kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17430 from h3poteto/iss-17250/additional-security-groups 

Re-enable additionalSecurityGroups for bastion LB
This commit is contained in:
Kubernetes Prow Robot 2025-06-08 13:28:23 -07:00 committed by GitHub
parent 3630433cf3 b674f78c8e
commit b1081c48ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 36 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
k8s/crds/kops.k8s.io_clusters.yaml
View File

@ -6386,7 +6386,6 @@ spec:
loadBalancer: loadBalancer:
properties: properties:
additionalSecurityGroups: additionalSecurityGroups:
description: AdditionalSecurityGroups is unused
items: items:
type: string type: string
type: array type: array

1
pkg/apis/kops/bastion.go
View File

@ -24,6 +24,7 @@ type BastionSpec struct {
} }
type BastionLoadBalancerSpec struct { type BastionLoadBalancerSpec struct {
AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
// Type of load balancer to create, it can be Public or Internal. // Type of load balancer to create, it can be Public or Internal.
Type LoadBalancerType `json:"type,omitempty"` Type LoadBalancerType `json:"type,omitempty"`
} }

2
pkg/apis/kops/v1alpha2/bastion.go
View File

@ -25,8 +25,6 @@ type BastionSpec struct {
} }
type BastionLoadBalancerSpec struct { type BastionLoadBalancerSpec struct {
// AdditionalSecurityGroups is unused
// +k8s:conversion-gen=false
AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"` AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
// Type of load balancer to create, it can be Public or Internal. // Type of load balancer to create, it can be Public or Internal.
Type LoadBalancerType `json:"type,omitempty"` Type LoadBalancerType `json:"type,omitempty"`

3
pkg/apis/kops/v1alpha2/zz_generated.conversion.go generated
View File

@ -1742,7 +1742,7 @@ func Convert_kops_AzureSpec_To_v1alpha2_AzureSpec(in *kops.AzureSpec, out *Azure
} }
func autoConvert_v1alpha2_BastionLoadBalancerSpec_To_kops_BastionLoadBalancerSpec(in *BastionLoadBalancerSpec, out *kops.BastionLoadBalancerSpec, s conversion.Scope) error { func autoConvert_v1alpha2_BastionLoadBalancerSpec_To_kops_BastionLoadBalancerSpec(in *BastionLoadBalancerSpec, out *kops.BastionLoadBalancerSpec, s conversion.Scope) error {
// INFO: in.AdditionalSecurityGroups opted out of conversion generation out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
out.Type = kops.LoadBalancerType(in.Type) out.Type = kops.LoadBalancerType(in.Type)
return nil return nil
} }
@ -1753,6 +1753,7 @@ func Convert_v1alpha2_BastionLoadBalancerSpec_To_kops_BastionLoadBalancerSpec(in
} }
func autoConvert_kops_BastionLoadBalancerSpec_To_v1alpha2_BastionLoadBalancerSpec(in *kops.BastionLoadBalancerSpec, out *BastionLoadBalancerSpec, s conversion.Scope) error { func autoConvert_kops_BastionLoadBalancerSpec_To_v1alpha2_BastionLoadBalancerSpec(in *kops.BastionLoadBalancerSpec, out *BastionLoadBalancerSpec, s conversion.Scope) error {
out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
out.Type = LoadBalancerType(in.Type) out.Type = LoadBalancerType(in.Type)
return nil return nil
} }

1
pkg/apis/kops/v1alpha3/bastion.go
View File

@ -24,6 +24,7 @@ type BastionSpec struct {
} }
type BastionLoadBalancerSpec struct { type BastionLoadBalancerSpec struct {
AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
// Type of load balancer to create, it can be Public or Internal. // Type of load balancer to create, it can be Public or Internal.
Type LoadBalancerType `json:"type,omitempty"` Type LoadBalancerType `json:"type,omitempty"`
} }

