Merge pull request #7103 from austinmoore-/egress-proxy-for-etcd-manager

Egress proxy for etcd manager
2019-06-20 11:30:49 -07:00 · 2019-06-20 11:30:49 -07:00 · 96704f24cd
parent 5e3d9f7f0d 00ad7316a4
commit 96704f24cd
11 changed files with 78 additions and 32 deletions
--- a/hack/.packages
+++ b/hack/.packages
@ -189,6 +189,7 @@ k8s.io/kops/upup/tools/generators/pkg/codegen
 k8s.io/kops/util/pkg/exec
 k8s.io/kops/util/pkg/hashing
 k8s.io/kops/util/pkg/maps
+k8s.io/kops/util/pkg/proxy
 k8s.io/kops/util/pkg/reflectutils
 k8s.io/kops/util/pkg/slice
 k8s.io/kops/util/pkg/tables
--- a/nodeup/pkg/model/BUILD.bazel
+++ b/nodeup/pkg/model/BUILD.bazel
@ -56,6 +56,7 @@ go_library(
        "//upup/pkg/fi/cloudup/awsup:go_default_library",
        "//upup/pkg/fi/nodeup/nodetasks:go_default_library",
        "//util/pkg/exec:go_default_library",
+        "//util/pkg/proxy:go_default_library",
        "//util/pkg/reflectutils:go_default_library",
        "//util/pkg/vfs:go_default_library",
        "//vendor/github.com/aws/aws-sdk-go/aws/ec2metadata:go_default_library",
--- a/nodeup/pkg/model/convenience.go
+++ b/nodeup/pkg/model/convenience.go
@ -26,7 +26,6 @@ import (

 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/klog"
 )

 // s is a helper that builds a *string from a string value
@ -65,33 +64,6 @@ func buildDockerEnvironmentVars(env map[string]string) []string {
 	return list
 }

-func getProxyEnvVars(proxies *kops.EgressProxySpec) []v1.EnvVar {
-	if proxies == nil {
-		klog.V(8).Info("proxies is == nil, returning empty list")
-		return []v1.EnvVar{}
-	}
-
-	if proxies.HTTPProxy.Host == "" {
-		klog.Warning("EgressProxy set but no proxy host provided")
-	}
-
-	var httpProxyURL string
-	if proxies.HTTPProxy.Port == 0 {
-		httpProxyURL = "http://" + proxies.HTTPProxy.Host
-	} else {
-		httpProxyURL = "http://" + proxies.HTTPProxy.Host + ":" + strconv.Itoa(proxies.HTTPProxy.Port)
-	}
-
-	noProxy := proxies.ProxyExcludes
-
-	return []v1.EnvVar{
-		{Name: "http_proxy", Value: httpProxyURL},
-		{Name: "https_proxy", Value: httpProxyURL},
-		{Name: "NO_PROXY", Value: noProxy},
-		{Name: "no_proxy", Value: noProxy},
-	}
-}
-
 // sortedStrings is just a one liner helper methods
 func sortedStrings(list []string) []string {
 	sort.Strings(list)
--- a/nodeup/pkg/model/kube_apiserver.go
+++ b/nodeup/pkg/model/kube_apiserver.go
@ -18,6 +18,7 @@ package model

 import (
 	"fmt"
+	"k8s.io/kops/util/pkg/proxy"
 	"path/filepath"
 	"strings"

@ -395,7 +396,7 @@ func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) {
 	container := &v1.Container{
 		Name:  "kube-apiserver",
 		Image: b.Cluster.Spec.KubeAPIServer.Image,
-		Env:   getProxyEnvVars(b.Cluster.Spec.EgressProxy),
+		Env:   proxy.GetProxyEnvVars(b.Cluster.Spec.EgressProxy),
 		LivenessProbe: &v1.Probe{
 			Handler: v1.Handler{
 				HTTPGet: probeAction,
--- a/nodeup/pkg/model/kube_controller_manager.go
+++ b/nodeup/pkg/model/kube_controller_manager.go
@ -18,6 +18,7 @@ package model

 import (
 	"fmt"
+	"k8s.io/kops/util/pkg/proxy"
 	"path/filepath"
 	"strings"

