From d39ba74bd72f94fc289b2c94bbd6a9b562da4373 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Sun, 13 Nov 2022 19:57:25 -0800 Subject: [PATCH] Change the control-plane IG role to "ControlPlane" in v1alpha3 API --- cmd/kops/create_cluster.go | 2 +- cmd/kops/create_instancegroup.go | 4 +- cmd/kops/delete_instancegroup.go | 7 +- cmd/kops/rolling-update_cluster.go | 4 +- examples/kops-api-example/up.go | 2 +- nodeup/pkg/model/context.go | 4 +- pkg/apis/kops/cluster.go | 4 +- pkg/apis/kops/cluster_test.go | 32 +++---- pkg/apis/kops/instancegroup.go | 37 +++++--- pkg/apis/kops/parse.go | 9 +- pkg/apis/kops/parse_test.go | 10 ++- pkg/apis/kops/v1alpha2/conversion.go | 89 +++++++++++++++++++ .../kops/v1alpha2/zz_generated.conversion.go | 60 +++++-------- pkg/apis/kops/v1alpha3/instancegroup.go | 6 +- pkg/apis/kops/validation/instancegroup.go | 6 +- .../kops/validation/instancegroup_test.go | 6 +- pkg/apis/kops/validation/legacy.go | 2 +- pkg/apis/kops/validation/validation.go | 4 +- pkg/apis/kops/validation/validation_test.go | 14 +-- pkg/instancegroups/instancegroups.go | 10 +-- pkg/instancegroups/rollingupdate.go | 2 +- pkg/instancegroups/rollingupdate_os_test.go | 8 +- pkg/instancegroups/rollingupdate_test.go | 20 ++--- pkg/model/awsmodel/api_loadbalancer.go | 2 +- pkg/model/awsmodel/autoscalinggroup.go | 2 +- pkg/model/awsmodel/autoscalinggroup_test.go | 4 +- pkg/model/awsmodel/bastion.go | 2 +- pkg/model/awsmodel/external_access.go | 2 +- pkg/model/awsmodel/firewall.go | 4 +- pkg/model/awsmodel/iam.go | 8 +- pkg/model/awsmodel/spotinst.go | 6 +- pkg/model/azuremodel/api_loadbalancer_test.go | 4 +- pkg/model/azuremodel/context.go | 5 +- pkg/model/azuremodel/vmscaleset.go | 2 +- pkg/model/azuremodel/vmscaleset_test.go | 8 +- pkg/model/bootstrapscript.go | 6 +- pkg/model/bootstrapscript_test.go | 24 ++--- pkg/model/components/apiserver.go | 2 +- pkg/model/components/context.go | 6 -- pkg/model/components/etcdmanager/model.go | 6 +- pkg/model/components/kubeapiserver/model.go | 2 +- pkg/model/components/kubescheduler/model.go | 2 +- pkg/model/context.go | 9 +- pkg/model/defaults/volumes.go | 2 +- pkg/model/domodel/droplets.go | 2 +- pkg/model/gcemodel/api_loadbalancer.go | 4 +- pkg/model/gcemodel/autoscalinggroup.go | 12 ++- pkg/model/gcemodel/context.go | 2 +- pkg/model/gcemodel/external_access.go | 4 +- pkg/model/gcemodel/firewall.go | 8 +- pkg/model/gcemodel/service_accounts.go | 6 +- pkg/model/gcemodel/storageacl.go | 2 +- pkg/model/hetznermodel/firewall.go | 2 +- pkg/model/hetznermodel/loadbalancer.go | 2 +- pkg/model/iam/subject.go | 2 +- pkg/model/master_volumes.go | 11 ++- pkg/model/names.go | 6 +- pkg/model/openstackmodel/firewall.go | 20 ++--- pkg/model/openstackmodel/servergroup.go | 6 +- pkg/model/openstackmodel/servergroup_test.go | 30 +++---- pkg/nodeidentity/hetzner/identify.go | 2 +- pkg/nodelabels/builder.go | 2 +- pkg/nodelabels/builder_test.go | 2 +- pkg/resources/aws/aws.go | 10 ++- pkg/resources/digitalocean/resources.go | 2 +- pkg/resources/spotinst/resources.go | 2 +- pkg/testutils/cluster.go | 2 +- pkg/validation/validate_cluster.go | 6 +- pkg/validation/validate_cluster_test.go | 12 +-- tests/e2e/pkg/tester/tester.go | 2 +- .../integration/conversion/aws/v1alpha2.yaml | 8 ++ .../integration/conversion/aws/v1alpha3.yaml | 10 ++- .../conversion/azure/v1alpha3.yaml | 2 +- .../conversion/canal/v1alpha3.yaml | 2 +- .../conversion/cilium/v1alpha3.yaml | 2 +- tests/integration/conversion/do/v1alpha3.yaml | 2 +- .../integration/conversion/gce/v1alpha3.yaml | 2 +- .../conversion/minimal/v1alpha3.yaml | 2 +- .../conversion/openstack/v1alpha3.yaml | 2 +- upup/pkg/fi/cloudup/apply_cluster.go | 6 +- .../fi/cloudup/awstasks/autoscalinggroup.go | 3 + upup/pkg/fi/cloudup/awsup/aws_cloud.go | 14 ++- upup/pkg/fi/cloudup/awsup/instancegroups.go | 2 +- upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go | 2 +- upup/pkg/fi/cloudup/awsup/status.go | 2 +- upup/pkg/fi/cloudup/azure/azure_cloud.go | 6 +- upup/pkg/fi/cloudup/azure/status.go | 4 +- upup/pkg/fi/cloudup/azure/status_test.go | 5 +- upup/pkg/fi/cloudup/do/cloud.go | 3 +- .../fi/cloudup/gce/gcediscovery/resolver.go | 2 +- upup/pkg/fi/cloudup/gce/labels.go | 2 +- upup/pkg/fi/cloudup/gce/status.go | 2 +- upup/pkg/fi/cloudup/new_cluster.go | 6 +- upup/pkg/fi/cloudup/openstack/cloud.go | 5 +- upup/pkg/fi/cloudup/openstack/cloud_test.go | 8 +- upup/pkg/fi/cloudup/openstack/server_group.go | 2 +- upup/pkg/fi/cloudup/openstack/status.go | 2 +- upup/pkg/fi/cloudup/openstack/utils.go | 2 +- .../fi/cloudup/populate_instancegroup_spec.go | 16 ++-- .../populate_instancegroup_spec_test.go | 2 +- .../fi/cloudup/spotinsttasks/elastigroup.go | 3 + .../fi/cloudup/spotinsttasks/launch_spec.go | 3 + upup/pkg/fi/cloudup/spotinsttasks/ocean.go | 3 + upup/pkg/fi/cloudup/template_functions.go | 2 +- upup/pkg/fi/nodeup/command.go | 2 +- 105 files changed, 452 insertions(+), 300 deletions(-) diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index ce1a301b16..dd4d26283f 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -534,7 +534,7 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr var nodes []*api.InstanceGroup for _, ig := range instanceGroups { switch ig.Spec.Role { - case api.InstanceGroupRoleMaster: + case api.InstanceGroupRoleControlPlane: masters = append(masters, ig) case api.InstanceGroupRoleNode: nodes = append(nodes, ig) diff --git a/cmd/kops/create_instancegroup.go b/cmd/kops/create_instancegroup.go index faa518b45f..23c19f90e9 100644 --- a/cmd/kops/create_instancegroup.go +++ b/cmd/kops/create_instancegroup.go @@ -82,7 +82,7 @@ var ( // NewCmdCreateInstanceGroup create a new cobra command object for creating a instancegroup. func NewCmdCreateInstanceGroup(f *util.Factory, out io.Writer) *cobra.Command { options := &CreateInstanceGroupOptions{ - Role: string(kopsapi.InstanceGroupRoleNode), + Role: kopsapi.InstanceGroupRoleNode.ToLowerString(), Edit: true, } @@ -128,7 +128,7 @@ func NewCmdCreateInstanceGroup(f *util.Factory, out io.Writer) *cobra.Command { if r == kopsapi.InstanceGroupRoleAPIServer && !featureflag.APIServerNodes.Enabled() { continue } - allRoles = append(allRoles, strings.ToLower(string(r))) + allRoles = append(allRoles, r.ToLowerString()) } cmd.Flags().StringVar(&options.Role, "role", options.Role, "Type of instance group to create ("+strings.Join(allRoles, ",")+")") diff --git a/cmd/kops/delete_instancegroup.go b/cmd/kops/delete_instancegroup.go index cfe8ec35e2..0d703c1dc6 100644 --- a/cmd/kops/delete_instancegroup.go +++ b/cmd/kops/delete_instancegroup.go @@ -21,7 +21,6 @@ import ( "fmt" "io" "os" - "strings" "github.com/spf13/cobra" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -85,7 +84,7 @@ func NewCmdDeleteInstanceGroup(f *util.Factory, out io.Writer) *cobra.Command { return nil }, - ValidArgsFunction: completeInstanceGroup(f, nil, &[]string{strings.ToLower(string(kops.InstanceGroupRoleMaster))}), + ValidArgsFunction: completeInstanceGroup(f, nil, &[]string{kops.InstanceGroupRoleControlPlane.ToLowerString()}), RunE: func(cmd *cobra.Command, args []string) error { ctx := context.TODO() @@ -148,7 +147,7 @@ func RunDeleteInstanceGroup(ctx context.Context, f *util.Factory, out io.Writer, fmt.Fprintf(out, "InstanceGroup %q found for deletion\n", groupName) - if group.Spec.Role == kops.InstanceGroupRoleMaster { + if group.Spec.Role == kops.InstanceGroupRoleControlPlane { groups, err := clientset.InstanceGroupsFor(cluster).List(ctx, metav1.ListOptions{}) if err != nil { return fmt.Errorf("listing InstanceGroups: %v", err) @@ -156,7 +155,7 @@ func RunDeleteInstanceGroup(ctx context.Context, f *util.Factory, out io.Writer, onlyMaster := true for _, ig := range groups.Items { - if ig.Name != groupName && ig.Spec.Role == kops.InstanceGroupRoleMaster { + if ig.Name != groupName && ig.Spec.Role == kops.InstanceGroupRoleControlPlane { onlyMaster = false break } diff --git a/cmd/kops/rolling-update_cluster.go b/cmd/kops/rolling-update_cluster.go index ee1e0832f2..b79b155a23 100644 --- a/cmd/kops/rolling-update_cluster.go +++ b/cmd/kops/rolling-update_cluster.go @@ -184,7 +184,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command { allRoles := make([]string, 0, len(kopsapi.AllInstanceGroupRoles)) for _, r := range kopsapi.AllInstanceGroupRoles { - allRoles = append(allRoles, strings.ToLower(string(r))) + allRoles = append(allRoles, r.ToLowerString()) } cmd.Flags().BoolVarP(&options.Yes, "yes", "y", options.Yes, "Perform rolling update immediately; without --yes rolling-update executes a dry-run") @@ -279,7 +279,7 @@ func RunRollingUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer } countByRole[instanceGroup.Spec.Role] = countByRole[instanceGroup.Spec.Role] + minSize } - if countByRole[kopsapi.InstanceGroupRoleAPIServer]+countByRole[kopsapi.InstanceGroupRoleMaster] <= 1 { + if countByRole[kopsapi.InstanceGroupRoleAPIServer]+countByRole[kopsapi.InstanceGroupRoleControlPlane] <= 1 { fmt.Fprintf(out, "Detected single-control-plane cluster; won't detach before draining\n") options.DeregisterControlPlaneNodes = false } diff --git a/examples/kops-api-example/up.go b/examples/kops-api-example/up.go index 7724a4588e..77199237cf 100644 --- a/examples/kops-api-example/up.go +++ b/examples/kops-api-example/up.go @@ -86,7 +86,7 @@ func up(ctx context.Context) error { ig := &api.InstanceGroup{} ig.ObjectMeta.Name = "master" ig.Spec = api.InstanceGroupSpec{ - Role: api.InstanceGroupRoleMaster, + Role: api.InstanceGroupRoleControlPlane, Subnets: masterZones, } _, err := clientset.InstanceGroupsFor(cluster).Create(ctx, ig, metav1.CreateOptions{}) diff --git a/nodeup/pkg/model/context.go b/nodeup/pkg/model/context.go index e260fa6f70..b808d68e32 100644 --- a/nodeup/pkg/model/context.go +++ b/nodeup/pkg/model/context.go @@ -91,11 +91,11 @@ func (c *NodeupModelContext) Init() error { role := c.BootConfig.InstanceGroupRole - if role == kops.InstanceGroupRoleMaster { + if role == kops.InstanceGroupRoleControlPlane { c.IsMaster = true } - if role == kops.InstanceGroupRoleMaster || role == kops.InstanceGroupRoleAPIServer { + if role == kops.InstanceGroupRoleControlPlane || role == kops.InstanceGroupRoleAPIServer { c.HasAPIServer = true } return nil diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index d4feb9871f..37effa3ddf 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -1052,7 +1052,7 @@ func (in *WarmPoolSpec) IsEnabled() bool { func (in *WarmPoolSpec) ResolveDefaults(ig *InstanceGroup) *WarmPoolSpec { igWarmPool := ig.Spec.WarmPool if igWarmPool == nil { - if in == nil || (ig.Spec.Role == InstanceGroupRoleMaster || ig.Spec.Role == InstanceGroupRoleBastion) { + if in == nil || (ig.Spec.Role == InstanceGroupRoleControlPlane || ig.Spec.Role == InstanceGroupRoleBastion) { var zero int64 return &WarmPoolSpec{ MaxSize: &zero, @@ -1061,7 +1061,7 @@ func (in *WarmPoolSpec) ResolveDefaults(ig *InstanceGroup) *WarmPoolSpec { return in } - if in == nil || (ig.Spec.Role == InstanceGroupRoleMaster || ig.Spec.Role == InstanceGroupRoleBastion) { + if in == nil || (ig.Spec.Role == InstanceGroupRoleControlPlane || ig.Spec.Role == InstanceGroupRoleBastion) { return igWarmPool } diff --git a/pkg/apis/kops/cluster_test.go b/pkg/apis/kops/cluster_test.go index 6880eafe41..5cd70cac26 100644 --- a/pkg/apis/kops/cluster_test.go +++ b/pkg/apis/kops/cluster_test.go @@ -131,25 +131,25 @@ func TestWarmPoolSpec_ResolveDefaults(t *testing.T) { assertResolvesValue(t, tc.name, tc.nonDefaultValue, defaultCluster, nonDefaultGroup, InstanceGroupRoleNode, "{default} {nonDefault} node") assertResolvesValue(t, tc.name, tc.nonDefaultValue, nonDefaultCluster, nonDefaultGroup, InstanceGroupRoleNode, "{nonDefault} {nonDefault} node") - assertResolvesValue(t, tc.name, expectedDefaultValue, nil, nil, InstanceGroupRoleMaster, "nil nil master") - assertResolvesValue(t, tc.name, expectedDefaultValue, &WarmPoolSpec{}, nil, InstanceGroupRoleMaster, "{nil} nil master") - assertResolvesValue(t, tc.name, expectedDefaultValue, defaultCluster, nil, InstanceGroupRoleMaster, "{default} nil master") - assertResolvesValue(t, tc.name, expectedDefaultValue, nonDefaultCluster, nil, InstanceGroupRoleMaster, "{nonDefault} nil master") + assertResolvesValue(t, tc.name, expectedDefaultValue, nil, nil, InstanceGroupRoleControlPlane, "nil nil master") + assertResolvesValue(t, tc.name, expectedDefaultValue, &WarmPoolSpec{}, nil, InstanceGroupRoleControlPlane, "{nil} nil master") + assertResolvesValue(t, tc.name, expectedDefaultValue, defaultCluster, nil, InstanceGroupRoleControlPlane, "{default} nil master") + assertResolvesValue(t, tc.name, expectedDefaultValue, nonDefaultCluster, nil, InstanceGroupRoleControlPlane, "{nonDefault} nil master") - assertResolvesValue(t, tc.name, tc.defaultValue, nil, &WarmPoolSpec{}, InstanceGroupRoleMaster, "nil {nil} master") - assertResolvesValue(t, tc.name, tc.defaultValue, &WarmPoolSpec{}, &WarmPoolSpec{}, InstanceGroupRoleMaster, "{nil} {nil} master") - assertResolvesValue(t, tc.name, tc.defaultValue, defaultCluster, &WarmPoolSpec{}, InstanceGroupRoleMaster, "{default} {nil} master") - assertResolvesValue(t, tc.name, tc.defaultValue, nonDefaultCluster, &WarmPoolSpec{}, InstanceGroupRoleMaster, "{nonDefault} {nil} master") + assertResolvesValue(t, tc.name, tc.defaultValue, nil, &WarmPoolSpec{}, InstanceGroupRoleControlPlane, "nil {nil} master") + assertResolvesValue(t, tc.name, tc.defaultValue, &WarmPoolSpec{}, &WarmPoolSpec{}, InstanceGroupRoleControlPlane, "{nil} {nil} master") + assertResolvesValue(t, tc.name, tc.defaultValue, defaultCluster, &WarmPoolSpec{}, InstanceGroupRoleControlPlane, "{default} {nil} master") + assertResolvesValue(t, tc.name, tc.defaultValue, nonDefaultCluster, &WarmPoolSpec{}, InstanceGroupRoleControlPlane, "{nonDefault} {nil} master") - assertResolvesValue(t, tc.name, tc.defaultValue, nil, defaultGroup, InstanceGroupRoleMaster, "nil {default} master") - assertResolvesValue(t, tc.name, tc.defaultValue, &WarmPoolSpec{}, defaultGroup, InstanceGroupRoleMaster, "{nil} {default} master") - assertResolvesValue(t, tc.name, tc.defaultValue, defaultCluster, defaultGroup, InstanceGroupRoleMaster, "{default} {default} master") - assertResolvesValue(t, tc.name, tc.defaultValue, nonDefaultCluster, defaultGroup, InstanceGroupRoleMaster, "{nonDefault} {default} master") + assertResolvesValue(t, tc.name, tc.defaultValue, nil, defaultGroup, InstanceGroupRoleControlPlane, "nil {default} master") + assertResolvesValue(t, tc.name, tc.defaultValue, &WarmPoolSpec{}, defaultGroup, InstanceGroupRoleControlPlane, "{nil} {default} master") + assertResolvesValue(t, tc.name, tc.defaultValue, defaultCluster, defaultGroup, InstanceGroupRoleControlPlane, "{default} {default} master") + assertResolvesValue(t, tc.name, tc.defaultValue, nonDefaultCluster, defaultGroup, InstanceGroupRoleControlPlane, "{nonDefault} {default} master") - assertResolvesValue(t, tc.name, tc.nonDefaultValue, nil, nonDefaultGroup, InstanceGroupRoleMaster, "nil {nonDefault} master") - assertResolvesValue(t, tc.name, tc.nonDefaultValue, &WarmPoolSpec{}, nonDefaultGroup, InstanceGroupRoleMaster, "{nil} {nonDefault} master") - assertResolvesValue(t, tc.name, tc.nonDefaultValue, defaultCluster, nonDefaultGroup, InstanceGroupRoleMaster, "{default} {nonDefault} master") - assertResolvesValue(t, tc.name, tc.nonDefaultValue, nonDefaultCluster, nonDefaultGroup, InstanceGroupRoleMaster, "{nonDefault} {nonDefault} master") + assertResolvesValue(t, tc.name, tc.nonDefaultValue, nil, nonDefaultGroup, InstanceGroupRoleControlPlane, "nil {nonDefault} master") + assertResolvesValue(t, tc.name, tc.nonDefaultValue, &WarmPoolSpec{}, nonDefaultGroup, InstanceGroupRoleControlPlane, "{nil} {nonDefault} master") + assertResolvesValue(t, tc.name, tc.nonDefaultValue, defaultCluster, nonDefaultGroup, InstanceGroupRoleControlPlane, "{default} {nonDefault} master") + assertResolvesValue(t, tc.name, tc.nonDefaultValue, nonDefaultCluster, nonDefaultGroup, InstanceGroupRoleControlPlane, "{nonDefault} {nonDefault} master") }) } } diff --git a/pkg/apis/kops/instancegroup.go b/pkg/apis/kops/instancegroup.go index 07079637d0..da53c17f2a 100644 --- a/pkg/apis/kops/instancegroup.go +++ b/pkg/apis/kops/instancegroup.go @@ -17,6 +17,8 @@ limitations under the License. package kops import ( + "strings" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -31,7 +33,7 @@ const ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// InstanceGroup represents a group of instances (either nodes or masters) with the same configuration +// InstanceGroup represents a group of instances with the same configuration. type InstanceGroup struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -49,23 +51,23 @@ type InstanceGroupList struct { Items []InstanceGroup `json:"items"` } -// InstanceGroupRole describes the roles of the nodes in this InstanceGroup (master or nodes) +// InstanceGroupRole describes the roles of the nodes in this InstanceGroup. type InstanceGroupRole string const ( - // InstanceGroupRoleMaster is a master role - InstanceGroupRoleMaster InstanceGroupRole = "Master" - // InstanceGroupRoleNode is a node role + // InstanceGroupRoleControlPlane is a control-plane role. + InstanceGroupRoleControlPlane InstanceGroupRole = "ControlPlane" + // InstanceGroupRoleNode is a node role. InstanceGroupRoleNode InstanceGroupRole = "Node" - // InstanceGroupRoleBastion is a bastion role + // InstanceGroupRoleBastion is a bastion role. InstanceGroupRoleBastion InstanceGroupRole = "Bastion" - // InstanceGroupRoleAPIServer is an API server role + // InstanceGroupRoleAPIServer is an API server role. InstanceGroupRoleAPIServer InstanceGroupRole = "APIServer" ) // AllInstanceGroupRoles is a slice of all valid InstanceGroupRole values var AllInstanceGroupRoles = []InstanceGroupRole{ - InstanceGroupRoleMaster, + InstanceGroupRoleControlPlane, InstanceGroupRoleAPIServer, InstanceGroupRoleNode, InstanceGroupRoleBastion, @@ -94,7 +96,7 @@ const ( type InstanceGroupSpec struct { // Manager determines what is managing the node lifecycle Manager InstanceManager `json:"manager,omitempty"` - // Type determines the role of instances in this instance group: masters or nodes + // Role determines the role of instances in this instance group. Role InstanceGroupRole `json:"role,omitempty"` // Image is the instance (ami etc) we should use Image string `json:"image,omitempty"` @@ -329,10 +331,10 @@ type IAMProfileSpec struct { Profile *string `json:"profile,omitempty"` } -// IsMaster checks if instanceGroup is a master -func (g *InstanceGroup) IsMaster() bool { +// IsControlPlane checks if instanceGroup is a control-plane node. +func (g *InstanceGroup) IsControlPlane() bool { switch g.Spec.Role { - case InstanceGroupRoleMaster: + case InstanceGroupRoleControlPlane: return true default: return false @@ -351,7 +353,7 @@ func (g *InstanceGroup) IsAPIServerOnly() bool { // hasAPIServer checks if instanceGroup runs an API Server func (g *InstanceGroup) HasAPIServer() bool { - return g.IsMaster() || g.IsAPIServerOnly() + return g.IsControlPlane() || g.IsAPIServerOnly() } // IsBastion checks if instanceGroup is a bastion @@ -371,6 +373,15 @@ func (g *InstanceGroup) AddInstanceGroupNodeLabel() { g.Spec.NodeLabels[NodeLabelInstanceGroup] = g.Name } +func (r InstanceGroupRole) ToLowerString() string { + switch r { + case InstanceGroupRoleControlPlane: + return "control-plane" + default: + return strings.ToLower(string(r)) + } +} + // LoadBalancer defines a load balancer type LoadBalancerSpec struct { // LoadBalancerName to associate with this instance group (AWS ELB) diff --git a/pkg/apis/kops/parse.go b/pkg/apis/kops/parse.go index 438b91ad3d..b420a375a1 100644 --- a/pkg/apis/kops/parse.go +++ b/pkg/apis/kops/parse.go @@ -33,10 +33,10 @@ func ParseInstanceGroupRole(input string, lenient bool) (InstanceGroupRole, bool // Accept pluralized "bastions" for "bastion" findRole = strings.TrimSuffix(findRole, "s") } + findRole = strings.Replace(findRole, "controlplane", "control-plane", 1) for _, role := range AllInstanceGroupRoles { - s := string(role) - s = strings.ToLower(s) + s := role.ToLowerString() if lenient { s = strings.TrimSuffix(s, "s") } @@ -44,6 +44,11 @@ func ParseInstanceGroupRole(input string, lenient bool) (InstanceGroupRole, bool return role, true } } + + if lenient && strings.ToLower(findRole) == "master" { + return InstanceGroupRoleControlPlane, true + } + return "", false } diff --git a/pkg/apis/kops/parse_test.go b/pkg/apis/kops/parse_test.go index 731689dded..e1e9742f44 100644 --- a/pkg/apis/kops/parse_test.go +++ b/pkg/apis/kops/parse_test.go @@ -53,7 +53,15 @@ func Test_ParseInstanceGroupRole(t *testing.T) { }, { "Masters", true, - InstanceGroupRoleMaster, true, + InstanceGroupRoleControlPlane, true, + }, + { + "ControlPlanes", true, + InstanceGroupRoleControlPlane, true, + }, + { + "Control-Planes", true, + InstanceGroupRoleControlPlane, true, }, { "NotARole", true, diff --git a/pkg/apis/kops/v1alpha2/conversion.go b/pkg/apis/kops/v1alpha2/conversion.go index 4623ec1d4d..7d6976a7c4 100644 --- a/pkg/apis/kops/v1alpha2/conversion.go +++ b/pkg/apis/kops/v1alpha2/conversion.go @@ -75,6 +75,26 @@ func Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *kops if err := autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in, out, s); err != nil { return err } + if in.AdditionalPolicies != nil { + policies := make(map[string]string, len(*in.AdditionalPolicies)) + for k, v := range *in.AdditionalPolicies { + if k == "master" { + k = "control-plane" + } + policies[k] = v + } + out.AdditionalPolicies = &policies + } + if in.ExternalPolicies != nil { + policies := make(map[string][]string, len(*in.ExternalPolicies)) + for k, v := range *in.ExternalPolicies { + if k == "master" { + k = "control-plane" + } + policies[k] = v + } + out.ExternalPolicies = &policies + } if in.LegacyAPI != nil { if err := autoConvert_v1alpha2_APISpec_To_kops_APISpec(in.LegacyAPI, &out.API, s); err != nil { return err @@ -137,6 +157,26 @@ func Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec, out if err := autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in, out, s); err != nil { return err } + if in.AdditionalPolicies != nil { + policies := make(map[string]string, len(*in.AdditionalPolicies)) + for k, v := range *in.AdditionalPolicies { + if k == "control-plane" { + k = "master" + } + policies[k] = v + } + out.AdditionalPolicies = &policies + } + if in.ExternalPolicies != nil { + policies := make(map[string][]string, len(*in.ExternalPolicies)) + for k, v := range *in.ExternalPolicies { + if k == "control-plane" { + k = "master" + } + policies[k] = v + } + out.ExternalPolicies = &policies + } out.LegacyAPI = &APISpec{} if err := autoConvert_kops_APISpec_To_v1alpha2_APISpec(&in.API, out.LegacyAPI, s); err != nil { return err @@ -204,6 +244,55 @@ func Convert_kops_ExternalDNSConfig_To_v1alpha2_ExternalDNSConfig(in *kops.Exter return nil } +// Convert_v1alpha2_HookSpec_To_kops_HookSpec is an autogenerated conversion function. +func Convert_v1alpha2_HookSpec_To_kops_HookSpec(in *HookSpec, out *kops.HookSpec, s conversion.Scope) error { + if err := autoConvert_v1alpha2_HookSpec_To_kops_HookSpec(in, out, s); err != nil { + return err + } + if in.Roles != nil { + for i := range in.Roles { + if in.Roles[i] == "Master" { + out.Roles[i] = kops.InstanceGroupRoleControlPlane + } + } + } + return nil +} + +func Convert_kops_HookSpec_To_v1alpha2_HookSpec(in *kops.HookSpec, out *HookSpec, s conversion.Scope) error { + if err := autoConvert_kops_HookSpec_To_v1alpha2_HookSpec(in, out, s); err != nil { + return err + } + if in.Roles != nil { + for i := range in.Roles { + if in.Roles[i] == kops.InstanceGroupRoleControlPlane { + out.Roles[i] = "Master" + } + } + } + return nil +} + +func Convert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *InstanceGroupSpec, out *kops.InstanceGroupSpec, s conversion.Scope) error { + if err := autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in, out, s); err != nil { + return err + } + if in.Role == "Master" { + out.Role = kops.InstanceGroupRoleControlPlane + } + return nil +} + +func Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.InstanceGroupSpec, out *InstanceGroupSpec, s conversion.Scope) error { + if err := autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in, out, s); err != nil { + return err + } + if in.Role == kops.InstanceGroupRoleControlPlane { + out.Role = "Master" + } + return nil +} + func Convert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error { if err := autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in, out, s); err != nil { return err diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index d1de9ceb9a..9ac446b1c5 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -514,16 +514,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*HookSpec)(nil), (*kops.HookSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha2_HookSpec_To_kops_HookSpec(a.(*HookSpec), b.(*kops.HookSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*kops.HookSpec)(nil), (*HookSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_kops_HookSpec_To_v1alpha2_HookSpec(a.(*kops.HookSpec), b.(*HookSpec), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*HubbleSpec)(nil), (*kops.HubbleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_HubbleSpec_To_kops_HubbleSpec(a.(*HubbleSpec), b.(*kops.HubbleSpec), scope) }); err != nil { @@ -574,16 +564,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*InstanceGroupSpec)(nil), (*kops.InstanceGroupSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(a.(*InstanceGroupSpec), b.(*kops.InstanceGroupSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*kops.InstanceGroupSpec)(nil), (*InstanceGroupSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(a.(*kops.InstanceGroupSpec), b.(*InstanceGroupSpec), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*InstanceMetadataOptions)(nil), (*kops.InstanceMetadataOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(a.(*InstanceMetadataOptions), b.(*kops.InstanceMetadataOptions), scope) }); err != nil { @@ -1204,6 +1184,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*kops.HookSpec)(nil), (*HookSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_HookSpec_To_v1alpha2_HookSpec(a.(*kops.HookSpec), b.(*HookSpec), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*kops.InstanceGroupSpec)(nil), (*InstanceGroupSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(a.(*kops.InstanceGroupSpec), b.(*InstanceGroupSpec), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*kops.TopologySpec)(nil), (*TopologySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_kops_TopologySpec_To_v1alpha2_TopologySpec(a.(*kops.TopologySpec), b.(*TopologySpec), scope) }); err != nil { @@ -1229,6 +1219,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*HookSpec)(nil), (*kops.HookSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_HookSpec_To_kops_HookSpec(a.(*HookSpec), b.(*kops.HookSpec), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*InstanceGroupSpec)(nil), (*kops.InstanceGroupSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(a.(*InstanceGroupSpec), b.(*kops.InstanceGroupSpec), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*TopologySpec)(nil), (*kops.TopologySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_TopologySpec_To_kops_TopologySpec(a.(*TopologySpec), b.(*kops.TopologySpec), scope) }); err != nil { @@ -4129,11 +4129,6 @@ func autoConvert_v1alpha2_HookSpec_To_kops_HookSpec(in *HookSpec, out *kops.Hook return nil } -// Convert_v1alpha2_HookSpec_To_kops_HookSpec is an autogenerated conversion function. -func Convert_v1alpha2_HookSpec_To_kops_HookSpec(in *HookSpec, out *kops.HookSpec, s conversion.Scope) error { - return autoConvert_v1alpha2_HookSpec_To_kops_HookSpec(in, out, s) -} - func autoConvert_kops_HookSpec_To_v1alpha2_HookSpec(in *kops.HookSpec, out *HookSpec, s conversion.Scope) error { out.Name = in.Name out.Enabled = in.Enabled @@ -4162,11 +4157,6 @@ func autoConvert_kops_HookSpec_To_v1alpha2_HookSpec(in *kops.HookSpec, out *Hook return nil } -// Convert_kops_HookSpec_To_v1alpha2_HookSpec is an autogenerated conversion function. -func Convert_kops_HookSpec_To_v1alpha2_HookSpec(in *kops.HookSpec, out *HookSpec, s conversion.Scope) error { - return autoConvert_kops_HookSpec_To_v1alpha2_HookSpec(in, out, s) -} - func autoConvert_v1alpha2_HubbleSpec_To_kops_HubbleSpec(in *HubbleSpec, out *kops.HubbleSpec, s conversion.Scope) error { out.Enabled = in.Enabled out.Metrics = in.Metrics @@ -4507,11 +4497,6 @@ func autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan return nil } -// Convert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec is an autogenerated conversion function. -func Convert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *InstanceGroupSpec, out *kops.InstanceGroupSpec, s conversion.Scope) error { - return autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in, out, s) -} - func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.InstanceGroupSpec, out *InstanceGroupSpec, s conversion.Scope) error { out.Manager = InstanceManager(in.Manager) out.Role = InstanceGroupRole(in.Role) @@ -4693,11 +4678,6 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.I return nil } -// Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec is an autogenerated conversion function. -func Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.InstanceGroupSpec, out *InstanceGroupSpec, s conversion.Scope) error { - return autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in, out, s) -} - func autoConvert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in *InstanceMetadataOptions, out *kops.InstanceMetadataOptions, s conversion.Scope) error { out.HTTPPutResponseHopLimit = in.HTTPPutResponseHopLimit out.HTTPTokens = in.HTTPTokens diff --git a/pkg/apis/kops/v1alpha3/instancegroup.go b/pkg/apis/kops/v1alpha3/instancegroup.go index e2c29b7c29..dea920bbf9 100644 --- a/pkg/apis/kops/v1alpha3/instancegroup.go +++ b/pkg/apis/kops/v1alpha3/instancegroup.go @@ -21,6 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// InstanceGroup represents a group of instances with the same configuration. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:printcolumn:name="role",type="string",JSONPath=".spec.role",description="Role",priority=0 @@ -29,7 +30,6 @@ import ( // +kubebuilder:printcolumn:name="max",type="integer",JSONPath=".spec.maxSize",description="Max",priority=0 // +kubebuilder:printcolumn:name="zones",type="string",JSONPath=".spec.zones",description="Zones",priority=0 // +kubebuilder:resource:shortName=ig -// InstanceGroup represents a group of instances (either nodes or masters) with the same configuration type InstanceGroup struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -47,7 +47,7 @@ type InstanceGroupList struct { Items []InstanceGroup `json:"items"` } -// InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) +// InstanceGroupRole string describes the roles of the nodes in this InstanceGroup. type InstanceGroupRole string type InstanceManager string @@ -56,7 +56,7 @@ type InstanceManager string type InstanceGroupSpec struct { // Manager determines what is managing the node lifecycle Manager InstanceManager `json:"manager,omitempty"` - // Type determines the role of instances in this instance group: masters or nodes + // Role determines the role of instances in this instance group. Role InstanceGroupRole `json:"role,omitempty"` // Image is the instance (ami etc) we should use Image string `json:"image,omitempty"` diff --git a/pkg/apis/kops/validation/instancegroup.go b/pkg/apis/kops/validation/instancegroup.go index 52c79d4849..59d628b305 100644 --- a/pkg/apis/kops/validation/instancegroup.go +++ b/pkg/apis/kops/validation/instancegroup.go @@ -45,7 +45,7 @@ func ValidateInstanceGroup(g *kops.InstanceGroup, cloud fi.Cloud, strict bool) f switch g.Spec.Role { case "": allErrs = append(allErrs, field.Required(field.NewPath("spec", "role"), "Role must be set")) - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: if len(g.Spec.Subnets) == 0 { allErrs = append(allErrs, field.Required(field.NewPath("spec", "subnets"), "master InstanceGroup must specify at least one Subnet")) } @@ -137,7 +137,7 @@ func ValidateInstanceGroup(g *kops.InstanceGroup, cloud fi.Cloud, strict bool) f allErrs = append(allErrs, validateInstanceProfile(g.Spec.IAM, field.NewPath("spec", "iam"))...) if g.Spec.RollingUpdate != nil { - allErrs = append(allErrs, validateRollingUpdate(g.Spec.RollingUpdate, field.NewPath("spec", "rollingUpdate"), g.Spec.Role == kops.InstanceGroupRoleMaster)...) + allErrs = append(allErrs, validateRollingUpdate(g.Spec.RollingUpdate, field.NewPath("spec", "rollingUpdate"), g.Spec.Role == kops.InstanceGroupRoleControlPlane)...) } if g.Spec.NodeLabels != nil { @@ -219,7 +219,7 @@ func validateVolumeMountSpec(path *field.Path, spec kops.VolumeMountSpec) field. func CrossValidateInstanceGroup(g *kops.InstanceGroup, cluster *kops.Cluster, cloud fi.Cloud, strict bool) field.ErrorList { allErrs := ValidateInstanceGroup(g, cloud, strict) - if g.Spec.Role == kops.InstanceGroupRoleMaster { + if g.Spec.Role == kops.InstanceGroupRoleControlPlane { allErrs = append(allErrs, ValidateMasterInstanceGroup(g, cluster)...) } diff --git a/pkg/apis/kops/validation/instancegroup_test.go b/pkg/apis/kops/validation/instancegroup_test.go index b86fbf3827..4de0363e3a 100644 --- a/pkg/apis/kops/validation/instancegroup_test.go +++ b/pkg/apis/kops/validation/instancegroup_test.go @@ -131,7 +131,7 @@ func TestValidMasterInstanceGroup(t *testing.T) { Name: "eu-central-1a", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, }, }, ExpectedErrors: 0, @@ -166,7 +166,7 @@ func TestValidMasterInstanceGroup(t *testing.T) { Name: "eu-central-1d", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, }, }, ExpectedErrors: 1, @@ -394,7 +394,7 @@ func TestValidInstanceGroup(t *testing.T) { Name: "eu-central-1a", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Subnets: []string{"eu-central-1a"}, MaxSize: fi.PtrTo(int32(1)), MinSize: fi.PtrTo(int32(1)), diff --git a/pkg/apis/kops/validation/legacy.go b/pkg/apis/kops/validation/legacy.go index 5ba90bc7df..e4a6b92b35 100644 --- a/pkg/apis/kops/validation/legacy.go +++ b/pkg/apis/kops/validation/legacy.go @@ -477,7 +477,7 @@ func DeepValidate(c *kops.Cluster, groups []*kops.InstanceGroup, strict bool, cl masterGroupCount := 0 nodeGroupCount := 0 for _, g := range groups { - if g.IsMaster() { + if g.IsControlPlane() { masterGroupCount++ } else { nodeGroupCount++ diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go index c7832d5ef2..9b0b3227e7 100644 --- a/pkg/apis/kops/validation/validation.go +++ b/pkg/apis/kops/validation/validation.go @@ -1081,7 +1081,7 @@ func validateAdditionalPolicy(role string, policy string, fldPath *field.Path) f var valid []string for _, r := range kops.AllInstanceGroupRoles { - valid = append(valid, strings.ToLower(string(r))) + valid = append(valid, r.ToLowerString()) } allErrs = append(allErrs, IsValidValue(fldPath, &role, valid)...) @@ -1109,7 +1109,7 @@ func validateExternalPolicies(role string, policies []string, fldPath *field.Pat var valid []string for _, r := range kops.AllInstanceGroupRoles { - valid = append(valid, strings.ToLower(string(r))) + valid = append(valid, r.ToLowerString()) } allErrs = append(allErrs, IsValidValue(fldPath, &role, valid)...) diff --git a/pkg/apis/kops/validation/validation_test.go b/pkg/apis/kops/validation/validation_test.go index 2a9a3b8492..676a29ff4d 100644 --- a/pkg/apis/kops/validation/validation_test.go +++ b/pkg/apis/kops/validation/validation_test.go @@ -405,7 +405,7 @@ func Test_Validate_AdditionalPolicies(t *testing.T) { }, { Input: map[string]string{ - "master": `[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ], "Effect": "Allow" } ]`, + "control-plane": `[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ], "Effect": "Allow" } ]`, }, }, { @@ -416,21 +416,21 @@ func Test_Validate_AdditionalPolicies(t *testing.T) { }, { Input: map[string]string{ - "master": `badjson`, + "control-plane": `badjson`, }, - ExpectedErrors: []string{"Invalid value::spec.additionalPolicies[master]"}, + ExpectedErrors: []string{"Invalid value::spec.additionalPolicies[control-plane]"}, }, { Input: map[string]string{ - "master": `[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ] } ]`, + "control-plane": `[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ] } ]`, }, - ExpectedErrors: []string{"Required value::spec.additionalPolicies[master][0].Effect"}, + ExpectedErrors: []string{"Required value::spec.additionalPolicies[control-plane][0].Effect"}, }, { Input: map[string]string{ - "master": `[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ], "Effect": "allow" } ]`, + "control-plane": `[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ], "Effect": "allow" } ]`, }, - ExpectedErrors: []string{"Unsupported value::spec.additionalPolicies[master][0].Effect"}, + ExpectedErrors: []string{"Unsupported value::spec.additionalPolicies[control-plane][0].Effect"}, }, } for _, g := range grid { diff --git a/pkg/instancegroups/instancegroups.go b/pkg/instancegroups/instancegroups.go index 4e07ab71cf..229dbdec49 100644 --- a/pkg/instancegroups/instancegroups.go +++ b/pkg/instancegroups/instancegroups.go @@ -136,8 +136,8 @@ func (c *RollingUpdateCluster) rollingUpdateInstanceGroup(group *cloudinstances. maxSurge = 0 } - if group.InstanceGroup.Spec.Role == api.InstanceGroupRoleMaster && maxSurge != 0 { - // Masters are incapable of surging because they rely on registering themselves through + if group.InstanceGroup.Spec.Role == api.InstanceGroupRoleControlPlane && maxSurge != 0 { + // Control plane nodes are incapable of surging because they rely on registering themselves through // the local apiserver. That apiserver depends on the local etcd, which relies on being // joined to the etcd cluster. maxSurge = 0 @@ -556,7 +556,7 @@ func hasFailureRelevantToGroup(failures []*validation.ValidationError, group *cl } // if there is a failure in the same instance group or a failure which has cluster wide impact - if (failure.InstanceGroup.IsMaster()) || (failure.InstanceGroup == group.InstanceGroup) { + if (failure.InstanceGroup.IsControlPlane()) || (failure.InstanceGroup == group.InstanceGroup) { return true } } @@ -657,7 +657,7 @@ func (c *RollingUpdateCluster) drainNode(u *cloudinstances.CloudInstance) error if u.CloudInstanceGroup != nil && u.CloudInstanceGroup.InstanceGroup != nil { role := u.CloudInstanceGroup.InstanceGroup.Spec.Role switch role { - case api.InstanceGroupRoleAPIServer, api.InstanceGroupRoleMaster: + case api.InstanceGroupRoleAPIServer, api.InstanceGroupRoleControlPlane: klog.Infof("skipping deregistration of instance %q, as part of instancegroup with role %q", u.ID, role) shouldDeregister = false } @@ -703,7 +703,7 @@ func (c *RollingUpdateCluster) deleteNode(node *corev1.Node) error { // UpdateSingleInstance performs a rolling update on a single instance func (c *RollingUpdateCluster) UpdateSingleInstance(cloudMember *cloudinstances.CloudInstance, detach bool) error { if detach { - if cloudMember.CloudInstanceGroup.InstanceGroup.IsMaster() { + if cloudMember.CloudInstanceGroup.InstanceGroup.IsControlPlane() { klog.Warning("cannot detach master instances. Assuming --surge=false") } else if cloudMember.CloudInstanceGroup.InstanceGroup.Spec.Manager != api.InstanceManagerKarpenter { err := c.detachInstance(cloudMember) diff --git a/pkg/instancegroups/rollingupdate.go b/pkg/instancegroups/rollingupdate.go index 5b1a50f735..fb15edb3d1 100644 --- a/pkg/instancegroups/rollingupdate.go +++ b/pkg/instancegroups/rollingupdate.go @@ -124,7 +124,7 @@ func (c *RollingUpdateCluster) RollingUpdate(groups map[string]*cloudinstances.C nodeGroups[k] = group case api.InstanceGroupRoleAPIServer: apiServerGroups[k] = group - case api.InstanceGroupRoleMaster: + case api.InstanceGroupRoleControlPlane: masterGroups[k] = group case api.InstanceGroupRoleBastion: bastionGroups[k] = group diff --git a/pkg/instancegroups/rollingupdate_os_test.go b/pkg/instancegroups/rollingupdate_os_test.go index 3dfca364d5..4ea2d823f7 100644 --- a/pkg/instancegroups/rollingupdate_os_test.go +++ b/pkg/instancegroups/rollingupdate_os_test.go @@ -126,7 +126,7 @@ func makeGroupOS(t *testing.T, groups map[string]*cloudinstances.CloudInstanceGr switch role { case kopsapi.InstanceGroupRoleNode: newIg = testutils.BuildMinimalNodeInstanceGroup("nodes-"+subnet, subnet) - case kopsapi.InstanceGroupRoleMaster: + case kopsapi.InstanceGroupRoleControlPlane: newIg = testutils.BuildMinimalMasterInstanceGroup(subnet) case kopsapi.InstanceGroupRoleBastion: newIg = testutils.BuildMinimalBastionInstanceGroup("bastion-"+subnet, subnet) @@ -192,9 +192,9 @@ func getGroupsAllNeedUpdateOS(t *testing.T, c *RollingUpdateCluster) (map[string igList := &kopsapi.InstanceGroupList{} makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[0].Name, kopsapi.InstanceGroupRoleNode, 3, 3) makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[1].Name, kopsapi.InstanceGroupRoleNode, 3, 3) - makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[0].Name, kopsapi.InstanceGroupRoleMaster, 1, 1) - makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[1].Name, kopsapi.InstanceGroupRoleMaster, 1, 1) - makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[2].Name, kopsapi.InstanceGroupRoleMaster, 1, 1) + makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[0].Name, kopsapi.InstanceGroupRoleControlPlane, 1, 1) + makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[1].Name, kopsapi.InstanceGroupRoleControlPlane, 1, 1) + makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[2].Name, kopsapi.InstanceGroupRoleControlPlane, 1, 1) makeGroupOS(t, groups, igList, c, c.Cluster.Spec.Subnets[0].Name, kopsapi.InstanceGroupRoleBastion, 1, 1) return groups, igList } diff --git a/pkg/instancegroups/rollingupdate_test.go b/pkg/instancegroups/rollingupdate_test.go index d2acbc86d8..8c3383b12f 100644 --- a/pkg/instancegroups/rollingupdate_test.go +++ b/pkg/instancegroups/rollingupdate_test.go @@ -192,7 +192,7 @@ func getGroups(k8sClient kubernetes.Interface, cloud awsup.AWSCloud) map[string] groups := make(map[string]*cloudinstances.CloudInstanceGroup) makeGroup(groups, k8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 3, 0) makeGroup(groups, k8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 3, 0) - makeGroup(groups, k8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 0) + makeGroup(groups, k8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 0) makeGroup(groups, k8sClient, cloud, "bastion-1", kopsapi.InstanceGroupRoleBastion, 1, 0) return groups } @@ -201,7 +201,7 @@ func getGroupsAllNeedUpdate(k8sClient kubernetes.Interface, cloud awsup.AWSCloud groups := make(map[string]*cloudinstances.CloudInstanceGroup) makeGroup(groups, k8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 3, 3) makeGroup(groups, k8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 3, 3) - makeGroup(groups, k8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 2) + makeGroup(groups, k8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 2) makeGroup(groups, k8sClient, cloud, "bastion-1", kopsapi.InstanceGroupRoleBastion, 1, 1) return groups } @@ -480,7 +480,7 @@ func TestRollingUpdateNonRelatedInstanceGroupFailure(t *testing.T) { groups := make(map[string]*cloudinstances.CloudInstanceGroup) makeGroup(groups, c.K8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 3, 3) makeGroup(groups, c.K8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 3, 0) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 0) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 0) makeGroup(groups, c.K8sClient, cloud, "bastion-1", kopsapi.InstanceGroupRoleBastion, 1, 0) c.ClusterValidator = &instanceGroupNodeSpecificErrorClusterValidator{ @@ -502,7 +502,7 @@ func TestRollingUpdateRelatedInstanceGroupFailure(t *testing.T) { groups := make(map[string]*cloudinstances.CloudInstanceGroup) makeGroup(groups, c.K8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 3, 3) makeGroup(groups, c.K8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 3, 0) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 0) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 0) makeGroup(groups, c.K8sClient, cloud, "bastion-1", kopsapi.InstanceGroupRoleBastion, 1, 0) c.ClusterValidator = &instanceGroupNodeSpecificErrorClusterValidator{ @@ -524,7 +524,7 @@ func TestRollingUpdateMasterGroupFailure(t *testing.T) { groups := make(map[string]*cloudinstances.CloudInstanceGroup) makeGroup(groups, c.K8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 3, 3) makeGroup(groups, c.K8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 3, 0) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 0) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 0) makeGroup(groups, c.K8sClient, cloud, "bastion-1", kopsapi.InstanceGroupRoleBastion, 1, 0) c.ClusterValidator = &instanceGroupNodeSpecificErrorClusterValidator{ @@ -546,7 +546,7 @@ func TestRollingUpdateValidationErrorInstanceGroupNil(t *testing.T) { groups := make(map[string]*cloudinstances.CloudInstanceGroup) makeGroup(groups, c.K8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 3, 3) makeGroup(groups, c.K8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 3, 0) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 0) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 0) makeGroup(groups, c.K8sClient, cloud, "bastion-1", kopsapi.InstanceGroupRoleBastion, 1, 0) c.ClusterValidator = &instanceGroupNodeSpecificErrorClusterValidator{ @@ -720,7 +720,7 @@ func TestAddAnnotatedNodesToNeedsUpdate(t *testing.T) { c, cloud := getTestSetup() groups := make(map[string]*cloudinstances.CloudInstanceGroup) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 1) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 1) makeGroup(groups, c.K8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 2, 1) makeGroup(groups, c.K8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 2, 1) @@ -740,7 +740,7 @@ func TestAddAnnotatedNodesToNeedsUpdateCloudonly(t *testing.T) { c, cloud := getTestSetup() groups := make(map[string]*cloudinstances.CloudInstanceGroup) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 2, 1) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 2, 1) makeGroup(groups, c.K8sClient, cloud, "node-1", kopsapi.InstanceGroupRoleNode, 2, 1) makeGroup(groups, c.K8sClient, cloud, "node-2", kopsapi.InstanceGroupRoleNode, 2, 1) @@ -845,7 +845,7 @@ func TestRollingUpdateMaxSurgeIgnoredForMaster(t *testing.T) { } groups := make(map[string]*cloudinstances.CloudInstanceGroup) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 3, 2) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 3, 2) err := c.RollingUpdate(groups, &kopsapi.InstanceGroupList{}) assert.NoError(t, err, "rolling update") @@ -1194,7 +1194,7 @@ func TestRollingUpdateMaxUnavailableAllNeedUpdateMaster(t *testing.T) { } groups := make(map[string]*cloudinstances.CloudInstanceGroup) - makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleMaster, 7, 7) + makeGroup(groups, c.K8sClient, cloud, "master-1", kopsapi.InstanceGroupRoleControlPlane, 7, 7) err := c.RollingUpdate(groups, &kopsapi.InstanceGroupList{}) assert.NoError(t, err, "rolling update") diff --git a/pkg/model/awsmodel/api_loadbalancer.go b/pkg/model/awsmodel/api_loadbalancer.go index df00c4a844..948676277a 100644 --- a/pkg/model/awsmodel/api_loadbalancer.go +++ b/pkg/model/awsmodel/api_loadbalancer.go @@ -436,7 +436,7 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error { } } - masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleMaster) + masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleControlPlane) if err != nil { return err } diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index 3e2c5b850e..4c0056757d 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -455,7 +455,7 @@ func (b *AutoscalingGroupModelBuilder) buildAutoScalingGroupTask(c *fi.ModelBuil if b.UseLoadBalancerForAPI() && ig.HasAPIServer() { if b.UseNetworkLoadBalancer() { t.TargetGroups = append(t.TargetGroups, b.LinkToTargetGroup("tcp")) - if b.Cluster.UsesNoneDNS() && ig.IsMaster() { + if b.Cluster.UsesNoneDNS() && ig.IsControlPlane() { t.TargetGroups = append(t.TargetGroups, b.LinkToTargetGroup("kops-controller")) } if b.Cluster.Spec.API.LoadBalancer.SSLCertificate != "" { diff --git a/pkg/model/awsmodel/autoscalinggroup_test.go b/pkg/model/awsmodel/autoscalinggroup_test.go index 24ad47adda..a334969382 100644 --- a/pkg/model/awsmodel/autoscalinggroup_test.go +++ b/pkg/model/awsmodel/autoscalinggroup_test.go @@ -151,7 +151,7 @@ func TestAPIServerAdditionalSecurityGroupsWithNLB(t *testing.T) { Name: "master1", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Subnets: subnets, AdditionalSecurityGroups: []string{"sg-234567890abcdef01"}, }, @@ -242,7 +242,7 @@ func TestAPIServerAdditionalSecurityGroupsWithNLB(t *testing.T) { launchTemplateForGroup := func(t *testing.T, ig *kops.InstanceGroup) *awstasks.LaunchTemplate { t.Helper() subdomain := ig.Name - if ig.Spec.Role == kops.InstanceGroupRoleMaster { + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane { subdomain = ig.Name + ".masters" } task, ok := c.Tasks[fmt.Sprintf("LaunchTemplate/%s.%s", subdomain, cluster.Name)] diff --git a/pkg/model/awsmodel/bastion.go b/pkg/model/awsmodel/bastion.go index f3cb3faab0..d13bd10dd9 100644 --- a/pkg/model/awsmodel/bastion.go +++ b/pkg/model/awsmodel/bastion.go @@ -63,7 +63,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { if err != nil { return err } - masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleMaster) + masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleControlPlane) if err != nil { return err } diff --git a/pkg/model/awsmodel/external_access.go b/pkg/model/awsmodel/external_access.go index 38d09e7258..f19dd0ee52 100644 --- a/pkg/model/awsmodel/external_access.go +++ b/pkg/model/awsmodel/external_access.go @@ -43,7 +43,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error { klog.Warningf("SSHAccess is empty") } - masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleMaster) + masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleControlPlane) if err != nil { return err } diff --git a/pkg/model/awsmodel/firewall.go b/pkg/model/awsmodel/firewall.go index 3a46a1f76d..32138b8751 100644 --- a/pkg/model/awsmodel/firewall.go +++ b/pkg/model/awsmodel/firewall.go @@ -232,7 +232,7 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu } func (b *FirewallModelBuilder) buildMasterRules(c *fi.ModelBuilderContext, nodeGroups []SecurityGroupInfo) ([]SecurityGroupInfo, error) { - masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleMaster) + masterGroups, err := b.GetSecurityGroups(kops.InstanceGroupRoleControlPlane) if err != nil { return nil, err } @@ -303,7 +303,7 @@ type SecurityGroupInfo struct { func (b *AWSModelContext) GetSecurityGroups(role kops.InstanceGroupRole) ([]SecurityGroupInfo, error) { var baseGroup *awstasks.SecurityGroup - if role == kops.InstanceGroupRoleMaster { + if role == kops.InstanceGroupRoleControlPlane { name := b.SecurityGroupName(role) baseGroup = &awstasks.SecurityGroup{ Name: fi.PtrTo(name), diff --git a/pkg/model/awsmodel/iam.go b/pkg/model/awsmodel/iam.go index 45d843f614..537efd7346 100644 --- a/pkg/model/awsmodel/iam.go +++ b/pkg/model/awsmodel/iam.go @@ -267,7 +267,7 @@ func (b *IAMModelBuilder) roleKey(role iam.Subject) (string, bool) { // This isn't great, but we have to be backwards compatible with the old names. switch role.(type) { case *iam.NodeRoleMaster: - return strings.ToLower(string(kops.InstanceGroupRoleMaster)), false + return "master", false case *iam.NodeRoleAPIServer: return strings.ToLower(string(kops.InstanceGroupRoleAPIServer)), false case *iam.NodeRoleNode: @@ -325,7 +325,11 @@ func (b *IAMModelBuilder) buildIAMTasks(role iam.Subject, iamName string, c *fi. if b.Cluster.Spec.ExternalPolicies != nil { p := *(b.Cluster.Spec.ExternalPolicies) - externalPolicies = append(externalPolicies, p[roleKey]...) + key := roleKey + if key == "master" { + key = "control-plane" + } + externalPolicies = append(externalPolicies, p[key]...) } sort.Strings(externalPolicies) diff --git a/pkg/model/awsmodel/spotinst.go b/pkg/model/awsmodel/spotinst.go index 7070c69296..91431f58a6 100644 --- a/pkg/model/awsmodel/spotinst.go +++ b/pkg/model/awsmodel/spotinst.go @@ -157,7 +157,7 @@ func (b *SpotInstanceGroupModelBuilder) Build(c *fi.ModelBuilderContext) error { switch ig.Spec.Role { // Create both Master and Bastion instance groups as Elastigroups. - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleBastion: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleBastion: err = b.buildElastigroup(c, ig) // Create Node instance groups as Elastigroups or a single Ocean with @@ -844,7 +844,7 @@ func (b *SpotInstanceGroupModelBuilder) buildAutoScalerOpts(clusterID string, ig } switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return opts, nil case kops.InstanceGroupRoleBastion: @@ -1110,7 +1110,7 @@ func defaultSpotPercentage(ig *kops.InstanceGroup) *float64 { var percentage float64 switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleBastion: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleBastion: percentage = 0 case kops.InstanceGroupRoleNode: percentage = 100 diff --git a/pkg/model/azuremodel/api_loadbalancer_test.go b/pkg/model/azuremodel/api_loadbalancer_test.go index 4eaf57e275..c3b9db998d 100644 --- a/pkg/model/azuremodel/api_loadbalancer_test.go +++ b/pkg/model/azuremodel/api_loadbalancer_test.go @@ -28,7 +28,7 @@ func TestAPILoadBalancerModelBuilder_Build(t *testing.T) { b := APILoadBalancerModelBuilder{ AzureModelContext: newTestAzureModelContext(), } - b.InstanceGroups[0].Spec.Role = kops.InstanceGroupRoleMaster + b.InstanceGroups[0].Spec.Role = kops.InstanceGroupRoleControlPlane c := &fi.ModelBuilderContext{ Tasks: make(map[string]fi.Task), } @@ -56,7 +56,7 @@ func TestSubnetForLoadbalancer(t *testing.T) { Type: kops.SubnetTypeUtility, }, } - b.InstanceGroups[0].Spec.Role = kops.InstanceGroupRoleMaster + b.InstanceGroups[0].Spec.Role = kops.InstanceGroupRoleControlPlane b.InstanceGroups[0].Spec.Subnets = []string{ "master", } diff --git a/pkg/model/azuremodel/context.go b/pkg/model/azuremodel/context.go index f801e499df..9cf6a50444 100644 --- a/pkg/model/azuremodel/context.go +++ b/pkg/model/azuremodel/context.go @@ -115,7 +115,10 @@ func (c *AzureModelContext) CloudTagsForInstanceGroup(ig *kops.InstanceGroup) ma } // The system tags take priority because the cluster likely breaks without them... - labels[azure.TagNameRolePrefix+strings.ToLower(string(ig.Spec.Role))] = "1" + labels[azure.TagNameRolePrefix+ig.Spec.Role.ToLowerString()] = "1" + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane { + labels[azure.TagNameRolePrefix+"master"] = "1" + } // Set the tag used by kops-controller to identify the instance group to which the VM ScaleSet belongs. labels[nodeidentityazure.InstanceGroupNameTag] = ig.Name diff --git a/pkg/model/azuremodel/vmscaleset.go b/pkg/model/azuremodel/vmscaleset.go index 0387abd93e..23a4332e4a 100644 --- a/pkg/model/azuremodel/vmscaleset.go +++ b/pkg/model/azuremodel/vmscaleset.go @@ -136,7 +136,7 @@ func (b *VMScaleSetModelBuilder) buildVMScaleSetTask( return nil, fmt.Errorf("unexpected subnet type: for InstanceGroup %q; type was %s", ig.Name, subnet.Type) } - if ig.Spec.Role == kops.InstanceGroupRoleMaster && b.Cluster.Spec.API.LoadBalancer != nil { + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane && b.Cluster.Spec.API.LoadBalancer != nil { t.LoadBalancer = &azuretasks.LoadBalancer{ Name: to.StringPtr(b.NameForLoadBalancer()), } diff --git a/pkg/model/azuremodel/vmscaleset_test.go b/pkg/model/azuremodel/vmscaleset_test.go index 7c273da82f..a85ed0cc2e 100644 --- a/pkg/model/azuremodel/vmscaleset_test.go +++ b/pkg/model/azuremodel/vmscaleset_test.go @@ -84,7 +84,7 @@ func TestGetCapacity(t *testing.T) { }{ { spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, MinSize: fi.PtrTo(int32(3)), MaxSize: fi.PtrTo(int32(3)), }, @@ -93,7 +93,7 @@ func TestGetCapacity(t *testing.T) { }, { spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, }, success: true, capacity: 1, @@ -107,7 +107,7 @@ func TestGetCapacity(t *testing.T) { }, { spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, MinSize: fi.PtrTo(int32(1)), MaxSize: fi.PtrTo(int32(2)), }, @@ -167,7 +167,7 @@ func TestGetStorageProfile(t *testing.T) { { spec: kops.InstanceGroupSpec{ Image: "Canonical:UbuntuServer:18.04-LTS:latest", - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, }, profile: &compute.VirtualMachineScaleSetStorageProfile{ ImageReference: &compute.ImageReference{ diff --git a/pkg/model/bootstrapscript.go b/pkg/model/bootstrapscript.go index 90034e66e5..6a1236144f 100644 --- a/pkg/model/bootstrapscript.go +++ b/pkg/model/bootstrapscript.go @@ -183,7 +183,7 @@ func (b *BootstrapScript) buildEnvironmentVariables(cluster *kops.Cluster) (map[ } } - if cluster.Spec.GetCloudProvider() == kops.CloudProviderHetzner && (b.ig.IsMaster() || cluster.IsGossip()) { + if cluster.Spec.GetCloudProvider() == kops.CloudProviderHetzner && (b.ig.IsControlPlane() || cluster.IsGossip()) { hcloudToken := os.Getenv("HCLOUD_TOKEN") if hcloudToken != "" { env["HCLOUD_TOKEN"] = hcloudToken @@ -307,7 +307,7 @@ func (b *BootstrapScriptBuilder) ResourceNodeUp(c *fi.ModelBuilderContext, ig *k c.AddTask(&fitasks.ManagedFile{ Name: fi.PtrTo("nodeupconfig-" + ig.Name), Lifecycle: b.Lifecycle, - Location: fi.PtrTo("igconfig/" + strings.ToLower(string(ig.Spec.Role)) + "/" + ig.Name + "/nodeupconfig.yaml"), + Location: fi.PtrTo("igconfig/" + ig.Spec.Role.ToLowerString() + "/" + ig.Name + "/nodeupconfig.yaml"), Contents: &task.nodeupConfig, }) return &task.resource, nil @@ -390,7 +390,7 @@ func (b *BootstrapScript) Run(c *fi.Context) error { } } - if b.ig.IsMaster() { + if b.ig.IsControlPlane() { spec["encryptionConfig"] = cs.EncryptionConfig spec["etcdClusters"] = make(map[string]kops.EtcdClusterSpec) spec["kubeAPIServer"] = cs.KubeAPIServer diff --git a/pkg/model/bootstrapscript_test.go b/pkg/model/bootstrapscript_test.go index 7dfc843fb1..626b6a494b 100644 --- a/pkg/model/bootstrapscript_test.go +++ b/pkg/model/bootstrapscript_test.go @@ -85,28 +85,28 @@ func TestBootstrapUserData(t *testing.T) { FileAssetSpecRoles []kops.InstanceGroupRole }{ { - Role: "Master", + Role: "ControlPlane", ExpectedFileIndex: 0, HookSpecRoles: []kops.InstanceGroupRole{""}, FileAssetSpecRoles: []kops.InstanceGroupRole{""}, }, { - Role: "Master", + Role: "ControlPlane", ExpectedFileIndex: 0, HookSpecRoles: []kops.InstanceGroupRole{"Node"}, FileAssetSpecRoles: []kops.InstanceGroupRole{"Node"}, }, { - Role: "Master", + Role: "ControlPlane", ExpectedFileIndex: 1, - HookSpecRoles: []kops.InstanceGroupRole{"Master"}, - FileAssetSpecRoles: []kops.InstanceGroupRole{"Master"}, + HookSpecRoles: []kops.InstanceGroupRole{"ControlPlane"}, + FileAssetSpecRoles: []kops.InstanceGroupRole{"ControlPlane"}, }, { - Role: "Master", + Role: "ControlPlane", ExpectedFileIndex: 2, - HookSpecRoles: []kops.InstanceGroupRole{"Master", "Node"}, - FileAssetSpecRoles: []kops.InstanceGroupRole{"Master", "Node"}, + HookSpecRoles: []kops.InstanceGroupRole{"ControlPlane", "Node"}, + FileAssetSpecRoles: []kops.InstanceGroupRole{"ControlPlane", "Node"}, }, { Role: "Node", @@ -123,14 +123,14 @@ func TestBootstrapUserData(t *testing.T) { { Role: "Node", ExpectedFileIndex: 3, - HookSpecRoles: []kops.InstanceGroupRole{"Master"}, - FileAssetSpecRoles: []kops.InstanceGroupRole{"Master"}, + HookSpecRoles: []kops.InstanceGroupRole{"ControlPlane"}, + FileAssetSpecRoles: []kops.InstanceGroupRole{"ControlPlane"}, }, { Role: "Node", ExpectedFileIndex: 5, - HookSpecRoles: []kops.InstanceGroupRole{"Master", "Node"}, - FileAssetSpecRoles: []kops.InstanceGroupRole{"Master", "Node"}, + HookSpecRoles: []kops.InstanceGroupRole{"ControlPlane", "Node"}, + FileAssetSpecRoles: []kops.InstanceGroupRole{"ControlPlane", "Node"}, }, } diff --git a/pkg/model/components/apiserver.go b/pkg/model/components/apiserver.go index 1f57406b6b..1156e02974 100644 --- a/pkg/model/components/apiserver.go +++ b/pkg/model/components/apiserver.go @@ -201,7 +201,7 @@ func (b *KubeAPIServerOptionsBuilder) buildAPIServerCount(clusterSpec *kops.Clus //count := 0 //for _, ig := range b.InstanceGroups { - // if !ig.IsMaster() { + // if !ig.IsControlPlane() { // continue // } // size := fi.ValueOf(ig.Spec.MaxSize) diff --git a/pkg/model/components/context.go b/pkg/model/components/context.go index acb889c5a4..d7af69e3db 100644 --- a/pkg/model/components/context.go +++ b/pkg/model/components/context.go @@ -28,7 +28,6 @@ import ( "k8s.io/kops/pkg/assets" "k8s.io/kops/pkg/k8sversion" "k8s.io/kops/upup/pkg/fi" - "k8s.io/kops/upup/pkg/fi/cloudup/gce" "k8s.io/kops/util/pkg/vfs" "github.com/blang/semver/v4" @@ -168,11 +167,6 @@ func Image(component string, clusterSpec *kops.ClusterSpec, assetsBuilder *asset return image, nil } -// GCETagForRole returns the (network) tag for GCE instances in the given instance group role. -func GCETagForRole(clusterName string, role kops.InstanceGroupRole) string { - return gce.SafeClusterName(clusterName) + "-" + gce.GceLabelNameRolePrefix + strings.ToLower(string(role)) -} - // IsCertManagerEnabled returns true if the cluster has the capability to handle cert-manager PKI func IsCertManagerEnabled(cluster *kops.Cluster) bool { return cluster.Spec.CertManager != nil && fi.ValueOf(cluster.Spec.CertManager.Enabled) diff --git a/pkg/model/components/etcdmanager/model.go b/pkg/model/components/etcdmanager/model.go index 9e7e709a3d..6f21d44e8e 100644 --- a/pkg/model/components/etcdmanager/model.go +++ b/pkg/model/components/etcdmanager/model.go @@ -383,7 +383,7 @@ func (b *EtcdManagerBuilder) buildPod(etcdCluster kops.EtcdClusterSpec, instance config.VolumeTag = []string{ fmt.Sprintf("kubernetes.io/cluster/%s=owned", b.Cluster.Name), awsup.TagNameEtcdClusterPrefix + etcdCluster.Name, - awsup.TagNameRolePrefix + "master=1", + awsup.TagNameRolePrefix + "control-plane=1", } config.VolumeNameTag = awsup.TagNameEtcdClusterPrefix + etcdCluster.Name @@ -395,7 +395,7 @@ func (b *EtcdManagerBuilder) buildPod(etcdCluster kops.EtcdClusterSpec, instance // allowed as a tag key in Azure. fmt.Sprintf("kubernetes.io_cluster_%s=owned", b.Cluster.Name), azure.TagNameEtcdClusterPrefix + etcdCluster.Name, - azure.TagNameRolePrefix + "master=1", + azure.TagNameRolePrefix + "control_plane=1", } config.VolumeNameTag = azure.TagNameEtcdClusterPrefix + etcdCluster.Name @@ -435,7 +435,7 @@ func (b *EtcdManagerBuilder) buildPod(etcdCluster kops.EtcdClusterSpec, instance config.VolumeTag = []string{ openstack.TagNameEtcdClusterPrefix + etcdCluster.Name, - openstack.TagNameRolePrefix + "master=1", + openstack.TagNameRolePrefix + "control-plane=1", fmt.Sprintf("%s=%s", openstack.TagClusterName, b.Cluster.Name), } config.VolumeNameTag = openstack.TagNameEtcdClusterPrefix + etcdCluster.Name diff --git a/pkg/model/components/kubeapiserver/model.go b/pkg/model/components/kubeapiserver/model.go index c7df572689..6175bae0ee 100644 --- a/pkg/model/components/kubeapiserver/model.go +++ b/pkg/model/components/kubeapiserver/model.go @@ -64,7 +64,7 @@ func (b *KubeApiserverBuilder) Build(c *fi.ModelBuilderContext) error { b.AssetBuilder.StaticManifests = append(b.AssetBuilder.StaticManifests, &assets.StaticManifest{ Key: key, Path: location, - Roles: []kops.InstanceGroupRole{kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleAPIServer}, + Roles: []kops.InstanceGroupRole{kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleAPIServer}, }) return nil } diff --git a/pkg/model/components/kubescheduler/model.go b/pkg/model/components/kubescheduler/model.go index f4df8e65eb..73aa5a6a76 100644 --- a/pkg/model/components/kubescheduler/model.go +++ b/pkg/model/components/kubescheduler/model.go @@ -59,7 +59,7 @@ func (b *KubeSchedulerBuilder) Build(c *fi.ModelBuilderContext) error { b.AssetBuilder.StaticFiles = append(b.AssetBuilder.StaticFiles, &assets.StaticFile{ Path: KubeSchedulerConfigPath, Content: string(configYAML), - Roles: []kops.InstanceGroupRole{kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleAPIServer}, + Roles: []kops.InstanceGroupRole{kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleAPIServer}, }) return nil } diff --git a/pkg/model/context.go b/pkg/model/context.go index 40892465f5..f9c391f087 100644 --- a/pkg/model/context.go +++ b/pkg/model/context.go @@ -113,7 +113,7 @@ func (b *KopsModelContext) FindZonesForInstanceGroup(ig *kops.InstanceGroup) ([] func (b *KopsModelContext) MasterInstanceGroups() []*kops.InstanceGroup { var groups []*kops.InstanceGroup for _, ig := range b.InstanceGroups { - if !ig.IsMaster() { + if !ig.IsControlPlane() { continue } groups = append(groups, ig) @@ -168,8 +168,9 @@ func (b *KopsModelContext) CloudTagsForInstanceGroup(ig *kops.InstanceGroup) (ma // The system tags take priority because the cluster likely breaks without them... - if ig.Spec.Role == kops.InstanceGroupRoleMaster { - labels[awstasks.CloudTagInstanceGroupRolePrefix+strings.ToLower(string(kops.InstanceGroupRoleMaster))] = "1" + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane { + labels[awstasks.CloudTagInstanceGroupRolePrefix+"master"] = "1" + labels[awstasks.CloudTagInstanceGroupRolePrefix+kops.InstanceGroupRoleControlPlane.ToLowerString()] = "1" } if ig.Spec.Role == kops.InstanceGroupRoleAPIServer { @@ -342,7 +343,7 @@ func (b *KopsModelContext) IsIPv6Only() bool { func (b *KopsModelContext) UseIPv6ForAPI() bool { for _, ig := range b.InstanceGroups { - if ig.Spec.Role != kops.InstanceGroupRoleMaster && ig.Spec.Role != kops.InstanceGroupRoleAPIServer { + if ig.Spec.Role != kops.InstanceGroupRoleControlPlane && ig.Spec.Role != kops.InstanceGroupRoleAPIServer { break } for _, igSubnetName := range ig.Spec.Subnets { diff --git a/pkg/model/defaults/volumes.go b/pkg/model/defaults/volumes.go index 6606cabcee..02edb8e54f 100644 --- a/pkg/model/defaults/volumes.go +++ b/pkg/model/defaults/volumes.go @@ -34,7 +34,7 @@ const ( // DefaultInstanceGroupVolumeSize returns the default volume size for nodes in an InstanceGroup with the specified role func DefaultInstanceGroupVolumeSize(role kops.InstanceGroupRole) (int32, error) { switch role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return DefaultVolumeSizeMaster, nil case kops.InstanceGroupRoleAPIServer: return DefaultVolumeSizeNode, nil diff --git a/pkg/model/domodel/droplets.go b/pkg/model/domodel/droplets.go index 732cc9806b..df0cd09ea3 100644 --- a/pkg/model/domodel/droplets.go +++ b/pkg/model/domodel/droplets.go @@ -69,7 +69,7 @@ func (d *DropletBuilder) Build(c *fi.ModelBuilderContext) error { Tags: []string{clusterTag}, } - if ig.IsMaster() { + if ig.IsControlPlane() { masterIndexCount++ // create tag based on etcd name. etcd name is now prefixed with etcd- // Ref: https://github.com/kubernetes/kops/commit/31f8cbd571964f19d3c31024ddba918998d29929 diff --git a/pkg/model/gcemodel/api_loadbalancer.go b/pkg/model/gcemodel/api_loadbalancer.go index 7d1fe26b9a..484e386255 100644 --- a/pkg/model/gcemodel/api_loadbalancer.go +++ b/pkg/model/gcemodel/api_loadbalancer.go @@ -92,7 +92,7 @@ func createPublicLB(b *APILoadBalancerBuilder, c *fi.ModelBuilderContext) error Lifecycle: b.Lifecycle, Network: network, SourceRanges: b.Cluster.Spec.API.Access, - TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, + TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)}, Allowed: []string{"tcp:443"}, }) } @@ -113,7 +113,7 @@ func createInternalLB(b *APILoadBalancerBuilder, c *fi.ModelBuilderContext) erro c.AddTask(hc) var igms []*gcetasks.InstanceGroupManager for _, ig := range b.InstanceGroups { - if ig.Spec.Role != kops.InstanceGroupRoleMaster { + if ig.Spec.Role != kops.InstanceGroupRoleControlPlane { continue } if len(ig.Spec.Zones) > 1 { diff --git a/pkg/model/gcemodel/autoscalinggroup.go b/pkg/model/gcemodel/autoscalinggroup.go index 648246465f..81fe5b93a6 100644 --- a/pkg/model/gcemodel/autoscalinggroup.go +++ b/pkg/model/gcemodel/autoscalinggroup.go @@ -133,21 +133,25 @@ func (b *AutoscalingGroupModelBuilder) buildInstanceTemplate(c *fi.ModelBuilderC } switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: // Grant DNS permissions // TODO: migrate to IAM permissions instead of oldschool scopes? t.Scopes = append(t.Scopes, "https://www.googleapis.com/auth/ndev.clouddns.readwrite") - t.Tags = append(t.Tags, b.GCETagForRole(kops.InstanceGroupRoleMaster)) + t.Tags = append(t.Tags, b.GCETagForRole(kops.InstanceGroupRoleControlPlane)) + t.Tags = append(t.Tags, b.GCETagForRole("master")) case kops.InstanceGroupRoleNode: t.Tags = append(t.Tags, b.GCETagForRole(kops.InstanceGroupRoleNode)) } - roleLabel := gce.GceLabelNameRolePrefix + gce.EncodeGCELabel(strings.ToLower(string(ig.Spec.Role))) + roleLabel := gce.GceLabelNameRolePrefix + ig.Spec.Role.ToLowerString() t.Labels = map[string]string{ gce.GceLabelNameKubernetesCluster: gce.SafeClusterName(b.ClusterName()), roleLabel: "", gce.GceLabelNameInstanceGroup: ig.ObjectMeta.Name, } + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane { + t.Labels[gce.GceLabelNameRolePrefix+"master"] = "" + } if gce.UsesIPAliases(b.Cluster) { t.CanIPForward = fi.PtrTo(false) @@ -273,7 +277,7 @@ func (b *AutoscalingGroupModelBuilder) Build(c *fi.ModelBuilderContext) error { // Attach masters to load balancer if we're using one switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: if b.UseLoadBalancerForAPI() { lbSpec := b.Cluster.Spec.API.LoadBalancer if lbSpec != nil { diff --git a/pkg/model/gcemodel/context.go b/pkg/model/gcemodel/context.go index d4ad86566c..98442c3dfa 100644 --- a/pkg/model/gcemodel/context.go +++ b/pkg/model/gcemodel/context.go @@ -156,7 +156,7 @@ func (c *GCEModelContext) LinkToServiceAccount(ig *kops.InstanceGroup) *gcetasks name := "" switch role { - case kops.InstanceGroupRoleAPIServer, kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleAPIServer, kops.InstanceGroupRoleControlPlane: name = gce.ControlPlane case kops.InstanceGroupRoleBastion: diff --git a/pkg/model/gcemodel/external_access.go b/pkg/model/gcemodel/external_access.go index b247ea0a88..5c870f9671 100644 --- a/pkg/model/gcemodel/external_access.go +++ b/pkg/model/gcemodel/external_access.go @@ -55,7 +55,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error { } b.AddFirewallRulesTasks(c, "ssh-external-to-master", &gcetasks.FirewallRule{ Lifecycle: b.Lifecycle, - TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, + TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")}, Allowed: []string{"tcp:22"}, SourceRanges: b.Cluster.Spec.SSHAccess, Network: network, @@ -107,7 +107,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error { } b.AddFirewallRulesTasks(c, "kubernetes-master-https", &gcetasks.FirewallRule{ Lifecycle: b.Lifecycle, - TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, + TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")}, Allowed: []string{"tcp:443"}, SourceRanges: b.Cluster.Spec.API.Access, Network: network, diff --git a/pkg/model/gcemodel/firewall.go b/pkg/model/gcemodel/firewall.go index a69ab1775d..de27d4bfee 100644 --- a/pkg/model/gcemodel/firewall.go +++ b/pkg/model/gcemodel/firewall.go @@ -72,8 +72,8 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error { Name: s(b.NameForFirewallRule("master-to-master")), Lifecycle: b.Lifecycle, Network: network, - SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, - TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, + SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")}, + TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")}, Allowed: allProtocols, } c.AddTask(t) @@ -89,7 +89,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error { Name: s(b.NameForFirewallRule("master-to-node")), Lifecycle: b.Lifecycle, Network: network, - SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, + SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")}, TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleNode)}, Allowed: allProtocols, } @@ -107,7 +107,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error { Lifecycle: b.Lifecycle, Network: network, SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleNode)}, - TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)}, + TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")}, Allowed: []string{ fmt.Sprintf("tcp:%d", wellknownports.KubeAPIServer), fmt.Sprintf("tcp:%d", wellknownports.KopsControllerPort), diff --git a/pkg/model/gcemodel/service_accounts.go b/pkg/model/gcemodel/service_accounts.go index 96f457ff99..32395c5dd2 100644 --- a/pkg/model/gcemodel/service_accounts.go +++ b/pkg/model/gcemodel/service_accounts.go @@ -65,7 +65,7 @@ func (b *ServiceAccountsBuilder) Build(c *fi.ModelBuilderContext) error { Lifecycle: b.Lifecycle, } switch ig.Spec.Role { - case kops.InstanceGroupRoleAPIServer, kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleAPIServer, kops.InstanceGroupRoleControlPlane: serviceAccount.Description = fi.PtrTo("kubernetes control-plane instances") case kops.InstanceGroupRoleNode: serviceAccount.Description = fi.PtrTo("kubernetes worker nodes") @@ -79,7 +79,7 @@ func (b *ServiceAccountsBuilder) Build(c *fi.ModelBuilderContext) error { role := ig.Spec.Role if role == kops.InstanceGroupRoleAPIServer { // Because these share a serviceaccount, we share a role - role = kops.InstanceGroupRoleMaster + role = kops.InstanceGroupRoleControlPlane } if err := b.addInstanceGroupServiceAccountPermissions(c, *serviceAccount.Email, role); err != nil { @@ -98,7 +98,7 @@ func (b *ServiceAccountsBuilder) addInstanceGroupServiceAccountPermissions(c *fi // If we can find a solution, we can easily switch to a custom role. switch role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: // We reuse the GKE role c.AddTask(&gcetasks.ProjectIAMBinding{ Name: s("serviceaccount-control-plane"), diff --git a/pkg/model/gcemodel/storageacl.go b/pkg/model/gcemodel/storageacl.go index 0222d9bc3d..7f73d7c34a 100644 --- a/pkg/model/gcemodel/storageacl.go +++ b/pkg/model/gcemodel/storageacl.go @@ -76,7 +76,7 @@ func (b *StorageAclBuilder) Build(c *fi.ModelBuilderContext) error { } klog.Warningf("we need to split master / node roles") - nodeRole, err := iam.BuildNodeRoleSubject(kops.InstanceGroupRoleMaster, false) + nodeRole, err := iam.BuildNodeRoleSubject(kops.InstanceGroupRoleControlPlane, false) if err != nil { return err } diff --git a/pkg/model/hetznermodel/firewall.go b/pkg/model/hetznermodel/firewall.go index b3c4674274..2331f1ec82 100644 --- a/pkg/model/hetznermodel/firewall.go +++ b/pkg/model/hetznermodel/firewall.go @@ -47,7 +47,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error { } controlPlaneLabelSelector := []string{ fmt.Sprintf("%s=%s", hetzner.TagKubernetesClusterName, b.ClusterName()), - fmt.Sprintf("%s=%s", hetzner.TagKubernetesInstanceRole, string(kops.InstanceGroupRoleMaster)), + fmt.Sprintf("%s=%s", hetzner.TagKubernetesInstanceRole, string(kops.InstanceGroupRoleControlPlane)), } controlPlaneFirewall := &hetznertasks.Firewall{ Name: fi.PtrTo("control-plane." + b.ClusterName()), diff --git a/pkg/model/hetznermodel/loadbalancer.go b/pkg/model/hetznermodel/loadbalancer.go index f9bdb71fd5..70b8766c4f 100644 --- a/pkg/model/hetznermodel/loadbalancer.go +++ b/pkg/model/hetznermodel/loadbalancer.go @@ -39,7 +39,7 @@ var _ fi.ModelBuilder = &LoadBalancerModelBuilder{} func (b *LoadBalancerModelBuilder) Build(c *fi.ModelBuilderContext) error { controlPlaneLabelSelector := []string{ fmt.Sprintf("%s=%s", hetzner.TagKubernetesClusterName, b.ClusterName()), - fmt.Sprintf("%s=%s", hetzner.TagKubernetesInstanceRole, string(kops.InstanceGroupRoleMaster)), + fmt.Sprintf("%s=%s", hetzner.TagKubernetesInstanceRole, string(kops.InstanceGroupRoleControlPlane)), } loadbalancer := hetznertasks.LoadBalancer{ Name: fi.PtrTo("api." + b.ClusterName()), diff --git a/pkg/model/iam/subject.go b/pkg/model/iam/subject.go index e4f86ac446..2bf8aab70f 100644 --- a/pkg/model/iam/subject.go +++ b/pkg/model/iam/subject.go @@ -88,7 +88,7 @@ func (g *GenericServiceAccount) BuildAWSPolicy(*PolicyBuilder) (*Policy, error) // BuildNodeRoleSubject returns a Subject implementation for the specified InstanceGroupRole. func BuildNodeRoleSubject(igRole kops.InstanceGroupRole, enableLifecycleHookPermissions bool) (Subject, error) { switch igRole { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return &NodeRoleMaster{}, nil case kops.InstanceGroupRoleAPIServer: return &NodeRoleAPIServer{ diff --git a/pkg/model/master_volumes.go b/pkg/model/master_volumes.go index b7bc6ec9ab..893d7d3e12 100644 --- a/pkg/model/master_volumes.go +++ b/pkg/model/master_volumes.go @@ -163,7 +163,8 @@ func (b *MasterVolumeBuilder) addAWSVolume(c *fi.ModelBuilderContext, name strin // tags[awsup.TagClusterName] = b.C.cluster.Name // This is the configuration of the etcd cluster tags[awsup.TagNameEtcdClusterPrefix+etcd.Name] = m.Name + "/" + strings.Join(allMembers, ",") - // This says "only mount on a master" + // This says "only mount on a control plane node" + tags[awsup.TagNameRolePrefix+"control-plane"] = "1" tags[awsup.TagNameRolePrefix+"master"] = "1" // We always add an owned tags (these can't be shared) @@ -322,7 +323,8 @@ func (b *MasterVolumeBuilder) addOpenstackVolume(c *fi.ModelBuilderContext, name } // This is the configuration of the etcd cluster tags[openstack.TagNameEtcdClusterPrefix+etcd.Name] = m.Name + "/" + strings.Join(allMembers, ",") - // This says "only mount on a master" + // This says "only mount on a