From 7041a43982444528edfe1f7590cd2e479c4d7892 Mon Sep 17 00:00:00 2001 From: Nicolas Vanheuverzwijn Date: Mon, 13 Jan 2020 14:50:50 -0500 Subject: [PATCH 1/4] issue-8330: return empty nodeup template when calculating bastion userdata without additionaluserdata --- pkg/model/bootstrapscript.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/model/bootstrapscript.go b/pkg/model/bootstrapscript.go index e713e52aa8..7317cb52e3 100644 --- a/pkg/model/bootstrapscript.go +++ b/pkg/model/bootstrapscript.go @@ -132,7 +132,11 @@ func (b *BootstrapScript) buildEnvironmentVariables(cluster *kops.Cluster) (map[ func (b *BootstrapScript) ResourceNodeUp(ig *kops.InstanceGroup, cluster *kops.Cluster) (*fi.ResourceHolder, error) { // Bastions can have AdditionalUserData, but if there isn't any skip this part if ig.IsBastion() && len(ig.Spec.AdditionalUserData) == 0 { - return nil, nil + templateResource, err := NewTemplateResource("nodeup", "", nil, nil) + if err != nil { + return nil, err + } + return fi.WrapResource(templateResource), nil } functions := template.FuncMap{ From eaa025effd5f9fac6b0ff07a35da4a4650b9193d Mon Sep 17 00:00:00 2001 From: Nicolas Vanheuverzwijn Date: Mon, 13 Jan 2020 15:28:20 -0500 Subject: [PATCH 2/4] run hack/update-expected.sh: we now consistenly output an empty user-data for bastion node --- .../update_cluster/private-shared-subnet/kubernetes.tf | 1 + tests/integration/update_cluster/privatecalico/kubernetes.tf | 1 + tests/integration/update_cluster/privatecanal/kubernetes.tf | 1 + tests/integration/update_cluster/privatedns1/kubernetes.tf | 1 + tests/integration/update_cluster/privatedns2/kubernetes.tf | 1 + tests/integration/update_cluster/privateflannel/kubernetes.tf | 1 + tests/integration/update_cluster/privatekopeio/kubernetes.tf | 1 + tests/integration/update_cluster/privateweave/kubernetes.tf | 1 + tests/integration/update_cluster/unmanaged/kubernetes.tf | 1 + 9 files changed, 9 insertions(+) diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 136018fbce..4f53809e7a 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -367,6 +367,7 @@ resource "aws_launch_configuration" "bastion-private-shared-subnet-example-com" iam_instance_profile = "${aws_iam_instance_profile.bastions-private-shared-subnet-example-com.id}" security_groups = ["${aws_security_group.bastion-private-shared-subnet-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.private-shared-subnet.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index bd06b8bfdf..baad6c2ef7 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -397,6 +397,7 @@ resource "aws_launch_configuration" "bastion-privatecalico-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privatecalico-example-com.id}" security_groups = ["${aws_security_group.bastion-privatecalico-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privatecalico.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index 36443f4efa..bf833b844f 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -397,6 +397,7 @@ resource "aws_launch_configuration" "bastion-privatecanal-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privatecanal-example-com.id}" security_groups = ["${aws_security_group.bastion-privatecanal-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privatecanal.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index 959038cf30..c6e933fc2e 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -397,6 +397,7 @@ resource "aws_launch_configuration" "bastion-privatedns1-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privatedns1-example-com.id}" security_groups = ["${aws_security_group.bastion-privatedns1-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privatedns1.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 59c98724d7..281c6fabc1 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -382,6 +382,7 @@ resource "aws_launch_configuration" "bastion-privatedns2-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privatedns2-example-com.id}" security_groups = ["${aws_security_group.bastion-privatedns2-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privatedns2.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 3b0fae6032..868d9fafe3 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -397,6 +397,7 @@ resource "aws_launch_configuration" "bastion-privateflannel-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privateflannel-example-com.id}" security_groups = ["${aws_security_group.bastion-privateflannel-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privateflannel.