Merge pull request #18190 from hakman/azure-https-kops-controller

azure: Move hardcoded task config to model using SDK types

Author: k8s-ci-robot

pkg/model/azuremodel/api_loadbalancer.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
+	network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/wellknownports"
 	"k8s.io/kops/pkg/wellknownservices"
@@ -55,21 +56,25 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 		Lifecycle:         b.Lifecycle,
 		ResourceGroup:     b.LinkToResourceGroup(),
 		Tags:              map[string]*string{},
+		SKU:               network.LoadBalancerSKUNameStandard,
 		WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
 	}
 
 	// API server probe: TCP on 443
 	lb.Probes = append(lb.Probes, azuretasks.LoadBalancerProbe{
 		Name:              fmt.Sprintf("Health-TCP-%d", wellknownports.KubeAPIServer),
-		Protocol:          "Tcp",
+		Protocol:          network.ProbeProtocolTCP,
 		Port:              wellknownports.KubeAPIServer,
 		IntervalInSeconds: 15,
 		NumberOfProbes:    4,
 	})
 	lb.Rules = append(lb.Rules, azuretasks.LoadBalancerRule{
-		Name:      fmt.Sprintf("TCP-%d", wellknownports.KubeAPIServer),
-		Port:      wellknownports.KubeAPIServer,
-		ProbeName: fmt.Sprintf("Health-TCP-%d", wellknownports.KubeAPIServer),
+		Name:                 fmt.Sprintf("TCP-%d", wellknownports.KubeAPIServer),
+		Port:                 wellknownports.KubeAPIServer,
+		ProbeName:            fmt.Sprintf("Health-TCP-%d", wellknownports.KubeAPIServer),
+		Protocol:             network.TransportProtocolTCP,
+		IdleTimeoutInMinutes: 4,
+		LoadDistribution:     network.LoadDistributionDefault,
 	})
 
 	switch lbSpec.Type {
@@ -85,10 +90,13 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 
 		// Create Public IP Address for Public Loadbalacer
 		p := &azuretasks.PublicIPAddress{
-			Name:          fi.PtrTo(b.NameForLoadBalancer()),
-			Lifecycle:     b.Lifecycle,
-			ResourceGroup: b.LinkToResourceGroup(),
-			Tags:          map[string]*string{},
+			Name:             fi.PtrTo(b.NameForLoadBalancer()),
+			Lifecycle:        b.Lifecycle,
+			ResourceGroup:    b.LinkToResourceGroup(),
+			IPVersion:        network.IPVersionIPv4,
+			AllocationMethod: network.IPAllocationMethodStatic,
+			SKU:              network.PublicIPAddressSKUNameStandard,
+			Tags:             map[string]*string{},
 		}
 		c.AddTask(p)
 		lb.PublicIPAddress = p
@@ -102,16 +110,19 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 		// kops-controller probe: HTTPS on 3988 with /healthz
 		lb.Probes = append(lb.Probes, azuretasks.LoadBalancerProbe{
 			Name:              fmt.Sprintf("Health-HTTPS-%d", wellknownports.KopsControllerPort),
-			Protocol:          "Https",
+			Protocol:          network.ProbeProtocolHTTPS,
 			Port:              wellknownports.KopsControllerPort,
 			RequestPath:       fi.PtrTo("/healthz"),
 			IntervalInSeconds: 15,
 			NumberOfProbes:    4,
 		})
 		lb.Rules = append(lb.Rules, azuretasks.LoadBalancerRule{
-			Name:      fmt.Sprintf("TCP-%d", wellknownports.KopsControllerPort),
-			Port:      wellknownports.KopsControllerPort,
-			ProbeName: fmt.Sprintf("Health-HTTPS-%d", wellknownports.KopsControllerPort),
+			Name:                 fmt.Sprintf("TCP-%d", wellknownports.KopsControllerPort),
+			Port:                 wellknownports.KopsControllerPort,
+			ProbeName:            fmt.Sprintf("Health-HTTPS-%d", wellknownports.KopsControllerPort),
+			Protocol:             network.TransportProtocolTCP,
+			IdleTimeoutInMinutes: 4,
+			LoadDistribution:     network.LoadDistributionDefault,
 		})
 	}
 

