mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #87035 from CecileRobertMichon/add-azure-nsg-rg
Add Azure network security group resource group
This commit is contained in:
commit
d2a526bc0e
@ -118,6 +118,8 @@ type Config struct {
|
|||||||
SubnetName string `json:"subnetName,omitempty" yaml:"subnetName,omitempty"`
|
SubnetName string `json:"subnetName,omitempty" yaml:"subnetName,omitempty"`
|
||||||
// The name of the security group attached to the cluster's subnet
|
// The name of the security group attached to the cluster's subnet
|
||||||
SecurityGroupName string `json:"securityGroupName,omitempty" yaml:"securityGroupName,omitempty"`
|
SecurityGroupName string `json:"securityGroupName,omitempty" yaml:"securityGroupName,omitempty"`
|
||||||
|
// The name of the resource group that the security group is deployed in
|
||||||
|
SecurityGroupResourceGroup string `json:"securityGroupResourceGroup,omitempty" yaml:"securityGroupResourceGroup,omitempty"`
|
||||||
// (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in
|
// (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in
|
||||||
RouteTableName string `json:"routeTableName,omitempty" yaml:"routeTableName,omitempty"`
|
RouteTableName string `json:"routeTableName,omitempty" yaml:"routeTableName,omitempty"`
|
||||||
// The name of the resource group that the RouteTable is deployed in
|
// The name of the resource group that the RouteTable is deployed in
|
||||||
@ -332,6 +334,10 @@ func (az *Cloud) InitializeCloudFromConfig(config *Config, fromSecret bool) erro
|
|||||||
config.RouteTableResourceGroup = config.ResourceGroup
|
config.RouteTableResourceGroup = config.ResourceGroup
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.SecurityGroupResourceGroup == "" {
|
||||||
|
config.SecurityGroupResourceGroup = config.ResourceGroup
|
||||||
|
}
|
||||||
|
|
||||||
if config.VMType == "" {
|
if config.VMType == "" {
|
||||||
// default to standard vmType if not set.
|
// default to standard vmType if not set.
|
||||||
config.VMType = vmTypeStandard
|
config.VMType = vmTypeStandard
|
||||||
|
@ -187,7 +187,7 @@ func (az *Cloud) CreateOrUpdateSecurityGroup(service *v1.Service, sg network.Sec
|
|||||||
ctx, cancel := getContextWithCancel()
|
ctx, cancel := getContextWithCancel()
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
rerr := az.SecurityGroupsClient.CreateOrUpdate(ctx, az.ResourceGroup, *sg.Name, sg, to.String(sg.Etag))
|
rerr := az.SecurityGroupsClient.CreateOrUpdate(ctx, az.SecurityGroupResourceGroup, *sg.Name, sg, to.String(sg.Etag))
|
||||||
klog.V(10).Infof("SecurityGroupsClient.CreateOrUpdate(%s): end", *sg.Name)
|
klog.V(10).Infof("SecurityGroupsClient.CreateOrUpdate(%s): end", *sg.Name)
|
||||||
if rerr == nil {
|
if rerr == nil {
|
||||||
// Invalidate the cache right after updating
|
// Invalidate the cache right after updating
|
||||||
@ -217,7 +217,7 @@ func (az *Cloud) CreateOrUpdateSGWithRetry(service *v1.Service, sg network.Secur
|
|||||||
ctx, cancel := getContextWithCancel()
|
ctx, cancel := getContextWithCancel()
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
rerr := az.SecurityGroupsClient.CreateOrUpdate(ctx, az.ResourceGroup, *sg.Name, sg, to.String(sg.Etag))
|
rerr := az.SecurityGroupsClient.CreateOrUpdate(ctx, az.SecurityGroupResourceGroup, *sg.Name, sg, to.String(sg.Etag))
|
||||||
klog.V(10).Infof("SecurityGroupsClient.CreateOrUpdate(%s): end", *sg.Name)
|
klog.V(10).Infof("SecurityGroupsClient.CreateOrUpdate(%s): end", *sg.Name)
|
||||||
if rerr == nil {
|
if rerr == nil {
|
||||||
// Invalidate the cache right after updating
|
// Invalidate the cache right after updating
|
||||||
|
@ -69,6 +69,7 @@ var (
|
|||||||
"routeTableName": "routeTableName",
|
"routeTableName": "routeTableName",
|
||||||
"routeTableResourceGroup": "routeTableResourceGroup",
|
"routeTableResourceGroup": "routeTableResourceGroup",
|
||||||
"securityGroupName": "securityGroupName",
|
"securityGroupName": "securityGroupName",
|
||||||
|
"securityGroupResourceGroup": "securityGroupResourceGroup",
|
||||||
"subnetName": "subnetName",
|
"subnetName": "subnetName",
|
||||||
"subscriptionId": "subscriptionId",
|
"subscriptionId": "subscriptionId",
|
||||||
"tenantId": "tenantId",
|
"tenantId": "tenantId",
|
||||||
@ -131,6 +132,7 @@ func TestParseConfig(t *testing.T) {
|
|||||||
RouteTableName: "routeTableName",
|
RouteTableName: "routeTableName",
|
||||||
RouteTableResourceGroup: "routeTableResourceGroup",
|
RouteTableResourceGroup: "routeTableResourceGroup",
|
||||||
SecurityGroupName: "securityGroupName",
|
SecurityGroupName: "securityGroupName",
