err)
@ -88,13 +93,17 @@ func (b *BootstrapScript) kubeEnv(ig *kops.InstanceGroup, c *fi.CloudupContext)
klog.V(2).Infof("Task did not have an address: %v", hasAddress)
continue
}
for _, address := range addresses {
klog.V(8).Infof("Resolved alternateName %q for %q", address, hasAddress)
alternateNames = append(alternateNames, address)
klog.V(8).Infof("Resolved alternateNames %q for %q", addresses, hasAddress)
for _, wellKnownService := range hasAddress.GetWellKnownServices() {
wellKnownAddresses[wellKnownService] = append(wellKnownAddresses[wellKnownService], addresses...)
}
}
sort.Strings(alternateNames)
for k := range wellKnownAddresses {
sort.Strings(wellKnownAddresses[k])
}
keysets := make(map[string]*fi.Keyset)
for _, caTask := range b.caTasks {
@ -105,7 +114,7 @@ func (b *BootstrapScript) kubeEnv(ig *kops.InstanceGroup, c *fi.CloudupContext)
}
keysets[name] = keyset
}
config, bootConfig, err := b.builder.NodeUpConfigBuilder.BuildConfig(ig, alternateNames, keysets)
config, bootConfig, err := b.builder.NodeUpConfigBuilder.BuildConfig(ig, wellKnownAddresses, keysets)
if err != nil {
return nil, err
}
@ -288,9 +297,9 @@ func (b *BootstrapScript) GetDependencies(tasks map[string]fi.CloudupTask) []fi.
var deps []fi.CloudupTask
for _, task := range tasks {
if hasAddress, ok := task.(fi.HasAddress); ok && hasAddress.IsForAPIServer() {
if hasAddress, ok := task.(fi.HasAddress); ok && len(hasAddress.GetWellKnownServices()) > 0 {
deps = append(deps, task)
b.alternateNameTasks = append(b.alternateNameTasks, hasAddress)
b.hasAddressTasks = append(b.hasAddressTasks, hasAddress)
}
}

2
pkg/model/bootstrapscript_test.go
View File

@ -72,7 +72,7 @@ type nodeupConfigBuilder struct {
cluster *kops.Cluster
}
func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
config, bootConfig := nodeup.NewConfig(n.cluster, ig)
return config, bootConfig, nil
}

16
pkg/model/domodel/api_loadbalancer.go
View File

@ -20,6 +20,7 @@ import (
"fmt"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/do"
"k8s.io/kops/upup/pkg/fi/cloudup/dotasks"
@ -60,10 +61,11 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
// Create LoadBalancer for API LB
loadbalancer := &dotasks.LoadBalancer{
Name: fi.PtrTo(loadbalancerName),
Region: fi.PtrTo(b.Cluster.Spec.Networking.Subnets[0].Region),
DropletTag: fi.PtrTo(clusterMasterTag),
Lifecycle: b.Lifecycle,
Name: fi.PtrTo(loadbalancerName),
Region: fi.PtrTo(b.Cluster.Spec.Networking.Subnets[0].Region),
DropletTag: fi.PtrTo(clusterMasterTag),
Lifecycle: b.Lifecycle,
WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KopsController, wellknownservices.KubeAPIServer},
}
if b.Cluster.Spec.Networking.NetworkID != "" {
@ -76,11 +78,5 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
c.AddTask(loadbalancer)
// Ensure the LB hostname is included in the TLS certificate,
// if we're not going to use an alias for it
if b.Cluster.UsesLegacyGossip() || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
loadbalancer.ForAPIServer = true
}
return nil
}

