forked from kubernetes/kops
/
template_functions.go
169 lines (140 loc) · 4.75 KB
/
template_functions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
package cloudup
import (
"encoding/base64"
"encoding/binary"
"fmt"
"github.com/golang/glog"
"k8s.io/kops/upup/pkg/api"
"k8s.io/kops/upup/pkg/fi/vfs"
"math/big"
"net"
"sort"
"strings"
"text/template"
)
type TemplateFunctions struct {
cluster *api.Cluster
tags map[string]struct{}
region string
}
func (tf *TemplateFunctions) WellKnownServiceIP(id int) (net.IP, error) {
_, cidr, err := net.ParseCIDR(tf.cluster.Spec.ServiceClusterIPRange)
if err != nil {
return nil, fmt.Errorf("error parsing ServiceClusterIPRange %q: %v", tf.cluster.Spec.ServiceClusterIPRange, err)
}
ip4 := cidr.IP.To4()
if ip4 != nil {
n := binary.BigEndian.Uint32(ip4)
n += uint32(id)
serviceIP := make(net.IP, len(ip4))
binary.BigEndian.PutUint32(serviceIP, n)
return serviceIP, nil
}
ip6 := cidr.IP.To16()
if ip6 != nil {
baseIPInt := big.NewInt(0)
baseIPInt.SetBytes(ip6)
serviceIPInt := big.NewInt(0)
serviceIPInt.Add(big.NewInt(int64(id)), baseIPInt)
serviceIP := make(net.IP, len(ip6))
serviceIPBytes := serviceIPInt.Bytes()
for i := range serviceIPBytes {
serviceIP[len(serviceIP)-len(serviceIPBytes)+i] = serviceIPBytes[i]
}
return serviceIP, nil
}
return nil, fmt.Errorf("Unexpected IP address type for ServiceClusterIPRange: %s", tf.cluster.Spec.ServiceClusterIPRange)
}
func (tf *TemplateFunctions) AddTo(dest template.FuncMap) {
dest["EtcdClusterMemberTags"] = tf.EtcdClusterMemberTags
dest["SharedVPC"] = tf.SharedVPC
dest["WellKnownServiceIP"] = tf.WellKnownServiceIP
dest["AdminCIDR"] = tf.AdminCIDR
dest["Base64Encode"] = func(s string) string {
return base64.StdEncoding.EncodeToString([]byte(s))
}
dest["replace"] = func(s, find, replace string) string {
return strings.Replace(s, find, replace, -1)
}
dest["join"] = func(a []string, sep string) string {
return strings.Join(a, sep)
}
dest["ClusterName"] = func() string {
return tf.cluster.Name
}
dest["HasTag"] = func(tag string) bool {
_, found := tf.tags[tag]
return found
}
dest["IAMPrefix"] = tf.IAMPrefix
dest["IAMServiceEC2"] = tf.IAMServiceEC2
dest["Image"] = tf.Image
}
func (tf *TemplateFunctions) EtcdClusterMemberTags(etcd *api.EtcdClusterSpec, m *api.EtcdMemberSpec) map[string]string {
tags := make(map[string]string)
var allMembers []string
for _, m := range etcd.Members {
allMembers = append(allMembers, m.Name)
}
sort.Strings(allMembers)
// This is the configuration of the etcd cluster
tags["k8s.io/etcd/"+etcd.Name] = m.Name + "/" + strings.Join(allMembers, ",")
// This says "only mount on a master"
tags["k8s.io/role/master"] = "1"
return tags
}
// SharedVPC is a simple helper function which makes the templates for a shared VPC clearer
func (tf *TemplateFunctions) SharedVPC() bool {
return tf.cluster.Spec.NetworkID != ""
}
// AdminCIDR returns the single CIDR that is allowed access to the admin ports of the cluster (22, 443 on master)
func (tf *TemplateFunctions) AdminCIDR() (string, error) {
if len(tf.cluster.Spec.AdminAccess) == 0 {
return "0.0.0.0/0", nil
}
if len(tf.cluster.Spec.AdminAccess) == 1 {
return tf.cluster.Spec.AdminAccess[0], nil
}
return "", fmt.Errorf("Multiple AdminAccess rules are not (currently) supported")
}
// IAMServiceEC2 returns the name of the IAM service for EC2 in the current region
// it is ec2.amazonaws.com everywhere but in cn-north, where it is ec2.amazonaws.com.cn
func (tf *TemplateFunctions) IAMServiceEC2() string {
switch tf.region {
case "cn-north-1":
return "ec2.amazonaws.com.cn"
default:
return "ec2.amazonaws.com"
}
}
// IAMPrefix returns the prefix for AWS ARNs in the current region, for use with IAM
// it is arn:aws everywhere but in cn-north, where it is arn:aws-cn
func (tf *TemplateFunctions) IAMPrefix() string {
switch tf.region {
case "cn-north-1":
return "arn:aws-cn"
default:
return "arn:aws"
}
}
// Image returns the docker image name for the specified component
func (tf *TemplateFunctions) Image(component string) (string, error) {
if component == "kube-dns" {
// TODO: Once we are shipping different versions, start to use them
return "gcr.io/google_containers/kubedns-amd64:1.3", nil
}
if !isBaseURL(tf.cluster.Spec.KubernetesVersion) {
return "gcr.io/google_containers/" + component + ":" + "v" + tf.cluster.Spec.KubernetesVersion, nil
}
baseURL := tf.cluster.Spec.KubernetesVersion
baseURL = strings.TrimSuffix(baseURL, "/")
tagURL := baseURL + "/bin/linux/amd64/" + component + ".docker_tag"
glog.V(2).Infof("Downloading docker tag for %s from: %s", component, tagURL)
b, err := vfs.Context.ReadFile(tagURL)
if err != nil {
return "", fmt.Errorf("error reading tag file %q: %v", tagURL, err)
}
tag := strings.TrimSpace(string(b))
glog.V(2).Infof("Found tag %q for %q", tag, component)
return "gcr.io/google_containers/" + component + ":" + tag, nil
}