github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 05:57:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #94239 from andyzhangx/network-rule

Browse Source 
add network rule support in Azure account creation
This commit is contained in:
Kubernetes Prow Robot 2020-09-14 20:20:06 -07:00 committed by GitHub
commit 37cf1d6aaa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 57 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
staging/src/k8s.io/legacy-cloud-providers/azure/azure_storageaccount.go
View File

@ -23,6 +23,7 @@ import (
"strings" "strings"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-06-01/storage" "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-06-01/storage"
"github.com/Azure/go-autorest/autorest/to"
"k8s.io/klog/v2" "k8s.io/klog/v2"
) )
@ -32,17 +33,18 @@ type AccountOptions struct {
Name, Type, Kind, ResourceGroup, Location string Name, Type, Kind, ResourceGroup, Location string
EnableHTTPSTrafficOnly bool EnableHTTPSTrafficOnly bool
Tags map[string]string Tags map[string]string
VirtualNetworkResourceIDs []string
} }
type accountWithLocation struct { type accountWithLocation struct {
Name, StorageType, Location string Name, StorageType, Location string
} }
// getStorageAccounts gets name, type, location of all storage accounts in a resource group which matches matchingAccountType, matchingLocation // getStorageAccounts get matching storage accounts
func (az *Cloud) getStorageAccounts(matchingAccountType, matchingAccountKind, resourceGroup, matchingLocation string) ([]accountWithLocation, error) { func (az *Cloud) getStorageAccounts(accountOptions *AccountOptions) ([]accountWithLocation, error) {
ctx, cancel := getContextWithCancel() ctx, cancel := getContextWithCancel()
defer cancel() defer cancel()
result, rerr := az.StorageAccountClient.ListByResourceGroup(ctx, resourceGroup) result, rerr := az.StorageAccountClient.ListByResourceGroup(ctx, accountOptions.ResourceGroup)
if rerr != nil { if rerr != nil {
return nil, rerr.Error() return nil, rerr.Error()
} }
@ -51,18 +53,39 @@ func (az *Cloud) getStorageAccounts(matchingAccountType, matchingAccountKind, re
for _, acct := range result { for _, acct := range result {
if acct.Name != nil && acct.Location != nil && acct.Sku != nil { if acct.Name != nil && acct.Location != nil && acct.Sku != nil {
storageType := string((*acct.Sku).Name) storageType := string((*acct.Sku).Name)
if matchingAccountType != "" && !strings.EqualFold(matchingAccountType, storageType) { if accountOptions.Type != "" && !strings.EqualFold(accountOptions.Type, storageType) {
continue continue
} }
if matchingAccountKind != "" && !strings.EqualFold(matchingAccountKind, string(acct.Kind)) { if accountOptions.Kind != "" && !strings.EqualFold(accountOptions.Kind, string(acct.Kind)) {
continue continue
} }
location := *acct.Location location := *acct.Location
if matchingLocation != "" && !strings.EqualFold(matchingLocation, location) { if accountOptions.Location != "" && !strings.EqualFold(accountOptions.Location, location) {
continue continue
} }
if len(accountOptions.VirtualNetworkResourceIDs) > 0 {
if acct.AccountProperties == nil || acct.AccountProperties.NetworkRuleSet == nil ||
acct.AccountProperties.NetworkRuleSet.VirtualNetworkRules == nil {
continue
}
found := false
for _, subnetID := range accountOptions.VirtualNetworkResourceIDs {
for _, rule := range *acct.AccountProperties.NetworkRuleSet.VirtualNetworkRules {
if strings.EqualFold(to.String(rule.VirtualNetworkResourceID), subnetID) && rule.Action == storage.Allow {
found = true
break
}
}
}
if !found {
continue
}
}
accounts = append(accounts, accountWithLocation{Name: *acct.Name, StorageType: storageType, Location: location}) accounts = append(accounts, accountWithLocation{Name: *acct.Name, StorageType: storageType, Location: location})
} }
} }
@ -106,9 +129,10 @@ func (az *Cloud) EnsureStorageAccount(accountOptions *AccountOptions, genAccount
resourceGroup := accountOptions.ResourceGroup resourceGroup := accountOptions.ResourceGroup
location := accountOptions.Location location := accountOptions.Location
enableHTTPSTrafficOnly := accountOptions.EnableHTTPSTrafficOnly enableHTTPSTrafficOnly := accountOptions.EnableHTTPSTrafficOnly
if len(accountName) == 0 { if len(accountName) == 0 {
// find a storage account that matches accountType // find a storage account that matches accountType
accounts, err := az.getStorageAccounts(accountType, accountKind, resourceGroup, location) accounts, err := az.getStorageAccounts(accountOptions)
if err != nil { if err != nil {
return "", "", fmt.Errorf("could not list storage accounts for account type %s: %v", accountType, err) return "", "", fmt.Errorf("could not list storage accounts for account type %s: %v", accountType, err)
} }
@ -119,6 +143,24 @@ func (az *Cloud) EnsureStorageAccount(accountOptions *AccountOptions, genAccount
} }
if len(accountName) == 0 { if len(accountName) == 0 {
// set network rules for storage account
var networkRuleSet *storage.NetworkRuleSet
virtualNetworkRules := []storage.VirtualNetworkRule{}
for _, subnetID := range accountOptions.VirtualNetworkResourceIDs {
vnetRule := storage.VirtualNetworkRule{
VirtualNetworkResourceID: &subnetID,
Action: storage.Allow,
}
virtualNetworkRules = append(virtualNetworkRules, vnetRule)
klog.V(4).Infof("subnetID(%s) has been set", subnetID)
}
if len(virtualNetworkRules) > 0 {
networkRuleSet = &storage.NetworkRuleSet{
VirtualNetworkRules: &virtualNetworkRules,
DefaultAction: storage.DefaultActionDeny,
}
}
// not found a matching account, now create a new account in current resource group // not found a matching account, now create a new account in current resource group
accountName = generateStorageAccountName(genAccountNamePrefix) accountName = generateStorageAccountName(genAccountNamePrefix)
if location == "" { if location == "" {
@ -143,11 +185,14 @@ func (az *Cloud) EnsureStorageAccount(accountOptions *AccountOptions, genAccount
accountName, resourceGroup, location, accountType, kind, accountOptions.Tags) accountName, resourceGroup, location, accountType, kind, accountOptions.Tags)
cp := storage.AccountCreateParameters{ cp := storage.AccountCreateParameters{
Sku: &storage.Sku{Name: storage.SkuName(accountType)}, Sku: &storage.Sku{Name: storage.SkuName(accountType)},
Kind: kind, Kind: kind,
AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly}, AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{
Tags: tags, EnableHTTPSTrafficOnly: &enableHTTPSTrafficOnly,
Location: &location} NetworkRuleSet: networkRuleSet,
},
Tags: tags,
Location: &location}
ctx, cancel := getContextWithCancel() ctx, cancel := getContextWithCancel()
defer cancel() defer cancel()