From 192d850076198ad7424aaba57e87720639640ec2 Mon Sep 17 00:00:00 2001 From: Sebastian Stauch Date: Thu, 20 Aug 2020 12:33:24 +0200 Subject: [PATCH] Make src/dst checks configurable on awsmachineclass --- ...machine.sapcloud.io_awsmachineclasses.yaml | 7 ++++++ ...achine.sapcloud.io_machinedeployments.yaml | 23 +++++++++++++++++++ .../crds/machine.sapcloud.io_machines.yaml | 21 +++++++++++++++++ .../crds/machine.sapcloud.io_machinesets.yaml | 22 ++++++++++++++++++ pkg/apis/machine/types.go | 3 +++ .../v1alpha1/aws_machineclass_types.go | 3 +++ .../v1alpha1/zz_generated.conversion.go | 2 ++ .../machine/v1alpha1/zz_generated.deepcopy.go | 5 ++++ pkg/apis/machine/zz_generated.deepcopy.go | 5 ++++ pkg/driver/driver_aws.go | 17 ++++++++++---- pkg/openapi/openapi_generated.go | 7 ++++++ 11 files changed, 111 insertions(+), 4 deletions(-) diff --git a/kubernetes/crds/machine.sapcloud.io_awsmachineclasses.yaml b/kubernetes/crds/machine.sapcloud.io_awsmachineclasses.yaml index d714f63e9..dc9867696 100644 --- a/kubernetes/crds/machine.sapcloud.io_awsmachineclasses.yaml +++ b/kubernetes/crds/machine.sapcloud.io_awsmachineclasses.yaml @@ -181,6 +181,11 @@ spec: items: type: string type: array + srcAndDstChecksEnabled: + description: If set to false, source and destination checks are + disabled on machine network inferface level, default value is + true + type: boolean subnetID: description: The ID of the subnet associated with the network string. Applies only if creating a network interface when launching @@ -203,6 +208,8 @@ spec: name must be unique. type: string type: object + spotPrice: + type: string tags: additionalProperties: type: string diff --git a/kubernetes/crds/machine.sapcloud.io_machinedeployments.yaml b/kubernetes/crds/machine.sapcloud.io_machinedeployments.yaml index cefcafc06..b33367e2a 100644 --- a/kubernetes/crds/machine.sapcloud.io_machinedeployments.yaml +++ b/kubernetes/crds/machine.sapcloud.io_machinedeployments.yaml @@ -60,6 +60,7 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: + description: Standard object metadata. type: object spec: description: Specification of the desired behavior of the MachineDeployment. @@ -221,6 +222,28 @@ spec: description: Name of machine class type: string type: object + creationTimeout: + description: MachineCreationTimeout is the timeout after which + machinie creation is declared failed. + type: string + drainTimeout: + description: MachineDraintimeout is the timeout after which + machine is forcefully deleted. + type: string + healthTimeout: + description: MachineHealthTimeout is the timeout after which + machine is declared unhealhty/failed. + type: string + maxEvictRetries: + description: MaxEvictRetries is the number of retries that will + be attempted while draining the node. + format: int32 + type: integer + nodeConditions: + description: NodeConditions are the set of conditions if set + to true for MachineHealthTimeOut, machine will be declared + failed. + type: string nodeTemplate: description: NodeTemplateSpec describes the data a node should have when created from a template diff --git a/kubernetes/crds/machine.sapcloud.io_machines.yaml b/kubernetes/crds/machine.sapcloud.io_machines.yaml index 45fcc0b14..c642ebd84 100644 --- a/kubernetes/crds/machine.sapcloud.io_machines.yaml +++ b/kubernetes/crds/machine.sapcloud.io_machines.yaml @@ -50,6 +50,27 @@ spec: description: Name of machine class type: string type: object + creationTimeout: + description: MachineCreationTimeout is the timeout after which machinie + creation is declared failed. + type: string + drainTimeout: + description: MachineDraintimeout is the timeout after which machine + is forcefully deleted. + type: string + healthTimeout: + description: MachineHealthTimeout