apps: private subnet as node-ips

elastisys · May 9, 2023 · 8ae02ad · 8ae02ad
1 parent 9e007e3
commit 8ae02ad
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 26 deletions.
diff --git a/WIP-CHANGELOG.md b/WIP-CHANGELOG.md
@@ -93,6 +93,7 @@
 - Allow for target discovery of all probes in workload cluster
 - Opensearch-configurer will only re-register the snapshot repository if the bucket name has changed
 - Run `log-manager` compaction more frequently
+- Include CK8S_CLOUD_PROVIDER-check in update-ips.bash to include option to add private subnet instead of specific IPs.
 
 ### Removed
 

diff --git a/bin/update-ips.bash b/bin/update-ips.bash
@@ -32,7 +32,7 @@ diffIPs() {
     IPS=("$@")
     tmp_file=$(mktemp --suffix=.yaml)
 
-    yq4 -n '. = []' > "${tmp_file}"
+    yq4 -n '. = []' >"${tmp_file}"
     for ip in "${IPS[@]}"; do
         yq4 -i '. |= . + ["'"${ip}"'/32"]' "${tmp_file}"
     done
@@ -45,7 +45,7 @@ diffIPs() {
 
     diff -U3 --color=always \
         --label "${file//${CK8S_CONFIG_PATH}\//}" <(yq4 -P "${yaml_path}"' // [] | sort_by(.)' "${file}") \
-        --label expected <(yq4 -P '. | sort_by(.)' "${tmp_file}") > "${out_file}"
+        --label expected <(yq4 -P '. | sort_by(.)' "${tmp_file}") >"${out_file}"
     DIFF_RETURN=$?
     rm "${tmp_file}"
     return ${DIFF_RETURN}
@@ -64,14 +64,14 @@ getDNSIPs() {
 
 diffDNSIPs() {
     local IPS
-    read -r -a IPS <<< "$(getDNSIPs "${1}")"
+    read -r -a IPS <<<"$(getDNSIPs "${1}")"
     diffIPs "${2}" "${3}" "${IPS[@]}"
     return $?
 }
 
 # Updates the list from the file and yaml path specified with IPs fetched from the domain
 updateDNSIPs() {
-    read -r -a IPS <<< "$(getDNSIPs "${1}")"
+    read -r -a IPS <<<"$(getDNSIPs "${1}")"
 
     yq4 -i "${2}"' = []' "${3}"
     for ip in "${IPS[@]}"; do
@@ -92,7 +92,7 @@ getKubectlIPs() {
     mapfile -t IPS_internal < <("${here}/ops.bash" kubectl "${1}" get node "${label_argument}" -ojsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}')
     mapfile -t IPS_calico < <("${here}/ops.bash" kubectl "${1}" get node "${label_argument}" -ojsonpath='{.items[*].metadata.annotations.projectcalico\.org/IPv4IPIPTunnelAddr}')
     mapfile -t IPS_wireguard < <("${here}/ops.bash" kubectl "${1}" get node "${label_argument}" -ojsonpath='{.items[*].metadata.annotations.projectcalico\.org/IPv4WireguardInterfaceAddr}')
-    read -r -a IPS <<< "${IPS_internal[*]} ${IPS_calico[*]} ${IPS_wireguard[*]}"
+    read -r -a IPS <<<"${IPS_internal[*]} ${IPS_calico[*]} ${IPS_wireguard[*]}"
     if [ ${#IPS[@]} -eq 0 ]; then
         log_error "No ips for ${1} nodes with labels ${2} was found"
         exit 1
@@ -102,15 +102,15 @@ getKubectlIPs() {
 
 diffKubectlIPs() {
     local IPS
-    read -r -a IPS <<< "$(getKubectlIPs "${1}" "${2}")"
+    read -r -a IPS <<<"$(getKubectlIPs "${1}" "${2}")"
     diffIPs "${3}" "${4}" "${IPS[@]}"
     return $?
 }
 
 # Updates the list from the file and yaml path specified with IPs fetched from the nodes
 updateKubectlIPs() {
     local IPS
-    read -r -a IPS <<< "$(getKubectlIPs "${1}" "${2}")"
+    read -r -a IPS <<<"$(getKubectlIPs "${1}" "${2}")"
 
     yq4 -i "${3}"' = []' "${4}"
     for ip in "${IPS[@]}"; do
@@ -125,7 +125,7 @@ checkIfDiffAndUpdateDNSIPs() {
         else
             log_warning "Diff found for ${2} in ${3//${CK8S_CONFIG_PATH}\//} (diff shows actions needed to be up to date)"
         fi
-        has_diff=$(( has_diff + 1 ))
+        has_diff=$((has_diff + 1))
     fi
 }
 