pkg/model/azuremodel/network.go

@@ -281,17 +281,21 @@ func (b *NetworkModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 	c.AddTask(nsgTask)
 
 	ngwPipTask := &azuretasks.PublicIPAddress{
-		Name:          fi.PtrTo(b.NameForVirtualNetwork()),
-		Lifecycle:     b.Lifecycle,
-		ResourceGroup: b.LinkToResourceGroup(),
-		Tags:          map[string]*string{},
+		Name:             fi.PtrTo(b.NameForVirtualNetwork()),
+		Lifecycle:        b.Lifecycle,
+		ResourceGroup:    b.LinkToResourceGroup(),
+		IPVersion:        network.IPVersionIPv4,
+		AllocationMethod: network.IPAllocationMethodStatic,
+		SKU:              network.PublicIPAddressSKUNameStandard,
+		Tags:             map[string]*string{},
 	}
 	c.AddTask(ngwPipTask)
 	ngwTask := &azuretasks.NatGateway{
 		Name:              fi.PtrTo(b.NameForVirtualNetwork()),
 		Lifecycle:         b.Lifecycle,
 		PublicIPAddresses: []*azuretasks.PublicIPAddress{ngwPipTask},
 		ResourceGroup:     b.LinkToResourceGroup(),
+		SKU:               network.NatGatewaySKUNameStandard,
 		Tags:              map[string]*string{},
 	}
 	c.AddTask(ngwTask)

upup/pkg/fi/cloudup/azuretasks/disk_terraform.go

@@ -19,6 +19,7 @@ package azuretasks
 import (
 	"fmt"
 
+	compute "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraformWriter"
@@ -40,7 +41,7 @@ func (*Disk) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *Disk)
 		return fmt.Errorf("expected at most one zone for disk %q, got %d", fi.ValueOf(e.Name), len(e.Zones))
 	}
 
-	createOption := "Empty"
+	createOption := string(compute.DiskCreateOptionEmpty)
 	tf := &terraformAzureManagedDisk{
 		Name:               e.Name,
 		Location:           fi.PtrTo(t.Cloud.Region()),

upup/pkg/fi/cloudup/azuretasks/loadbalancer.go

@@ -33,8 +33,8 @@ import (
 type LoadBalancerProbe struct {
 	// Name is the probe name, e.g. "Health-HTTPS-3988".
 	Name string
-	// Protocol is the probe protocol: "Tcp", "Http", or "Https".
-	Protocol string
+	// Protocol is the probe protocol, e.g. network.ProbeProtocolTCP.
+	Protocol network.ProbeProtocol
 	// Port is the port to probe.
 	Port int32
 	// RequestPath is the path for HTTP/HTTPS probes (nil for TCP).
@@ -59,6 +59,14 @@ type LoadBalancerRule struct {
 	Port int32
 	// ProbeName references the probe by name.
 	ProbeName string
+	// Protocol is the transport protocol, e.g. network.TransportProtocolTCP.
+	Protocol network.TransportProtocol
+	// IdleTimeoutInMinutes is the idle timeout for the rule.
+	IdleTimeoutInMinutes int32
+	// EnableFloatingIP enables Direct Server Return.
+	EnableFloatingIP bool
+	// LoadDistribution is the load distribution policy.
+	LoadDistribution network.LoadDistribution
 }
 
 var _ fi.CloudupHasDependencies = (*LoadBalancerRule)(nil)
@@ -83,6 +91,9 @@ type LoadBalancer struct {
 
