Merge pull request #3682 from reactiveops/tag_subnets_2011

Automatic merge from submit-queue. [AWS] Properly tag public and private subnets for ELB creation This is a replacement for #3527 that I think makes more sense. Thanks! Closes #2011
kubernetes · Oct 22, 2017 · eca1653 · eca1653
2 parents 0ece238 + 239199c
commit eca1653
Show file tree

Hide file tree

Showing 14 changed files with 38 additions and 0 deletions.
diff --git a/pkg/model/network.go b/pkg/model/network.go
@@ -25,6 +25,7 @@ import (
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
+	"k8s.io/kubernetes/pkg/cloudprovider/providers/aws"
 )
 
 // NetworkModelBuilder configures network objects
@@ -148,6 +149,18 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 		subnetName := subnetSpec.Name + "." + b.ClusterName()
 		tags := b.CloudTags(subnetName, sharedSubnet)
 
+		// Apply tags so that Kubernetes knows which subnets should be used for internal/external ELBs
+		switch subnetSpec.Type {
+		case kops.SubnetTypePublic, kops.SubnetTypeUtility:
+			tags[aws.TagNameSubnetPublicELB] = "1"
+
+		case kops.SubnetTypePrivate:
+			tags[aws.TagNameSubnetInternalELB] = "1"
+
+		default:
+			glog.V(2).Infof("unable to properly tag subnet %q because it has unknown type %q. Load balancers may be created in incorrect subnets", subnetSpec.Name, subnetSpec.Type)
+		}
+
 		subnet := &awstasks.Subnet{
 			Name:             s(subnetName),
 			Lifecycle:        b.Lifecycle,

diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf
@@ -429,6 +429,7 @@ resource "aws_subnet" "us-test-1a-complex-example-com" {
     KubernetesCluster                           = "complex.example.com"
     Name                                        = "us-test-1a.complex.example.com"
     "kubernetes.io/cluster/complex.example.com" = "owned"
+    "kubernetes.io/role/elb"                    = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf
@@ -535,6 +535,7 @@ resource "aws_subnet" "us-test-1a-ha-example-com" {
     KubernetesCluster                      = "ha.example.com"
     Name                                   = "us-test-1a.ha.example.com"
     "kubernetes.io/cluster/ha.example.com" = "owned"
+    "kubernetes.io/role/elb"               = "1"
   }
 }
 
@@ -547,6 +548,7 @@ resource "aws_subnet" "us-test-1b-ha-example-com" {
     KubernetesCluster                      = "ha.example.com"
     Name                                   = "us-test-1b.ha.example.com"
     "kubernetes.io/cluster/ha.example.com" = "owned"
+    "kubernetes.io/role/elb"               = "1"
   }
 }
 
@@ -559,6 +561,7 @@ resource "aws_subnet" "us-test-1c-ha-example-com" {
     KubernetesCluster                      = "ha.example.com"
     Name                                   = "us-test-1c.ha.example.com"
     "kubernetes.io/cluster/ha.example.com" = "owned"
+    "kubernetes.io/role/elb"               = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/minimal-141/kubernetes.tf b/tests/integration/update_cluster/minimal-141/kubernetes.tf
@@ -365,6 +365,7 @@ resource "aws_subnet" "us-test-1a-minimal-141-example-com" {
     KubernetesCluster                               = "minimal-141.example.com"
     Name                                            = "us-test-1a.minimal-141.example.com"
     "kubernetes.io/cluster/minimal-141.example.com" = "owned"
+    "kubernetes.io/role/elb"                        = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json
@@ -401,6 +401,10 @@
           {
             "Key": "kubernetes.io/cluster/minimal.example.com",
             "Value": "owned"
+          },
+          {
+            "Key": "kubernetes.io/role/elb",
+            "Value": "1"
           }
         ]
       }

diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf
@@ -365,6 +365,7 @@ resource "aws_subnet" "us-test-1a-minimal-example-com" {
     KubernetesCluster                           = "minimal.example.com"
     Name                                        = "us-test-1a.minimal.example.com"
     "kubernetes.io/cluster/minimal.example.com" = "owned"
+    "kubernetes.io/role/elb"                    = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf
@@ -645,6 +645,7 @@ resource "aws_subnet" "us-test-1a-privatecalico-example-com" {
     KubernetesCluster                                 = "privatecalico.example.com"
     Name                                              = "us-test-1a.privatecalico.example.com"
     "kubernetes.io/cluster/privatecalico.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"                 = "1"
   }
 }
 
