Adding API to have shared security groups

pkg/apis/kops/cluster.go

@@ -271,9 +271,14 @@ const (
 
 // LoadBalancerAccessSpec provides configuration details related to API LoadBalancer and its access
 type LoadBalancerAccessSpec struct {
-	Type                     LoadBalancerType `json:"type,omitempty"`
-	IdleTimeoutSeconds       *int64           `json:"idleTimeoutSeconds,omitempty"`
-	AdditionalSecurityGroups []string         `json:"additionalSecurityGroups,omitempty"`
+	// Type may be Public or Internal.
+	Type LoadBalancerType `json:"type,omitempty"`
+	// IdleTimeoutSeconds sets the timeout of the api loadbalancer.
+	IdleTimeoutSeconds *int64 `json:"idleTimeoutSeconds,omitempty"`
+	// AdditionalSecurityGroups attaches additional security groups (e.g. sg-123456).
+	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
+	// SecurityGroup is the id of the shared security group to use for the InstanceGroupSpec.
+	SecurityGroup *string `json:"securityGroup,omitempty"`
 }
 
 // KubeDNSConfig defines the kube dns configuration

pkg/apis/kops/instancegroup.go

@@ -114,6 +114,8 @@ type InstanceGroupSpec struct {
 	Taints []string `json:"taints,omitempty"`
 	// AdditionalUserData is any aditional user-data to be passed to the host
 	AdditionalUserData []UserData `json:"additionalUserData,omitempty"`
+	// SecurityGroup is the id of the shared security group to use. Currently only AWS is supported.
+	SecurityGroup *string `json:"securityGroup,omitempty"`
 }
 
 // UserData defines a user-data section

pkg/apis/kops/v1alpha1/cluster.go

@@ -270,9 +270,14 @@ const (
 
 // LoadBalancerAccessSpec provides configuration details related to API LoadBalancer and its access
 type LoadBalancerAccessSpec struct {
-	Type                     LoadBalancerType `json:"type,omitempty"`
-	IdleTimeoutSeconds       *int64           `json:"idleTimeoutSeconds,omitempty"`
-	AdditionalSecurityGroups []string         `json:"additionalSecurityGroups,omitempty"`
+	// Type may be Public or Internal.
+	Type LoadBalancerType `json:"type,omitempty"`
+	// IdleTimeoutSeconds sets the timeout of the api loadbalancer.
+	IdleTimeoutSeconds *int64 `json:"idleTimeoutSeconds,omitempty"`
+	// AdditionalSecurityGroups attaches additional security groups (e.g. sg-123456).
+	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
+	// SecurityGroup is the id of the shared security group to use for the InstanceGroupSpec.
+	SecurityGroup *string `json:"securityGroup,omitempty"`
 }
 
 // KubeDNSConfig defines the kube dns configuration

pkg/apis/kops/v1alpha1/instancegroup.go

@@ -94,6 +94,8 @@ type InstanceGroupSpec struct {
 	// Zones is the names of the Zones where machines in this instance group should be placed
 	// This is needed for regional subnets (e.g. GCE), to restrict placement to particular zones
 	Zones []string `json:"zones,omitempty"`
+	// SecurityGroup is the id of the shared security group to use. Currently only AWS is supported.
+	SecurityGroup *string `json:"securityGroup,omitempty"`
 }
 
 // UserData defines a user-data section

pkg/apis/kops/v1alpha1/zz_generated.conversion.go

@@ -1647,6 +1647,7 @@ func autoConvert_v1alpha1_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan
 		out.AdditionalUserData = nil
 	}
 	out.Zones = in.Zones
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 
@@ -1711,6 +1712,7 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha1_InstanceGroupSpec(in *kops.I
 	} else {
 		out.AdditionalUserData = nil
 	}
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 
@@ -2244,6 +2246,7 @@ func autoConvert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(
 	out.Type = kops.LoadBalancerType(in.Type)
 	out.IdleTimeoutSeconds = in.IdleTimeoutSeconds
 	out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 
@@ -2256,6 +2259,7 @@ func autoConvert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(
 	out.Type = LoadBalancerType(in.Type)
 	out.IdleTimeoutSeconds = in.IdleTimeoutSeconds
 	out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 

pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go

@@ -23,6 +23,7 @@ package v1alpha1
 import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
+	reflect "reflect"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -1502,6 +1503,15 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecurityGroup != nil {
+		in, out := &in.SecurityGroup, &out.SecurityGroup
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(string)
+			**out = **in
+		}
+	}
 	return
 }
 