 	Tags map[string]*string
 
+	// SKU is the load balancer SKU, e.g. network.LoadBalancerSKUNameStandard.
+	SKU network.LoadBalancerSKUName
+
 	// WellKnownServices indicates which services are supported by this resource.
 	// This field is internal and is not rendered to the cloud.
 	WellKnownServices []wellknownservices.WellKnownService
@@ -179,6 +190,9 @@ func (lb *LoadBalancer) Find(c *fi.CloudupContext) (*LoadBalancer, error) {
 		External: to.Ptr(feConfig.Properties.PublicIPAddress != nil),
 		Tags:     found.Tags,
 	}
+	if found.SKU != nil {
+		actual.SKU = fi.ValueOf(found.SKU.Name)
+	}
 	if subnet != nil {
 		actual.Subnet = &Subnet{
 			Name: subnet.Name,
@@ -196,7 +210,7 @@ func (lb *LoadBalancer) Find(c *fi.CloudupContext) (*LoadBalancer, error) {
 		}
 		p := LoadBalancerProbe{
 			Name:              fi.ValueOf(probe.Name),
-			Protocol:          string(fi.ValueOf(probe.Properties.Protocol)),
+			Protocol:          fi.ValueOf(probe.Properties.Protocol),
 			Port:              fi.ValueOf(probe.Properties.Port),
 			IntervalInSeconds: fi.ValueOf(probe.Properties.IntervalInSeconds),
 			NumberOfProbes:    fi.ValueOf(probe.Properties.NumberOfProbes),
@@ -212,8 +226,12 @@ func (lb *LoadBalancer) Find(c *fi.CloudupContext) (*LoadBalancer, error) {
 			continue
 		}
 		r := LoadBalancerRule{
-			Name: fi.ValueOf(rule.Name),
-			Port: fi.ValueOf(rule.Properties.FrontendPort),
+			Name:                 fi.ValueOf(rule.Name),
+			Port:                 fi.ValueOf(rule.Properties.FrontendPort),
+			Protocol:             fi.ValueOf(rule.Properties.Protocol),
+			IdleTimeoutInMinutes: fi.ValueOf(rule.Properties.IdleTimeoutInMinutes),
+			EnableFloatingIP:     fi.ValueOf(rule.Properties.EnableFloatingIP),
+			LoadDistribution:     fi.ValueOf(rule.Properties.LoadDistribution),
 		}
 		if rule.Properties.Probe != nil && rule.Properties.Probe.ID != nil {
 			// Extract probe name from the full resource ID
@@ -277,7 +295,7 @@ func (*LoadBalancer) RenderAzure(t *azure.AzureAPITarget, a, e, changes *LoadBal
 	lb := network.LoadBalancer{
 		Location: to.Ptr(t.Cloud.Region()),
 		SKU: &network.LoadBalancerSKU{
-			Name: to.Ptr(network.LoadBalancerSKUNameStandard),
+			Name: to.Ptr(e.SKU),
 		},
 		Properties: &network.LoadBalancerPropertiesFormat{
 			FrontendIPConfigurations: []*network.FrontendIPConfiguration{
@@ -299,7 +317,7 @@ func (*LoadBalancer) RenderAzure(t *azure.AzureAPITarget, a, e, changes *LoadBal
 		p := &network.Probe{
 			Name: to.Ptr(probe.Name),
 			Properties: &network.ProbePropertiesFormat{
-				Protocol:          to.Ptr(network.ProbeProtocol(probe.Protocol)),
+				Protocol:          to.Ptr(probe.Protocol),
 				Port:              to.Ptr(probe.Port),
 				IntervalInSeconds: to.Ptr(probe.IntervalInSeconds),
 				NumberOfProbes:    to.Ptr(probe.NumberOfProbes),
@@ -315,12 +333,12 @@ func (*LoadBalancer) RenderAzure(t *azure.AzureAPITarget, a, e, changes *LoadBal
 		lb.Properties.LoadBalancingRules = append(lb.Properties.LoadBalancingRules, &network.LoadBalancingRule{
 			Name: to.Ptr(rule.Name),
 			Properties: &network.LoadBalancingRulePropertiesFormat{
-				Protocol:             to.Ptr(network.TransportProtocolTCP),
+				Protocol:             to.Ptr(rule.Protocol),
 				FrontendPort:         to.Ptr(rule.Port),
 				BackendPort:          to.Ptr(rule.Port),
-				IdleTimeoutInMinutes: to.Ptr[int32](4),
-				EnableFloatingIP:     to.Ptr(false),
-				LoadDistribution:     to.Ptr(network.LoadDistributionDefault),
+				IdleTimeoutInMinutes: to.Ptr(rule.IdleTimeoutInMinutes),
+				EnableFloatingIP:     to.Ptr(rule.EnableFloatingIP),
+				LoadDistribution:     to.Ptr(rule.LoadDistribution),
 				FrontendIPConfiguration: &network.SubResource{
 					ID: to.Ptr(fmt.Sprintf("/%s/loadbalancers/%s/frontendIPConfigurations/%s", idPrefix, *e.Name, "LoadBalancerFrontEnd")),
 				},

upup/pkg/fi/cloudup/azuretasks/loadbalancer_terraform.go

@@ -19,6 +19,7 @@ package azuretasks
 import (
 	"fmt"
 
+	network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraformWriter"
@@ -75,7 +76,7 @@ type terraformAzureLoadBalancerRule struct {
 }
 
 func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *LoadBalancer) error {
-	sku := "Standard"
+	sku := string(e.SKU)
 	tf := &terraformAzureLoadBalancer{
 		Name:              e.Name,
 		Location:          fi.PtrTo(t.Cloud.Region()),
@@ -90,7 +91,7 @@ func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 	if fi.ValueOf(e.External) {
 		frontend.PublicIPAddressID = e.PublicIPAddress.terraformID()
 	} else {
-		allocationMethod := "Dynamic"
+		allocationMethod := string(network.IPAllocationMethodDynamic)
 		frontend.PrivateIPAllocationMethod = &allocationMethod
 		subnetID, err := e.Subnet.terraformID(t)
 		if err != nil {
@@ -117,7 +118,7 @@ func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 		if err := t.RenderResource("azurerm_lb_probe", probeResourceName, &terraformAzureLoadBalancerProbe{
 			Name:              fi.PtrTo(probe.Name),
 			LoadBalancerID:    e.terraformID(),
-			Protocol:          fi.PtrTo(probe.Protocol),
+			Protocol:          fi.PtrTo(string(probe.Protocol)),
 			Port:              fi.PtrTo(probe.Port),
 			RequestPath:       probe.RequestPath,
 			IntervalInSeconds: fi.PtrTo(probe.IntervalInSeconds),
@@ -130,8 +131,8 @@ func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 	for _, rule := range e.Rules {
 		ruleResourceName := fmt.Sprintf("%s-%s", fi.ValueOf(e.Name), rule.Name)
 		probeResourceName := fmt.Sprintf("%s-%s", fi.ValueOf(e.Name), rule.ProbeName)
-		ruleProtocol := "Tcp"
-		loadDistribution := "Default"
+		ruleProtocol := string(rule.Protocol)
+		loadDistribution := string(rule.LoadDistribution)
 		if err := t.RenderResource("azurerm_lb_rule", ruleResourceName, &terraformAzureLoadBalancerRule{
 			Name:                        fi.PtrTo(rule.Name),
 			LoadBalancerID:              e.terraformID(),
@@ -141,8 +142,8 @@ func (*LoadBalancer) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 			FrontendIPConfigurationName: fi.PtrTo(terraformAzureLoadBalancerFrontendName),
 			BackendAddressPoolIDs:       []*terraformWriter.Literal{e.terraformBackendAddressPoolID()},
 			ProbeID:                     terraformWriter.LiteralProperty("azurerm_lb_probe", probeResourceName, "id"),
-			IdleTimeoutInMinutes:        fi.PtrTo[int32](4),
-			FloatingIPEnabled:           fi.PtrTo(false),
+			IdleTimeoutInMinutes:        fi.PtrTo(rule.IdleTimeoutInMinutes),
+			FloatingIPEnabled:           fi.PtrTo(rule.EnableFloatingIP),
 			LoadDistribution:            &loadDistribution,
 		}); err != nil {
 			return err

