Move bastion model to awsmodel

2021-01-14 07:32:52 +01:00 · 2021-01-14 07:32:52 +01:00 · d415fdf1a1
parent 896f1740c6
commit d415fdf1a1
5 changed files with 39 additions and 39 deletions
--- a/pkg/model/BUILD.bazel
+++ b/pkg/model/BUILD.bazel
@ -3,7 +3,6 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 go_library(
    name = "go_default_library",
    srcs = [
-        "bastion.go",
        "bootstrapscript.go",
        "context.go",
        "convenience.go",
@ -58,7 +57,6 @@ go_library(
        "//vendor/github.com/blang/semver/v4:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/yaml:go_default_library",
        "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library",
        "//vendor/k8s.io/klog/v2:go_default_library",
--- a/pkg/model/awsmodel/BUILD.bazel
+++ b/pkg/model/awsmodel/BUILD.bazel
@ -5,6 +5,7 @@ go_library(
    srcs = [
        "api_loadbalancer.go",
        "autoscalinggroup.go",
+        "bastion.go",
        "context.go",
        "oidc_provider.go",
        "spotinst.go",
--- a/pkg/model/awsmodel/bastion.go
+++ b/pkg/model/awsmodel/bastion.go
@ -14,13 +14,14 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package model
+package awsmodel

 import (
 	"time"

 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/model"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
 )
@ -37,7 +38,7 @@ const (
 // Bastion instances have access to all internal master and node instances.

 type BastionModelBuilder struct {
-	*KopsModelContext
+	*model.KopsModelContext
 	Lifecycle         *fi.Lifecycle
 	SecurityLifecycle *fi.Lifecycle
 }
@ -78,11 +79,11 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	for _, src := range bastionGroups {
 		// Allow traffic from bastion instances to egress freely
 		t := &awstasks.SecurityGroupRule{
-			Name:          s("bastion-egress" + src.Suffix),
+			Name:          fi.String("bastion-egress" + src.Suffix),
 			Lifecycle:     b.SecurityLifecycle,
 			SecurityGroup: src.Task,
 			Egress:        fi.Bool(true),
-			CIDR:          s("0.0.0.0/0"),
+			CIDR:          fi.String("0.0.0.0/0"),
 		}
 		b.AddDirectionalGroupRule(c, t)
 	}
@ -91,13 +92,13 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	// TODO: Could we get away without an ELB here?  Tricky to fix if dns-controller breaks though...
 	for _, dest := range bastionGroups {
 		t := &awstasks.SecurityGroupRule{
-			Name:          s("ssh-elb-to-bastion" + dest.Suffix),
+			Name:          fi.String("ssh-elb-to-bastion" + dest.Suffix),
 			Lifecycle:     b.SecurityLifecycle,
 			SecurityGroup: dest.Task,
 			SourceGroup:   b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix),
-			Protocol:      s("tcp"),
-			FromPort:      i64(22),
-			ToPort:        i64(22),
+			Protocol:      fi.String("tcp"),
+			FromPort:      fi.Int64(22),
+			ToPort:        fi.Int64(22),
 		}
 		b.AddDirectionalGroupRule(c, t)
 	}
@ -106,13 +107,13 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	for _, src := range bastionGroups {
 		for _, dest := range masterGroups {
 			t := &awstasks.SecurityGroupRule{
-				Name:          s("bastion-to-master-ssh" + JoinSuffixes(src, dest)),
+				Name:          fi.String("bastion-to-master-ssh" + model.JoinSuffixes(src, dest)),
 				Lifecycle:     b.SecurityLifecycle,
 				SecurityGroup: dest.Task,
 				SourceGroup:   src.Task,
-				Protocol:      s("tcp"),
-				FromPort:      i64(22),
-				ToPort:        i64(22),
+				Protocol:      fi.String("tcp"),
+				FromPort:      fi.Int64(22),
+				ToPort:        fi.Int64(22),
 			}
 			b.AddDirectionalGroupRule(c, t)
 		}
@ -122,13 +123,13 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	for _, src := range bastionGroups {
 		for _, dest := range nodeGroups {
 			t := &awstasks.SecurityGroupRule{
-				Name:          s("bastion-to-node-ssh" + JoinSuffixes(src, dest)),
+				Name:          fi.String("bastion-to-node-ssh" + model.JoinSuffixes(src, dest)),
 				Lifecycle:     b.SecurityLifecycle,
 				SecurityGroup: dest.Task,
 				SourceGroup:   src.Task,
-				Protocol:      s("tcp"),
-				FromPort:      i64(22),
-				ToPort:        i64(22),
+				Protocol:      fi.String("tcp"),
+				FromPort:      fi.Int64(22),
+				ToPort:        fi.Int64(22),
 			}
 			b.AddDirectionalGroupRule(c, t)
 		}
@ -137,11 +138,11 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	// Create security group for bastion ELB
 	{
 		t := &awstasks.SecurityGroup{
-			Name:      s(b.ELBSecurityGroupName(BastionELBSecurityGroupPrefix)),
+			Name:      fi.String(b.ELBSecurityGroupName(BastionELBSecurityGroupPrefix)),
 			Lifecycle: b.SecurityLifecycle,

