Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ ROSA: Add additionalSecurityGroups field to ROSAMachinePool #4848

Merged
merged 1 commit into from
Mar 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,12 @@ spec:
spec:
description: RosaMachinePoolSpec defines the desired state of RosaMachinePool.
properties:
additionalSecurityGroups:
description: AdditionalSecurityGroups is an optional set of security
groups to associate with all node instances of the machine pool.
items:
type: string
type: array
autoRepair:
default: false
description: AutoRepair specifies whether health checks should be
Expand Down
7 changes: 7 additions & 0 deletions exp/api/v1beta2/rosamachinepool_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,13 @@ type RosaMachinePoolSpec struct {
// +optional
TuningConfigs []string `json:"tuningConfigs,omitempty"`

// AdditionalSecurityGroups is an optional set of security groups to associate
// with all node instances of the machine pool.
//
// +immutable
// +optional
AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`

// ProviderIDList contain a ProviderID for each machine instance that's currently managed by this machine pool.
// +optional
ProviderIDList []string `json:"providerIDList,omitempty"`
Expand Down
25 changes: 24 additions & 1 deletion exp/api/v1beta2/rosamachinepool_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package v1beta2

import (
"github.com/blang/semver"
"github.com/google/go-cmp/cmp"
"github.com/pkg/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
runtime "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/validation/field"
Expand Down Expand Up @@ -44,12 +46,20 @@ func (r *ROSAMachinePool) ValidateCreate() (warnings admission.Warnings, err err

// ValidateUpdate implements admission.Validator.
func (r *ROSAMachinePool) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error) {
var allErrs field.ErrorList
oldPool, ok := old.(*ROSAMachinePool)
if !ok {
return nil, apierrors.NewInvalid(GroupVersion.WithKind("ROSAMachinePool").GroupKind(), r.Name, field.ErrorList{
field.InternalError(nil, errors.New("failed to convert old ROSAMachinePool to object")),
})
}

var allErrs field.ErrorList
if err := r.validateVersion(); err != nil {
allErrs = append(allErrs, err)
}

allErrs = append(allErrs, validateImmutable(oldPool.Spec.AdditionalSecurityGroups, r.Spec.AdditionalSecurityGroups, "additionalSecurityGroups")...)

if len(allErrs) == 0 {
return nil, nil
}
Expand Down Expand Up @@ -78,6 +88,19 @@ func (r *ROSAMachinePool) validateVersion() *field.Error {
return nil
}

func validateImmutable(old, updated interface{}, name string) field.ErrorList {
var allErrs field.ErrorList

if !cmp.Equal(old, updated) {
allErrs = append(
allErrs,
field.Invalid(field.NewPath("spec", name), updated, "field is immutable"),
)
}

return allErrs
}

// Default implements admission.Defaulter.
func (r *ROSAMachinePool) Default() {
}
5 changes: 5 additions & 0 deletions exp/api/v1beta2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

39 changes: 25 additions & 14 deletions exp/controllers/rosamachinepool_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -352,16 +352,18 @@ func (r *ROSAMachinePoolReconciler) updateNodePool(machinePoolScope *scope.RosaM

currentSpec := nodePoolToRosaMachinePoolSpec(nodePool)
currentSpec.ProviderIDList = desiredSpec.ProviderIDList // providerIDList is set by the controller and shouldn't be compared here.
currentSpec.Version = desiredSpec.Version // Version changed are reconciled separately and shouldn't be compared here.
currentSpec.Version = desiredSpec.Version // Version changes are reconciled separately and shouldn't be compared here.

if cmp.Equal(desiredSpec, currentSpec) {
// no changes detected.
return nodePool, nil
}

npBuilder := nodePoolBuilder(*desiredSpec, machinePoolScope.MachinePool.Spec)
npBuilder.Version(nil) // eunsure version is unset.
// zero-out fields that shouldn't be part of the update call.
desiredSpec.Version = ""
desiredSpec.AdditionalSecurityGroups = nil

npBuilder := nodePoolBuilder(*desiredSpec, machinePoolScope.MachinePool.Spec)
nodePoolSpec, err := npBuilder.Build()
if err != nil {
return nil, fmt.Errorf("failed to build nodePool spec: %w", err)
Expand Down Expand Up @@ -401,8 +403,11 @@ func validateMachinePoolSpec(machinePoolScope *scope.RosaMachinePoolScope) (*str
func nodePoolBuilder(rosaMachinePoolSpec expinfrav1.RosaMachinePoolSpec, machinePoolSpec expclusterv1.MachinePoolSpec) *cmv1.NodePoolBuilder {
npBuilder := cmv1.NewNodePool().ID(rosaMachinePoolSpec.NodePoolName).
Labels(rosaMachinePoolSpec.Labels).
AutoRepair(rosaMachinePoolSpec.AutoRepair).
TuningConfigs(rosaMachinePoolSpec.TuningConfigs...)
AutoRepair(rosaMachinePoolSpec.AutoRepair)

if rosaMachinePoolSpec.TuningConfigs != nil {
npBuilder = npBuilder.TuningConfigs(rosaMachinePoolSpec.TuningConfigs...)
}

if len(rosaMachinePoolSpec.Taints) > 0 {
taintBuilders := []*cmv1.TaintBuilder{}
Expand Down Expand Up @@ -430,7 +435,12 @@ func nodePoolBuilder(rosaMachinePoolSpec expinfrav1.RosaMachinePoolSpec, machine
npBuilder.Subnet(rosaMachinePoolSpec.Subnet)
}

npBuilder.AWSNodePool(cmv1.NewAWSNodePool().InstanceType(rosaMachinePoolSpec.InstanceType))
awsNodePool := cmv1.NewAWSNodePool().InstanceType(rosaMachinePoolSpec.InstanceType)
if rosaMachinePoolSpec.AdditionalSecurityGroups != nil {
awsNodePool = awsNodePool.AdditionalSecurityGroupIds(rosaMachinePoolSpec.AdditionalSecurityGroups...)
}
npBuilder.AWSNodePool(awsNodePool)

if rosaMachinePoolSpec.Version != "" {
npBuilder.Version(cmv1.NewVersion().ID(ocm.CreateVersionID(rosaMachinePoolSpec.Version, ocm.DefaultChannelGroup)))
}
Expand All @@ -440,14 +450,15 @@ func nodePoolBuilder(rosaMachinePoolSpec expinfrav1.RosaMachinePoolSpec, machine

func nodePoolToRosaMachinePoolSpec(nodePool *cmv1.NodePool) expinfrav1.RosaMachinePoolSpec {
spec := expinfrav1.RosaMachinePoolSpec{
NodePoolName: nodePool.ID(),
Version: rosa.RawVersionID(nodePool.Version()),
AvailabilityZone: nodePool.AvailabilityZone(),
Subnet: nodePool.Subnet(),
Labels: nodePool.Labels(),
AutoRepair: nodePool.AutoRepair(),
InstanceType: nodePool.AWSNodePool().InstanceType(),
TuningConfigs: nodePool.TuningConfigs(),
NodePoolName: nodePool.ID(),
Version: rosa.RawVersionID(nodePool.Version()),
AvailabilityZone: nodePool.AvailabilityZone(),
Subnet: nodePool.Subnet(),
Labels: nodePool.Labels(),
AutoRepair: nodePool.AutoRepair(),
InstanceType: nodePool.AWSNodePool().InstanceType(),
TuningConfigs: nodePool.TuningConfigs(),
AdditionalSecurityGroups: nodePool.AWSNodePool().AdditionalSecurityGroupIds(),
}

if nodePool.Autoscaling() != nil {
Expand Down