upup/pkg/fi/cloudup/azuretasks/loadbalancer_test.go

@@ -113,6 +113,9 @@ func TestLoadBalancerFind(t *testing.T) {
 	// Create a Loadbalancer.
 	loadBalancerParameters := network.LoadBalancer{
 		Location: to.Ptr("eastus"),
+		SKU: &network.LoadBalancerSKU{
+			Name: to.Ptr(network.LoadBalancerSKUNameStandard),
+		},
 		Properties: &network.LoadBalancerPropertiesFormat{
 			FrontendIPConfigurations: []*network.FrontendIPConfiguration{
 				{

upup/pkg/fi/cloudup/azuretasks/natgateway.go

@@ -36,6 +36,9 @@ type NatGateway struct {
 	PublicIPAddresses []*PublicIPAddress
 	ResourceGroup     *ResourceGroup
 
+	// SKU is the NAT gateway SKU, e.g. network.NatGatewaySKUNameStandard.
+	SKU network.NatGatewaySKUName
+
 	Tags map[string]*string
 }
 
@@ -84,14 +87,18 @@ func (ngw *NatGateway) Find(c *fi.CloudupContext) (*NatGateway, error) {
 		}
 	}
 
-	return &NatGateway{
+	actual := &NatGateway{
 		Name:              ngw.Name,
 		Lifecycle:         ngw.Lifecycle,
 		ResourceGroup:     &ResourceGroup{Name: ngw.ResourceGroup.Name},
 		ID:                found.ID,
 		PublicIPAddresses: pips,
 		Tags:              found.Tags,
-	}, nil
+	}
+	if found.SKU != nil {
+		actual.SKU = fi.ValueOf(found.SKU.Name)
+	}
+	return actual, nil
 }
 
 func (ngw *NatGateway) Normalize(c *fi.CloudupContext) error {
@@ -134,7 +141,7 @@ func (*NatGateway) RenderAzure(t *azure.AzureAPITarget, a, e, changes *NatGatewa
 		Name:       to.Ptr(*e.Name),
 		Properties: &network.NatGatewayPropertiesFormat{},
 		SKU: &network.NatGatewaySKU{
-			Name: to.Ptr(network.NatGatewaySKUNameStandard),
+			Name: to.Ptr(e.SKU),
 		},
 		Tags: e.Tags,
 	}

upup/pkg/fi/cloudup/azuretasks/natgateway_terraform.go

@@ -38,7 +38,7 @@ type terraformAzureNatGatewayPublicIPAssociation struct {
 }
 
 func (*NatGateway) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *NatGateway) error {
-	skuName := "Standard"
+	skuName := string(e.SKU)
 	tf := &terraformAzureNatGateway{
 		Name:              e.Name,
 		Location:          fi.PtrTo(t.Cloud.Region()),

upup/pkg/fi/cloudup/azuretasks/networksecuritygroup.go

@@ -86,6 +86,8 @@ func (nsg *NetworkSecurityGroup) Find(c *fi.CloudupContext) (*NetworkSecurityGro
 		},
 		ID:   found.ID,
 		Tags: found.Tags,
+		// ApplicationSecurityGroups is for dependency ordering only and is not rendered to the cloud.
+		ApplicationSecurityGroups: nsg.ApplicationSecurityGroups,
 	}
 	for _, rule := range found.Properties.SecurityRules {
 		nsr := &NetworkSecurityRule{