is the timeout after which machine + is declared unhealhty/failed. + type: string + maxEvictRetries: + description: MaxEvictRetries is the number of retries that will be attempted + while draining the node. + format: int32 + type: integer + nodeConditions: + description: NodeConditions are the set of conditions if set to true + for MachineHealthTimeOut, machine will be declared failed. + type: string nodeTemplate: description: NodeTemplateSpec describes the data a node should have when created from a template diff --git a/kubernetes/crds/machine.sapcloud.io_machinesets.yaml b/kubernetes/crds/machine.sapcloud.io_machinesets.yaml index 76c7cd315..84a07b8b3 100644 --- a/kubernetes/crds/machine.sapcloud.io_machinesets.yaml +++ b/kubernetes/crds/machine.sapcloud.io_machinesets.yaml @@ -148,6 +148,28 @@ spec: description: Name of machine class type: string type: object + creationTimeout: + description: MachineCreationTimeout is the timeout after which + machinie creation is declared failed. + type: string + drainTimeout: + description: MachineDraintimeout is the timeout after which + machine is forcefully deleted. + type: string + healthTimeout: + description: MachineHealthTimeout is the timeout after which + machine is declared unhealhty/failed. + type: string + maxEvictRetries: + description: MaxEvictRetries is the number of retries that will + be attempted while draining the node. + format: int32 + type: integer + nodeConditions: + description: NodeConditions are the set of conditions if set + to true for MachineHealthTimeOut, machine will be declared + failed. + type: string nodeTemplate: description: NodeTemplateSpec describes the data a node should have when created from a template diff --git a/pkg/apis/machine/types.go b/pkg/apis/machine/types.go index 7a9f82340..d43fc1318 100644 --- a/pkg/apis/machine/types.go +++ b/pkg/apis/machine/types.go @@ -829,6 +829,9 @@ type AWSNetworkInterfaceSpec struct { // The ID of the subnet associated with the network string. Applies only if // creating a network interface when launching an machine. SubnetID string + + // If set to false, source and destination checks are disabled on machine network inferface level, default value is true + SrcAndDstChecksEnabled *bool } /********************** AzureMachineClass APIs ***************/ diff --git a/pkg/apis/machine/v1alpha1/aws_machineclass_types.go b/pkg/apis/machine/v1alpha1/aws_machineclass_types.go index 81f3d417a..875632a30 100644 --- a/pkg/apis/machine/v1alpha1/aws_machineclass_types.go +++ b/pkg/apis/machine/v1alpha1/aws_machineclass_types.go @@ -201,4 +201,7 @@ type AWSNetworkInterfaceSpec struct { // The ID of the subnet associated with the network string. Applies only if // creating a network interface when launching an machine. SubnetID string `json:"subnetID,omitempty"` + + // If set to false, source and destination checks are disabled on machine network inferface level, default value is true + SrcAndDstChecksEnabled *bool `json:"srcAndDstChecksEnabled,omitempty"` } diff --git a/pkg/apis/machine/v1alpha1/zz_generated.conversion.go b/pkg/apis/machine/v1alpha1/zz_generated.conversion.go index 5b8ab6799..2ed567fd7 100644 --- a/pkg/apis/machine/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/machine/v1alpha1/zz_generated.conversion.go @@ -945,6 +945,7 @@ func autoConvert_v1alpha1_AWSNetworkInterfaceSpec_To_machine_AWSNetworkInterface out.Description = (*string)(unsafe.Pointer(in.Description)) out.SecurityGroupIDs = *(*[]string)(unsafe.Pointer(&in.SecurityGroupIDs)) out.SubnetID = in.SubnetID + out.SrcAndDstChecksEnabled = (*bool)(unsafe.Pointer(in.SrcAndDstChecksEnabled)) return nil } @@ -959,6 +960,7 @@ func autoConvert_machine_AWSNetworkInterfaceSpec_To_v1alpha1_AWSNetworkInterface out.Description = (*string)(unsafe.Pointer(in.Description)) out.SecurityGroupIDs = *(*[]string)(unsafe.Pointer(&in.SecurityGroupIDs)) out.SubnetID = in.SubnetID + out.SrcAndDstChecksEnabled = (*bool)(unsafe.Pointer(in.SrcAndDstChecksEnabled)) return nil } diff --git a/pkg/apis/machine/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/machine/v1alpha1/zz_generated.deepcopy.go index 57802394a..069608937 100644 --- a/pkg/apis/machine/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/machine/v1alpha1/zz_generated.deepcopy.go @@ -222,6 +222,11 @@ func (in *AWSNetworkInterfaceSpec) DeepCopyInto(out *AWSNetworkInterfaceSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.SrcAndDstChecksEnabled != nil { + in, out := &in.SrcAndDstChecksEnabled, &out.SrcAndDstChecksEnabled + *out = new(bool) + **out = **in + } return } diff --git a/pkg/apis/machine/zz_generated.deepcopy.go b/pkg/apis/machine/zz_generated.deepcopy.go index 4163c859b..c4ef18e88 100644 --- a/pkg/apis/machine/zz_generated.deepcopy.go +++ b/pkg/apis/machine/zz_generated.deepcopy.go @@ -222,6 +222,11 @@ func (in *AWSNetworkInterfaceSpec) DeepCopyInto(out *AWSNetworkInterfaceSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.SrcAndDstChecksEnabled != nil { + in, out := &in.SrcAndDstChecksEnabled, &out.SrcAndDstChecksEnabled + *out = new(bool) + **out = **in + } return } diff --git a/pkg/driver/driver_aws.go b/pkg/driver/driver_aws.go index feb27bd75..3708e1537 100644 --- a/pkg/driver/driver_aws.go +++ b/pkg/driver/driver_aws.go @@ -61,9 +61,7 @@ func (d *AWSDriver) Create() (string, string, error) { if err != nil { return "Error", "Error", err } - UserDataEnc := base64.StdEncoding.EncodeToString([]byte(d.UserData)) - var imageIds []*string imageID := aws.String(d.AWSMachineClass.Spec.AMI) imageIds = append(imageIds, imageID) @@ -96,7 +94,7 @@ func (d *AWSDriver) Create() (string, string, error) { if err != nil { return "Error", "Error", err } - + srcDstChecks := true var networkInterfaceSpecs []*ec2.InstanceNetworkInterfaceSpecification for i, netIf := range d.AWSMachineClass.Spec.NetworkInterfaces { spec := &ec2.InstanceNetworkInterfaceSpecification{ @@ -113,6 +111,10 @@ func (d *AWSDriver) Create() (string, string, error) { } networkInterfaceSpecs = append(networkInterfaceSpecs, spec) + + if netIf.SrcAndDstChecksEnabled != nil && !*netIf.SrcAndDstChecksEnabled { + srcDstChecks = false + } } // Specify the details of the machine @@ -150,7 +152,14 @@ func (d *AWSDriver) Create() (string, string, error) { return "Error", "Error", err } metrics.APIRequestCount.With(prometheus.Labels{"provider": "aws", "service": "ecs"}).Inc() - + // disable srcDstChecks on ec2 Instance if set + if !srcDstChecks { + klog.V(2).Infof("Disabling src/dst checks for machine with instanceID: %s", *runResult.Instances[0].InstanceId) + _, err = svc.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{InstanceId: runResult.Instances[0].InstanceId, SourceDestCheck: &ec2.AttributeBooleanValue{Value: aws.Bool(false)}}) + if err != nil { + return "Error", "Error", err + } + } return d.encodeMachineID(d.AWSMachineClass.Spec.Region, *runResult.Instances[0].InstanceId), *runResult.Instances[0].PrivateDnsName, nil } diff --git a/pkg/openapi/openapi_generated.go b/pkg/openapi/openapi_generated.go index 95fd1cd68..862a16997 100644 --- a/pkg/openapi/openapi_generated.go +++ b/pkg/openapi/openapi_generated.go @@ -731,6 +731,13 @@ func schema_pkg_apis_machine_v1alpha1_AWSNetworkInterfaceSpec(ref common.Referen Format: "", }, }, + "srcAndDstChecksEnabled": { + SchemaProps: spec.SchemaProps{ + Description: "If set to false, source and destination checks are disabled on machine network inferface level, default value is true", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, },