control plane node" + tags[openstack.TagNameRolePrefix+openstack.TagRoleControlPlane] = "1" tags[openstack.TagNameRolePrefix+"master"] = "1" // override zone @@ -355,8 +357,9 @@ func (b *MasterVolumeBuilder) addAzureVolume( tags := map[string]*string{ // This is the configuration of the etcd cluster. azure.TagNameEtcdClusterPrefix + etcd.Name: fi.PtrTo(m.Name + "/" + strings.Join(allMembers, ",")), - // This says "only mount on a master". - azure.TagNameRolePrefix + azure.TagRoleMaster: fi.PtrTo("1"), + // This says "only mount on a control plane node". + azure.TagNameRolePrefix + azure.TagRoleControlPlane: fi.PtrTo("1"), + azure.TagNameRolePrefix + azure.TagRoleMaster: fi.PtrTo("1"), // We always add an owned tags (these can't be shared). // Use dash (_) as a splitter. Other CSPs use slash (/), but slash is not // allowed as a tag key in Azure. diff --git a/pkg/model/names.go b/pkg/model/names.go index 5f8fe2a162..06f9d1703b 100644 --- a/pkg/model/names.go +++ b/pkg/model/names.go @@ -38,7 +38,7 @@ func (b *KopsModelContext) SecurityGroupName(role kops.InstanceGroupRole) string return "bastion." + b.ClusterName() case kops.InstanceGroupRoleNode: return "nodes." + b.ClusterName() - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleAPIServer: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleAPIServer: return "masters." + b.ClusterName() default: klog.Fatalf("unknown role: %v", role) @@ -55,7 +55,7 @@ func (b *KopsModelContext) LinkToSecurityGroup(role kops.InstanceGroupRole) *aws // AutoscalingGroupName derives the autoscaling group name for us func (b *KopsModelContext) AutoscalingGroupName(ig *kops.InstanceGroup) string { switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: // We need to keep this back-compatible, so we introduce the masters name, // though the IG name suffices for uniqueness, and with sensible naming masters // should be redundant... @@ -143,7 +143,7 @@ func (b *KopsModelContext) NameForDNSZone() string { func (b *KopsModelContext) IAMName(role kops.InstanceGroupRole) string { var rolename string switch role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: rolename = "masters." + b.ClusterName() case kops.InstanceGroupRoleAPIServer: rolename = "apiservers." + b.ClusterName() diff --git a/pkg/model/openstackmodel/firewall.go b/pkg/model/openstackmodel/firewall.go index 419f2344f6..ed95102644 100644 --- a/pkg/model/openstackmodel/firewall.go +++ b/pkg/model/openstackmodel/firewall.go @@ -87,7 +87,7 @@ func (b *FirewallModelBuilder) addDirectionalGroupRule(c *fi.ModelBuilderContext // addSSHRules - sets the ssh rules based on the presence of a bastion func (b *FirewallModelBuilder) addSSHRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) error { - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) bastionName := b.SecurityGroupName(kops.InstanceGroupRoleBastion) masterSG := sgMap[masterName] @@ -147,7 +147,7 @@ func (b *FirewallModelBuilder) addSSHRules(c *fi.ModelBuilderContext, sgMap map[ // addETCDRules - Add ETCD access rules based on which CNI might need to access __ETCD_ENDPOINTS__ func (b *FirewallModelBuilder) addETCDRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) error { - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) masterSG := sgMap[masterName] nodeSG := sgMap[nodeName] @@ -231,7 +231,7 @@ func (b *FirewallModelBuilder) addNodePortRules(c *fi.ModelBuilderContext, sgMap // addHTTPSRules - Add rules to 443 access given the presence of a loadbalancer or not func (b *FirewallModelBuilder) addHTTPSRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup, useVIPACL bool) error { - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) lbSGName := b.Cluster.Spec.API.PublicName lbSG := sgMap[lbSGName] @@ -329,7 +329,7 @@ func (b *FirewallModelBuilder) addHTTPSRules(c *fi.ModelBuilderContext, sgMap ma // addKubeletRules - Add rules to 10250 port func (b *FirewallModelBuilder) addKubeletRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) error { // TODO: This is the default port for kubelet and may be overridden - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) masterSG := sgMap[masterName] nodeSG := sgMap[nodeName] @@ -353,7 +353,7 @@ func (b *FirewallModelBuilder) addKubeletRules(c *fi.ModelBuilderContext, sgMap // addNodeExporterAndOccmRules - Allow 9100 TCP port from nodesg, allow 10258 from nodes to master - expose occm metrics func (b *FirewallModelBuilder) addNodeExporterAndOccmRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) error { - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) masterSG := sgMap[masterName] nodeSG := sgMap[nodeName] @@ -383,7 +383,7 @@ func (b *FirewallModelBuilder) addNodeExporterAndOccmRules(c *fi.ModelBuilderCon // addDNSRules - Add DNS rules for internal DNS queries func (b *FirewallModelBuilder) addDNSRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) error { - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) masterSG := sgMap[masterName] nodeSG := sgMap[nodeName] @@ -451,7 +451,7 @@ func (b *FirewallModelBuilder) addCNIRules(c *fi.ModelBuilderContext, sgMap map[ } } - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) masterSG := sgMap[masterName] nodeSG := sgMap[nodeName] @@ -502,7 +502,7 @@ func (b *FirewallModelBuilder) addCNIRules(c *fi.ModelBuilderContext, sgMap map[ // addProtokubeRules - Add rules for protokube if gossip DNS is enabled func (b *FirewallModelBuilder) addProtokubeRules(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) error { if b.Cluster.IsGossip() { - masterName := b.SecurityGroupName(kops.InstanceGroupRoleMaster) + masterName := b.SecurityGroupName(kops.InstanceGroupRoleControlPlane) nodeName := b.SecurityGroupName(kops.InstanceGroupRoleNode) masterSG := sgMap[masterName] nodeSG := sgMap[nodeName] @@ -606,7 +606,7 @@ func (b *FirewallModelBuilder) addDefaultEgress(c *fi.ModelBuilderContext, sgMap // Build - schedule security groups and security group rule tasks for Openstack func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error { - roles := []kops.InstanceGroupRole{kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleNode} + roles := []kops.InstanceGroupRole{kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleNode} if b.UsesSSHBastion() { roles = append(roles, kops.InstanceGroupRoleBastion) } @@ -640,7 +640,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error { sg.RemoveExtraRules = []string{"port=22"} } else if role == kops.InstanceGroupRoleNode { sg.RemoveExtraRules = []string{"port=22", "port=10250"} - } else if role == kops.InstanceGroupRoleMaster { + } else if role == kops.InstanceGroupRoleControlPlane { sg.RemoveExtraRules = []string{"port=22", "port=443", "port=10250"} } c.AddTask(sg) diff --git a/pkg/model/openstackmodel/servergroup.go b/pkg/model/openstackmodel/servergroup.go index 42cab2d89d..0325c88461 100644 --- a/pkg/model/openstackmodel/servergroup.go +++ b/pkg/model/openstackmodel/servergroup.go @@ -105,7 +105,7 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.ModelBuilderContext, sg * securityGroupName := b.SecurityGroupName(ig.Spec.Role) securityGroups = append(securityGroups, b.LinkToSecurityGroup(securityGroupName)) - if b.Cluster.Spec.CloudProvider.Openstack.Loadbalancer == nil && ig.Spec.Role == kops.InstanceGroupRoleMaster { + if b.Cluster.Spec.CloudProvider.Openstack.Loadbalancer == nil && ig.Spec.Role == kops.InstanceGroupRoleControlPlane { securityGroups = append(securityGroups, b.LinkToSecurityGroup(b.Cluster.Spec.API.PublicName)) } @@ -204,7 +204,7 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.ModelBuilderContext, sg * } c.AddTask(t) instanceTask.FloatingIP = t - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: if b.Cluster.Spec.Topology == nil || b.Cluster.Spec.Topology.ControlPlane != kops.TopologyPrivate { t := &openstacktasks.FloatingIP{ @@ -264,7 +264,7 @@ func (b *ServerGroupModelBuilder) Build(c *fi.ModelBuilderContext) error { return err } - if ig.Spec.Role == kops.InstanceGroupRoleMaster { + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane { masters = append(masters, sgTask) } } diff --git a/pkg/model/openstackmodel/servergroup_test.go b/pkg/model/openstackmodel/servergroup_test.go index e986f1db2f..77cba02f73 100644 --- a/pkg/model/openstackmodel/servergroup_test.go +++ b/pkg/model/openstackmodel/servergroup_test.go @@ -77,7 +77,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image-master", MinSize: i32(1), MaxSize: i32(1), @@ -144,7 +144,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -233,7 +233,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-a", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -261,7 +261,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-b", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -289,7 +289,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-c", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -349,7 +349,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image-master", MinSize: i32(1), MaxSize: i32(1), @@ -424,7 +424,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-a", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -452,7 +452,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-b", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -480,7 +480,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-c", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -545,7 +545,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-a", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -573,7 +573,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-b", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -601,7 +601,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master-c", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), @@ -669,7 +669,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(3), MaxSize: i32(3), @@ -745,7 +745,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image-master", MinSize: i32(1), MaxSize: i32(1), @@ -811,7 +811,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput { Name: "master", }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Image: "image", MinSize: i32(1), MaxSize: i32(1), diff --git a/pkg/nodeidentity/hetzner/identify.go b/pkg/nodeidentity/hetzner/identify.go index b3dbef9bc2..4180130ae5 100644 --- a/pkg/nodeidentity/hetzner/identify.go +++ b/pkg/nodeidentity/hetzner/identify.go @@ -99,7 +99,7 @@ func (i *nodeIdentifier) IdentifyNode(ctx context.Context, node *corev1.Node) (* for key, value := range server.Labels { if key == hetzner.TagKubernetesInstanceRole { switch kops.InstanceGroupRole(value) { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: labels[nodelabels.RoleLabelControlPlane20] = "" case kops.InstanceGroupRoleNode: labels[nodelabels.RoleLabelNode16] = "" diff --git a/pkg/nodelabels/builder.go b/pkg/nodelabels/builder.go index 8bf1aebb46..cb91c1e17e 100644 --- a/pkg/nodelabels/builder.go +++ b/pkg/nodelabels/builder.go @@ -38,7 +38,7 @@ const ( // BuildNodeLabels returns the node labels for the specified instance group // This moved from the kubelet to a central controller in kubernetes 1.16 func BuildNodeLabels(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) map[string]string { - isControlPlane := instanceGroup.Spec.Role == kops.InstanceGroupRoleMaster + isControlPlane := instanceGroup.Spec.Role == kops.InstanceGroupRoleControlPlane isAPIServer := instanceGroup.Spec.Role == kops.InstanceGroupRoleAPIServer diff --git a/pkg/nodelabels/builder_test.go b/pkg/nodelabels/builder_test.go index 68fe8b1a93..4526410f2a 100644 --- a/pkg/nodelabels/builder_test.go +++ b/pkg/nodelabels/builder_test.go @@ -51,7 +51,7 @@ func TestBuildNodeLabels(t *testing.T) { }, ig: &kops.InstanceGroup{ Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, Kubelet: &kops.KubeletConfigSpec{ NodeLabels: map[string]string{ "node1": "override1", diff --git a/pkg/resources/aws/aws.go b/pkg/resources/aws/aws.go index 0f006b3207..143960bdac 100644 --- a/pkg/resources/aws/aws.go +++ b/pkg/resources/aws/aws.go @@ -541,13 +541,21 @@ func DumpInstance(op *resources.DumpOperation, r *resources.Resource) error { i.PrivateAddresses = append(i.PrivateAddresses, *ec2Instance.PrivateIpAddress) } } + isControlPlane := false for _, tag := range ec2Instance.Tags { key := aws.StringValue(tag.Key) if !strings.HasPrefix(key, awsup.TagNameRolePrefix) { continue } role := strings.TrimPrefix(key, awsup.TagNameRolePrefix) - i.Roles = append(i.Roles, role) + if role == "master" || role == "control-plane" { + isControlPlane = true + } else { + i.Roles = append(i.Roles, role) + } + } + if isControlPlane { + i.Roles = append(i.Roles, "control-plane") } imageID := aws.StringValue(ec2Instance.ImageId) diff --git a/pkg/resources/digitalocean/resources.go b/pkg/resources/digitalocean/resources.go index 62599e4ad5..619f993d82 100644 --- a/pkg/resources/digitalocean/resources.go +++ b/pkg/resources/digitalocean/resources.go @@ -370,7 +370,7 @@ func dumpDroplet(op *resources.DumpOperation, r *resources.Resource) error { } for _, tag := range droplet.Tags { if strings.HasPrefix(tag, "KubernetesCluster-Master") { - i.Roles = []string{string(kops.InstanceGroupRoleMaster)} + i.Roles = []string{string(kops.InstanceGroupRoleControlPlane)} break } } diff --git a/pkg/resources/spotinst/resources.go b/pkg/resources/spotinst/resources.go index 5f961af92f..9ff71a8422 100644 --- a/pkg/resources/spotinst/resources.go +++ b/pkg/resources/spotinst/resources.go @@ -417,7 +417,7 @@ func getGroupNameByRole(cluster *kops.Cluster, ig *kops.InstanceGroup) string { var groupName string switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: groupName = ig.ObjectMeta.Name + ".masters." + cluster.ObjectMeta.Name case kops.InstanceGroupRoleNode: groupName = ig.ObjectMeta.Name + "." + cluster.ObjectMeta.Name diff --git a/pkg/testutils/cluster.go b/pkg/testutils/cluster.go index e64d775545..69e585d21c 100644 --- a/pkg/testutils/cluster.go +++ b/pkg/testutils/cluster.go @@ -113,7 +113,7 @@ func BuildMinimalBastionInstanceGroup(name string, subnets ...string) kops.Insta func BuildMinimalMasterInstanceGroup(subnet string) kops.InstanceGroup { g := kops.InstanceGroup{} g.ObjectMeta.Name = "master-" + subnet - g.Spec.Role = kops.InstanceGroupRoleMaster + g.Spec.Role = kops.InstanceGroupRoleControlPlane g.Spec.Subnets = []string{subnet} g.Spec.Image = "ami-1234abcd" diff --git a/pkg/validation/validate_cluster.go b/pkg/validation/validate_cluster.go index 6cef03bec1..e6b403cce6 100644 --- a/pkg/validation/validate_cluster.go +++ b/pkg/validation/validate_cluster.go @@ -142,7 +142,7 @@ func (v *clusterValidatorImpl) Validate() (*ValidationCluster, error) { message := fmt.Sprintf("Validation Failed\n\n"+ "The %[1]v Kubernetes deployment has not updated the Kubernetes cluster's API DNS entry to the correct IP address."+ " The API DNS IP address is the placeholder address that kops creates: %[2]v."+ - " Please wait about 5-10 minutes for a master to start, %[1]v to launch, and DNS to propagate."+ + " Please wait about 5-10 minutes for a control plane node to start, %[1]v to launch, and DNS to propagate."+ " The protokube container and %[1]v deployment logs may contain more diagnostic information."