17
pkg/model/gcemodel/api_loadbalancer.go
View File

@ -23,6 +23,7 @@ import (
"golang.org/x/exp/slices"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/gce"
"k8s.io/kops/upup/pkg/fi/cloudup/gcetasks"
@ -64,9 +65,10 @@ func (b *APILoadBalancerBuilder) createPublicLB(c *fi.CloudupModelBuilderContext
c.AddTask(poolHealthCheck)
ipAddress := &gcetasks.Address{
Name: s(b.NameForIPAddress("api")),
ForAPIServer: true,
Lifecycle: b.Lifecycle,
Name: s(b.NameForIPAddress("api")),
Lifecycle: b.Lifecycle,
WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
}
c.AddTask(ipAddress)
@ -86,6 +88,8 @@ func (b *APILoadBalancerBuilder) createPublicLB(c *fi.CloudupModelBuilderContext
},
})
if b.Cluster.UsesNoneDNS() {
ipAddress.WellKnownServices = append(ipAddress.WellKnownServices, wellknownservices.KopsController)
c.AddTask(&gcetasks.ForwardingRule{
Name: s(b.NameForForwardingRule("kops-controller")),
Lifecycle: b.Lifecycle,
@ -203,8 +207,9 @@ func (b *APILoadBalancerBuilder) createInternalLB(c *fi.CloudupModelBuilderConte
IPAddressType: s("INTERNAL"),
Purpose: s("SHARED_LOADBALANCER_VIP"),
Subnetwork: subnet,
ForAPIServer: true,
Lifecycle: b.Lifecycle,
WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
Lifecycle: b.Lifecycle,
}
c.AddTask(ipAddress)
@ -224,6 +229,8 @@ func (b *APILoadBalancerBuilder) createInternalLB(c *fi.CloudupModelBuilderConte
},
})
if b.Cluster.UsesNoneDNS() {
ipAddress.WellKnownServices = append(ipAddress.WellKnownServices, wellknownservices.KopsController)
c.AddTask(&gcetasks.ForwardingRule{
Name: s(b.NameForForwardingRule("kops-controller-" + sn.Name)),
Lifecycle: b.Lifecycle,

3
pkg/model/hetznermodel/loadbalancer.go
View File

@ -23,6 +23,7 @@ import (
"github.com/hetznercloud/hcloud-go/hcloud"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/hetzner"
"k8s.io/kops/upup/pkg/fi/cloudup/hetznertasks"
@ -63,6 +64,8 @@ func (b *LoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) error
Labels: map[string]string{
hetzner.TagKubernetesClusterName: b.ClusterName(),
},
WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer, wellknownservices.KopsController},
}
c.AddTask(&loadbalancer)

15
pkg/model/openstackmodel/servergroup.go
View File

@ -28,6 +28,7 @@ import (
"k8s.io/kops/pkg/model"
"k8s.io/kops/pkg/truncate"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
"k8s.io/kops/upup/pkg/fi/cloudup/openstacktasks"
@ -240,7 +241,9 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.CloudupModelBuilderContex
}
c.AddTask(t)
if ig.Spec.Role == kops.InstanceGroupRoleControlPlane {
b.associateFIPToKeypair(t)
// Ensure the floating IP is included in the TLS certificate,
// if we're not going to use an alias for it
t.WellKnownServices = append(t.WellKnownServices, wellknownservices.KubeAPIServer, wellknownservices.KopsController)
}
instanceTask.FloatingIP = t
}
@ -250,12 +253,6 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.CloudupModelBuilderContex
return nil
}
func (b *ServerGroupModelBuilder) associateFIPToKeypair(fipTask *openstacktasks.FloatingIP) {
// Ensure the floating IP is included in the TLS certificate,
// if we're not going to use an alias for it
fipTask.ForAPIServer = true
}
func (b *ServerGroupModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
clusterName := b.ClusterName()
@ -340,9 +337,7 @@ func (b *ServerGroupModelBuilder) Build(c *fi.CloudupModelBuilderContext) error
}
c.AddTask(lbfipTask)
if b.Cluster.UsesLegacyGossip() || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
b.associateFIPToKeypair(lbfipTask)
}
lbfipTask.WellKnownServices = append(lbfipTask.WellKnownServices, wellknownservices.KubeAPIServer)
poolTask := &openstacktasks.LBPool{
Name: fi.PtrTo(fmt.Sprintf("%s-https", fi.ValueOf(lbTask.Name))),

2
pkg/model/openstackmodel/servergroup_test.go
View File

@ -1548,7 +1548,7 @@ func createBuilderForCluster(cluster *kops.Cluster, instanceGroups []*kops.Insta
type nodeupConfigBuilder struct{}
func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses model.WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
return &nodeup.Config{}, &nodeup.BootConfig{}, nil
}

2
pkg/model/openstackmodel/tests/servergroup/adds-additional-security-groups.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -76,6 +75,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

2
pkg/model/openstackmodel/tests/servergroup/adds-cloud-labels-from-ClusterSpec.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -75,6 +74,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

2
pkg/model/openstackmodel/tests/servergroup/adds-cloud-labels-from-InstanceGroupSpec.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -75,6 +74,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