@ -154,7 +155,7 @@ func (b *KubeControllerManagerBuilder) buildPod() (*v1.Pod, error) {
 	container := &v1.Container{
 		Name:  "kube-controller-manager",
 		Image: b.Cluster.Spec.KubeControllerManager.Image,
-		Env:   getProxyEnvVars(b.Cluster.Spec.EgressProxy),
+		Env:   proxy.GetProxyEnvVars(b.Cluster.Spec.EgressProxy),
 		LivenessProbe: &v1.Probe{
 			Handler: v1.Handler{
 				HTTPGet: &v1.HTTPGetAction{
--- a/nodeup/pkg/model/kube_scheduler.go
+++ b/nodeup/pkg/model/kube_scheduler.go
@ -18,6 +18,7 @@ package model

 import (
 	"fmt"
+	"k8s.io/kops/util/pkg/proxy"

 	v1 "k8s.io/api/core/v1"
 	"k8s.io/kops/pkg/flagbuilder"
@ -125,7 +126,7 @@ func (b *KubeSchedulerBuilder) buildPod() (*v1.Pod, error) {
 	container := &v1.Container{
 		Name:  "kube-scheduler",
 		Image: c.Image,
-		Env:   getProxyEnvVars(b.Cluster.Spec.EgressProxy),
+		Env:   proxy.GetProxyEnvVars(b.Cluster.Spec.EgressProxy),
 		LivenessProbe: &v1.Probe{
 			Handler: v1.Handler{
 				HTTPGet: &v1.HTTPGetAction{
--- a/nodeup/pkg/model/protokube.go
+++ b/nodeup/pkg/model/protokube.go
@ -19,6 +19,7 @@ package model
 import (
 	"bytes"
 	"fmt"
+	"k8s.io/kops/util/pkg/proxy"
 	"os"
 	"path/filepath"
 	"strings"
@ -491,7 +492,7 @@ func (t *ProtokubeBuilder) ProtokubeEnvironmentVariables() string {
 }

 func (t *ProtokubeBuilder) writeProxyEnvVars(buffer *bytes.Buffer) {
-	for _, envVar := range getProxyEnvVars(t.Cluster.Spec.EgressProxy) {
+	for _, envVar := range proxy.GetProxyEnvVars(t.Cluster.Spec.EgressProxy) {
 		buffer.WriteString(" -e ")
 		buffer.WriteString(envVar.Name)
 		buffer.WriteString("=")
--- a/pkg/model/components/etcdmanager/BUILD.bazel
+++ b/pkg/model/components/etcdmanager/BUILD.bazel
@ -24,6 +24,7 @@ go_library(
        "//upup/pkg/fi/fitasks:go_default_library",
        "//upup/pkg/fi/loader:go_default_library",
        "//util/pkg/exec:go_default_library",
+        "//util/pkg/proxy:go_default_library",
        "//vendor/k8s.io/api/core/v1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
--- a/pkg/model/components/etcdmanager/model.go
+++ b/pkg/model/components/etcdmanager/model.go
@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"k8s.io/kops/util/pkg/proxy"
 	"os"
 	"strings"

@ -426,6 +427,8 @@ func (b *EtcdManagerBuilder) buildPod(etcdCluster *kops.EtcdClusterSpec) (*v1.Po
 		})
 	}

+	container.Env = proxy.GetProxyEnvVars(b.Cluster.Spec.EgressProxy)
+
 	{
 		foundPKI := false
 		for i := range pod.Spec.Volumes {
--- a/util/pkg/proxy/BUILD.bazel
+++ b/util/pkg/proxy/BUILD.bazel
@ -0,0 +1,13 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["proxy.go"],
+    importpath = "k8s.io/kops/util/pkg/proxy",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/apis/kops:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/klog:go_default_library",
+    ],
+)
--- a/util/pkg/proxy/proxy.go
+++ b/util/pkg/proxy/proxy.go
@ -0,0 +1,51 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package proxy
+
+import (
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/klog"
+	"k8s.io/kops/pkg/apis/kops"
+	"strconv"
+)
+
+func GetProxyEnvVars(proxies *kops.EgressProxySpec) []v1.EnvVar {
+	if proxies == nil {
+		klog.V(8).Info("proxies is == nil, returning empty list")
+		return []v1.EnvVar{}
+	}
+
+	if proxies.HTTPProxy.Host == "" {
+		klog.Warning("EgressProxy set but no proxy host provided")
+	}
+
+	var httpProxyURL string
+	if proxies.HTTPProxy.Port == 0 {
+		httpProxyURL = "http://" + proxies.HTTPProxy.Host
+	} else {
+		httpProxyURL = "http://" + proxies.HTTPProxy.Host + ":" + strconv.Itoa(proxies.HTTPProxy.Port)
+	}
+
+	noProxy := proxies.ProxyExcludes
+
+	return []v1.EnvVar{
+		{Name: "http_proxy", Value: httpProxyURL},
+		{Name: "https_proxy", Value: httpProxyURL},
+		{Name: "NO_PROXY", Value: noProxy},
+		{Name: "no_proxy", Value: noProxy},
+	}
+}