Order by name fields in CalicoNetworkingSpec

kubernetes · Dec 11, 2020 · a82fa58 · a82fa58
1 parent dcadec0
commit a82fa58
Show file tree

Hide file tree

Showing 9 changed files with 86 additions and 78 deletions.
diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -2858,12 +2858,12 @@ spec:
                       networking
                     properties:
                       awsSrcDstCheck:
-                        description: 'AwsSrcDstCheck enables/disables source/destination
-                          checks (AWS only) Options: "DoNothing" (default) , "Enable"
-                          or "Disable"'
+                        description: 'AWSSrcDstCheck enables/disables ENI source/destination
+                          checks (AWS only) Options: DoNothing (default), Enable,
+                          or Disable'
                         type: string
                       bpfEnabled:
-                        description: BpfEnabled enables the eBPF dataplane mode.
+                        description: BPFEnabled enables the eBPF dataplane mode.
                         type: boolean
                       bpfExternalServiceMode:
                         description: 'BPFExternalServiceMode controls how traffic
@@ -2907,7 +2907,11 @@ spec:
                           when set to true
                         type: boolean
                       ipipMode:
-                        description: IPIPMode is mode for CALICO_IPV4POOL_IPIP
+                        description: IPIPMode is the encapsulation mode to use for
+                          the default Calico IPv4 pool created at start up, determining
+                          when to use IP-in-IP encapsulation, conveyed to the "calico-node"
+                          daemon container via the CALICO_IPV4POOL_IPIP environment
+                          variable
                         type: string
                       iptablesBackend:
                         description: 'IptablesBackend controls which variant of iptables

diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
@@ -103,7 +103,10 @@ type FlannelNetworkingSpec struct {
 
 // CalicoNetworkingSpec declares that we want Calico networking
 type CalicoNetworkingSpec struct {
-	// BpfEnabled enables the eBPF dataplane mode.
+	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
+	// Options: DoNothing (default), Enable, or Disable
+	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
+	// BPFEnabled enables the eBPF dataplane mode.
 	BPFEnabled bool `json:"bpfEnabled,omitempty"`
 	// BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled.
 	// In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again.
@@ -126,9 +129,25 @@ type CalicoNetworkingSpec struct {
 	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
 	// CrossSubnet enables Calico's cross-subnet mode when set to true
 	CrossSubnet bool `json:"crossSubnet,omitempty"`
-	// AwsSrcDstCheck enables/disables source/destination checks (AWS only)
-	// Options: "DoNothing" (default) , "Enable" or "Disable"
-	AwsSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
+	// IPIPMode is the encapsulation mode to use for the default Calico IPv4 pool created at start
+	// up, determining when to use IP-in-IP encapsulation, conveyed to the "calico-node" daemon
+	// container via the CALICO_IPV4POOL_IPIP environment variable
+	IPIPMode string `json:"ipipMode,omitempty"`
+	// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
+	// between nodes.  This should be set when the host has multiple interfaces
+	// and it is important to select the interface used.
+	// Options: "first-found" (default), "can-reach=DESTINATION",
+	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
+	IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
+	// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
+	// between nodes.  This should be set when the host has multiple interfaces
+	// and it is important to select the interface used.
+	// Options: "first-found" (default), "can-reach=DESTINATION",
+	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
+	IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
+	// IptablesBackend controls which variant of iptables binary Felix uses
+	// Default: Auto (other options: Legacy, NFT)
+	IptablesBackend string `json:"iptablesBackend,omitempty"`
 	// LogSeverityScreen lets us set the desired log level. (Default: info)
 	LogSeverityScreen string `json:"logSeverityScreen,omitempty"`
 	// MTU to be set in the cni-network-config for calico.
@@ -145,23 +164,6 @@ type CalicoNetworkingSpec struct {
 	PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
 	// MajorVersion is deprecated as of kOps 1.20 and has no effect
 	MajorVersion string `json:"majorVersion,omitempty"`
-	// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
-	// between nodes.  This should be set when the host has multiple interfaces
-	// and it is important to select the interface used.
-	// Options: "first-found" (default), "can-reach=DESTINATION",
-	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
-	IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
-	// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
-	// between nodes.  This should be set when the host has multiple interfaces
-	// and it is important to select the interface used.
-	// Options: "first-found" (default), "can-reach=DESTINATION",
-	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
-	IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
-	// IptablesBackend controls which variant of iptables binary Felix uses
-	// Default: Auto (other options: Legacy, NFT)
-	IptablesBackend string `json:"iptablesBackend,omitempty"`
-	// IPIPMode is mode for CALICO_IPV4POOL_IPIP
-	IPIPMode string `json:"ipipMode,omitempty"`
 	// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
 	// (default: false)
 	TyphaPrometheusMetricsEnabled bool `json:"typhaPrometheusMetricsEnabled,omitempty"`

diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
@@ -103,7 +103,10 @@ type FlannelNetworkingSpec struct {
 