2
pkg/model/openstackmodel/tests/servergroup/configures-allowed-address-pairs-with-annotations.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -77,6 +76,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

2
pkg/model/openstackmodel/tests/servergroup/configures-server-group-affinity-with-annotations.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -74,6 +73,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

48
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-auto-zone-distribution.yaml
View File

@ -4,59 +4,66 @@ Name: master
Lifecycle: ""
Name: node
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-1-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-2-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-3-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-1-cluster
WellKnownServices: null
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-2-cluster
WellKnownServices: null
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-3-cluster
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-1-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master
ID: null
Image: image
@ -134,18 +141,20 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-2-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master
ID: null
Image: image
@ -223,18 +232,20 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-3-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master
ID: null
Image: image
@ -312,18 +323,18 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-1-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node
ID: null
Image: image
@ -392,18 +403,18 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-2-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node
ID: null
Image: image
@ -472,18 +483,18 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-3-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node
ID: null
Image: image
@ -552,6 +563,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

15
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-with-API-loadbalancer-dns-none.yaml
View File

@ -16,7 +16,6 @@ Name: node-b
Lifecycle: ""
Name: node-c
---
ForAPIServer: true
ID: null
IP: null
LB:
@ -37,12 +36,13 @@ LB:
VipSubnet: null
Lifecycle: Sync
Name: fip-api.cluster
WellKnownServices:
- kube-apiserver
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-a
ID: null
Image: image
@ -114,12 +114,12 @@ UserData:
task:
Lifecycle: ""
Name: master-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-b
ID: null
Image: image
@ -191,12 +191,12 @@ UserData:
task:
Lifecycle: ""
Name: master-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-c
ID: null
Image: image
@ -268,12 +268,12 @@ UserData:
task:
Lifecycle: ""
Name: master-c
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-a
ID: null
Image: image
@ -342,12 +342,12 @@ UserData:
task:
Lifecycle: ""
Name: node-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-b
ID: null
Image: image
@ -416,12 +416,12 @@ UserData:
task:
Lifecycle: ""
Name: node-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-c
ID: null
Image: image
@ -490,6 +490,7 @@ UserData:
task:
Lifecycle: ""
Name: node-c
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

15
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-with-API-loadbalancer.yaml
View File

@ -16,7 +16,6 @@ Name: node-b
Lifecycle: ""
Name: node-c
---
ForAPIServer: false
ID: null
IP: null
LB:
@ -37,12 +36,13 @@ LB:
VipSubnet: null
Lifecycle: Sync
Name: fip-master-public-name
WellKnownServices:
- kube-apiserver
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-a
ID: null
Image: image
@ -114,12 +114,12 @@ UserData:
task:
Lifecycle: ""
Name: master-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-b
ID: null
Image: image
@ -191,12 +191,12 @@ UserData:
task:
Lifecycle: ""
Name: master-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-c
ID: null
Image: image
@ -268,12 +268,12 @@ UserData:
task:
Lifecycle: ""
Name: master-c
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-a
ID: null
Image: image
@ -342,12 +342,12 @@ UserData:
task:
Lifecycle: ""
Name: node-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-b
ID: null
Image: image
@ -416,12 +416,12 @@ UserData:
task:
Lifecycle: ""
Name: node-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-c
ID: null
Image: image
@ -490,6 +490,7 @@ UserData:
task:
Lifecycle: ""
Name: node-c
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

48
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion.yaml
View File

@ -16,59 +16,66 @@ Name: node-b
Lifecycle: ""
Name: node-c
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-a-1-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-b-1-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-c-1-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-a-1-cluster
WellKnownServices: null
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-b-1-cluster
WellKnownServices: null
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-c-1-cluster
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-a-1-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master-a
ID: null
Image: image
@ -146,18 +153,20 @@ UserData:
task:
Lifecycle: ""
Name: master-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-b-1-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master-b
ID: null
Image: image
@ -235,18 +244,20 @@ UserData:
task:
Lifecycle: ""
Name: master-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-c-1-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master-c
ID: null
Image: image
@ -324,18 +335,18 @@ UserData:
task:
Lifecycle: ""
Name: master-c
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-a-1-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node-a
ID: null
Image: image
@ -404,18 +415,18 @@ UserData:
task:
Lifecycle: ""
Name: node-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-b-1-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node-b
ID: null
Image: image
@ -484,18 +495,18 @@ UserData:
task:
Lifecycle: ""
Name: node-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-c-1-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node-c
ID: null
Image: image
@ -564,6 +575,7 @@ UserData:
task:
Lifecycle: ""
Name: node-c
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