+ " Etcd and the API DNS entries must be updated for a kops Kubernetes cluster to start.", dnsProvider, hasPlaceHolderIPAddress) validation.addError(&ValidationError{ @@ -333,7 +333,7 @@ func (v *ValidationCluster) validateNodes(cloudGroups map[string]*cloudinstances nodeInstanceGroupMapping[node.Name] = cloudGroup.InstanceGroup - role := strings.ToLower(string(cloudGroup.InstanceGroup.Spec.Role)) + role := cloudGroup.InstanceGroup.Spec.Role.ToLowerString() if role == "" { role = "node" } @@ -355,7 +355,7 @@ func (v *ValidationCluster) validateNodes(cloudGroups map[string]*cloudinstances } switch n.Role { - case "master", "apiserver", "node": + case "control-plane", "apiserver", "node": if !ready { v.addError(&ValidationError{ Kind: "Node", diff --git a/pkg/validation/validate_cluster_test.go b/pkg/validation/validate_cluster_test.go index 51cac53b30..af1e4e60f0 100644 --- a/pkg/validation/validate_cluster_test.go +++ b/pkg/validation/validate_cluster_test.go @@ -86,7 +86,7 @@ func testValidate(t *testing.T, groups map[string]*cloudinstances.CloudInstanceG Name: "master-1", }, Spec: kopsapi.InstanceGroupSpec{ - Role: kopsapi.InstanceGroupRoleMaster, + Role: kopsapi.InstanceGroupRoleControlPlane, }, }, MinSize: 1, @@ -342,7 +342,7 @@ func Test_ValidateMastersNotEnough(t *testing.T) { Name: "master-1", }, Spec: kopsapi.InstanceGroupSpec{ - Role: kopsapi.InstanceGroupRoleMaster, + Role: kopsapi.InstanceGroupRoleControlPlane, }, }, MinSize: 2, @@ -396,7 +396,7 @@ func Test_ValidateMasterNotReady(t *testing.T) { Name: "master-1", }, Spec: kopsapi.InstanceGroupSpec{ - Role: kopsapi.InstanceGroupRoleMaster, + Role: kopsapi.InstanceGroupRoleControlPlane, }, }, MinSize: 2, @@ -435,7 +435,7 @@ func Test_ValidateMasterNotReady(t *testing.T) { !assert.Equal(t, &ValidationError{ Kind: "Node", Name: "master-1b", - Message: "node \"master-1b\" of role \"master\" is not ready", + Message: "node \"master-1b\" of role \"control-plane\" is not ready", InstanceGroup: groups["node-1"].InstanceGroup, }, v.Failures[0]) { printDebug(t, v) @@ -450,7 +450,7 @@ func Test_ValidateMasterStaticPods(t *testing.T) { Name: "master-1", }, Spec: kopsapi.InstanceGroupSpec{ - Role: kopsapi.InstanceGroupRoleMaster, + Role: kopsapi.InstanceGroupRoleControlPlane, }, }, MinSize: 1, @@ -523,7 +523,7 @@ func Test_ValidateMasterStaticPods(t *testing.T) { { Kind: "Node", Name: "master-1c", - Message: "node \"master-1c\" of role \"master\" is not ready", + Message: "node \"master-1c\" of role \"control-plane\" is not ready", InstanceGroup: groups["node-1"].InstanceGroup, }, } diff --git a/tests/e2e/pkg/tester/tester.go b/tests/e2e/pkg/tester/tester.go index eea09d9c74..f52fcba8e0 100644 --- a/tests/e2e/pkg/tester/tester.go +++ b/tests/e2e/pkg/tester/tester.go @@ -327,7 +327,7 @@ func (t *Tester) getSchedulableZones() ([]string, error) { var schedulable []*api.InstanceGroup for _, ig := range igs { - if unversioned.InstanceGroupRole(ig.Spec.Role) == unversioned.InstanceGroupRoleMaster { + if unversioned.InstanceGroupRole(ig.Spec.Role) == unversioned.InstanceGroupRoleControlPlane { continue } if unversioned.InstanceGroupRole(ig.Spec.Role) == unversioned.InstanceGroupRoleAPIServer { diff --git a/tests/integration/conversion/aws/v1alpha2.yaml b/tests/integration/conversion/aws/v1alpha2.yaml index bd0b2b49d5..8580ad452a 100644 --- a/tests/integration/conversion/aws/v1alpha2.yaml +++ b/tests/integration/conversion/aws/v1alpha2.yaml @@ -5,6 +5,9 @@ metadata: name: minimal.example.com spec: DisableSubnetTags: true + additionalPolicies: + master: '[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ], "Effect": "Allow" + } ]' additionalSans: - proxy.api.minimal.example.com addons: @@ -34,12 +37,17 @@ spec: name: events externalDns: disable: true + externalPolicies: + master: + - arn:aws-test:iam::123456789000:policy/test-policy hooks: - disabled: true name: hookDisabled - name: hookDefault - disabled: false name: hookEnabled + roles: + - Master iam: legacy: false kubernetesApiAccess: diff --git a/tests/integration/conversion/aws/v1alpha3.yaml b/tests/integration/conversion/aws/v1alpha3.yaml index a31637ba6b..75c5627b1e 100644 --- a/tests/integration/conversion/aws/v1alpha3.yaml +++ b/tests/integration/conversion/aws/v1alpha3.yaml @@ -4,6 +4,9 @@ metadata: creationTimestamp: "2016-12-10T22:42:27Z" name: minimal.example.com spec: + additionalPolicies: + control-plane: '[ { "Action": [ "s3:GetObject" ], "Resource": [ "*" ], "Effect": + "Allow" } ]' addons: - manifest: s3://somebucket/example.yaml api: @@ -37,12 +40,17 @@ spec: name: events externalDNS: provider: none + externalPolicies: + control-plane: + - arn:aws-test:iam::123456789000:policy/test-policy hooks: - enabled: false name: hookDisabled - name: hookDefault - enabled: true name: hookEnabled + roles: + - ControlPlane iam: {} kubernetesVersion: v1.21.0 networkCIDR: 172.20.0.0/16 @@ -96,6 +104,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/azure/v1alpha3.yaml b/tests/integration/conversion/azure/v1alpha3.yaml index 66b0a2aeed..f56754e629 100644 --- a/tests/integration/conversion/azure/v1alpha3.yaml +++ b/tests/integration/conversion/azure/v1alpha3.yaml @@ -89,6 +89,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/canal/v1alpha3.yaml b/tests/integration/conversion/canal/v1alpha3.yaml index 35e1d4951f..a627f82330 100644 --- a/tests/integration/conversion/canal/v1alpha3.yaml +++ b/tests/integration/conversion/canal/v1alpha3.yaml @@ -85,6 +85,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/cilium/v1alpha3.yaml b/tests/integration/conversion/cilium/v1alpha3.yaml index 8d05ce776d..598e289edb 100644 --- a/tests/integration/conversion/cilium/v1alpha3.yaml +++ b/tests/integration/conversion/cilium/v1alpha3.yaml @@ -86,6 +86,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/do/v1alpha3.yaml b/tests/integration/conversion/do/v1alpha3.yaml index 519840499c..76bc225c3c 100644 --- a/tests/integration/conversion/do/v1alpha3.yaml +++ b/tests/integration/conversion/do/v1alpha3.yaml @@ -83,6 +83,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/gce/v1alpha3.yaml b/tests/integration/conversion/gce/v1alpha3.yaml index c16c810f6a..318ba28667 100644 --- a/tests/integration/conversion/gce/v1alpha3.yaml +++ b/tests/integration/conversion/gce/v1alpha3.yaml @@ -84,6 +84,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/minimal/v1alpha3.yaml b/tests/integration/conversion/minimal/v1alpha3.yaml index 7014b950b1..3431bf2678 100644 --- a/tests/integration/conversion/minimal/v1alpha3.yaml +++ b/tests/integration/conversion/minimal/v1alpha3.yaml @@ -84,6 +84,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/tests/integration/conversion/openstack/v1alpha3.yaml b/tests/integration/conversion/openstack/v1alpha3.yaml index a769995f13..6ff8b2f4a9 100644 --- a/tests/integration/conversion/openstack/v1alpha3.yaml +++ b/tests/integration/conversion/openstack/v1alpha3.yaml @@ -98,6 +98,6 @@ spec: machineType: m3.medium maxSize: 1 minSize: 1 - role: Master + role: ControlPlane subnets: - us-test-1a diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go index cf6ee5ab40..6d8bff93c4 100644 --- a/upup/pkg/fi/cloudup/apply_cluster.go +++ b/upup/pkg/fi/cloudup/apply_cluster.go @@ -1206,7 +1206,7 @@ func newNodeUpConfigBuilder(cluster *kops.Cluster, assetBuilder *assets.AssetBui } for _, role := range kops.AllInstanceGroupRoles { - isMaster := role == kops.InstanceGroupRoleMaster + isMaster := role == kops.InstanceGroupRoleControlPlane isAPIServer := role == kops.InstanceGroupRoleAPIServer images[role] = make(map[architectures.Architecture][]*nodeup.Image) @@ -1333,7 +1333,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit } useGossip := cluster.IsGossip() - isMaster := role == kops.InstanceGroupRoleMaster + isMaster := role == kops.InstanceGroupRoleControlPlane hasAPIServer := isMaster || role == kops.InstanceGroupRoleAPIServer config, bootConfig := nodeup.NewConfig(cluster, ig) @@ -1574,7 +1574,7 @@ func (n *nodeUpConfigBuilder) buildContainerdConfig(ig *kops.InstanceGroup) *kop // buildWarmPoolImages returns a list of container images that should be pre-pulled during instance pre-initialization func (n *nodeUpConfigBuilder) buildWarmPoolImages(ig *kops.InstanceGroup) []string { - if ig == nil || ig.Spec.Role == kops.InstanceGroupRoleMaster { + if ig == nil || ig.Spec.Role == kops.InstanceGroupRoleControlPlane { return nil } diff --git a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go index e306a9efe7..bbd367d8fe 100644 --- a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go +++ b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go @@ -1006,6 +1006,9 @@ func (_ *AutoscalingGroup) RenderTerraform(t *terraform.TerraformTarget, a, e, c for k := range e.Tags { if strings.HasPrefix(k, CloudTagInstanceGroupRolePrefix) { suffix := strings.TrimPrefix(k, CloudTagInstanceGroupRolePrefix) + if suffix == "control-plane" { + suffix = "master" + } if role != "" && role != suffix { return fmt.Errorf("Found multiple role tags: %q vs %q", role, suffix) } diff --git a/upup/pkg/fi/cloudup/awsup/aws_cloud.go b/upup/pkg/fi/cloudup/awsup/aws_cloud.go index 22e19ebd07..eb27afa064 100644 --- a/upup/pkg/fi/cloudup/awsup/aws_cloud.go +++ b/upup/pkg/fi/cloudup/awsup/aws_cloud.go @@ -98,6 +98,7 @@ const ( TagNameEtcdClusterPrefix = "k8s.io/etcd/" ) +const TagRoleControlPlane = "control-plane" const TagRoleMaster = "master" // TagNameKopsRole is the AWS tag used to identify the role an object plays for a cluster @@ -1232,13 +1233,22 @@ func buildCloudInstance(i *autoscaling.Instance, instances map[string]*ec2.Insta func addCloudInstanceData(cm *cloudinstances.CloudInstance, instance *ec2.Instance) { cm.MachineType = aws.StringValue(instance.InstanceType) + isControlPlane := false for _, tag := range instance.Tags { key := aws.StringValue(tag.Key) if !strings.HasPrefix(key, TagNameRolePrefix) { continue } role := strings.TrimPrefix(key, TagNameRolePrefix) - cm.Roles = append(cm.Roles, role) + if role == "master" || role == "control-plane" { + isControlPlane = true + } else { + cm.Roles = append(cm.Roles, role) + cm.PrivateIP = aws.StringValue(instance.PrivateIpAddress) + } + } + if isControlPlane { + cm.Roles = append(cm.Roles, "control-plane") cm.PrivateIP = aws.StringValue(instance.PrivateIpAddress) } } @@ -2303,7 +2313,7 @@ func (c *awsCloudImplementation) DefaultInstanceType(cluster *kops.Cluster, ig * var candidates []string switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleNode, kops.InstanceGroupRoleAPIServer: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleNode, kops.InstanceGroupRoleAPIServer: // t3.medium is the cheapest instance with 4GB of mem, unlimited by default, fast and has decent network // c5.large and c4.large are a good second option in case t3.medium is not available in the AZ candidates = []string{"t3.medium", "c5.large", "c4.large", "t4g.medium"} diff --git a/upup/pkg/fi/cloudup/awsup/instancegroups.go b/upup/pkg/fi/cloudup/awsup/instancegroups.go index d0b6a4495a..59a474b8f4 100644 --- a/upup/pkg/fi/cloudup/awsup/instancegroups.go +++ b/upup/pkg/fi/cloudup/awsup/instancegroups.go @@ -29,7 +29,7 @@ func matchInstanceGroup(name string, clusterName string, instancegroups []*kops. for _, g := range instancegroups { var groupName string switch g.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: groupName = g.ObjectMeta.Name + ".masters." + clusterName case kops.InstanceGroupRoleAPIServer: groupName = g.ObjectMeta.Name + ".apiservers." + clusterName diff --git a/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go b/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go index 46bf5b22d1..180743f34f 100644 --- a/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go +++ b/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go @@ -326,7 +326,7 @@ func (c *MockAWSCloud) GetApiIngressStatus(cluster *kops.Cluster) ([]fi.ApiIngre // DefaultInstanceType determines an instance type for the specified cluster & instance group func (c *MockAWSCloud) DefaultInstanceType(cluster *kops.Cluster, ig *kops.InstanceGroup) (string, error) { switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleAPIServer: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleAPIServer: return "m3.medium", nil case kops.InstanceGroupRoleNode: return "t2.medium", nil diff --git a/upup/pkg/fi/cloudup/awsup/status.go b/upup/pkg/fi/cloudup/awsup/status.go index eeb5b91063..acd3de09c8 100644 --- a/upup/pkg/fi/cloudup/awsup/status.go +++ b/upup/pkg/fi/cloudup/awsup/status.go @@ -90,7 +90,7 @@ func findEtcdStatus(c AWSCloud, cluster *kops.Cluster) ([]kops.EtcdClusterStatus if err != nil { return nil, fmt.Errorf("error parsing etcd cluster tag %q on volume %q: %v", v, volumeID, err) } - } else if k == TagNameRolePrefix+TagRoleMaster { + } else if k == TagNameRolePrefix+TagRoleMaster || k == TagNameRolePrefix+TagRoleControlPlane { master = true } } diff --git a/upup/pkg/fi/cloudup/azure/azure_cloud.go b/upup/pkg/fi/cloudup/azure/azure_cloud.go index c808a71ec0..ffe2af0040 100644 --- a/upup/pkg/fi/cloudup/azure/azure_cloud.go +++ b/upup/pkg/fi/cloudup/azure/azure_cloud.go @@ -34,6 +34,7 @@ const ( // Use dash (_) as a splitter. Other CSPs use slash (/), but slash is not // allowed as a tag key in Azure. TagNameRolePrefix = "k8s.io_role_" + TagRoleControlPlane = "control_plane" TagRoleMaster = "master" TagNameEtcdClusterPrefix = "k8s.io_etcd_" ) @@ -221,8 +222,9 @@ func (c *azureCloudImplementation) GetApiIngressStatus(cluster *kops.Cluster) ([ var vmssName string for _, scaleSet := range scaleSets { val, ok := scaleSet.Tags[TagClusterName] - val2, ok2 := scaleSet.Tags[TagNameRolePrefix+TagRoleMaster] - if ok && *val == cluster.Name && ok2 && *val2 == "1" { + val2, ok2 := scaleSet.Tags[TagNameRolePrefix+TagRoleControlPlane] + val3, ok3 := scaleSet.Tags[TagNameRolePrefix+TagRoleMaster] + if ok && *val == cluster.Name && (ok2 && *val2 == "1" || ok3 && *val3 == "1") { vmssName = *scaleSet.Name break } diff --git a/upup/pkg/fi/cloudup/azure/status.go b/upup/pkg/fi/cloudup/azure/status.go index 54cd30cd37..d1e5ffc0f4 100644 --- a/upup/pkg/fi/cloudup/azure/status.go +++ b/upup/pkg/fi/cloudup/azure/status.go @@ -62,7 +62,7 @@ func (c *azureCloudImplementation) findEtcdStatus(disks []compute.Disk) ([]kops. master bool ) for k, v := range disk.Tags { - if k == TagNameRolePrefix+TagRoleMaster { + if k == TagNameRolePrefix+TagRoleControlPlane || k == TagNameRolePrefix+TagRoleMaster { master = true continue } @@ -208,7 +208,7 @@ func keyedByName(instancegroups []*kops.InstanceGroup, clusterName string) (map[ for _, ig := range instancegroups { var name string switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: name = ig.Name + ".masters." + clusterName case kops.InstanceGroupRoleNode, kops.InstanceGroupRoleBastion: name = ig.Name + "." + clusterName diff --git a/upup/pkg/fi/cloudup/azure/status_test.go b/upup/pkg/fi/cloudup/azure/status_test.go index 1eb9c49711..1455031530 100644 --- a/upup/pkg/fi/cloudup/azure/status_test.go +++ b/upup/pkg/fi/cloudup/azure/status_test.go @@ -81,6 +81,7 @@ func TestFindEtcdStatus(t *testing.T) { Name: to.StringPtr("d0"), Tags: map[string]*string{ TagClusterName: to.StringPtr(clusterName), + TagNameRolePrefix + TagRoleControlPlane: to.StringPtr("1"), TagNameRolePrefix + TagRoleMaster: to.StringPtr("1"), TagNameEtcdClusterPrefix + etcdClusterName: to.StringPtr("a/a,b,c"), }, @@ -89,6 +90,7 @@ func TestFindEtcdStatus(t *testing.T) { Name: to.StringPtr("d1"), Tags: map[string]*string{ TagClusterName: to.StringPtr(clusterName), + TagNameRolePrefix + TagRoleControlPlane: to.StringPtr("1"), TagNameRolePrefix + TagRoleMaster: to.StringPtr("1"), TagNameEtcdClusterPrefix + etcdClusterName: to.StringPtr("b/a,b,c"), }, @@ -97,6 +99,7 @@ func TestFindEtcdStatus(t *testing.T) { Name: to.StringPtr("d2"), Tags: map[string]*string{ TagClusterName: to.StringPtr(clusterName), + TagNameRolePrefix + TagRoleControlPlane: to.StringPtr("1"), TagNameRolePrefix + TagRoleMaster: to.StringPtr("1"), TagNameEtcdClusterPrefix + etcdClusterName: to.StringPtr("c/a,b,c"), }, @@ -228,7 +231,7 @@ func TestGetCloudGroups(t *testing.T) { Name: masterIG, }, Spec: kops.InstanceGroupSpec{ - Role: kops.InstanceGroupRoleMaster, + Role: kops.InstanceGroupRoleControlPlane, }, }, { diff --git a/upup/pkg/fi/cloudup/do/cloud.go b/upup/pkg/fi/cloudup/do/cloud.go index 8dc0ba6bb2..0ecae99f3a 100644 --- a/upup/pkg/fi/cloudup/do/cloud.go +++ b/upup/pkg/fi/cloudup/do/cloud.go @@ -42,7 +42,6 @@ import ( const ( TagKubernetesClusterIndex = "k8s-index" TagNameEtcdClusterPrefix = "etcdCluster-" - TagNameRolePrefix = "k8s.io/role/" TagKubernetesClusterNamePrefix = "KubernetesCluster" TagKubernetesClusterMasterPrefix = "KubernetesCluster-Master" TagKubernetesInstanceGroup = "kops-instancegroup" @@ -499,7 +498,7 @@ func matchInstanceGroup(name string, clusterName string, instancegroups []*kops. var groupName string switch g.Spec.Role { - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleNode: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleNode: groupName = clusterName + "-" + g.ObjectMeta.Name default: klog.Warningf("Ignoring InstanceGroup of unknown role %q", g.Spec.Role) diff --git a/upup/pkg/fi/cloudup/gce/gcediscovery/resolver.go b/upup/pkg/fi/cloudup/gce/gcediscovery/resolver.go index 5bc21417a5..b6d35ce481 100644 --- a/upup/pkg/fi/cloudup/gce/gcediscovery/resolver.go +++ b/upup/pkg/fi/cloudup/gce/gcediscovery/resolver.go @@ -230,7 +230,7 @@ func (r *Discovery) Resolve(ctx context.Context, name string) ([]string, error) var requiredTags []string // We assume we are trying to resolve a component that runs on the control plane - requiredTags = append(requiredTags, gce.TagForRole(r.clusterName, kops.InstanceGroupRoleMaster)) + requiredTags = append(requiredTags, gce.TagForRole(r.clusterName, kops.InstanceGroupRoleControlPlane)) if err := r.findInstances(ctx, func(i *compute.Instance) (bool, error) { // Make sure the instance has any required tags diff --git a/upup/pkg/fi/cloudup/gce/labels.go b/upup/pkg/fi/cloudup/gce/labels.go index 3c7e4e3ac6..823eeb1474 100644 --- a/upup/pkg/fi/cloudup/gce/labels.go +++ b/upup/pkg/fi/cloudup/gce/labels.go @@ -67,5 +67,5 @@ func DecodeGCELabel(s string) (string, error) { // TagForRole return the instance (network) tag used for instances with the given role. func TagForRole(clusterName string, role kops.InstanceGroupRole) string { - return ClusterPrefixedName(GceLabelNameRolePrefix+strings.ToLower(string(role)), clusterName, 63) + return ClusterPrefixedName(GceLabelNameRolePrefix+role.ToLowerString(), clusterName, 63) } diff --git a/upup/pkg/fi/cloudup/gce/status.go b/upup/pkg/fi/cloudup/gce/status.go index a9ef6faeec..461256ae03 100644 --- a/upup/pkg/fi/cloudup/gce/status.go +++ b/upup/pkg/fi/cloudup/gce/status.go @@ -112,7 +112,7 @@ func (c *gceCloudImplementation) findEtcdStatus(cluster *kops.Cluster) ([]kops.E etcdClusterSpec = spec } else if strings.HasPrefix(k, GceLabelNameRolePrefix) { roleName := strings.TrimPrefix(k, GceLabelNameRolePrefix) - if roleName == "master" { + if roleName == "master" || roleName == "control-plane" { master = true } } diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go index b9f55e40da..b0869c0902 100644 --- a/upup/pkg/fi/cloudup/new_cluster.go +++ b/upup/pkg/fi/cloudup/new_cluster.go @@ -441,7 +441,7 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster } // TODO: Clean up - if g.IsMaster() { + if g.IsControlPlane() { if g.Spec.MachineType == "" { g.Spec.MachineType, err = defaultMachineType(cloud, &cluster, ig) if err != nil { @@ -480,7 +480,7 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster } } - if ig.IsMaster() { + if ig.IsControlPlane() { if len(ig.Spec.Subnets) == 0 { return nil, fmt.Errorf("master InstanceGroup %s did not specify any Subnets", g.ObjectMeta.Name) } @@ -861,7 +861,7 @@ func setupMasters(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubnetMap } g := &api.InstanceGroup{} - g.Spec.Role = api.InstanceGroupRoleMaster + g.Spec.Role = api.InstanceGroupRoleControlPlane g.Spec.MinSize = fi.PtrTo(int32(1)) g.Spec.MaxSize = fi.PtrTo(int32(1)) g.ObjectMeta.Name = "master-" + name diff --git a/upup/pkg/fi/cloudup/openstack/cloud.go b/upup/pkg/fi/cloudup/openstack/cloud.go index 98c9a78825..2198e966ac 100644 --- a/upup/pkg/fi/cloudup/openstack/cloud.go +++ b/upup/pkg/fi/cloudup/openstack/cloud.go @@ -64,6 +64,7 @@ const ( TagNameEtcdClusterPrefix = "k8s.io/etcd/" TagNameRolePrefix = "k8s.io/role/" TagClusterName = "KubernetesCluster" + TagRoleControlPlane = "control-plane" TagRoleMaster = "master" TagKopsInstanceGroup = "KopsInstanceGroup" TagKopsNetwork = "KopsNetwork" @@ -726,14 +727,14 @@ func getIPIngressStatus(c OpenstackCloud, cluster *kops.Cluster) (ingresses []fi done, err := vfs.RetryWithBackoff(readBackoff, func() (bool, error) { instances, err := c.ListInstances(servers.ListOpts{}) if err != nil { - return false, fmt.Errorf("GetApiIngressStatus: Failed to list master nodes: %v", err) + return false, fmt.Errorf("GetApiIngressStatus: Failed to list control plane nodes: %v", err) } for _, instance := range instances { val, ok := instance.Metadata["k8s"] val2, ok2 := instance.Metadata["KopsRole"] if ok && val == cluster.Name && ok2 { role, success := kops.ParseInstanceGroupRole(val2, false) - if success && role == kops.InstanceGroupRoleMaster { + if success && role == kops.InstanceGroupRoleControlPlane { if cluster.Spec.Topology != nil && cluster.Spec.Topology.ControlPlane == kops.TopologyPrivate { ifName := instance.Metadata[TagKopsNetwork] address, err := GetServerFixedIP(&instance, ifName) diff --git a/upup/pkg/fi/cloudup/openstack/cloud_test.go b/upup/pkg/fi/cloudup/openstack/cloud_test.go index 30ffd996c8..77b4ed94c3 100644 --- a/upup/pkg/fi/cloudup/openstack/cloud_test.go +++ b/upup/pkg/fi/cloudup/openstack/cloud_test.go @@ -161,7 +161,7 @@ func Test_OpenstackCloud_GetApiIngressStatus(t *testing.T) { ID: "master1_no_lb_no_floating", Metadata: map[string]string{ "k8s": "cluster.k8s.local", - "KopsRole": "Master", + "KopsRole": "ControlPlane", }, Addresses: map[string]interface{}{ "1": []Address{ @@ -178,7 +178,7 @@ func Test_OpenstackCloud_GetApiIngressStatus(t *testing.T) { ID: "master2_no_lb_no_floating", Metadata: map[string]string{ "k8s": "cluster.k8s.local", - "KopsRole": "Master", + "KopsRole": "ControlPlane", }, Addresses: map[string]interface{}{ "1": []Address{ @@ -233,7 +233,7 @@ func Test_OpenstackCloud_GetApiIngressStatus(t *testing.T) { ID: "master1_no_lb_floating", Metadata: map[string]string{ "k8s": "cluster.k8s.local", - "KopsRole": "Master", + "KopsRole": "ControlPlane", }, Addresses: map[string]interface{}{ "1": []map[string]interface{}{ @@ -250,7 +250,7 @@ func Test_OpenstackCloud_GetApiIngressStatus(t *testing.T) { ID: "master2_no_lb_floating", Metadata: map[string]string{ "k8s": "cluster.k8s.local", - "KopsRole": "Master", + "KopsRole": "ControlPlane", }, Addresses: map[string]interface{}{ "1": []map[string]string{ diff --git a/upup/pkg/fi/cloudup/openstack/server_group.go b/upup/pkg/fi/cloudup/openstack/server_group.go index 6dbc174bb4..21fc72ac0f 100644 --- a/upup/pkg/fi/cloudup/openstack/server_group.go +++ b/upup/pkg/fi/cloudup/openstack/server_group.go @@ -91,7 +91,7 @@ func matchInstanceGroup(name string, clusterName string, instancegroups []*kops. var groupName string switch g.Spec.Role { - case kops.InstanceGroupRoleMaster, kops.InstanceGroupRoleNode, kops.InstanceGroupRoleBastion: + case kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleNode, kops.InstanceGroupRoleBastion: groupName = clusterName + "-" + g.ObjectMeta.Name default: klog.Warningf("Ignoring InstanceGroup of unknown role %q", g.Spec.Role) diff --git a/upup/pkg/fi/cloudup/openstack/status.go b/upup/pkg/fi/cloudup/openstack/status.go index ddd59cead6..1dc35b6a50 100644 --- a/upup/pkg/fi/cloudup/openstack/status.go +++ b/upup/pkg/fi/cloudup/openstack/status.go @@ -83,7 +83,7 @@ func findEtcdStatus(c OpenstackCloud, cluster *kops.Cluster) ([]kops.EtcdCluster if err != nil { return nil, fmt.Errorf("error parsing etcd cluster tag %q on volume %q: %v", v, volumeID, err) } - } else if k == TagNameRolePrefix+TagRoleMaster { + } else if k == TagNameRolePrefix+TagRoleControlPlane || k == TagNameRolePrefix+TagRoleMaster { master = true } } diff --git a/upup/pkg/fi/cloudup/openstack/utils.go b/upup/pkg/fi/cloudup/openstack/utils.go index 12ae409822..c5a8372fba 100644 --- a/upup/pkg/fi/cloudup/openstack/utils.go +++ b/upup/pkg/fi/cloudup/openstack/utils.go @@ -71,7 +71,7 @@ func defaultInstanceType(c OpenstackCloud, cluster *kops.Cluster, ig *kops.Insta var candidates flavorList switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: // Requirements based on awsCloudImplementation.DefaultInstanceType for _, flavor := range fList { if flavor.RAM >= 4096 && flavor.VCPUs >= 1 { diff --git a/upup/pkg/fi/cloudup/populate_instancegroup_spec.go b/upup/pkg/fi/cloudup/populate_instancegroup_spec.go index f9630e1019..c49fc83dee 100644 --- a/upup/pkg/fi/cloudup/populate_instancegroup_spec.go +++ b/upup/pkg/fi/cloudup/populate_instancegroup_spec.go @@ -79,7 +79,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup, igSpec := &ig.Spec // TODO: Clean up - if ig.IsMaster() { + if ig.IsControlPlane() { if ig.Spec.MachineType == "" { ig.Spec.MachineType, err = defaultMachineType(cloud, cluster, ig) if err != nil { @@ -146,7 +146,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup, } } - if ig.IsMaster() { + if ig.IsControlPlane() { if len(ig.Spec.Subnets) == 0 { return nil, fmt.Errorf("master InstanceGroup %s did not specify any Subnets", ig.ObjectMeta.Name) } @@ -231,7 +231,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup, var igKubeletConfig *kops.KubeletConfigSpec // Start with the cluster kubelet config - if ig.IsMaster() { + if ig.IsControlPlane() { if cluster.Spec.MasterKubelet != nil { igKubeletConfig = cluster.Spec.MasterKubelet.DeepCopy() } else { @@ -269,7 +269,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup, } { - if ig.IsMaster() { + if ig.IsControlPlane() { // (Even though the value is empty, we still expect =:) if cluster.IsKubernetesLT("1.24") { taints.Insert(nodelabels.RoleLabelMaster16 + "=:" + string(v1.TaintEffectNoSchedule)) @@ -310,7 +310,7 @@ func defaultMachineType(cloud fi.Cloud, cluster *kops.Cluster, ig *kops.Instance case kops.CloudProviderGCE: switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return defaultMasterMachineTypeGCE, nil case kops.InstanceGroupRoleNode: @@ -322,7 +322,7 @@ func defaultMachineType(cloud fi.Cloud, cluster *kops.Cluster, ig *kops.Instance case kops.CloudProviderDO: switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return defaultMasterMachineTypeDO, nil case kops.InstanceGroupRoleNode: @@ -332,7 +332,7 @@ func defaultMachineType(cloud fi.Cloud, cluster *kops.Cluster, ig *kops.Instance case kops.CloudProviderHetzner: switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return defaultMasterMachineTypeHetzner, nil case kops.InstanceGroupRoleNode: @@ -351,7 +351,7 @@ func defaultMachineType(cloud fi.Cloud, cluster *kops.Cluster, ig *kops.Instance case kops.CloudProviderAzure: switch ig.Spec.Role { - case kops.InstanceGroupRoleMaster: + case kops.InstanceGroupRoleControlPlane: return defaultMasterMachineTypeAzure, nil case kops.InstanceGroupRoleNode: diff --git a/upup/pkg/fi/cloudup/populate_instancegroup_spec_test.go b/upup/pkg/fi/cloudup/populate_instancegroup_spec_test.go index 9d8fcb1824..46c5c7565e 100644 --- a/upup/pkg/fi/cloudup/populate_instancegroup_spec_test.go +++ b/upup/pkg/fi/cloudup/populate_instancegroup_spec_test.go @@ -41,7 +41,7 @@ func buildMinimalNodeInstanceGroup(subnets ...string) *kopsapi.InstanceGroup { func buildMinimalMasterInstanceGroup(subnet string) *kopsapi.InstanceGroup { g := &kopsapi.InstanceGroup{} g.ObjectMeta.Name = "master-" + subnet - g.Spec.Role = kopsapi.InstanceGroupRoleMaster + g.Spec.Role = kopsapi.InstanceGroupRoleControlPlane g.Spec.MinSize = fi.PtrTo(int32(1)) g.Spec.MaxSize = fi.PtrTo(int32(1)) g.Spec.Image = "my-image" diff --git a/upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go b/upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go index 40e3ce8ced..e8ed8e5ece 100644 --- a/upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go +++ b/upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go @@ -1499,6 +1499,9 @@ func (_ *Elastigroup) RenderTerraform(t *terraform.TerraformTarget, a, e, change for key := range e.Tags { if strings.HasPrefix(key, awstasks.CloudTagInstanceGroupRolePrefix) { suffix := strings.TrimPrefix(key, awstasks.CloudTagInstanceGroupRolePrefix) + if suffix == "master" { + suffix = "control-plane" + } if role != "" && role != suffix { return fmt.Errorf("spotinst: found multiple role tags %q vs %q", role, suffix) } diff --git a/upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go b/upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go index fc5b1ec9b4..b855df52cd 100644 --- a/upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go +++ b/upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go @@ -918,6 +918,9 @@ func (_ *LaunchSpec) RenderTerraform(t *terraform.TerraformTarget, a, e, changes for key := range e.Ocean.Tags { if strings.HasPrefix(key, awstasks.CloudTagInstanceGroupRolePrefix) { suffix := strings.TrimPrefix(key, awstasks.CloudTagInstanceGroupRolePrefix) + if role == "master" { + role = "control-plane" + } if role != "" && role != suffix { return fmt.Errorf("spotinst: found multiple role tags %q vs %q", role, suffix) } diff --git a/upup/pkg/fi/cloudup/spotinsttasks/ocean.go b/upup/pkg/fi/cloudup/spotinsttasks/ocean.go index 5cd62928f4..7ed5a4a9b3 100644 --- a/upup/pkg/fi/cloudup/spotinsttasks/ocean.go +++ b/upup/pkg/fi/cloudup/spotinsttasks/ocean.go @@ -1079,6 +1079,9 @@ func (_ *Ocean) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *Oce for key := range e.Tags { if strings.HasPrefix(key, awstasks.CloudTagInstanceGroupRolePrefix) { suffix := strings.TrimPrefix(key, awstasks.CloudTagInstanceGroupRolePrefix) + if role == "master" { + role = "control-plane" + } if role != "" && role != suffix { return fmt.Errorf("spotinst: found multiple role tags %q vs %q", role, suffix) } diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index e2e80934bf..0a462870be 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -410,7 +410,7 @@ func (tf *TemplateFunctions) APIServerNodeRole() string { func (tf *TemplateFunctions) HasHighlyAvailableControlPlane() bool { cp := 0 for _, ig := range tf.InstanceGroups { - if ig.Spec.Role == kops.InstanceGroupRoleMaster { + if ig.Spec.Role == kops.InstanceGroupRoleControlPlane { cp++ if cp > 1 { return true diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go index aab7852380..5c8ffdd5f0 100644 --- a/upup/pkg/fi/nodeup/command.go +++ b/upup/pkg/fi/nodeup/command.go @@ -162,7 +162,7 @@ func (c *NodeUpCommand) Run(out io.Writer) error { nodeupConfigHash = sha256.Sum256([]byte(nodeConfig.NodeupConfig)) nodeupConfig.CAs[fi.CertificateIDCA] = bootConfig.ConfigServer.CACertificates } else if bootConfig.InstanceGroupName != "" { - nodeupConfigLocation := configBase.Join("igconfig", strings.ToLower(string(bootConfig.InstanceGroupRole)), bootConfig.InstanceGroupName, "nodeupconfig.yaml") + nodeupConfigLocation := configBase.Join("igconfig", bootConfig.InstanceGroupRole.ToLowerString(), bootConfig.InstanceGroupName, "nodeupconfig.yaml") b, err := nodeupConfigLocation.ReadFile() if err != nil {