|
||||||
|
SecurityGroupResourceGroup: "securityGroupResourceGroup",
|
||||||
SubnetName: "subnetName",
|
SubnetName: "subnetName",
|
||||||
UseInstanceMetadata: true,
|
UseInstanceMetadata: true,
|
||||||
VMType: "standard",
|
VMType: "standard",
|
||||||
|
@ -893,6 +893,7 @@ func getTestCloud() (az *Cloud) {
|
|||||||
ResourceGroup: "rg",
|
ResourceGroup: "rg",
|
||||||
VnetResourceGroup: "rg",
|
VnetResourceGroup: "rg",
|
||||||
RouteTableResourceGroup: "rg",
|
RouteTableResourceGroup: "rg",
|
||||||
|
SecurityGroupResourceGroup: "rg",
|
||||||
Location: "westus",
|
Location: "westus",
|
||||||
VnetName: "vnet",
|
VnetName: "vnet",
|
||||||
SubnetName: "subnet",
|
SubnetName: "subnet",
|
||||||
@ -1149,7 +1150,7 @@ func getTestSecurityGroup(az *Cloud, services ...v1.Service) *network.SecurityGr
|
|||||||
defer cancel()
|
defer cancel()
|
||||||
az.SecurityGroupsClient.CreateOrUpdate(
|
az.SecurityGroupsClient.CreateOrUpdate(
|
||||||
ctx,
|
ctx,
|
||||||
az.ResourceGroup,
|
az.SecurityGroupResourceGroup,
|
||||||
az.SecurityGroupName,
|
az.SecurityGroupName,
|
||||||
sg,
|
sg,
|
||||||
"")
|
"")
|
||||||
@ -1492,6 +1493,7 @@ func TestNewCloudFromJSON(t *testing.T) {
|
|||||||
"aadClientCertPassword": "--aad-client-cert-password--",
|
"aadClientCertPassword": "--aad-client-cert-password--",
|
||||||
"resourceGroup": "--resource-group--",
|
"resourceGroup": "--resource-group--",
|
||||||
"routeTableResourceGroup": "--route-table-resource-group--",
|
"routeTableResourceGroup": "--route-table-resource-group--",
|
||||||
|
"securityGroupResourceGroup": "--security-group-resource-group--",
|
||||||
"location": "--location--",
|
"location": "--location--",
|
||||||
"subnetName": "--subnet-name--",
|
"subnetName": "--subnet-name--",
|
||||||
"securityGroupName": "--security-group-name--",
|
"securityGroupName": "--security-group-name--",
|
||||||
@ -1544,6 +1546,7 @@ aadClientCertPath: --aad-client-cert-path--
|
|||||||
aadClientCertPassword: --aad-client-cert-password--
|
aadClientCertPassword: --aad-client-cert-password--
|
||||||
resourceGroup: --resource-group--
|
resourceGroup: --resource-group--
|
||||||
routeTableResourceGroup: --route-table-resource-group--
|
routeTableResourceGroup: --route-table-resource-group--
|
||||||
|
securityGroupResourceGroup: --security-group-resource-group--
|
||||||
location: --location--
|
location: --location--
|
||||||
subnetName: --subnet-name--
|
subnetName: --subnet-name--
|
||||||
securityGroupName: --security-group-name--
|
securityGroupName: --security-group-name--
|
||||||
@ -1596,6 +1599,9 @@ func validateConfig(t *testing.T, config string) {
|
|||||||
if azureCloud.RouteTableResourceGroup != "--route-table-resource-group--" {
|
if azureCloud.RouteTableResourceGroup != "--route-table-resource-group--" {
|
||||||
t.Errorf("got incorrect value for RouteTableResourceGroup")
|
t.Errorf("got incorrect value for RouteTableResourceGroup")
|
||||||
}
|
}
|
||||||
|
if azureCloud.SecurityGroupResourceGroup != "--security-group-resource-group--" {
|
||||||
|
t.Errorf("got incorrect value for SecurityGroupResourceGroup")
|
||||||
|
}
|
||||||
if azureCloud.Location != "--location--" {
|
if azureCloud.Location != "--location--" {
|
||||||
t.Errorf("got incorrect value for Location")
|
t.Errorf("got incorrect value for Location")
|
||||||
}
|
}
|
||||||
|
@ -277,7 +277,7 @@ func (az *Cloud) newNSGCache() (*timedCache, error) {
|
|||||||
getter := func(key string) (interface{}, error) {
|
getter := func(key string) (interface{}, error) {
|
||||||
ctx, cancel := getContextWithCancel()
|
ctx, cancel := getContextWithCancel()
|
||||||
defer cancel()
|
defer cancel()
|
||||||
nsg, err := az.SecurityGroupsClient.Get(ctx, az.ResourceGroup, key, "")
|
nsg, err := az.SecurityGroupsClient.Get(ctx, az.SecurityGroupResourceGroup, key, "")
|
||||||
exists, rerr := checkResourceExistsFromError(err)
|
exists, rerr := checkResourceExistsFromError(err)
|
||||||
if rerr != nil {
|
if rerr != nil {
|
||||||
return nil, rerr.Error()
|
return nil, rerr.Error()
|
||||||
|
@ -318,6 +318,7 @@ func getTestCloudForVMCache(vmList []string) (az *Cloud) {
|
|||||||
ResourceGroup: "rg",
|
ResourceGroup: "rg",
|
||||||
VnetResourceGroup: "rg",
|
VnetResourceGroup: "rg",
|
||||||
RouteTableResourceGroup: "rg",
|
RouteTableResourceGroup: "rg",
|
||||||
|
SecurityGroupResourceGroup: "rg",
|
||||||
Location: "westus",
|
Location: "westus",
|
||||||
VnetName: "vnet",
|
VnetName: "vnet",
|
||||||
SubnetName: "subnet",
|
SubnetName: "subnet",
|
||||||
|
Loading…
Reference in New Issue
Block a user