@@ -136,7 +136,7 @@ checkIfDiffAndUpdateKubectlIPs() {
         else
             log_warning "Diff found for ${3} in ${4//${CK8S_CONFIG_PATH}\//} (diff shows actions needed to be up to date)"
         fi
-        has_diff=$(( has_diff + 1 ))
+        has_diff=$((has_diff + 1))
     fi
 }
 
@@ -155,39 +155,39 @@ checkIfDiffAndUpdatePorts() {
     fi
 
     portDiff() {
-      diff -U3 --color=always \
-          --label "${filepath//${CK8S_CONFIG_PATH}\//}" <(yq4 -P "$yamlpath"' // [] | sort_by(.)' "$filepath") \
-          --label expected <(echo "$ports" | yq4 -P '. | sort_by(.)') > "$out"
+        diff -U3 --color=always \
+            --label "${filepath//${CK8S_CONFIG_PATH}\//}" <(yq4 -P "$yamlpath"' // [] | sort_by(.)' "$filepath") \
+            --label expected <(echo "$ports" | yq4 -P '. | sort_by(.)') >"$out"
     }
 
-    if ! portDiff ; then
+    if ! portDiff; then
         if ! $DRY_RUN; then
             yq4 -i "$yamlpath = $ports" "$filepath"
         else
             log_warning "Diff found for $yamlpath in ${filepath//${CK8S_CONFIG_PATH}\//} (diff shows actions needed to be up to date)"
         fi
-        has_diff=$(( has_diff + 1 ))
+        has_diff=$((has_diff + 1))
     fi
 }
 
 # yq_dig <cluster> <node> <default>
 yq_dig() {
-  for conf in "${config["override_$1"]}" "${config["override_common"]}" "${config["default_$1"]}" "${config["default_common"]}"; do
-      ret=$(yq4 "$2" "$conf")
+    for conf in "${config["override_$1"]}" "${config["override_common"]}" "${config["default_$1"]}" "${config["default_common"]}"; do
+        ret=$(yq4 "$2" "$conf")
 
-      if [[ "$ret" != "null" ]]; then
-          echo "$ret"
-          return
-      fi
-  done
+        if [[ "$ret" != "null" ]]; then
+            echo "$ret"
+            return
+        fi
+    done
 
-  echo "$3"
+    echo "$3"
 }
 
 if [ "${CHECK_CLUSTER}" == "both" ]; then
-  DIG_CLUSTER="sc"
+    DIG_CLUSTER="sc"
 else
-  DIG_CLUSTER="wc"
+    DIG_CLUSTER="wc"
 fi
 
 S3_ENDPOINT="$(yq_dig "${DIG_CLUSTER}" '.objectStorage.s3.regionEndpoint' '""' | sed 's/https\?:\/\///' | sed 's/[:\/].*//')"
@@ -235,12 +235,30 @@ fi
 
 ## Add sc nodes ips to sc config
 if [[ "${CHECK_CLUSTER}" =~ ^(sc|both)$ ]]; then
-    checkIfDiffAndUpdateKubectlIPs "sc" "" ".networkPolicies.global.scNodes.ips" "${config["override_sc"]}"
+    if [[ "${CK8S_CLOUD_PROVIDER}" =~ ^(citycloud|elastx)$ ]]; then
+        echo "Since your provider is either citycloud or elastx, you can choose to add the internal network(172.16.0.0/32) instead of specific IPs."
+        echo -n "- run? [y/N]: "
+        read -r reply
+        if [[ "${reply}" != "N" ]]; then
+            checkIfDiffAndUpdateKubectlIPs "sc" "" "172.16.0.0/32" "${config["override_sc"]}"
+        fi
+    else
+        checkIfDiffAndUpdateKubectlIPs "sc" "" ".networkPolicies.global.scNodes.ips" "${config["override_sc"]}"
+    fi
 fi
 
 ## Add wc nodes ips to wc config
 if [[ "${CHECK_CLUSTER}" =~ ^(wc|both)$ ]]; then
-    checkIfDiffAndUpdateKubectlIPs "wc" "" ".networkPolicies.global.wcNodes.ips" "${config["override_wc"]}"
+    if [[ "${CK8S_CLOUD_PROVIDER}" =~ ^(citycloud|elastx)$ ]]; then
+        echo "Since your provider is either citycloud or elastx, you can choose to add the internal network(172.16.0.0/32) instead of specific IPs."
+        echo -n "- run? [y/N]: "
+        read -r reply
+        if [[ "${reply}" != "N" ]]; then
+            checkIfDiffAndUpdateKubectlIPs "wc" "" "172.16.0.0/32" "${config["override_wc"]}"
+        fi
+    else
+        checkIfDiffAndUpdateKubectlIPs "wc" "" ".networkPolicies.global.wcNodes.ips" "${config["override_wc"]}"
+    fi
 fi
 
 ## Add Swift to sc config