Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically import EC2 tags #12593

Merged
merged 50 commits into from
May 31, 2022
Merged
Changes from 1 commit
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
2e167cc
Add EC2 label service
atburke Apr 25, 2022
4824f76
Add EC2 labels for ssh nodes
atburke Apr 26, 2022
da12b92
Add test for ec2 labels
atburke Apr 27, 2022
fd218c8
Make EC2 label config struct
atburke Apr 27, 2022
df4c36a
Make ec2labels shared
atburke Apr 28, 2022
bd54680
Add ec2 tags for apps, kube, and db
atburke Apr 29, 2022
b41fedd
Fix ec2 label fetch in apps and db
atburke May 3, 2022
23ae539
Add apps, kube, and db to TestLabels
atburke May 4, 2022
c915f0f
Add tests
atburke May 4, 2022
664baad
Add another test
atburke May 4, 2022
a75ae6e
Fix kube test
atburke May 6, 2022
d4fc1f9
Fix env check
atburke May 6, 2022
4b65f82
Merge branch 'master' into atburke/import-ec2-tags
atburke May 6, 2022
5a9fe9c
Add docs draft
atburke May 6, 2022
3bf6e44
Add hostname test
atburke May 9, 2022
2045847
Minor refactoring
atburke May 9, 2022
7de345f
More refactoring
atburke May 9, 2022
606cd61
Update docs
atburke May 11, 2022
6e69c15
Refactoring
atburke May 11, 2022
1b27061
Update getStaticLabels description
atburke May 11, 2022
b0d2aeb
Address review comments
atburke May 13, 2022
ff6b4cb
Lift context
atburke May 17, 2022
800e87f
Move InstanceMetadata interface
atburke May 17, 2022
f038d4e
Add cloud interface
atburke May 18, 2022
1101fb8
Don't inject labels unnecessarily
atburke May 18, 2022
c6d1aa2
Remove integration test dependency on ec2 instance
atburke May 18, 2022
324dc85
Remove debug prints
atburke May 18, 2022
dddcb64
Fix ec2 label start/close behavior
atburke May 18, 2022
cb852fc
Remove unused field
atburke May 18, 2022
84daace
Fix linting and docs
atburke May 18, 2022
258a37b
Move nitro disclaimer down in docs
atburke May 18, 2022
0c05569
Move ec2 labels to their own package
atburke May 18, 2022
a720623
Rename Cloud to LabelImporter
atburke May 18, 2022
00fbf23
Remove close chan from ec2 labels
atburke May 20, 2022
6f0b142
Remove kube dependence on lib.isinsecure
atburke May 20, 2022
69e665a
Fix kube test
atburke May 23, 2022
1842c1b
Address review comments
atburke May 24, 2022
d5bcc16
Fix copyright year
atburke May 24, 2022
3fb1bcc
Merge branch 'master' into atburke/import-ec2-tags
atburke May 24, 2022
03b4e36
Fix linting
atburke May 24, 2022
e2b6086
Address hidden feedback
atburke May 27, 2022
f74b67a
Final fixes
atburke May 31, 2022
90f164a
Merge branch 'master' into atburke/import-ec2-tags
atburke May 31, 2022
51f6991
Fix ParseMetadataClientError description
atburke May 31, 2022
3ced986
Merge branch 'master' into atburke/import-ec2-tags
atburke May 31, 2022
684860f
Merge branch 'master' into atburke/import-ec2-tags
atburke May 31, 2022
f89b43d
Merge branch 'master' into atburke/import-ec2-tags
atburke May 31, 2022
e55f2a9
Close teleport processes in tests
atburke May 31, 2022
c357594
Merge branch 'master' into atburke/import-ec2-tags
atburke May 31, 2022
97432dd
Merge branch 'master' into atburke/import-ec2-tags
atburke May 31, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix kube test
atburke committed May 23, 2022

