From d415fdf1a130869e1d3a8ac856dbf79041a1aa10 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Thu, 14 Jan 2021 07:32:52 +0100 Subject: [PATCH] Move bastion model to awsmodel --- pkg/model/BUILD.bazel | 2 - pkg/model/awsmodel/BUILD.bazel | 1 + pkg/model/{ => awsmodel}/bastion.go | 71 ++++++++++++++-------------- pkg/model/awsmodel/spotinst.go | 2 +- upup/pkg/fi/cloudup/apply_cluster.go | 2 +- 5 files changed, 39 insertions(+), 39 deletions(-) rename pkg/model/{ => awsmodel}/bastion.go (81%) diff --git a/pkg/model/BUILD.bazel b/pkg/model/BUILD.bazel index a428c3706d..64d373a1a0 100644 --- a/pkg/model/BUILD.bazel +++ b/pkg/model/BUILD.bazel @@ -3,7 +3,6 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") go_library( name = "go_default_library", srcs = [ - "bastion.go", "bootstrapscript.go", "context.go", "convenience.go", @@ -58,7 +57,6 @@ go_library( "//vendor/github.com/blang/semver/v4:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/yaml:go_default_library", "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library", "//vendor/k8s.io/klog/v2:go_default_library", diff --git a/pkg/model/awsmodel/BUILD.bazel b/pkg/model/awsmodel/BUILD.bazel index 3c3eed576f..0432d96b3e 100644 --- a/pkg/model/awsmodel/BUILD.bazel +++ b/pkg/model/awsmodel/BUILD.bazel @@ -5,6 +5,7 @@ go_library( srcs = [ "api_loadbalancer.go", "autoscalinggroup.go", + "bastion.go", "context.go", "oidc_provider.go", "spotinst.go", diff --git a/pkg/model/bastion.go b/pkg/model/awsmodel/bastion.go similarity index 81% rename from pkg/model/bastion.go rename to pkg/model/awsmodel/bastion.go index c63413270b..1604587b80 100644 --- a/pkg/model/bastion.go +++ b/pkg/model/awsmodel/bastion.go @@ -14,13 +14,14 @@ See the License for the specific language governing permissions and limitations under the License. */ -package model +package awsmodel import ( "time" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/kops/pkg/apis/kops" + "k8s.io/kops/pkg/model" "k8s.io/kops/upup/pkg/fi" "k8s.io/kops/upup/pkg/fi/cloudup/awstasks" ) @@ -37,7 +38,7 @@ const ( // Bastion instances have access to all internal master and node instances. type BastionModelBuilder struct { - *KopsModelContext + *model.KopsModelContext Lifecycle *fi.Lifecycle SecurityLifecycle *fi.Lifecycle } @@ -78,11 +79,11 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { for _, src := range bastionGroups { // Allow traffic from bastion instances to egress freely t := &awstasks.SecurityGroupRule{ - Name: s("bastion-egress" + src.Suffix), + Name: fi.String("bastion-egress" + src.Suffix), Lifecycle: b.SecurityLifecycle, SecurityGroup: src.Task, Egress: fi.Bool(true), - CIDR: s("0.0.0.0/0"), + CIDR: fi.String("0.0.0.0/0"), } b.AddDirectionalGroupRule(c, t) } @@ -91,13 +92,13 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { // TODO: Could we get away without an ELB here? Tricky to fix if dns-controller breaks though... for _, dest := range bastionGroups { t := &awstasks.SecurityGroupRule{ - Name: s("ssh-elb-to-bastion" + dest.Suffix), + Name: fi.String("ssh-elb-to-bastion" + dest.Suffix), Lifecycle: b.SecurityLifecycle, SecurityGroup: dest.Task, SourceGroup: b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix), - Protocol: s("tcp"), - FromPort: i64(22), - ToPort: i64(22), + Protocol: fi.String("tcp"), + FromPort: fi.Int64(22), + ToPort: fi.Int64(22), } b.AddDirectionalGroupRule(c, t) } @@ -106,13 +107,13 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { for _, src := range bastionGroups { for _, dest := range masterGroups { t := &awstasks.SecurityGroupRule{ - Name: s("bastion-to-master-ssh" + JoinSuffixes(src, dest)), + Name: fi.String("bastion-to-master-ssh" + model.JoinSuffixes(src, dest)), Lifecycle: b.SecurityLifecycle, SecurityGroup: dest.Task, SourceGroup: src.Task, - Protocol: s("tcp"), - FromPort: i64(22), - ToPort: i64(22), + Protocol: fi.String("tcp"), + FromPort: fi.Int64(22), + ToPort: fi.Int64(22), } b.AddDirectionalGroupRule(c, t) } @@ -122,13 +123,13 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { for _, src := range bastionGroups { for _, dest := range nodeGroups { t := &awstasks.SecurityGroupRule{ - Name: s("bastion-to-node-ssh" + JoinSuffixes(src, dest)), + Name: fi.String("bastion-to-node-ssh" + model.JoinSuffixes(src, dest)), Lifecycle: b.SecurityLifecycle, SecurityGroup: dest.Task, SourceGroup: src.Task, - Protocol: s("tcp"), - FromPort: i64(22), - ToPort: i64(22), + Protocol: fi.String("tcp"), + FromPort: fi.Int64(22), + ToPort: fi.Int64(22), } b.AddDirectionalGroupRule(c, t) } @@ -137,11 +138,11 