Skip to content

Commit

Permalink
Merge pull request #619 from hidekazuna/bastion
Browse files Browse the repository at this point in the history 
✨ Add bastion host to login the nodes and update non HA template
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Sep 14, 2020
2 parents ea415e1 + 6b6a801 commit 60f5a4c
Show file tree
Hide file tree
Showing 14 changed files with 730 additions and 162 deletions.
2 changes: 2 additions & 0 deletions .zuul/playbooks/run.yaml
View file
Expand Up @@ -48,6 +48,8 @@
openstack availability zone list
openstack domain list
openstack flavor delete m1.tiny
openstack flavor create --ram 128 --disk 1 --vcpus 1 --public --id 1 m1.tiny --property hw_rng:allowed='True'
openstack flavor delete m1.small
openstack flavor create --ram 4096 --disk 10 --vcpus 2 --public --id 2 m1.small --property hw_rng:allowed='True'
openstack flavor delete m1.medium
Expand Down
7 changes: 6 additions & 1 deletion Makefile
View file
Expand Up @@ -298,8 +298,10 @@ OPENSTACK_CLOUD_PROVIDER_CONF_B64 ?= ""
OPENSTACK_CLOUD_YAML_B64 ?= ""
OPENSTACK_DNS_NAMESERVERS ?= ""
OPENSTACK_IMAGE_NAME ?= "ubuntu-1910-kube-v1.17.3"
OPENSTACK_BASTION_IMAGE_NAME ?= "cirros"
OPENSTACK_NODE_MACHINE_FLAVOR ?= "m1.small"
OPENSTACK_CONTROL_PLANE_MACHINE_FLAVOR ?= "m1.medium"
OPENSTACK_BASTION_MACHINE_FLAVOR ?= "m1.tiny"
CLUSTER_NAME ?= "capi-quickstart"
OPENSTACK_SSH_KEY_NAME ?= "${CLUSTER_NAME}-key"
OPENSTACK_CLUSTER_TEMPLATE ?= "./templates/cluster-template-without-lb.yaml"
Expand Down Expand Up @@ -382,7 +384,10 @@ create-cluster: $(CLUSTERCTL) $(KUSTOMIZE) $(ENVSUBST) ## Create a development K
sed "s|\$${OPENSTACK_CLOUD_PROVIDER_CONF_B64}|$(OPENSTACK_CLOUD_PROVIDER_CONF_B64)|" | \
sed "s|\$${OPENSTACK_CLOUD_CACERT_B64}|$(OPENSTACK_CLOUD_CACERT_B64)|" | \
sed "s|\$${KUBERNETES_VERSION}|$(KUBERNETES_VERSION)|" | \
sed "s|\$${CLUSTER_NAME}|$(CLUSTER_NAME)|" \
sed "s|\$${CLUSTER_NAME}|$(CLUSTER_NAME)|" | \
sed "s|\$${OPENSTACK_BASTION_MACHINE_FLAVOR}|$(OPENSTACK_BASTION_MACHINE_FLAVOR)|" | \
sed "s|\$${OPENSTACK_BASTION_IMAGE_NAME}|$(OPENSTACK_BASTION_IMAGE_NAME)|" | \
sed "s|\$${OPENSTACK_SSH_KEY_NAME}|$(OPENSTACK_SSH_KEY_NAME)|" \
> ./hack/ci/e2e-conformance/e2e-conformance_patch.yaml
$(KUSTOMIZE) build --reorder=none hack/ci/e2e-conformance > ./out/cluster.yaml

Expand Down
9 changes: 9 additions & 0 deletions api/v1alpha3/openstackcluster_types.go
View file
Expand Up @@ -105,6 +105,10 @@ type OpenStackClusterSpec struct {

// ControlPlaneAvailabilityZones is the az to deploy control plane to
ControlPlaneAvailabilityZones []string `json:"controlPlaneAvailabilityZones,omitempty"`

// Bastion is the OpenStack instance to login the nodes
//+optional
Bastion *Bastion `json:"bastion,omitempty"`
}

// OpenStackClusterStatus defines the observed state of OpenStackCluster
Expand All @@ -129,6 +133,10 @@ type OpenStackClusterStatus struct {
// WorkerSecurityGroup contains all the information about the OpenStack Security
// Group that needs to be applied to worker nodes.
WorkerSecurityGroup *SecurityGroup `json:"workerSecurityGroup,omitempty"`