Verified

This commit was signed with the committer’s verified signature.
danharrin Dan Harrin
commit 69e665aee21b0d2b0eec83fcb3de54e67d0247ac
2 changes: 1 addition & 1 deletion integration/helpers.go
Original file line number Diff line number Diff line change
@@ -1787,7 +1787,7 @@ func enableKubernetesService(t *testing.T, config *service.Config) {

err = kubeconfig.Update(kubeConfigPath, kubeconfig.Values{
TeleportClusterName: "teleport-cluster",
ClusterAddr: net.JoinHostPort(Host, ports.Pop()),
ClusterAddr: "https://" + net.JoinHostPort(Host, ports.Pop()),
Credentials: key,
})
require.NoError(t, err)
5 changes: 1 addition & 4 deletions lib/kube/proxy/auth.go
Original file line number Diff line number Diff line change
@@ -83,7 +83,7 @@ type ImpersonationPermissionsChecker func(ctx context.Context, clusterName strin
// - if loading from kubeconfig, all contexts are returned
// - if no credentials are loaded, returns an error
// - permission self-test failures cause an error to be returned
func getKubeCreds(ctx context.Context, log logrus.FieldLogger, tpClusterName, kubeClusterName, kubeconfigPath string, serviceType KubeServiceType, checkImpersonation ImpersonationPermissionsChecker, tlsConfig *tls.Config) (map[string]*kubeCreds, error) {
func getKubeCreds(ctx context.Context, log logrus.FieldLogger, tpClusterName, kubeClusterName, kubeconfigPath string, serviceType KubeServiceType, checkImpersonation ImpersonationPermissionsChecker) (map[string]*kubeCreds, error) {
log.
WithField("kubeconfigPath", kubeconfigPath).
WithField("kubeClusterName", kubeClusterName).
@@ -130,9 +130,6 @@ func getKubeCreds(ctx context.Context, log logrus.FieldLogger, tpClusterName, ku
res := make(map[string]*kubeCreds, len(cfg.Contexts))
// Convert kubeconfig contexts into kubeCreds.
for cluster, clientCfg := range cfg.Contexts {
if tlsConfig != nil {
clientCfg.ServerName = tlsConfig.ServerName
}
clusterCreds, err := extractKubeCreds(ctx, cluster, clientCfg, serviceType, kubeconfigPath, log, checkImpersonation)
if err != nil {
log.WithError(err).Warnf("failed to load credentials for cluster %q.", cluster)
2 changes: 1 addition & 1 deletion lib/kube/proxy/auth_test.go
Original file line number Diff line number Diff line change
@@ -325,7 +325,7 @@ current-context: foo
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
got, err := getKubeCreds(ctx, logger, teleClusterName, "", tt.kubeconfigPath, tt.serviceType, tt.impersonationCheck, nil)
got, err := getKubeCreds(ctx, logger, teleClusterName, "", tt.kubeconfigPath, tt.serviceType, tt.impersonationCheck)
tt.assertErr(t, err)
if err != nil {
return
4 changes: 1 addition & 3 deletions lib/kube/proxy/forwarder.go
Original file line number Diff line number Diff line change
@@ -147,8 +147,6 @@ type ForwarderConfig struct {
CheckImpersonationPermissions ImpersonationPermissionsChecker
// PublicAddr is the address that can be used to reach the kube cluster
PublicAddr string

TLS *tls.Config
}

// CheckAndSetDefaults checks and sets default values
@@ -225,7 +223,7 @@ func NewForwarder(cfg ForwarderConfig) (*Forwarder, error) {
checkImpersonation = cfg.CheckImpersonationPermissions
}

creds, err := getKubeCreds(cfg.Context, log, cfg.ClusterName, cfg.KubeClusterName, cfg.KubeconfigPath, cfg.KubeServiceType, checkImpersonation, cfg.TLS)
creds, err := getKubeCreds(cfg.Context, log, cfg.ClusterName, cfg.KubeClusterName, cfg.KubeconfigPath, cfg.KubeServiceType, checkImpersonation)
if err != nil {
return nil, trace.Wrap(err)
}
1 change: 0 additions & 1 deletion lib/kube/proxy/server.go
Original file line number Diff line number Diff line change
@@ -77,7 +77,6 @@ func (c *TLSServerConfig) CheckAndSetDefaults() error {
if c.Log == nil {
c.Log = log.New()
}
c.ForwarderConfig.TLS = c.TLS
return nil
}

4 changes: 0 additions & 4 deletions lib/srv/heartbeat.go
Original file line number Diff line number Diff line change
@@ -326,10 +326,6 @@ func (h *Heartbeat) fetch() error {
// failed to fetch server info?
// reset to init state regardless of the current state
server, err := h.GetServerInfo()
if h.HeartbeatConfig.Mode == HeartbeatModeKube {
k, ok := server.(*types.ServerV2)
fmt.Printf("kube heartbeat.fetch(): %+v %v\n", k.Spec.KubernetesClusters, ok)
}
if err != nil {
h.reset(HeartbeatStateInit)
return trace.Wrap(err)