Make src/dst checks configurable on awsmachineclass

gardener · Aug 27, 2020 · 192d850 · 192d850
1 parent 3def945
commit 192d850
Show file tree

Hide file tree

Showing 11 changed files with 111 additions and 4 deletions.
diff --git a/kubernetes/crds/machine.sapcloud.io_awsmachineclasses.yaml b/kubernetes/crds/machine.sapcloud.io_awsmachineclasses.yaml
@@ -181,6 +181,11 @@ spec:
                     items:
                       type: string
                     type: array
+                  srcAndDstChecksEnabled:
+                    description: If set to false, source and destination checks are
+                      disabled on machine network inferface level, default value is
+                      true
+                    type: boolean
                   subnetID:
                     description: The ID of the subnet associated with the network
                       string. Applies only if creating a network interface when launching
@@ -203,6 +208,8 @@ spec:
                     name must be unique.
                   type: string
               type: object
+            spotPrice:
+              type: string
             tags:
               additionalProperties:
                 type: string

diff --git a/kubernetes/crds/machine.sapcloud.io_machinedeployments.yaml b/kubernetes/crds/machine.sapcloud.io_machinedeployments.yaml
@@ -60,6 +60,7 @@ spec:
             submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
           type: string
         metadata:
+          description: Standard object metadata.
           type: object
         spec:
           description: Specification of the desired behavior of the MachineDeployment.
@@ -221,6 +222,28 @@ spec:
                           description: Name of machine class
                           type: string
                       type: object
+                    creationTimeout:
+                      description: MachineCreationTimeout is the timeout after which
+                        machinie creation is declared failed.
+                      type: string
+                    drainTimeout:
+                      description: MachineDraintimeout is the timeout after which
+                        machine is forcefully deleted.
+                      type: string
+                    healthTimeout:
+                      description: MachineHealthTimeout is the timeout after which
+                        machine is declared unhealhty/failed.
+                      type: string
+                    maxEvictRetries:
+                      description: MaxEvictRetries is the number of retries that will
+                        be attempted while draining the node.
+                      format: int32
+                      type: integer
+                    nodeConditions:
+                      description: NodeConditions are the set of conditions if set
+                        to true for MachineHealthTimeOut, machine will be declared
+                        failed.
+                      type: string
                     nodeTemplate:
                       description: NodeTemplateSpec describes the data a node should
                         have when created from a template

diff --git a/kubernetes/crds/machine.sapcloud.io_machines.yaml b/kubernetes/crds/machine.sapcloud.io_machines.yaml
@@ -50,6 +50,27 @@ spec:
                   description: Name of machine class
                   type: string
               type: object
+            creationTimeout:
+              description: MachineCreationTimeout is the timeout after which machinie
+                creation is declared failed.
+              type: string
+            drainTimeout:
+              description: MachineDraintimeout is the timeout after which machine
+                is forcefully deleted.
+              type: string
+            healthTimeout:
+              description: MachineHealthTimeout is the timeout after which machine
+                is declared unhealhty/failed.
+              type: string
+            maxEvictRetries:
+              description: MaxEvictRetries is the number of retries that will be attempted
+                while draining the node.
+              format: int32
+              type: integer
+            nodeConditions:
+              description: NodeConditions are the set of conditions if set to true
+                for MachineHealthTimeOut, machine will be declared failed.
+              type: string
             nodeTemplate:
               description: NodeTemplateSpec describes the data a node should have
                 when created from a template

diff --git a/kubernetes/crds/machine.sapcloud.io_machinesets.yaml b/kubernetes/crds/machine.sapcloud.io_machinesets.yaml
@@ -148,6 +148,28 @@ spec:
                           description: Name of machine class
                           type: string
                       type: object
+                    creationTimeout:
+                      description: MachineCreationTimeout is the timeout after which
+                        machinie creation is declared failed.
+                      type: string
+                    drainTimeout:
+                      description: MachineDraintimeout is the timeout after which
+                        machine is forcefully deleted.
+                      type: string
+                    healthTimeout:
+                      description: MachineHealthTimeout is the timeout after which
+                        machine is declared unhealhty/failed.
+                      type: string
+                    maxEvictRetries:
+                      description: MaxEvictRetries is the number of retries that will
+                        be attempted while draining the node.
+                      format: int32
+                      type: integer
+                    nodeConditions:
+                      description: NodeConditions are the set of conditions if set
+                        to true for MachineHealthTimeOut, machine will be declared
+                        failed.
+                      type: string
                     nodeTemplate:
                       description: NodeTemplateSpec describes the data a node should
                         have when created from a template