BastionSecurityGroup *SecurityGroup `json:"bastionSecurityGroup,omitempty"`

Bastion *Bastion `json:"bastion,omitempty"`
}

// +kubebuilder:object:root=true
Expand All @@ -140,6 +148,7 @@ type OpenStackClusterStatus struct {
// +kubebuilder:printcolumn:name="Network",type="string",JSONPath=".status.network.id",description="Network the cluster is using"
// +kubebuilder:printcolumn:name="Subnet",type="string",JSONPath=".status.network.subnet.id",description="Subnet the cluster is using"
// +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint.host",description="API Endpoint",priority=1
// +kubebuilder:printcolumn:name="Bastion",type="string",JSONPath=".status.bastion.floatingIP",description="Bastion floating IP"

// OpenStackCluster is the Schema for the openstackclusters API
type OpenStackCluster struct {
Expand Down
16 changes: 16 additions & 0 deletions api/v1alpha3/types.go
View file
Expand Up @@ -237,3 +237,19 @@ var (

InstanceStateShutoff = InstanceState("SHUTOFF")
)

// Bastion represents basic information about the bastion node
type Bastion struct {
//+optional
Enabled bool `json:"enabled"`
//+optional
Flavor string `json:"flavor,omitempty"`
//+optional
Image string `json:"image,omitempty"`
//+optional
SSHKeyName string `json:"sshKeyName,omitempty"`
//+optional
SecurityGroups []SecurityGroupParam `json:"securityGroups,omitempty"`
//+optional
FloatingIP string `json:"floatingIP,omitempty"`
}
35 changes: 35 additions & 0 deletions api/v1alpha3/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

166 changes: 166 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
View file
Expand Up @@ -40,6 +40,10 @@ spec:
name: Endpoint
priority: 1
type: string
- description: Bastion floating IP
jsonPath: .status.bastion.floatingIP
name: Bastion
type: string
name: v1alpha3
schema:
openAPIV3Schema:
Expand Down Expand Up @@ -75,6 +79,61 @@ spec:
description: APIServerLoadBalancerPort is the port on which the listener
on the APIServer loadbalancer will be created
type: integer
bastion:
description: Bastion is the OpenStack instance to login the nodes
properties:
enabled:
type: boolean
flavor:
type: string
floatingIP:
type: string
image:
type: string
securityGroups:
items:
properties:
filter:
description: Filters used to query security groups in openstack
properties:
description:
type: string
id:
type: string
limit:
type: integer
marker:
type: string
name:
type: string
notTags:
type: string
notTagsAny:
type: string
projectId:
type: string
sortDir:
type: string
sortKey:
type: string
tags:
type: string
tagsAny:
type: string
tenantId:
type: string
type: object
name:
description: Security Group name
type: string
uuid:
description: Security Group UID
type: string
type: object
type: array
sshKeyName:
type: string
type: object
cloudName:
description: The name of the cloud to use from the clouds secret
type: string
Expand Down Expand Up @@ -311,6 +370,113 @@ spec:
status:
description: OpenStackClusterStatus defines the observed state of OpenStackCluster
properties:
bastion:
description: Bastion represents basic information about the bastion
node
properties:
enabled:
type: boolean
flavor:
type: string
floatingIP:
type: string
image:
type: string
securityGroups:
items:
properties:
filter:
description: Filters used to query security groups in openstack
properties:
description:
type: string
id:
type: string
limit:
type: integer
marker:
type: string
name:
type: string
notTags:
type: string
notTagsAny:
type: string
projectId:
type: string
sortDir:
type: string
sortKey:
type: string
tags:
type: string
tagsAny:
type: string
tenantId:
type: string
type: object
name:
description: Security Group name
type: string
uuid:
description: Security Group UID
type: string
type: object
type: array
sshKeyName:
type: string
type: object
bastionSecurityGroup:
description: SecurityGroup represents the basic information of the
associated OpenStack Neutron Security Group.
properties:
id:
type: string
name:
type: string
rules:
items:
description: SecurityGroupRule represent the basic information
of the associated OpenStack Security Group Role.
properties:
description:
type: string
direction:
type: string
etherType:
type: string
name:
type: string
portRangeMax:
type: integer
portRangeMin:
type: integer
protocol:
type: string
remoteGroupID:
type: string
remoteIPPrefix:
type: string
securityGroupID:
type: string
required:
- description
- direction
- etherType
- name
- portRangeMax
- portRangeMin
- protocol
- remoteGroupID
- remoteIPPrefix
- securityGroupID
type: object
type: array
required:
- id
- name
- rules
type: object
controlPlaneSecurityGroup:
description: 'ControlPlaneSecurityGroups contains all the information
about the OpenStack Security Group that needs to be applied to control
Expand Down

0 comments on commit 60f5a4c

Please sign in to comment.