 // CalicoNetworkingSpec declares that we want Calico networking
 type CalicoNetworkingSpec struct {
-	// BpfEnabled enables the eBPF dataplane mode.
+	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
+	// Options: DoNothing (default), Enable, or Disable
+	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
+	// BPFEnabled enables the eBPF dataplane mode.
 	BPFEnabled bool `json:"bpfEnabled,omitempty"`
 	// BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled.
 	// In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again.
@@ -126,9 +129,25 @@ type CalicoNetworkingSpec struct {
 	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
 	// CrossSubnet enables Calico's cross-subnet mode when set to true
 	CrossSubnet bool `json:"crossSubnet,omitempty"`
-	// AwsSrcDstCheck enables/disables source/destination checks (AWS only)
-	// Options: "DoNothing" (default) , "Enable" or "Disable"
-	AwsSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
+	// IPIPMode is the encapsulation mode to use for the default Calico IPv4 pool created at start
+	// up, determining when to use IP-in-IP encapsulation, conveyed to the "calico-node" daemon
+	// container via the CALICO_IPV4POOL_IPIP environment variable
+	IPIPMode string `json:"ipipMode,omitempty"`
+	// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
+	// between nodes.  This should be set when the host has multiple interfaces
+	// and it is important to select the interface used.
+	// Options: "first-found" (default), "can-reach=DESTINATION",
+	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
+	IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
+	// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
+	// between nodes.  This should be set when the host has multiple interfaces
+	// and it is important to select the interface used.
+	// Options: "first-found" (default), "can-reach=DESTINATION",
+	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
+	IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
+	// IptablesBackend controls which variant of iptables binary Felix uses
+	// Default: Auto (other options: Legacy, NFT)
+	IptablesBackend string `json:"iptablesBackend,omitempty"`
 	// LogSeverityScreen lets us set the desired log level. (Default: info)
 	LogSeverityScreen string `json:"logSeverityScreen,omitempty"`
 	// MTU to be set in the cni-network-config for calico.
@@ -145,23 +164,6 @@ type CalicoNetworkingSpec struct {
 	PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
 	// MajorVersion is deprecated as of kOps 1.20 and has no effect
 	MajorVersion string `json:"majorVersion,omitempty"`
-	// IptablesBackend controls which variant of iptables binary Felix uses
-	// Default: Auto (other options: Legacy, NFT)
-	IptablesBackend string `json:"iptablesBackend,omitempty"`
-	// IPIPMode is mode for CALICO_IPV4POOL_IPIP
-	IPIPMode string `json:"ipipMode,omitempty"`
-	// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
-	// between nodes.  This should be set when the host has multiple interfaces
-	// and it is important to select the interface used.
-	// Options: "first-found" (default), "can-reach=DESTINATION",
-	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
-	IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
-	// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
-	// between nodes.  This should be set when the host has multiple interfaces
-	// and it is important to select the interface used.
-	// Options: "first-found" (default), "can-reach=DESTINATION",
-	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
-	IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
 	// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
 	// (default: false)
 	TyphaPrometheusMetricsEnabled bool `json:"typhaPrometheusMetricsEnabled,omitempty"`

diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go
@@ -969,15 +969,9 @@ func validateEtcdMemberSpec(spec kops.EtcdMemberSpec, fieldPath *field.Path) fie
 func validateNetworkingCalico(v *kops.CalicoNetworkingSpec, e kops.EtcdClusterSpec, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
 
-	if v.TyphaReplicas < 0 {
-		allErrs = append(allErrs,
-			field.Invalid(fldPath.Child("typhaReplicas"), v.TyphaReplicas,
-				fmt.Sprintf("Unable to set number of Typha replicas to less than 0, you've specified %d", v.TyphaReplicas)))
-	}
-
-	if v.AwsSrcDstCheck != "" {
+	if v.AWSSrcDstCheck != "" {
 		valid := []string{"Enable", "Disable", "DoNothing"}
-		allErrs = append(allErrs, IsValidValue(fldPath.Child("awsSrcDstCheck"), &v.AwsSrcDstCheck, valid)...)
+		allErrs = append(allErrs, IsValidValue(fldPath.Child("awsSrcDstCheck"), &v.AWSSrcDstCheck, valid)...)
 	}
 
 	if v.BPFExternalServiceMode != "" {
@@ -995,11 +989,6 @@ func validateNetworkingCalico(v *kops.CalicoNetworkingSpec, e kops.EtcdClusterSp
 		allErrs = append(allErrs, IsValidValue(fldPath.Child("chainInsertMode"), &v.ChainInsertMode, valid)...)
 	}
 
-	if v.IptablesBackend != "" {
-		valid := []string{"Auto", "Legacy", "NFT"}
-		allErrs = append(allErrs, IsValidValue(fldPath.Child("iptablesBackend"), &v.IptablesBackend, valid)...)
-	}
-
 	if v.IPv4AutoDetectionMethod != "" {
 		allErrs = append(allErrs, validateCalicoAutoDetectionMethod(fldPath.Child("ipv4AutoDetectionMethod"), v.IPv4AutoDetectionMethod, ipv4.Version)...)
 	}
@@ -1008,6 +997,17 @@ func validateNetworkingCalico(v *kops.CalicoNetworkingSpec, e kops.EtcdClusterSp
 		allErrs = append(allErrs, validateCalicoAutoDetectionMethod(fldPath.Child("ipv6AutoDetectionMethod"), v.IPv6AutoDetectionMethod, ipv6.Version)...)
 	}
 
+	if v.IptablesBackend != "" {
+		valid := []string{"Auto", "Legacy", "NFT"}
+		allErrs = append(allErrs, IsValidValue(fldPath.Child("iptablesBackend"), &v.IptablesBackend, valid)...)
+	}
+
+	if v.TyphaReplicas < 0 {
+		allErrs = append(allErrs,
+			field.Invalid(fldPath.Child("typhaReplicas"), v.TyphaReplicas,
+				fmt.Sprintf("Unable to set number of Typha replicas to less than 0, you've specified %d", v.TyphaReplicas)))
+	}
+
 	return allErrs
 }
 

diff --git a/pkg/apis/kops/validation/validation_test.go b/pkg/apis/kops/validation/validation_test.go
@@ -506,7 +506,7 @@ func Test_Validate_Calico(t *testing.T) {
 		{
 			Input: caliInput{
 				Calico: &kops.CalicoNetworkingSpec{
-					AwsSrcDstCheck: "off",
+					AWSSrcDstCheck: "off",
 				},
 				Etcd: kops.EtcdClusterSpec{},
 			},
@@ -515,23 +515,23 @@ func Test_Validate_Calico(t *testing.T) {
 		{
 			Input: caliInput{
 				Calico: &kops.CalicoNetworkingSpec{
-					AwsSrcDstCheck: "Enable",
+					AWSSrcDstCheck: "Enable",
 				},
 				Etcd: kops.EtcdClusterSpec{},
 			},
 		},
 		{
 			Input: caliInput{
 				Calico: &kops.CalicoNetworkingSpec{
-					AwsSrcDstCheck: "Disable",
+					AWSSrcDstCheck: "Disable",
 				},
 				Etcd: kops.EtcdClusterSpec{},
 			},
 		},
 		{
 			Input: caliInput{
 				Calico: &kops.CalicoNetworkingSpec{
-					AwsSrcDstCheck: "DoNothing",
+					AWSSrcDstCheck: "DoNothing",
 				},
 				Etcd: kops.EtcdClusterSpec{},
 			},

diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
@@ -280,7 +280,7 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
 		addCiliumEniPermissions(p, resource, b.Cluster.Spec.IAM.Legacy)
 	}
 
-	if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && (b.Cluster.Spec.Networking.Calico.CrossSubnet || b.Cluster.Spec.Networking.Calico.AwsSrcDstCheck != "") {
+	if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && (b.Cluster.Spec.Networking.Calico.CrossSubnet || b.Cluster.Spec.Networking.Calico.AWSSrcDstCheck != "") {
 		addCalicoSrcDstCheckPermissions(p)
 	}
 
@@ -319,7 +319,7 @@ func (r *NodeRoleNode) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
 		addLyftVPCPermissions(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName())
 	}
 
-	if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && (b.Cluster.Spec.Networking.Calico.CrossSubnet || b.Cluster.Spec.Networking.Calico.AwsSrcDstCheck != "") {
+	if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && (b.Cluster.Spec.Networking.Calico.CrossSubnet || b.Cluster.Spec.Networking.Calico.AWSSrcDstCheck != "") {
 		addCalicoSrcDstCheckPermissions(p)
 	}
 

diff --git a/upup/models/bindata.go b/upup/models/bindata.go
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
@@ -3910,7 +3910,7 @@ spec:
             # kops additions
             # Enable source/destination checks for AWS
             - name: FELIX_AWSSRCDSTCHECK
-              value: "{{- if and (eq .CloudProvider "aws") (.Networking.Calico.CrossSubnet) -}}Disable{{- else -}} {{- or .Networking.Calico.AwsSrcDstCheck "DoNothing" -}} {{- end -}}"
+              value: "{{- if and (eq .CloudProvider "aws") (.Networking.Calico.CrossSubnet) -}}Disable{{- else -}} {{- or .Networking.Calico.AWSSrcDstCheck "DoNothing" -}} {{- end -}}"
             # Enable eBPF dataplane mode
             - name: FELIX_BPFENABLED
               value: "{{ .Networking.Calico.BPFEnabled }}"