@@ -657,6 +658,7 @@ resource "aws_subnet" "utility-us-test-1a-privatecalico-example-com" {
     KubernetesCluster                                 = "privatecalico.example.com"
     Name                                              = "utility-us-test-1a.privatecalico.example.com"
     "kubernetes.io/cluster/privatecalico.example.com" = "owned"
+    "kubernetes.io/role/elb"                          = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf
@@ -636,6 +636,7 @@ resource "aws_subnet" "us-test-1a-privatecanal-example-com" {
     KubernetesCluster                                = "privatecanal.example.com"
     Name                                             = "us-test-1a.privatecanal.example.com"
     "kubernetes.io/cluster/privatecanal.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"                = "1"
   }
 }
 
@@ -648,6 +649,7 @@ resource "aws_subnet" "utility-us-test-1a-privatecanal-example-com" {
     KubernetesCluster                                = "privatecanal.example.com"
     Name                                             = "utility-us-test-1a.privatecanal.example.com"
     "kubernetes.io/cluster/privatecanal.example.com" = "owned"
+    "kubernetes.io/role/elb"                         = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf
@@ -641,6 +641,7 @@ resource "aws_subnet" "us-test-1a-privatedns1-example-com" {
     KubernetesCluster                               = "privatedns1.example.com"
     Name                                            = "us-test-1a.privatedns1.example.com"
     "kubernetes.io/cluster/privatedns1.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"               = "1"
   }
 }
 
@@ -653,6 +654,7 @@ resource "aws_subnet" "utility-us-test-1a-privatedns1-example-com" {
     KubernetesCluster                               = "privatedns1.example.com"
     Name                                            = "utility-us-test-1a.privatedns1.example.com"
     "kubernetes.io/cluster/privatedns1.example.com" = "owned"
+    "kubernetes.io/role/elb"                        = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf
@@ -627,6 +627,7 @@ resource "aws_subnet" "us-test-1a-privatedns2-example-com" {
     KubernetesCluster                               = "privatedns2.example.com"
     Name                                            = "us-test-1a.privatedns2.example.com"
     "kubernetes.io/cluster/privatedns2.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"               = "1"
   }
 }
 
@@ -639,6 +640,7 @@ resource "aws_subnet" "utility-us-test-1a-privatedns2-example-com" {
     KubernetesCluster                               = "privatedns2.example.com"
     Name                                            = "utility-us-test-1a.privatedns2.example.com"
     "kubernetes.io/cluster/privatedns2.example.com" = "owned"
+    "kubernetes.io/role/elb"                        = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf
@@ -636,6 +636,7 @@ resource "aws_subnet" "us-test-1a-privateflannel-example-com" {
     KubernetesCluster                                  = "privateflannel.example.com"
     Name                                               = "us-test-1a.privateflannel.example.com"
     "kubernetes.io/cluster/privateflannel.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"                  = "1"
   }
 }
 
@@ -648,6 +649,7 @@ resource "aws_subnet" "utility-us-test-1a-privateflannel-example-com" {
     KubernetesCluster                                  = "privateflannel.example.com"
     Name                                               = "utility-us-test-1a.privateflannel.example.com"
     "kubernetes.io/cluster/privateflannel.example.com" = "owned"
+    "kubernetes.io/role/elb"                           = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf
@@ -627,6 +627,7 @@ resource "aws_subnet" "us-test-1a-privatekopeio-example-com" {
     KubernetesCluster                                 = "privatekopeio.example.com"
     Name                                              = "us-test-1a.privatekopeio.example.com"
     "kubernetes.io/cluster/privatekopeio.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"                 = "1"
   }
 }
 
@@ -639,6 +640,7 @@ resource "aws_subnet" "utility-us-test-1a-privatekopeio-example-com" {
     KubernetesCluster                                 = "privatekopeio.example.com"
     Name                                              = "utility-us-test-1a.privatekopeio.example.com"
     "kubernetes.io/cluster/privatekopeio.example.com" = "owned"
+    "kubernetes.io/role/elb"                          = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf
@@ -636,6 +636,7 @@ resource "aws_subnet" "us-test-1a-privateweave-example-com" {
     KubernetesCluster                                = "privateweave.example.com"
     Name                                             = "us-test-1a.privateweave.example.com"
     "kubernetes.io/cluster/privateweave.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"                = "1"
   }
 }
 
@@ -648,6 +649,7 @@ resource "aws_subnet" "utility-us-test-1a-privateweave-example-com" {
     KubernetesCluster                                = "privateweave.example.com"
     Name                                             = "utility-us-test-1a.privateweave.example.com"
     "kubernetes.io/cluster/privateweave.example.com" = "owned"
+    "kubernetes.io/role/elb"                         = "1"
   }
 }
 

diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf
@@ -356,6 +356,7 @@ resource "aws_subnet" "us-test-1a-sharedvpc-example-com" {
     KubernetesCluster                             = "sharedvpc.example.com"
     Name                                          = "us-test-1a.sharedvpc.example.com"
     "kubernetes.io/cluster/sharedvpc.example.com" = "owned"
+    "kubernetes.io/role/elb"                      = "1"
   }
 }