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 4070f6b8ae..aad4222bfa 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -402,6 +402,7 @@ resource "aws_launch_configuration" "bastion-privatekopeio-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privatekopeio-example-com.id}" security_groups = ["${aws_security_group.bastion-privatekopeio-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privatekopeio.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index 4b270ece83..d354403fb3 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -397,6 +397,7 @@ resource "aws_launch_configuration" "bastion-privateweave-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-privateweave-example-com.id}" security_groups = ["${aws_security_group.bastion-privateweave-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.privateweave.example.com_user_data")}" root_block_device = { volume_type = "gp2" diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 12d6f9c597..2f22ed4507 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -372,6 +372,7 @@ resource "aws_launch_configuration" "bastion-unmanaged-example-com" { iam_instance_profile = "${aws_iam_instance_profile.bastions-unmanaged-example-com.id}" security_groups = ["${aws_security_group.bastion-unmanaged-example-com.id}"] associate_public_ip_address = true + user_data = "${file("${path.module}/data/aws_launch_configuration_bastion.unmanaged.example.com_user_data")}" root_block_device = { volume_type = "gp2" From 8d3df18a51009a74718925dd0792f72353f897e8 Mon Sep 17 00:00:00 2001 From: Nicolas Vanheuverzwijn Date: Mon, 13 Jan 2020 15:43:37 -0500 Subject: [PATCH 3/4] test: fix integration test to always include bastion userdata --- cmd/kops/integration_test.go | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index 0a2aae0ab2..f77a71904e 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -417,17 +417,10 @@ func runTestAWS(t *testing.T, clusterName string, srcDir string, version string, expectedFilenames = append(expectedFilenames, []string{ "aws_iam_role_bastions." + clusterName + "_policy", "aws_iam_role_policy_bastions." + clusterName + "_policy", - - // bastions usually don't have any userdata - // "aws_launch_configuration_bastions." + clusterName + "_user_data", + "aws_launch_configuration_bastion." + clusterName + "_user_data", }...) } } - - // Special case that tests a bastion with user-data - if srcDir == "bastionadditional_user-data" { - expectedFilenames = append(expectedFilenames, "aws_launch_configuration_bastion."+clusterName+"_user_data") - } runTest(t, h, clusterName, srcDir, version, private, zones, expectedFilenames, "", nil, lifecycleOverrides) } @@ -457,9 +450,7 @@ func runTestPhase(t *testing.T, clusterName string, srcDir string, version strin expectedFilenames = append(expectedFilenames, []string{ "aws_iam_role_bastions." + clusterName + "_policy", "aws_iam_role_policy_bastions." + clusterName + "_policy", - - // bastions don't have any userdata - // "aws_launch_configuration_bastions." + clusterName + "_user_data", + "aws_launch_configuration_bastion." + clusterName + "_user_data", }...) } } else if phase == cloudup.PhaseCluster { From 6db1b185e64d01445133655f7792184c501e24da Mon Sep 17 00:00:00 2001 From: Nicolas Vanheuverzwijn Date: Mon, 13 Jan 2020 16:12:47 -0500 Subject: [PATCH 4/4] run hack/update-expected.sh --- .../integration/update_cluster/privatecalico/cloudformation.json | 1 + .../privatecalico/cloudformation.json.extracted.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index f8a998c94b..e44e6bb3c4 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -194,6 +194,7 @@ "Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom" } ], + "UserData": "extracted", "InstanceMonitoring": false } }, diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml index 13eb5fc2c6..8f748e8329 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml @@ -1,3 +1,4 @@ +Resources.AWSAutoScalingLaunchConfigurationbastionprivatecalicoexamplecom.Properties.UserData: "" Resources.AWSAutoScalingLaunchConfigurationmasterustest1amastersprivatecalicoexamplecom.Properties.UserData: | #!/bin/bash # Copyright 2016 The Kubernetes Authors All rights reserved.