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { // Create security group for bastion ELB { t := &awstasks.SecurityGroup{ - Name: s(b.ELBSecurityGroupName(BastionELBSecurityGroupPrefix)), + Name: fi.String(b.ELBSecurityGroupName(BastionELBSecurityGroupPrefix)), Lifecycle: b.SecurityLifecycle, VPC: b.LinkToVPC(), - Description: s("Security group for bastion ELB"), + Description: fi.String("Security group for bastion ELB"), RemoveExtraRules: []string{"port=22"}, } t.Tags = b.CloudTags(*t.Name, false) @@ -151,12 +152,12 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { // Allow traffic from ELB to egress freely { t := &awstasks.SecurityGroupRule{ - Name: s("bastion-elb-egress"), + Name: fi.String("bastion-elb-egress"), Lifecycle: b.SecurityLifecycle, SecurityGroup: b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix), Egress: fi.Bool(true), - CIDR: s("0.0.0.0/0"), + CIDR: fi.String("0.0.0.0/0"), } b.AddDirectionalGroupRule(c, t) @@ -165,14 +166,14 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { // Allow external access to ELB for _, sshAccess := range b.Cluster.Spec.SSHAccess { t := &awstasks.SecurityGroupRule{ - Name: s("ssh-external-to-bastion-elb-" + sshAccess), + Name: fi.String("ssh-external-to-bastion-elb-" + sshAccess), Lifecycle: b.SecurityLifecycle, SecurityGroup: b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix), - Protocol: s("tcp"), - FromPort: i64(22), - ToPort: i64(22), - CIDR: s(sshAccess), + Protocol: fi.String("tcp"), + FromPort: fi.Int64(22), + ToPort: fi.Int64(22), + CIDR: fi.String(sshAccess), } b.AddDirectionalGroupRule(c, t) } @@ -217,10 +218,10 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { tags["Name"] = "bastion." + b.ClusterName() elb = &awstasks.ClassicLoadBalancer{ - Name: s("bastion." + b.ClusterName()), + Name: fi.String("bastion." + b.ClusterName()), Lifecycle: b.Lifecycle, - LoadBalancerName: s(loadBalancerName), + LoadBalancerName: fi.String(loadBalancerName), SecurityGroups: []*awstasks.SecurityGroup{ b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix), }, @@ -230,15 +231,15 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { }, HealthCheck: &awstasks.ClassicLoadBalancerHealthCheck{ - Target: s("TCP:22"), - Timeout: i64(5), - Interval: i64(10), - HealthyThreshold: i64(2), - UnhealthyThreshold: i64(2), + Target: fi.String("TCP:22"), + Timeout: fi.Int64(5), + Interval: fi.Int64(10), + HealthyThreshold: fi.Int64(2), + UnhealthyThreshold: fi.Int64(2), }, ConnectionSettings: &awstasks.ClassicLoadBalancerConnectionSettings{ - IdleTimeout: i64(int64(idleTimeout.Seconds())), + IdleTimeout: fi.Int64(int64(idleTimeout.Seconds())), }, Tags: tags, @@ -270,11 +271,11 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error { // Here we implement the bastion CNAME logic // By default bastions will create a CNAME that follows the `bastion-$clustername` formula t := &awstasks.DNSName{ - Name: s(bastionPublicName), + Name: fi.String(bastionPublicName), Lifecycle: b.Lifecycle, Zone: b.LinkToDNSZone(), - ResourceType: s("A"), + ResourceType: fi.String("A"), TargetLoadBalancer: elb, } c.AddTask(t) diff --git a/pkg/model/awsmodel/spotinst.go b/pkg/model/awsmodel/spotinst.go index 496db2fc8c..f6892b0828 100644 --- a/pkg/model/awsmodel/spotinst.go +++ b/pkg/model/awsmodel/spotinst.go @@ -277,7 +277,7 @@ func (b *SpotInstanceGroupModelBuilder) buildElastigroup(c *fi.ModelBuilderConte lb = b.LinkToCLB("api") } case kops.InstanceGroupRoleBastion: - lb = b.LinkToCLB(model.BastionELBSecurityGroupPrefix) + lb = b.LinkToCLB(BastionELBSecurityGroupPrefix) } if lb != nil { group.LoadBalancer = lb diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go index 6fce3ecac3..f8db30c893 100644 --- a/upup/pkg/fi/cloudup/apply_cluster.go +++ b/upup/pkg/fi/cloudup/apply_cluster.go @@ -539,7 +539,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error { l.Builders = append(l.Builders, &model.MasterVolumeBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle}, &awsmodel.APILoadBalancerBuilder{AWSModelContext: awsModelContext, Lifecycle: &clusterLifecycle, SecurityLifecycle: &securityLifecycle}, - &model.BastionModelBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle, SecurityLifecycle: &securityLifecycle}, + &awsmodel.BastionModelBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle, SecurityLifecycle: &securityLifecycle}, &model.DNSModelBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle}, &model.ExternalAccessModelBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle}, &model.FirewallModelBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle},