Merge pull request #12832 from johngmyers/rename-disabled

Change DisableSubnetTags to tagSubnets

cmd/kops/create_cluster.go

@@ -620,7 +620,9 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
 		cluster.Spec.NetworkCIDR = c.NetworkCIDR
 	}
 
-	cluster.Spec.DisableSubnetTags = c.DisableSubnetTags
+	if c.DisableSubnetTags {
+		cluster.Spec.TagSubnets = fi.Bool(false)
+	}
 
 	if c.MasterPublicName != "" {
 		cluster.Spec.MasterPublicName = c.MasterPublicName

pkg/apis/kops/cluster.go

@@ -192,8 +192,8 @@ type ClusterSpec struct {
 	IAM *IAMSpec `json:"iam,omitempty"`
 	// EncryptionConfig controls if encryption is enabled
 	EncryptionConfig *bool `json:"encryptionConfig,omitempty"`
-	// DisableSubnetTags controls if subnets are tagged in AWS
-	DisableSubnetTags bool `json:"disableSubnetTags,omitempty"`
+	// TagSubnets controls if tags are added to subnets to enable use by load balancers (AWS only). Default: true.
+	TagSubnets *bool `json:"tagSubnets,omitempty"`
 	// Target allows for us to nest extra config for targets such as terraform
 	Target *TargetSpec `json:"target,omitempty"`
 	// UseHostCertificates will mount /etc/ssl/certs to inside needed containers.

pkg/apis/kops/v1alpha2/BUILD.bazel

@@ -7,6 +7,7 @@ go_library(
         "cluster.go",
         "componentconfig.go",
         "containerdconfig.go",
+        "conversion.go",
         "defaults.go",
         "doc.go",
         "dockerconfig.go",
@@ -25,6 +26,7 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//pkg/apis/kops:go_default_library",
+        "//pkg/values:go_default_library",
         "//vendor/k8s.io/api/core/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

pkg/apis/kops/v1alpha2/cluster.go

@@ -191,7 +191,10 @@ type ClusterSpec struct {
 	// EncryptionConfig holds the encryption config
 	EncryptionConfig *bool `json:"encryptionConfig,omitempty"`
 	// DisableSubnetTags controls if subnets are tagged in AWS
+	// +k8s:conversion-gen=false
 	DisableSubnetTags bool `json:"DisableSubnetTags,omitempty"`
+	// +k8s:conversion-gen=false
+	TagSubnets *bool `json:"-"`
 	// Target allows for us to nest extra config for targets such as terraform
 	Target *TargetSpec `json:"target,omitempty"`
 	// UseHostCertificates will mount /etc/ssl/certs to inside needed containers.

pkg/apis/kops/v1alpha2/conversion.go

@@ -0,0 +1,43 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	"k8s.io/apimachinery/pkg/conversion"
+	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/values"
+)
+
+func Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *kops.ClusterSpec, s conversion.Scope) error {
+	if err := autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in, out, s); err != nil {
+		return err
+	}
+	if in.DisableSubnetTags {
+		out.TagSubnets = values.Bool(false)
+	}
+	return nil
+}
+
+func Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec, out *ClusterSpec, s conversion.Scope) error {
+	if err := autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in, out, s); err != nil {
+		return err
+	}
+	if in.TagSubnets != nil && !*in.TagSubnets {
+		out.DisableSubnetTags = true
+	}
+	return nil
+}

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -304,16 +304,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*ClusterSpec)(nil), (*kops.ClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(a.(*ClusterSpec), b.(*kops.ClusterSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*kops.ClusterSpec)(nil), (*ClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(a.(*kops.ClusterSpec), b.(*ClusterSpec), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*ClusterSubnetSpec)(nil), (*kops.ClusterSubnetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha2_ClusterSubnetSpec_To_kops_ClusterSubnetSpec(a.(*ClusterSubnetSpec), b.(*kops.ClusterSubnetSpec), scope)
 	}); err != nil {
@@ -1154,6 +1144,16 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*kops.ClusterSpec)(nil), (*ClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(a.(*kops.ClusterSpec), b.(*ClusterSpec), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddConversionFunc((*ClusterSpec)(nil), (*kops.ClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(a.(*ClusterSpec), b.(*kops.ClusterSpec), scope)
+	}); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -2664,7 +2664,8 @@ func autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
 		out.IAM = nil
 	}
 	out.EncryptionConfig = in.EncryptionConfig
-	out.DisableSubnetTags = in.DisableSubnetTags
+	// INFO: in.DisableSubnetTags opted out of conversion generation
+	// INFO: in.TagSubnets opted out of conversion generation
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(kops.TargetSpec)
@@ -2724,11 +2725,6 @@ func autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
 	return nil
 }
 
-// Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec is an autogenerated conversion function.
-func Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *kops.ClusterSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in, out, s)
-}
-
 func autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec, out *ClusterSpec, s conversion.Scope) error {
 	out.Channel = in.Channel
 	if in.Addons != nil {
@@ -3076,7 +3072,7 @@ func autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec,
 		out.IAM = nil
 	}
 	out.EncryptionConfig = in.EncryptionConfig
-	out.DisableSubnetTags = in.DisableSubnetTags
+	out.TagSubnets = in.TagSubnets
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(TargetSpec)
@@ -3136,11 +3132,6 @@ func autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec,
 	return nil
 }
 
-// Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec is an autogenerated conversion function.
-func Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec, out *ClusterSpec, s conversion.Scope) error {
-	return autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in, out, s)
-}
-
 func autoConvert_v1alpha2_ClusterSubnetSpec_To_kops_ClusterSubnetSpec(in *ClusterSubnetSpec, out *kops.ClusterSubnetSpec, s conversion.Scope) error {
 	out.Name = in.Name
 	out.Zone = in.Zone

pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

@@ -1197,6 +1197,11 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.TagSubnets != nil {
+		in, out := &in.TagSubnets, &out.TagSubnets
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(TargetSpec)

pkg/apis/kops/v1alpha3/cluster.go

@@ -190,8 +190,8 @@ type ClusterSpec struct {
 	IAM *IAMSpec `json:"iam,omitempty"`
 	// EncryptionConfig holds the encryption config
 	EncryptionConfig *bool `json:"encryptionConfig,omitempty"`
-	// DisableSubnetTags controls if subnets are tagged in AWS
-	DisableSubnetTags bool `json:"DisableSubnetTags,omitempty"`
+	// TagSubnets controls if tags are added to subnets to enable use by load balancers (AWS only). Default: true.
+	TagSubnets *bool `json:"tagSubnets,omitempty"`
 	// Target allows for us to nest extra config for targets such as terraform
 	Target *TargetSpec `json:"target,omitempty"`
 	// UseHostCertificates will mount /etc/ssl/certs to inside needed containers.

pkg/apis/kops/v1alpha3/zz_generated.conversion.go

@@ -2534,7 +2534,7 @@ func autoConvert_v1alpha3_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
 		out.IAM = nil
 	}
 	out.EncryptionConfig = in.EncryptionConfig
-	out.DisableSubnetTags = in.DisableSubnetTags
+	out.TagSubnets = in.TagSubnets
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(kops.TargetSpec)
@@ -2938,7 +2938,7 @@ func autoConvert_kops_ClusterSpec_To_v1alpha3_ClusterSpec(in *kops.ClusterSpec,
 		out.IAM = nil
 	}
 	out.EncryptionConfig = in.EncryptionConfig
-	out.DisableSubnetTags = in.DisableSubnetTags
+	out.TagSubnets = in.TagSubnets
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(TargetSpec)

pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go

@@ -1143,6 +1143,11 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.TagSubnets != nil {
+		in, out := &in.TagSubnets, &out.TagSubnets
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(TargetSpec)

pkg/apis/kops/zz_generated.deepcopy.go

@@ -1235,6 +1235,11 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.TagSubnets != nil {
+		in, out := &in.TagSubnets, &out.TagSubnets
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Target != nil {
 		in, out := &in.Target, &out.Target
 		*out = new(TargetSpec)

pkg/model/awsmodel/network.go

@@ -219,9 +219,7 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 		tags := map[string]string{}
 
 		// Apply tags so that Kubernetes knows which subnets should be used for internal/external ELBs
-		if b.Cluster.Spec.DisableSubnetTags {
-			klog.V(2).Infof("skipping subnet tags. Ensure these are maintained externally.")
-		} else {
+		if b.Cluster.Spec.TagSubnets == nil || *b.Cluster.Spec.TagSubnets {
 			klog.V(2).Infof("applying subnet tags")
 			tags = b.CloudTags(subnetName, sharedSubnet)
 			tags["SubnetType"] = string(subnetSpec.Type)
@@ -242,6 +240,8 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 			default:
 				klog.V(2).Infof("unable to properly tag subnet %q because it has unknown type %q. Load balancers may be created in incorrect subnets", subnetSpec.Name, subnetSpec.Type)
 			}
+		} else {
+			klog.V(2).Infof("skipping subnet tags. Ensure these are maintained externally.")
 		}
 
 		subnet := &awstasks.Subnet{

tests/integration/conversion/BUILD.bazel

@@ -18,6 +18,9 @@ go_test(
 
 filegroup(
     name = "exported_testdata",
-    srcs = glob(["minimal/**"]),
+    srcs = glob([
+        "aws/**",
+        "minimal/**",
+    ]),
     visibility = ["//visibility:public"],
 )

tests/integration/conversion/aws/v1alpha2.yaml

@@ -0,0 +1,92 @@
+apiVersion: kops.k8s.io/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: "2016-12-10T22:42:27Z"
+  name: minimal.example.com
+spec:
+  DisableSubnetTags: true
+  additionalSans:
+  - proxy.api.minimal.example.com
+  addons:
+  - manifest: s3://somebucket/example.yaml
+  api:
+    dns: {}
+  authorization:
+    alwaysAllow: {}
+  channel: stable
+  cloudProvider: aws
+  configBase: memfs://clusters.example.com/minimal.example.com
+  etcdClusters:
+  - cpuRequest: 200m
+    etcdMembers:
+    - instanceGroup: master-us-test-1a
+      name: us-test-1a
+    memoryRequest: 100Mi
+    name: main
+  - cpuRequest: 200m
+    etcdMembers:
+    - instanceGroup: master-us-test-1a
+      name: us-test-1a
+    memoryRequest: 100Mi
+    name: events
+  iam:
+    legacy: false
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  kubernetesVersion: v1.14.0
+  masterInternalName: api.internal.minimal.example.com
+  masterPublicName: api.minimal.example.com
+  networkCIDR: 172.20.0.0/16
+  networking:
+    kubenet: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  sshAccess:
+  - 0.0.0.0/0
+  subnets:
+  - cidr: 172.20.32.0/19
+    name: us-test-1a
+    type: Public
+    zone: us-test-1a
+  topology:
+    dns:
+      type: Public
+    masters: public
+    nodes: public
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2016-12-10T22:42:28Z"
+  labels:
+    kops.k8s.io/cluster: minimal.example.com
+  name: nodes
+spec:
+  associatePublicIp: true
+  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
+  machineType: t2.medium
+  maxSize: 2
+  minSize: 2
+  role: Node
+  subnets:
+  - us-test-1a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2016-12-10T22:42:28Z"
+  labels:
+    kops.k8s.io/cluster: minimal.example.com
+  name: master-us-test-1a
+spec:
+  associatePublicIp: true
+  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
+  machineType: m3.medium
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-test-1a

tests/integration/conversion/aws/v1alpha3.yaml

@@ -0,0 +1,91 @@
+apiVersion: kops.k8s.io/v1alpha3
+kind: Cluster
+metadata:
+  creationTimestamp: "2016-12-10T22:42:27Z"
+  name: minimal.example.com
+spec:
+  additionalSANs:
+  - proxy.api.minimal.example.com
+  addons:
+  - manifest: s3://somebucket/example.yaml
+  api:
+    dns: {}
+  authorization:
+    alwaysAllow: {}
+  channel: stable
+  cloudProvider: aws
+  configBase: memfs://clusters.example.com/minimal.example.com
+  etcdClusters:
+  - cpuRequest: 200m
+    etcdMembers:
+    - instanceGroup: master-us-test-1a
+      name: us-test-1a
+    memoryRequest: 100Mi
+    name: main
+  - cpuRequest: 200m
+    etcdMembers:
+    - instanceGroup: master-us-test-1a
+      name: us-test-1a
+    memoryRequest: 100Mi
+    name: events
+  iam: {}
+  kubernetesAPIAccess:
+  - 0.0.0.0/0
+  kubernetesVersion: v1.14.0
+  masterInternalName: api.internal.minimal.example.com
+  masterPublicName: api.minimal.example.com
+  networkCIDR: 172.20.0.0/16
+  networking:
+    kubenet: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  sshAccess:
+  - 0.0.0.0/0
+  subnets:
+  - cidr: 172.20.32.0/19
+    name: us-test-1a
+    type: Public
+    zone: us-test-1a
+  tagSubnets: false
+  topology:
+    dns:
+      type: Public
+    masters: public
+    nodes: public
+
+---
+
+apiVersion: kops.k8s.io/v1alpha3
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2016-12-10T22:42:28Z"
+  labels:
+    kops.k8s.io/cluster: minimal.example.com
+  name: nodes
+spec:
+  associatePublicIP: true
+  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
+  machineType: t2.medium
+  maxSize: 2
+  minSize: 2
+  role: Node
+  subnets:
+  - us-test-1a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha3
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2016-12-10T22:42:28Z"
+  labels:
+    kops.k8s.io/cluster: minimal.example.com
+  name: master-us-test-1a
+spec:
+  associatePublicIP: true
+  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
+  machineType: m3.medium
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-test-1a

tests/integration/conversion/integration_test.go

@@ -38,6 +38,11 @@ func TestConversionMinimal(t *testing.T) {
 	runTest(t, "minimal", "v1alpha3", "v1alpha2")
 }
 
+func TestConversionAWS(t *testing.T) {
+	runTest(t, "aws", "v1alpha2", "v1alpha3")
+	runTest(t, "aws", "v1alpha3", "v1alpha2")
+}
+
 func runTest(t *testing.T, srcDir string, fromVersion string, toVersion string) {
 	t.Run(fromVersion+"-"+toVersion, func(t *testing.T) {
 		sourcePath := path.Join(srcDir, fromVersion+".yaml")