12
pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-external-router.yaml
View File

@ -20,7 +20,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-a
ID: null
Image: image
@ -98,12 +97,12 @@ UserData:
task:
Lifecycle: ""
Name: master-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-b
ID: null
Image: image
@ -181,12 +180,12 @@ UserData:
task:
Lifecycle: ""
Name: master-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-c
ID: null
Image: image
@ -264,12 +263,12 @@ UserData:
task:
Lifecycle: ""
Name: master-c
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-a
ID: null
Image: image
@ -338,12 +337,12 @@ UserData:
task:
Lifecycle: ""
Name: node-a
WellKnownServices: null
---
AvailabilityZone: zone-2
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-b
ID: null
Image: image
@ -412,12 +411,12 @@ UserData:
task:
Lifecycle: ""
Name: node-b
WellKnownServices: null
---
AvailabilityZone: zone-3
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-c
ID: null
Image: image
@ -486,6 +485,7 @@ UserData:
task:
Lifecycle: ""
Name: node-c
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

6
pkg/model/openstackmodel/tests/servergroup/one-master-one-node-one-bastion-2.yaml
View File

@ -11,7 +11,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: bastion
ID: null
Image: image
@ -78,12 +77,12 @@ UserData:
task:
Lifecycle: ""
Name: bastion
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master
ID: null
Image: image
@ -161,12 +160,12 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image
@ -235,6 +234,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

10
pkg/model/openstackmodel/tests/servergroup/one-master-one-node-one-bastion.yaml
View File

@ -7,24 +7,23 @@ Name: master
Lifecycle: ""
Name: node
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-bastion-1-cluster
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-bastion-1-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: bastion
ID: null
Image: image
@ -91,12 +90,12 @@ UserData:
task:
Lifecycle: ""
Name: bastion
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master
ID: null
Image: image
@ -174,12 +173,12 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image
@ -248,6 +247,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

4
pkg/model/openstackmodel/tests/servergroup/one-master-one-node-without-bastion-no-public-ip-association.yaml
View File

@ -8,7 +8,6 @@ AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master
ID: null
Image: image-master
@ -86,12 +85,12 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -160,6 +159,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

16
pkg/model/openstackmodel/tests/servergroup/one-master-one-node.yaml
View File

@ -4,31 +4,34 @@ Name: master
Lifecycle: ""
Name: node
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-1-cluster
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-1-cluster
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-1-cluster
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master
ID: null
Image: image-master
@ -106,18 +109,18 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-1-cluster
ForAPIServer: false
WellKnownServices: null
GroupName: node
ID: null
Image: image-node
@ -186,6 +189,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

11
pkg/model/openstackmodel/tests/servergroup/single-zone-setup-3-masters-1-node-without-bastion-with-API-loadbalancer-dns-none.yaml
View File

@ -10,7 +10,6 @@ Name: master-c
Lifecycle: ""
Name: node-a
---
ForAPIServer: true
ID: null
IP: null
LB:
@ -31,12 +30,13 @@ LB:
VipSubnet: null
Lifecycle: Sync
Name: fip-api.cluster
WellKnownServices:
- kube-apiserver
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-a
ID: null
Image: image
@ -110,12 +110,12 @@ UserData:
task:
Lifecycle: ""
Name: master-a
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-b
ID: null
Image: image
@ -189,12 +189,12 @@ UserData:
task:
Lifecycle: ""
Name: master-b
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: master-c
ID: null
Image: image
@ -268,12 +268,12 @@ UserData:
task:
Lifecycle: ""
Name: master-c
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP: null
ForAPIServer: false
GroupName: node-a
ID: null
Image: image
@ -342,6 +342,7 @@ UserData:
task:
Lifecycle: ""
Name: node-a
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

16
pkg/model/openstackmodel/tests/servergroup/truncate-cluster-names-to-42-characters.yaml
View File

@ -4,31 +4,34 @@ Name: master
Lifecycle: ""
Name: node
---
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-1-tom-software-dev-playground-real33-k8s-local
WellKnownServices:
- kube-apiserver
- kops-controller
---
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-1-tom-software-dev-playground-real33-k8s-local
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.1-2
FloatingIP:
ForAPIServer: true
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-master-1-tom-software-dev-playground-real33-k8s-local
ForAPIServer: false
WellKnownServices:
- kube-apiserver
- kops-controller
GroupName: master
ID: null
Image: image-master
@ -106,18 +109,18 @@ UserData:
task:
Lifecycle: ""
Name: master
WellKnownServices: null
---
AvailabilityZone: zone-1
ConfigDrive: false
Flavor: blc.2-4
FloatingIP:
ForAPIServer: false
ID: null
IP: null
LB: null
Lifecycle: Sync
Name: fip-node-1-tom-software-dev-playground-real33-k8s-local
ForAPIServer: false
WellKnownServices: null
GroupName: node
ID: null
Image: image-node
@ -186,6 +189,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

2
pkg/model/openstackmodel/tests/servergroup/uses-instance-group-subnet-as-availability-zones-fallback.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: subnet
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -76,6 +75,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

2
pkg/model/openstackmodel/tests/servergroup/uses-instance-group-zones-as-availability-zones.yaml
View File

@ -5,7 +5,6 @@ AvailabilityZone: zone-a
ConfigDrive: false
Flavor: blc.2-4
FloatingIP: null
ForAPIServer: false
GroupName: node
ID: null
Image: image-node
@ -76,6 +75,7 @@ UserData:
task:
Lifecycle: ""
Name: node
WellKnownServices: null
---
Lifecycle: ""
Name: apiserver-aggregator-ca

7
pkg/model/scalewaymodel/api_loadbalancer.go
View File

@ -25,6 +25,7 @@ import (
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/dns"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/scaleway"
"k8s.io/kops/upup/pkg/fi/cloudup/scalewaytasks"
@ -81,6 +82,7 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
c.AddTask(loadBalancer)
loadBalancer.WellKnownServices = append(loadBalancer.WellKnownServices, wellknownservices.KubeAPIServer)
lbBackendHttps, lbFrontendHttps := createLbBackendAndFrontend("https", wellknownports.KubeAPIServer, zone, loadBalancer)
lbBackendHttps.Lifecycle = b.Lifecycle
c.AddTask(lbBackendHttps)
@ -88,10 +90,7 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
c.AddTask(lbFrontendHttps)
if dns.IsGossipClusterName(b.Cluster.Name) || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
// Ensure the LB hostname is included in the TLS certificate,
// if we're not going to use an alias for it
loadBalancer.ForAPIServer = true
loadBalancer.WellKnownServices = append(loadBalancer.WellKnownServices, wellknownservices.KopsController)
lbBackendKopsController, lbFrontendKopsController := createLbBackendAndFrontend("kops-controller", wellknownports.KopsControllerPort, zone, loadBalancer)
lbBackendKopsController.Lifecycle = b.Lifecycle
c.AddTask(lbBackendKopsController)

27
pkg/wellknownservices/wellknownservices.go Normal file
View File

@ -0,0 +1,27 @@
/*
Copyright 2023 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package wellknownservices
type WellKnownService string
const (
// KubeAPIServer is the service where kube-apiserver listens.
KubeAPIServer WellKnownService = "kube-apiserver"
// KopsController is the service where kops-controller listens.
KopsController WellKnownService = "kops-controller"
)

9
upup/pkg/fi/cloudup/apply_cluster.go
View File

@ -59,6 +59,7 @@ import (
"k8s.io/kops/pkg/model/scalewaymodel"
"k8s.io/kops/pkg/templates"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/models"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
@ -1346,7 +1347,7 @@ func NewNodeUpConfigBuilder(cluster *kops.Cluster, assetBuilder *assets.AssetBui
}
// BuildConfig returns the NodeUp config and auxiliary config.
func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses model.WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
cluster := n.cluster
if ig == nil {
@ -1449,7 +1450,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
}
if hasAPIServer {
config.ApiserverAdditionalIPs = apiserverAdditionalIPs
config.ApiserverAdditionalIPs = wellKnownAddresses[wellknownservices.KubeAPIServer]
}
// Set API server address to an IP from the cluster network CIDR
@ -1457,7 +1458,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
switch cluster.Spec.GetCloudProvider() {
case kops.CloudProviderAWS, kops.CloudProviderHetzner, kops.CloudProviderOpenstack:
// Use a private IP address that belongs to the cluster network CIDR (some additional addresses may be FQDNs or public IPs)
for _, additionalIP := range apiserverAdditionalIPs {
for _, additionalIP := range wellKnownAddresses[wellknownservices.KubeAPIServer] {
for _, networkCIDR := range append(cluster.Spec.Networking.AdditionalNetworkCIDRs, cluster.Spec.Networking.NetworkCIDR) {
_, cidr, err := net.ParseCIDR(networkCIDR)
if err != nil {
@ -1471,7 +1472,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
case kops.CloudProviderDO, kops.CloudProviderScaleway, kops.CloudProviderGCE, kops.CloudProviderAzure:
// Use any IP address that is found (including public ones)
for _, additionalIP := range apiserverAdditionalIPs {
for _, additionalIP := range wellKnownAddresses[wellknownservices.KubeAPIServer] {
controlPlaneIPs = append(controlPlaneIPs, additionalIP)
}
}

16
upup/pkg/fi/cloudup/awstasks/classic_load_balancer.go
View File

@ -27,6 +27,7 @@ import (
"github.com/aws/aws-sdk-go/service/elb"
"github.com/aws/aws-sdk-go/service/route53"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@ -67,11 +68,14 @@ type ClassicLoadBalancer struct {
CrossZoneLoadBalancing *ClassicLoadBalancerCrossZoneLoadBalancing
SSLCertificateID string
Tags map[string]string
ForAPIServer bool
Tags map[string]string
// Shared is set if this is an external LB (one we don't create or own)
Shared *bool
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var _ fi.CompareWithID = &ClassicLoadBalancer{}
@ -229,7 +233,7 @@ func (e *ClassicLoadBalancer) Find(c *fi.CloudupContext) (*ClassicLoadBalancer,
// Ignore system fields
actual.Lifecycle = e.Lifecycle
actual.ForAPIServer = e.ForAPIServer
actual.WellKnownServices = e.WellKnownServices
tagMap, err := cloud.DescribeELBTags([]string{*lb.LoadBalancerName})
if err != nil {
@ -341,8 +345,10 @@ func (e *ClassicLoadBalancer) Find(c *fi.CloudupContext) (*ClassicLoadBalancer,
var _ fi.HasAddress = &ClassicLoadBalancer{}
func (e *ClassicLoadBalancer) IsForAPIServer() bool {
return e.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this address (likely attached to a load balancer).
func (e *ClassicLoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
return e.WellKnownServices
}
func (e *ClassicLoadBalancer) FindAddresses(context *fi.CloudupContext) ([]string, error) {

16
upup/pkg/fi/cloudup/awstasks/network_load_balancer.go
View File

@ -28,6 +28,7 @@ import (
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/aws/aws-sdk-go/service/route53"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@ -64,14 +65,17 @@ type NetworkLoadBalancer struct {
IpAddressType *string
Tags map[string]string
ForAPIServer bool
Tags map[string]string
Type *string
VPC *VPC
TargetGroups []*TargetGroup
AccessLog *NetworkLoadBalancerAccessLog
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var _ fi.CompareWithID = &NetworkLoadBalancer{}
@ -428,7 +432,7 @@ func (e *NetworkLoadBalancer) Find(c *fi.CloudupContext) (*NetworkLoadBalancer,
}
_ = actual.Normalize(c)
actual.ForAPIServer = e.ForAPIServer
actual.WellKnownServices = e.WellKnownServices
actual.Lifecycle = e.Lifecycle
klog.V(4).Infof("Found NLB %+v", actual)
@ -438,8 +442,10 @@ func (e *NetworkLoadBalancer) Find(c *fi.CloudupContext) (*NetworkLoadBalancer,
var _ fi.HasAddress = &NetworkLoadBalancer{}
func (e *NetworkLoadBalancer) IsForAPIServer() bool {
return e.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this load balancer.
func (e *NetworkLoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
return e.WellKnownServices
}
func (e *NetworkLoadBalancer) FindAddresses(context *fi.CloudupContext) ([]string, error) {

5
upup/pkg/fi/cloudup/azuretasks/loadbalancer.go
View File

@ -55,8 +55,9 @@ func (lb *LoadBalancer) CompareWithID() *string {
return lb.Name
}
// IsForAPIServer for api server.
func (lb *LoadBalancer) IsForAPIServer() bool {
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this load balancer.
func (lb *LoadBalancer) GetWellKnownServices() bool {
return lb.ForAPIServer
}

28
upup/pkg/fi/cloudup/dotasks/loadbalancer.go
View File

@ -28,6 +28,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownports"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/do"
"k8s.io/kops/util/pkg/vfs"
@ -39,13 +40,16 @@ type LoadBalancer struct {
ID *string
Lifecycle fi.Lifecycle
Region *string
DropletTag *string
IPAddress *string
VPCUUID *string
VPCName *string
NetworkCIDR *string
ForAPIServer bool
Region *string
DropletTag *string
IPAddress *string
VPCUUID *string
VPCName *string
NetworkCIDR *string
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var readBackoff = wait.Backoff{
@ -85,8 +89,8 @@ func (lb *LoadBalancer) Find(c *fi.CloudupContext) (*LoadBalancer, error) {
VPCUUID: fi.PtrTo(loadbalancer.VPCUUID),
// Ignore system fields
Lifecycle: lb.Lifecycle,
ForAPIServer: lb.ForAPIServer,
Lifecycle: lb.Lifecycle,
WellKnownServices: lb.WellKnownServices,
}, nil
}
@ -197,8 +201,10 @@ func (_ *LoadBalancer) RenderDO(t *do.DOAPITarget, a, e, changes *LoadBalancer)
return nil
}
func (lb *LoadBalancer) IsForAPIServer() bool {
return lb.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this load balancer.
func (lb *LoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
return lb.WellKnownServices
}
func (lb *LoadBalancer) FindAddresses(c *fi.CloudupContext) ([]string, error) {

14
upup/pkg/fi/cloudup/gcetasks/address.go
View File

@ -21,6 +21,7 @@ import (
compute "google.golang.org/api/compute/v1"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/gce"
"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@ -35,9 +36,12 @@ type Address struct {
IPAddress *string
IPAddressType *string
Purpose *string
ForAPIServer bool
Subnetwork *Subnet
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var _ fi.CompareWithID = &ForwardingRule{}
@ -55,7 +59,7 @@ func (e *Address) Find(c *fi.CloudupContext) (*Address, error) {
// Ignore system fields
actual.Lifecycle = e.Lifecycle
actual.ForAPIServer = e.ForAPIServer
actual.WellKnownServices = e.WellKnownServices
}
return actual, err
}
@ -109,8 +113,10 @@ func (e *Address) find(cloud gce.GCECloud) (*Address, error) {
var _ fi.HasAddress = &Address{}
func (e *Address) IsForAPIServer() bool {
return e.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this address (likely attached to a load balancer).
func (e *Address) GetWellKnownServices() []wellknownservices.WellKnownService {
return e.WellKnownServices
}
func (e *Address) FindAddresses(context *fi.CloudupContext) ([]string, error) {

11
upup/pkg/fi/cloudup/hetznertasks/loadbalancer.go
View File

@ -27,6 +27,7 @@ import (
"github.com/hetznercloud/hcloud-go/hcloud"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/hetzner"
"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@ -46,6 +47,10 @@ type LoadBalancer struct {
Target string
Labels map[string]string
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var _ fi.CompareWithID = &LoadBalancer{}
@ -56,8 +61,10 @@ func (v *LoadBalancer) CompareWithID() *string {
var _ fi.HasAddress = &LoadBalancer{}
func (e *LoadBalancer) IsForAPIServer() bool {
return true
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this load balancer.
func (e *LoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
return e.WellKnownServices
}
func (v *LoadBalancer) FindAddresses(c *fi.CloudupContext) ([]string, error) {

22
upup/pkg/fi/cloudup/openstacktasks/floatingip.go
View File

@ -26,6 +26,7 @@ import (
l3floatingip "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/layer3/floatingips"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
"k8s.io/kops/util/pkg/vfs"
@ -33,12 +34,15 @@ import (
// +kops:fitask
type FloatingIP struct {
Name *string
ID *string
LB *LB
IP *string
Lifecycle fi.Lifecycle
ForAPIServer bool
Name *string
ID *string
LB *LB
IP *string
Lifecycle fi.Lifecycle
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var _ fi.HasAddress = &FloatingIP{}
@ -73,8 +77,10 @@ func findL3Floating(cloud openstack.OpenstackCloud, opts l3floatingip.ListOpts)
return result, nil
}
func (e *FloatingIP) IsForAPIServer() bool {
return e.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this address.
func (e *FloatingIP) GetWellKnownServices() []wellknownservices.WellKnownService {
return e.WellKnownServices
}
func (e *FloatingIP) FindAddresses(context *fi.CloudupContext) ([]string, error) {