diff --git a/pkg/apis/machine/types.go b/pkg/apis/machine/types.go
@@ -829,6 +829,9 @@ type AWSNetworkInterfaceSpec struct {
 	// The ID of the subnet associated with the network string. Applies only if
 	// creating a network interface when launching an machine.
 	SubnetID string
+
+	// If set to false, source and destination checks are disabled on machine network inferface level, default value is true
+	SrcAndDstChecksEnabled *bool
 }
 
 /********************** AzureMachineClass APIs ***************/

diff --git a/pkg/apis/machine/v1alpha1/aws_machineclass_types.go b/pkg/apis/machine/v1alpha1/aws_machineclass_types.go
@@ -201,4 +201,7 @@ type AWSNetworkInterfaceSpec struct {
 	// The ID of the subnet associated with the network string. Applies only if
 	// creating a network interface when launching an machine.
 	SubnetID string `json:"subnetID,omitempty"`
+
+	// If set to false, source and destination checks are disabled on machine network inferface level, default value is true
+	SrcAndDstChecksEnabled *bool `json:"srcAndDstChecksEnabled,omitempty"`
 }
diff --git a/pkg/apis/machine/v1alpha1/zz_generated.conversion.go b/pkg/apis/machine/v1alpha1/zz_generated.conversion.go
diff --git a/pkg/apis/machine/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/machine/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/apis/machine/zz_generated.deepcopy.go b/pkg/apis/machine/zz_generated.deepcopy.go
diff --git a/pkg/driver/driver_aws.go b/pkg/driver/driver_aws.go
@@ -61,9 +61,7 @@ func (d *AWSDriver) Create() (string, string, error) {
 	if err != nil {
 		return "Error", "Error", err
 	}
-
 	UserDataEnc := base64.StdEncoding.EncodeToString([]byte(d.UserData))
-
 	var imageIds []*string
 	imageID := aws.String(d.AWSMachineClass.Spec.AMI)
 	imageIds = append(imageIds, imageID)
@@ -96,7 +94,7 @@ func (d *AWSDriver) Create() (string, string, error) {
 	if err != nil {
 		return "Error", "Error", err
 	}
-
+	srcDstChecks := true
 	var networkInterfaceSpecs []*ec2.InstanceNetworkInterfaceSpecification
 	for i, netIf := range d.AWSMachineClass.Spec.NetworkInterfaces {
 		spec := &ec2.InstanceNetworkInterfaceSpecification{
@@ -113,6 +111,10 @@ func (d *AWSDriver) Create() (string, string, error) {
 		}
 
 		networkInterfaceSpecs = append(networkInterfaceSpecs, spec)
+
+		if netIf.SrcAndDstChecksEnabled != nil && !*netIf.SrcAndDstChecksEnabled {
+			srcDstChecks = false
+		}
 	}
 
 	// Specify the details of the machine
@@ -150,7 +152,14 @@ func (d *AWSDriver) Create() (string, string, error) {
 		return "Error", "Error", err
 	}
 	metrics.APIRequestCount.With(prometheus.Labels{"provider": "aws", "service": "ecs"}).Inc()
-
+	// disable srcDstChecks on ec2 Instance if set
+	if !srcDstChecks {
+		klog.V(2).Infof("Disabling src/dst checks for machine with instanceID: %s", *runResult.Instances[0].InstanceId)
+		_, err = svc.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{InstanceId: runResult.Instances[0].InstanceId, SourceDestCheck: &ec2.AttributeBooleanValue{Value: aws.Bool(false)}})
+		if err != nil {
+			return "Error", "Error", err
+		}
+	}
 	return d.encodeMachineID(d.AWSMachineClass.Spec.Region, *runResult.Instances[0].InstanceId), *runResult.Instances[0].PrivateDnsName, nil
 }
 

diff --git a/pkg/openapi/openapi_generated.go b/pkg/openapi/openapi_generated.go