 			VPC:              b.LinkToVPC(),
-			Description:      s("Security group for bastion ELB"),
+			Description:      fi.String("Security group for bastion ELB"),
 			RemoveExtraRules: []string{"port=22"},
 		}
 		t.Tags = b.CloudTags(*t.Name, false)
@ -151,12 +152,12 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	// Allow traffic from ELB to egress freely
 	{
 		t := &awstasks.SecurityGroupRule{
-			Name:      s("bastion-elb-egress"),
+			Name:      fi.String("bastion-elb-egress"),
 			Lifecycle: b.SecurityLifecycle,

 			SecurityGroup: b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix),
 			Egress:        fi.Bool(true),
-			CIDR:          s("0.0.0.0/0"),
+			CIDR:          fi.String("0.0.0.0/0"),
 		}

 		b.AddDirectionalGroupRule(c, t)
@ -165,14 +166,14 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	// Allow external access to ELB
 	for _, sshAccess := range b.Cluster.Spec.SSHAccess {
 		t := &awstasks.SecurityGroupRule{
-			Name:      s("ssh-external-to-bastion-elb-" + sshAccess),
+			Name:      fi.String("ssh-external-to-bastion-elb-" + sshAccess),
 			Lifecycle: b.SecurityLifecycle,

 			SecurityGroup: b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix),
-			Protocol:      s("tcp"),
-			FromPort:      i64(22),
-			ToPort:        i64(22),
-			CIDR:          s(sshAccess),
+			Protocol:      fi.String("tcp"),
+			FromPort:      fi.Int64(22),
+			ToPort:        fi.Int64(22),
+			CIDR:          fi.String(sshAccess),
 		}
 		b.AddDirectionalGroupRule(c, t)
 	}
@ -217,10 +218,10 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 		tags["Name"] = "bastion." + b.ClusterName()

 		elb = &awstasks.ClassicLoadBalancer{
-			Name:      s("bastion." + b.ClusterName()),
+			Name:      fi.String("bastion." + b.ClusterName()),
 			Lifecycle: b.Lifecycle,

-			LoadBalancerName: s(loadBalancerName),
+			LoadBalancerName: fi.String(loadBalancerName),
 			SecurityGroups: []*awstasks.SecurityGroup{
 				b.LinkToELBSecurityGroup(BastionELBSecurityGroupPrefix),
 			},
@ -230,15 +231,15 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 			},

 			HealthCheck: &awstasks.ClassicLoadBalancerHealthCheck{
-				Target:             s("TCP:22"),
-				Timeout:            i64(5),
-				Interval:           i64(10),
-				HealthyThreshold:   i64(2),
-				UnhealthyThreshold: i64(2),
+				Target:             fi.String("TCP:22"),
+				Timeout:            fi.Int64(5),
+				Interval:           fi.Int64(10),
+				HealthyThreshold:   fi.Int64(2),
+				UnhealthyThreshold: fi.Int64(2),
 			},

 			ConnectionSettings: &awstasks.ClassicLoadBalancerConnectionSettings{
-				IdleTimeout: i64(int64(idleTimeout.Seconds())),
+				IdleTimeout: fi.Int64(int64(idleTimeout.Seconds())),
 			},

 			Tags: tags,
@ -270,11 +271,11 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
 		// Here we implement the bastion CNAME logic
 		// By default bastions will create a CNAME that follows the `bastion-$clustername` formula
 		t := &awstasks.DNSName{
-			Name:      s(bastionPublicName),
+			Name:      fi.String(bastionPublicName),
 			Lifecycle: b.Lifecycle,

 			Zone:               b.LinkToDNSZone(),
-			ResourceType:       s("A"),
+			ResourceType:       fi.String("A"),
 			TargetLoadBalancer: elb,
 		}
 		c.AddTask(t)
--- a/pkg/model/awsmodel/spotinst.go
+++ b/pkg/model/awsmodel/spotinst.go
@ -277,7 +277,7 @@ func (b *SpotInstanceGroupModelBuilder) buildElastigroup(c *fi.ModelBuilderConte
 			lb = b.LinkToCLB("api")
 		}
 	case kops.InstanceGroupRoleBastion:
-		lb = b.LinkToCLB(model.BastionELBSecurityGroupPrefix)
+		lb = b.LinkToCLB(BastionELBSecurityGroupPrefix)
 	}
 	if lb != nil {
 		group.LoadBalancer = lb
--- a/upup/pkg/fi/cloudup/apply_cluster.go
+++ b/upup/pkg/fi/cloudup/apply_cluster.go
@ -539,7 +539,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 			l.Builders = append(l.Builders,
 				&model.MasterVolumeBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle},
 				&awsmodel.APILoadBalancerBuilder{AWSModelContext: awsModelContext, Lifecycle: &clusterLifecycle, SecurityLifecycle: &securityLifecycle},
-				&model.BastionModelBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle, SecurityLifecycle: &securityLifecycle},
+				&awsmodel.BastionModelBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle, SecurityLifecycle: &securityLifecycle},
 				&model.DNSModelBuilder{KopsModelContext: modelContext, Lifecycle: &clusterLifecycle},
 				&model.ExternalAccessModelBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle},
 				&model.FirewallModelBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle},