github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-11 21:12:07 +00:00
Code Issues Projects Releases Wiki Activity

Don't assume SG is for ELB; pass tags directly

Browse Source
This commit is contained in:
Andrew Garrett 2018-02-16 22:00:22 +00:00
parent 20a682b643
commit 39f46806b7
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/cloudprovider/providers/aws/aws.go
View File

@ -2814,8 +2814,9 @@ func (c *Cloud) removeSecurityGroupIngress(securityGroupID string, removePermiss
// Makes sure the security group exists. // Makes sure the security group exists.
// For multi-cluster isolation, name must be globally unique, for example derived from the service UUID. // For multi-cluster isolation, name must be globally unique, for example derived from the service UUID.
// Additional tags can be specified
// Returns the security group id or error // Returns the security group id or error
func (c *Cloud) ensureSecurityGroup(name string, description string, annotations map[string]string) (string, error) { func (c *Cloud) ensureSecurityGroup(name string, description string, additionalTags map[string]string) (string, error) {
groupID := "" groupID := ""
attempt := 0 attempt := 0
for { for {
@ -2881,7 +2882,7 @@ func (c *Cloud) ensureSecurityGroup(name string, description string, annotations
return "", fmt.Errorf("created security group, but id was not returned: %s", name) return "", fmt.Errorf("created security group, but id was not returned: %s", name)
} }
err := c.tagging.createTags(c.ec2, groupID, ResourceLifecycleOwned, getLoadBalancerAdditionalTags(annotations)) err := c.tagging.createTags(c.ec2, groupID, ResourceLifecycleOwned, additionalTags)
if err != nil { if err != nil {
// If we retry, ensureClusterTags will recover from this - it // If we retry, ensureClusterTags will recover from this - it
// will add the missing tags. We could delete the security // will add the missing tags. We could delete the security
@ -3095,8 +3096,9 @@ func getPortSets(annotation string) (ports *portSets) {
// buildELBSecurityGroupList returns list of SecurityGroups which should be // buildELBSecurityGroupList returns list of SecurityGroups which should be
// attached to ELB created by a service. List always consist of at least // attached to ELB created by a service. List always consist of at least
// 1 member which is an SG created for this service or a SG from the Global config. Extra groups can be // 1 member which is an SG created for this service or a SG from the Global config.
// specified via annotation // Extra groups can be specified via annotation, as can extra tags for any
// new groups.
func (c *Cloud) buildELBSecurityGroupList(serviceName types.NamespacedName, loadBalancerName string, annotations map[string]string) ([]string, error) { func (c *Cloud) buildELBSecurityGroupList(serviceName types.NamespacedName, loadBalancerName string, annotations map[string]string) ([]string, error) {
var err error var err error
var securityGroupID string var securityGroupID string
@ -3107,7 +3109,7 @@ func (c *Cloud) buildELBSecurityGroupList(serviceName types.NamespacedName, load
// Create a security group for the load balancer // Create a security group for the load balancer
sgName := "k8s-elb-" + loadBalancerName sgName := "k8s-elb-" + loadBalancerName
sgDescription := fmt.Sprintf("Security group for Kubernetes ELB %s (%v)", loadBalancerName, serviceName) sgDescription := fmt.Sprintf("Security group for Kubernetes ELB %s (%v)", loadBalancerName, serviceName)
securityGroupID, err = c.ensureSecurityGroup(sgName, sgDescription, annotations) securityGroupID, err = c.ensureSecurityGroup(sgName, sgDescription, getLoadBalancerAdditionalTags(annotations))
if err != nil { if err != nil {
glog.Errorf("Error creating load balancer security group: %q", err) glog.Errorf("Error creating load balancer security group: %q", err)
return nil, err return nil, err