@@ -2374,6 +2384,15 @@ func (in *LoadBalancerAccessSpec) DeepCopyInto(out *LoadBalancerAccessSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecurityGroup != nil {
+		in, out := &in.SecurityGroup, &out.SecurityGroup
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(string)
+			**out = **in
+		}
+	}
 	return
 }
 

pkg/apis/kops/v1alpha2/cluster.go

@@ -271,9 +271,14 @@ const (
 
 // LoadBalancerAccessSpec provides configuration details related to API LoadBalancer and its access
 type LoadBalancerAccessSpec struct {
-	Type                     LoadBalancerType `json:"type,omitempty"`
-	IdleTimeoutSeconds       *int64           `json:"idleTimeoutSeconds,omitempty"`
-	AdditionalSecurityGroups []string         `json:"additionalSecurityGroups,omitempty"`
+	// Type may be Public or Internal.
+	Type LoadBalancerType `json:"type,omitempty"`
+	// IdleTimeoutSeconds sets the timeout of the api loadbalancer.
+	IdleTimeoutSeconds *int64 `json:"idleTimeoutSeconds,omitempty"`
+	// AdditionalSecurityGroups attaches additional security groups (e.g. sg-123456).
+	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
+	// SecurityGroup is the id of the shared security group to use for the InstanceGroupSpec.
+	SecurityGroup *string `json:"securityGroup,omitempty"`
 }
 
 type KubeDNSConfig struct {

pkg/apis/kops/v1alpha2/instancegroup.go

@@ -103,6 +103,8 @@ type InstanceGroupSpec struct {
 	Taints []string `json:"taints,omitempty"`
 	// AdditionalUserData is any aditional user-data to be passed to the host
 	AdditionalUserData []UserData `json:"additionalUserData,omitempty"`
+	// SecurityGroup is the id of the shared security group. Currently only AWS is supported.
+	SecurityGroup *string `json:"securityGroup,omitempty"`
 }
 
 // UserData defines a user-data section

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -1757,6 +1757,7 @@ func autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan
 	} else {
 		out.AdditionalUserData = nil
 	}
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 
@@ -1826,6 +1827,7 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.I
 	} else {
 		out.AdditionalUserData = nil
 	}
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 
@@ -2506,6 +2508,7 @@ func autoConvert_v1alpha2_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(
 	out.Type = kops.LoadBalancerType(in.Type)
 	out.IdleTimeoutSeconds = in.IdleTimeoutSeconds
 	out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 
@@ -2518,6 +2521,7 @@ func autoConvert_kops_LoadBalancerAccessSpec_To_v1alpha2_LoadBalancerAccessSpec(
 	out.Type = LoadBalancerType(in.Type)
 	out.IdleTimeoutSeconds = in.IdleTimeoutSeconds
 	out.AdditionalSecurityGroups = in.AdditionalSecurityGroups
+	out.SecurityGroup = in.SecurityGroup
 	return nil
 }
 

pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

@@ -23,6 +23,7 @@ package v1alpha2
 import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
+	reflect "reflect"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -1501,6 +1502,15 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
 		*out = make([]UserData, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecurityGroup != nil {
+		in, out := &in.SecurityGroup, &out.SecurityGroup
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(string)
+			**out = **in
+		}
+	}
 	return
 }
 
@@ -2484,6 +2494,15 @@ func (in *LoadBalancerAccessSpec) DeepCopyInto(out *LoadBalancerAccessSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecurityGroup != nil {
+		in, out := &in.SecurityGroup, &out.SecurityGroup
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(string)
+			**out = **in
+		}
+	}
 	return
 }
 

pkg/apis/kops/zz_generated.deepcopy.go

@@ -23,6 +23,7 @@ package kops
 import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
+	reflect "reflect"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -1664,6 +1665,15 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
 		*out = make([]UserData, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecurityGroup != nil {
+		in, out := &in.SecurityGroup, &out.SecurityGroup
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(string)
+			**out = **in
+		}
+	}
 	return
 }
 
@@ -2679,6 +2689,15 @@ func (in *LoadBalancerAccessSpec) DeepCopyInto(out *LoadBalancerAccessSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.SecurityGroup != nil {
+		in, out := &in.SecurityGroup, &out.SecurityGroup
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(string)
+			**out = **in
+		}
+	}
 	return
 }