First pass at instance protection

2019-06-21 09:21:30 -04:00 · 2019-06-21 09:21:30 -04:00 · adaf3ad5fd
parent b7e298c654
commit adaf3ad5fd
10 changed files with 45 additions and 0 deletions
--- a/pkg/apis/kops/instancegroup.go
+++ b/pkg/apis/kops/instancegroup.go
@ -149,6 +149,8 @@ type InstanceGroupSpec struct {
 	IAM *IAMProfileSpec `json:"iam,omitempty"`
 	// SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only).
 	SecurityGroupOverride *string `json:"securityGroupOverride,omitempty"`
+	// InstanceProtection makes new instances in an autoscaling group protected from scale in
+	InstanceProtection *bool `json:"instanceProtection,omitempty"`
 }

 const (
--- a/pkg/apis/kops/v1alpha1/instancegroup.go
+++ b/pkg/apis/kops/v1alpha1/instancegroup.go
@ -136,6 +136,8 @@ type InstanceGroupSpec struct {
 	IAM *IAMProfileSpec `json:"iam,omitempty"`
 	// SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only).
 	SecurityGroupOverride *string `json:"securityGroupOverride,omitempty"`
+	// InstanceProtection makes new instances in an autoscaling group protected from scale in
+	InstanceProtection *bool `json:"instanceProtection,omitempty"`
 }

 const (
--- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
@ -2751,6 +2751,7 @@ func autoConvert_v1alpha1_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan
 		out.IAM = nil
 	}
 	out.SecurityGroupOverride = in.SecurityGroupOverride
+	out.InstanceProtection = in.InstanceProtection
 	return nil
 }

@ -2871,6 +2872,7 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha1_InstanceGroupSpec(in *kops.I
 		out.IAM = nil
 	}
 	out.SecurityGroupOverride = in.SecurityGroupOverride
+	out.InstanceProtection = in.InstanceProtection
 	return nil
 }

--- a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
@ -1529,6 +1529,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.InstanceProtection != nil {
+		in, out := &in.InstanceProtection, &out.InstanceProtection
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/pkg/apis/kops/v1alpha2/instancegroup.go
+++ b/pkg/apis/kops/v1alpha2/instancegroup.go
@ -143,6 +143,8 @@ type InstanceGroupSpec struct {
 	IAM *IAMProfileSpec `json:"iam,omitempty"`
 	// SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only).
 	SecurityGroupOverride *string `json:"securityGroupOverride,omitempty"`
+	// InstanceProtection makes new instances in an autoscaling group protected from scale in
+	InstanceProtection *bool `json:"instanceProtection,omitempty"`
 }

 const (
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@ -2869,6 +2869,7 @@ func autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan
 		out.IAM = nil
 	}
 	out.SecurityGroupOverride = in.SecurityGroupOverride
+	out.InstanceProtection = in.InstanceProtection
 	return nil
 }

@ -2994,6 +2995,7 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.I
 		out.IAM = nil
 	}
 	out.SecurityGroupOverride = in.SecurityGroupOverride
+	out.InstanceProtection = in.InstanceProtection
 	return nil
 }

--- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
@ -1491,6 +1491,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.InstanceProtection != nil {
+		in, out := &in.InstanceProtection, &out.InstanceProtection
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/pkg/apis/kops/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/zz_generated.deepcopy.go
@ -1657,6 +1657,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.InstanceProtection != nil {
+		in, out := &in.InstanceProtection, &out.InstanceProtection
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/pkg/model/awsmodel/autoscalinggroup.go
+++ b/pkg/model/awsmodel/autoscalinggroup.go
@ -315,6 +315,8 @@ func (b *AutoscalingGroupModelBuilder) buildAutoScalingGroupTask(c *fi.ModelBuil
 	}
 	t.SuspendProcesses = &processes

+	t.InstanceProtection = ig.Spec.InstanceProtection
+
 	// @step: are we using a mixed instance policy
 	if ig.Spec.MixedInstancesPolicy != nil {
 		spec := ig.Spec.MixedInstancesPolicy
--- a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go
+++ b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go
@ -45,6 +45,8 @@ type AutoscalingGroup struct {

 	// Granularity specifys the granularity of the metrics
 	Granularity *string
+	// InstanceProtection makes new instances in an autoscaling group protected from scale in
+	InstanceProtection *bool
 	// LaunchConfiguration is the launch configuration for the autoscaling group
 	LaunchConfiguration *LaunchConfiguration
 	// LaunchTemplate is the launch template for the asg
@ -171,6 +173,10 @@ func (e *AutoscalingGroup) Find(c *fi.Context) (*AutoscalingGroup, error) {
 	// Avoid spurious changes
 	actual.Lifecycle = e.Lifecycle

+	if g.NewInstancesProtectedFromScaleIn != nil {
+		actual.InstanceProtection = g.NewInstancesProtectedFromScaleIn
+	}
+
 	return actual, nil
 }

@ -315,6 +321,11 @@ func (v *AutoscalingGroup) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *Autos
 				return fmt.Errorf("error suspending processes: %v", err)
 			}
 		}
+
+		if e.InstanceProtection != nil {
+			request.NewInstancesProtectedFromScaleIn = e.InstanceProtection
+		}
+
 	} else {
 		// @logic: else we have found a autoscaling group and we need to evaluate the difference
 		request := &autoscaling.UpdateAutoScalingGroupInput{
@ -451,6 +462,11 @@ func (v *AutoscalingGroup) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *Autos
 			changes.SuspendProcesses = nil
 		}

+		if changes.InstanceProtection != nil {
+			request.NewInstancesProtectedFromScaleIn = e.InstanceProtection
+			changes.InstanceProtection = nil
+		}
+
 		empty := &AutoscalingGroup{}
 		if !reflect.DeepEqual(empty, changes) {
 			klog.Warningf("cannot apply changes to AutoScalingGroup: %v", changes)
@ -628,6 +644,7 @@ type terraformAutoscalingGroup struct {
 	MetricsGranularity      *string                          `json:"metrics_granularity,omitempty"`
 	EnabledMetrics          []*string                        `json:"enabled_metrics,omitempty"`
 	SuspendedProcesses      []*string                        `json:"suspended_processes,omitempty"`
+	InstanceProtection      *bool                            `json:"protect_from_scale_in,omitempty"`
 }

 // RenderTerraform is responsible for rendering the terraform codebase
@ -638,6 +655,7 @@ func (_ *AutoscalingGroup) RenderTerraform(t *terraform.TerraformTarget, a, e, c
 		MaxSize:            e.MaxSize,
 		MetricsGranularity: e.Granularity,
 		EnabledMetrics:     aws.StringSlice(e.Metrics),
+		InstanceProtection: e.InstanceProtection,
 	}

 	for _, s := range e.Subnets {