From 771525b4f58889dde49c15178c1cf8a0f736522e Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Fri, 8 Dec 2023 13:44:40 -0500 Subject: [PATCH 1/2] aws/machines: add CAPI sg, subnet filters Adds filters to the machine api machinesets so they will recognize CAPI-created security groups and subnets. Adds these filters in addition to the Terraform-specific filters, which should be subsequently removed. --- pkg/asset/machines/aws/machines.go | 64 +++++++++++++++++++++++------- 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/pkg/asset/machines/aws/machines.go b/pkg/asset/machines/aws/machines.go index 3a6cc49d67..ecc4a51a84 100644 --- a/pkg/asset/machines/aws/machines.go +++ b/pkg/asset/machines/aws/machines.go @@ -111,10 +111,15 @@ func Machines(clusterID string, region string, subnets map[string]string, pool * } if subnet == "" { domain.Subnet.Type = machinev1.AWSFiltersReferenceType - domain.Subnet.Filters = &[]machinev1.AWSResourceFilter{{ - Name: "tag:Name", - Values: []string{fmt.Sprintf("%s-private-%s", clusterID, zone)}, - }} + domain.Subnet.Filters = &[]machinev1.AWSResourceFilter{ + { + Name: "tag:Name", + Values: []string{ + fmt.Sprintf("%s-private-%s", clusterID, zone), // legacy Terraform config, TODO remove + fmt.Sprintf("%s-subnet-private-%s", clusterID, zone), + }, + }, + } } else { domain.Subnet.Type = machinev1.AWSIDReferenceType domain.Subnet.ID = pointer.String(subnet) @@ -178,12 +183,34 @@ func provider(in *machineProviderInput) (*machineapi.AWSMachineProviderConfig, e return nil, errors.Wrap(err, "failed to create machineapi.TagSpecifications from UserTags") } - securityGroups := []machineapi.AWSResourceReference{{ - Filters: []machineapi.Filter{{ + sgFilters := []machineapi.Filter{ + { Name: "tag:Name", - Values: []string{fmt.Sprintf("%s-%s-sg", in.clusterID, in.role)}, - }}, - }} + Values: []string{fmt.Sprintf("%s-%s-sg", in.clusterID, in.role)}, // legacy Terraform config, remove with Terraform + }, + { + Name: "tag:Name", + Values: []string{fmt.Sprintf("%s-node", in.clusterID)}, + }, + { + Name: "tag:Name", + Values: []string{fmt.Sprintf("%s-lb", in.clusterID)}, + }, + } + + if in.role == "master" { + cpFilter := machineapi.Filter{ + Name: "tag:Name", + Values: []string{fmt.Sprintf("%s-controlplane", in.clusterID)}} + sgFilters = append(sgFilters, cpFilter) + } + + securityGroups := []machineapi.AWSResourceReference{} + for _, filter := range sgFilters { + securityGroups = append(securityGroups, machineapi.AWSResourceReference{ + Filters: []machineapi.Filter{filter}, + }) + } securityGroupsIn := []machineapi.AWSResourceReference{} for _, sgID := range in.securityGroupIDs { sgID := sgID @@ -223,17 +250,24 @@ func provider(in *machineProviderInput) (*machineapi.AWSMachineProviderConfig, e SecurityGroups: securityGroups, } - subnetName := fmt.Sprintf("%s-private-%s", in.clusterID, in.zone) + visibility := "private" if in.publicSubnet { config.PublicIP = pointer.Bool(in.publicSubnet) - subnetName = fmt.Sprintf("%s-public-%s", in.clusterID, in.zone) + visibility = "public" + } + + subnetFilters := []machineapi.Filter{ + { + Name: "tag:Name", + Values: []string{ + fmt.Sprintf("%s-%s-%s", in.clusterID, visibility, in.zone), + fmt.Sprintf("%s-subnet-%s-%s", in.clusterID, visibility, in.zone), // legacy Terraform config, remove with Terraform + }, + }, } if in.subnet == "" { - config.Subnet.Filters = []machineapi.Filter{{ - Name: "tag:Name", - Values: []string{subnetName}, - }} + config.Subnet.Filters = subnetFilters } else { config.Subnet.ID = pointer.String(in.subnet) } From 015b312f7828c152256d273ede57191013379662 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Tue, 13 Feb 2024 13:50:58 -0500 Subject: [PATCH 2/2] fixup! aws/machines: add CAPI sg, subnet filters --- pkg/asset/machines/aws/machines.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/asset/machines/aws/machines.go b/pkg/asset/machines/aws/machines.go index ecc4a51a84..45ba7f43ab 100644 --- a/pkg/asset/machines/aws/machines.go +++ b/pkg/asset/machines/aws/machines.go @@ -201,7 +201,8 @@ func provider(in *machineProviderInput) (*machineapi.AWSMachineProviderConfig, e if in.role == "master" { cpFilter := machineapi.Filter{ Name: "tag:Name", - Values: []string{fmt.Sprintf("%s-controlplane", in.clusterID)}} + Values: []string{fmt.Sprintf("%s-controlplane", in.clusterID)}, + } sgFilters = append(sgFilters, cpFilter) }