2
pkg/apis/kops/v1alpha3/zz_generated.conversion.go generated
View File

@ -1918,6 +1918,7 @@ func Convert_kops_AzureSpec_To_v1alpha3_AzureSpec(in *kops.AzureSpec, out *Azure
} }
func autoConvert_v1alpha3_BastionLoadBalancerSpec_To_kops_BastionLoadBalancerSpec(in *BastionLoadBalancerSpec, out *kops.BastionLoadBalancerSpec, s conversion.Scope) error { func autoConvert_v1alpha3_BastionLoadBalancerSpec_To_kops_BastionLoadBalancerSpec(in *BastionLoadBalancerSpec, out *kops.BastionLoadBalancerSpec, s conversion.Scope) error {
out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
out.Type = kops.LoadBalancerType(in.Type) out.Type = kops.LoadBalancerType(in.Type)
return nil return nil
} }
@ -1928,6 +1929,7 @@ func Convert_v1alpha3_BastionLoadBalancerSpec_To_kops_BastionLoadBalancerSpec(in
} }
func autoConvert_kops_BastionLoadBalancerSpec_To_v1alpha3_BastionLoadBalancerSpec(in *kops.BastionLoadBalancerSpec, out *BastionLoadBalancerSpec, s conversion.Scope) error { func autoConvert_kops_BastionLoadBalancerSpec_To_v1alpha3_BastionLoadBalancerSpec(in *kops.BastionLoadBalancerSpec, out *BastionLoadBalancerSpec, s conversion.Scope) error {
out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
out.Type = LoadBalancerType(in.Type) out.Type = LoadBalancerType(in.Type)
return nil return nil
} }

7
pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go generated
View File

@ -423,6 +423,11 @@ func (in *AzureSpec) DeepCopy() *AzureSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *BastionLoadBalancerSpec) DeepCopyInto(out *BastionLoadBalancerSpec) { func (in *BastionLoadBalancerSpec) DeepCopyInto(out *BastionLoadBalancerSpec) {
*out = *in *out = *in
if in.AdditionalSecurityGroups != nil {
in, out := &in.AdditionalSecurityGroups, &out.AdditionalSecurityGroups
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
@ -442,7 +447,7 @@ func (in *BastionSpec) DeepCopyInto(out *BastionSpec) {
if in.LoadBalancer != nil { if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(BastionLoadBalancerSpec) *out = new(BastionLoadBalancerSpec)
**out = **in (*in).DeepCopyInto(*out)
} }
return return
} }

7
pkg/apis/kops/zz_generated.deepcopy.go generated
View File

@ -422,6 +422,11 @@ func (in *AzureSpec) DeepCopy() *AzureSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *BastionLoadBalancerSpec) DeepCopyInto(out *BastionLoadBalancerSpec) { func (in *BastionLoadBalancerSpec) DeepCopyInto(out *BastionLoadBalancerSpec) {
*out = *in *out = *in
if in.AdditionalSecurityGroups != nil {
in, out := &in.AdditionalSecurityGroups, &out.AdditionalSecurityGroups
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
@ -441,7 +446,7 @@ func (in *BastionSpec) DeepCopyInto(out *BastionSpec) {
if in.LoadBalancer != nil { if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(BastionLoadBalancerSpec) *out = new(BastionLoadBalancerSpec)
**out = **in (*in).DeepCopyInto(*out)
} }
return return
} }

14
pkg/model/awsmodel/bastion.go
View File

@ -393,6 +393,20 @@ func (b *BastionModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
c.AddTask(tg) c.AddTask(tg)
// Add additional security groups to the NLB
if b.Cluster.Spec.Networking.Topology != nil && b.Cluster.Spec.Networking.Topology.Bastion != nil && b.Cluster.Spec.Networking.Topology.Bastion.LoadBalancer != nil && b.Cluster.Spec.Networking.Topology.Bastion.LoadBalancer.AdditionalSecurityGroups != nil {
for _, id := range b.Cluster.Spec.Networking.Topology.Bastion.LoadBalancer.AdditionalSecurityGroups {
t := &awstasks.SecurityGroup{
Name: fi.PtrTo(id),
Lifecycle: b.SecurityLifecycle,
ID: fi.PtrTo(id),
Shared: fi.PtrTo(true),
}
c.EnsureTask(t)
nlb.SecurityGroups = append(nlb.SecurityGroups, t)
}
}
c.AddTask(nlb) c.AddTask(nlb)
} }

4
tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content
View File

@ -209,6 +209,8 @@ spec:
zone: us-test-1a zone: us-test-1a
topology: topology:
bastion: bastion:
loadBalancer: {} loadBalancer:
additionalSecurityGroups:
- sg-exampleid
dns: dns:
type: Public type: Public

2
tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf
View File

@ -773,7 +773,7 @@ resource "aws_lb" "bastion-bastionuserdata-example-com" {
internal = false internal = false
load_balancer_type = "network" load_balancer_type = "network"
name = "bastion-bastionuserdata-e-4grhsv" name = "bastion-bastionuserdata-e-4grhsv"
security_groups = [aws_security_group.bastion-elb-bastionuserdata-example-com.id] security_groups = ["sg-exampleid", aws_security_group.bastion-elb-bastionuserdata-example-com.id]
subnet_mapping { subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-bastionuserdata-example-com.id subnet_id = aws_subnet.utility-us-test-1a-bastionuserdata-example-com.id
} }