16
upup/pkg/fi/cloudup/openstacktasks/instance.go
View File

@ -31,6 +31,7 @@ import (
"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/truncate"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
)
@ -55,8 +56,11 @@ type Instance struct {
ConfigDrive *bool
Status *string
Lifecycle fi.Lifecycle
ForAPIServer bool
Lifecycle fi.Lifecycle
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var (
@ -102,8 +106,10 @@ func (e *Instance) CompareWithID() *string {
return e.ID
}
func (e *Instance) IsForAPIServer() bool {
return e.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this instance.
func (e *Instance) GetWellKnownServices() []wellknownservices.WellKnownService {
return e.WellKnownServices
}
func (e *Instance) FindAddresses(context *fi.CloudupContext) ([]string, error) {
@ -244,7 +250,7 @@ func (e *Instance) Find(c *fi.CloudupContext) (*Instance, error) {
// Avoid flapping
e.ID = actual.ID
e.Status = fi.PtrTo(activeStatus)
actual.ForAPIServer = e.ForAPIServer
actual.WellKnownServices = e.WellKnownServices
// Immutable fields
actual.Flavor = e.Flavor

4
upup/pkg/fi/cloudup/openstacktasks/port.go
View File

@ -82,7 +82,9 @@ func (s *Port) FindAddresses(context *fi.CloudupContext) ([]string, error) {
return addrs, nil
}
func (s *Port) IsForAPIServer() bool {
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this load balancer.
func (s *Port) GetWellKnownServices() bool {
return s.ForAPIServer
}

26
upup/pkg/fi/cloudup/scalewaytasks/loadbalancer.go
View File

@ -22,6 +22,7 @@ import (
"strings"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/wellknownservices"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/scaleway"
"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@ -45,7 +46,10 @@ type LoadBalancer struct {
Tags []string
Description string
SslCompatibilityLevel string
ForAPIServer bool
// WellKnownServices indicates which services are supported by this resource.
// This field is internal and is not rendered to the cloud.
WellKnownServices []wellknownservices.WellKnownService
}
var _ fi.CompareWithID = &LoadBalancer{}
@ -55,8 +59,10 @@ func (l *LoadBalancer) CompareWithID() *string {
return l.LBID
}
func (l *LoadBalancer) IsForAPIServer() bool {
return l.ForAPIServer
// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
// It indicates which services we support with this load balancer.
func (l *LoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
return l.WellKnownServices
}
func (l *LoadBalancer) Find(context *fi.CloudupContext) (*LoadBalancer, error) {
@ -81,13 +87,13 @@ func (l *LoadBalancer) Find(context *fi.CloudupContext) (*LoadBalancer, error) {
}
return &LoadBalancer{
Name: fi.PtrTo(loadBalancer.Name),
LBID: fi.PtrTo(loadBalancer.ID),
Zone: fi.PtrTo(string(loadBalancer.Zone)),
LBAddresses: lbIPs,
Tags: loadBalancer.Tags,
Lifecycle: l.Lifecycle,
ForAPIServer: l.ForAPIServer,
Name: fi.PtrTo(loadBalancer.Name),
LBID: fi.PtrTo(loadBalancer.ID),
Zone: fi.PtrTo(string(loadBalancer.Zone)),
LBAddresses: lbIPs,
Tags: loadBalancer.Tags,
Lifecycle: l.Lifecycle,
WellKnownServices: l.WellKnownServices,
}, nil
}

8
upup/pkg/fi/has_address.go
View File

@ -16,12 +16,16 @@ limitations under the License.
package fi
import "k8s.io/kops/pkg/wellknownservices"
// HasAddress is implemented by elastic/floating IP addresses in order to include
// relevant dynamically allocated addresses in the api-server's server TLS certificate.
type HasAddress interface {
Task[CloudupSubContext]
// IsForAPIServer indicates whether the implementation provides an address that needs to be added to the api-server server certificate.
IsForAPIServer() bool
// GetWellKnownServices returns the services that are behind this address.
GetWellKnownServices() []wellknownservices.WellKnownService
// FindIPAddress returns the address associated with the implementor. If there is no address, returns (nil, nil).
FindAddresses(context *CloudupContext) ([]string, error)
}