From 8040f36d8197afa7257c7b8786344f70bbcc8fa6 Mon Sep 17 00:00:00 2001 From: "kushal (she/her)" <125429069+kbeniwal@users.noreply.github.com> Date: Sat, 8 Apr 2023 13:18:31 +0530 Subject: [PATCH] chore: move AMIs from instances to nodegroups (#74) Signed-off-by: Kushal Beniwal --- api/v1alpha1/awsadapterconfig_types.go | 8 +- api/v1alpha1/zz_generated.deepcopy.go | 11 +-- ...security.nirmata.io_awsadapterconfigs.yaml | 56 ++++++------ ...security.nirmata.io_awsadapterconfigs.yaml | 56 ++++++------ controllers/awsadapterconfig_controller.go | 85 ++++++++++++------- 5 files changed, 112 insertions(+), 104 deletions(-) diff --git a/api/v1alpha1/awsadapterconfig_types.go b/api/v1alpha1/awsadapterconfig_types.go index 0f5b263..183fb19 100644 --- a/api/v1alpha1/awsadapterconfig_types.go +++ b/api/v1alpha1/awsadapterconfig_types.go @@ -92,7 +92,7 @@ type EKSNodeGroup struct { CapacityType string `json:"capacityType,omitempty"` AMIReleaseVersion *string `json:"amiReleaseVersion,omitempty"` Subnets []string `json:"subnets,omitempty"` - InstanceTypes []string `json:"instanceTypes,omitempty"` + AmazonMachineImage AmazonMachineImage `json:"amazonMachineImage,omitempty"` UpdateConfig *EKSNodeGroupUpdateConfig `json:"updateConfig,omitempty"` ScalingConfig *EKSNodeGroupScalingConfig `json:"scalingConfig,omitempty"` LaunchTemplate *EC2LaunchTemplate `json:"launchTemplate,omitempty"` @@ -115,14 +115,14 @@ type Reservation struct { } type Instance struct { - HttpPutResponseHopLimit *int32 `json:"httpPutResponseHopLimit,omitempty"` - PublicDnsName *string `json:"publicDnsName,omitempty"` - AmazonMachineImage *AmazonMachineImage `json:"amazonMachineImage,omitempty"` + HttpPutResponseHopLimit *int32 `json:"httpPutResponseHopLimit,omitempty"` + PublicDnsName *string `json:"publicDnsName,omitempty"` } type AmazonMachineImage struct { Id *string `json:"id,omitempty"` Name *string `json:"name,omitempty"` + InstanceType string `json:"instanceType,omitempty"` Location *string `json:"location,omitempty"` Type string `json:"type,omitempty"` Architecture string `json:"architecture,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index b75bc71..0880f14 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -574,11 +574,7 @@ func (in *EKSNodeGroup) DeepCopyInto(out *EKSNodeGroup) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.InstanceTypes != nil { - in, out := &in.InstanceTypes, &out.InstanceTypes - *out = make([]string, len(*in)) - copy(*out, *in) - } + in.AmazonMachineImage.DeepCopyInto(&out.AmazonMachineImage) if in.UpdateConfig != nil { in, out := &in.UpdateConfig, &out.UpdateConfig *out = new(EKSNodeGroupUpdateConfig) @@ -865,11 +861,6 @@ func (in *Instance) DeepCopyInto(out *Instance) { *out = new(string) **out = **in } - if in.AmazonMachineImage != nil { - in, out := &in.AmazonMachineImage, &out.AmazonMachineImage - *out = new(AmazonMachineImage) - (*in).DeepCopyInto(*out) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Instance. diff --git a/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml b/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml index e21baaf..67269db 100644 --- a/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml +++ b/charts/kyverno-aws-adapter/crds/security.nirmata.io_awsadapterconfigs.yaml @@ -113,6 +113,33 @@ spec: description: EKSNodeGroup contains info of the EKS cluster's node group properties: + amazonMachineImage: + properties: + architecture: + type: string + creationTime: + type: string + deprecationTime: + type: string + id: + type: string + instanceType: + type: string + location: + type: string + name: + type: string + ownerId: + type: string + platformDetails: + type: string + public: + type: boolean + state: + type: string + type: + type: string + type: object amiReleaseVersion: type: string amiType: @@ -139,10 +166,6 @@ spec: type: array type: object type: array - instanceTypes: - items: - type: string - type: array labels: additionalProperties: type: string @@ -248,31 +271,6 @@ spec: type: integer publicDnsName: type: string - amazonMachineImage: - properties: - id: - type: string - name: - type: string - location: - type: string - type: - type: string - architecture: - type: string - public: - type: boolean - platformDetails: - type: string - ownerId: - type: string - creationTime: - type: string - deprecationTime: - type: string - state: - type: string - type: object type: object type: array type: object diff --git a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml index b87c9aa..67269db 100644 --- a/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml +++ b/config/crd/bases/security.nirmata.io_awsadapterconfigs.yaml @@ -113,6 +113,33 @@ spec: description: EKSNodeGroup contains info of the EKS cluster's node group properties: + amazonMachineImage: + properties: + architecture: + type: string + creationTime: + type: string + deprecationTime: + type: string + id: + type: string + instanceType: + type: string + location: + type: string + name: + type: string + ownerId: + type: string + platformDetails: + type: string + public: + type: boolean + state: + type: string + type: + type: string + type: object amiReleaseVersion: type: string amiType: @@ -139,10 +166,6 @@ spec: type: array type: object type: array - instanceTypes: - items: - type: string - type: array labels: additionalProperties: type: string @@ -243,31 +266,6 @@ spec: instances: items: properties: - amazonMachineImage: - properties: - architecture: - type: string - creationTime: - type: string - deprecationTime: - type: string - id: - type: string - location: - type: string - name: - type: string - ownerId: - type: string - platformDetails: - type: string - public: - type: boolean - state: - type: string - type: - type: string - type: object httpPutResponseHopLimit: format: int32 type: integer diff --git a/controllers/awsadapterconfig_controller.go b/controllers/awsadapterconfig_controller.go index 91364c0..6975356 100644 --- a/controllers/awsadapterconfig_controller.go +++ b/controllers/awsadapterconfig_controller.go @@ -253,9 +253,9 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req } if x, err := eksClient.ListNodegroups(context.TODO(), &eks.ListNodegroupsInput{ClusterName: objOld.Spec.Name}); err == nil { + objNew.Status.EKSCluster.Compute.NodeGroups = []*securityv1alpha1.EKSNodeGroup{} for _, v := range x.Nodegroups { if y, err := eksClient.DescribeNodegroup(context.TODO(), &eks.DescribeNodegroupInput{ClusterName: objOld.Spec.Name, NodegroupName: &v}); err == nil { - objNew.Status.EKSCluster.Compute.NodeGroups = []*securityv1alpha1.EKSNodeGroup{} var launchTemplate *securityv1alpha1.EC2LaunchTemplate if y.Nodegroup.LaunchTemplate != nil { launchTemplate = &securityv1alpha1.EC2LaunchTemplate{ @@ -297,6 +297,47 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req } } + x, err := ec2Client.DescribeInstances(context.TODO(), &ec2.DescribeInstancesInput{ + Filters: []types.Filter{ + { + Name: aws.String("tag:aws:eks:cluster-name"), + Values: []string{ + *objOld.Spec.Name, + }, + }, + { + Name: aws.String("tag:eks:nodegroup-name"), + Values: []string{ + v, + }, + }, + }, + }) + if err != nil { + l.Error(err, "error occurred while fetching EC2 instances") + return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) + } + + ami, err := getAmi(ctx, ec2Client, x.Reservations[0].Instances[0].ImageId) + if err != nil { + l.Error(err, "error occurred while fetching AMI") + return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching AMI", err, &l, time.Now()) + } + amazonMachineImage := securityv1alpha1.AmazonMachineImage{ + Id: ami.ImageId, + Name: ami.Name, + InstanceType: y.Nodegroup.InstanceTypes[0], + Location: ami.ImageLocation, + Type: string(ami.ImageType), + Architecture: string(ami.Architecture), + Public: ami.Public, + PlatformDetails: ami.PlatformDetails, + Ownerid: ami.OwnerId, + CreationTime: ami.CreationDate, + DeprecationTime: ami.DeprecationTime, + State: string(ami.State), + } + objNew.Status.EKSCluster.Compute.NodeGroups = append(objNew.Status.EKSCluster.Compute.NodeGroups, &securityv1alpha1.EKSNodeGroup{ Name: v, ScalingConfig: &securityv1alpha1.EKSNodeGroupScalingConfig{ @@ -309,10 +350,10 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req AMIReleaseVersion: y.Nodegroup.ReleaseVersion, HealthIssues: healthIssues, AMIType: string(y.Nodegroup.AmiType), + AmazonMachineImage: amazonMachineImage, CapacityType: string(y.Nodegroup.CapacityType), CreatedAt: y.Nodegroup.CreatedAt.String(), DiskSize: y.Nodegroup.DiskSize, - InstanceTypes: y.Nodegroup.InstanceTypes, NodegroupArn: y.Nodegroup.NodegroupArn, NodeRole: y.Nodegroup.NodeRole, RemoteAccessConfig: remoteAccessConfig, @@ -370,40 +411,20 @@ func (r *AWSAdapterConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req l.Error(err, "error occurred while fetching EC2 instances") return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching EC2 instances", err, &l, time.Now()) } else { + tmpRes := []*securityv1alpha1.Reservation{} for _, res := range x.Reservations { - tmpRes := []*securityv1alpha1.Reservation{} + tmpIn := []*securityv1alpha1.Instance{} for _, i := range res.Instances { - if ami, err := getAmi(ctx, ec2Client, i.ImageId); err != nil { - l.Error(err, "error occurred while fetching AMI") - return r.updateLastPollStatusFailure(ctx, objOld, "error occurred while fetching AMI", err, &l, time.Now()) - } else { - tmpAmi := &securityv1alpha1.AmazonMachineImage{ - Id: ami.ImageId, - Name: ami.Name, - Location: ami.ImageLocation, - Type: string(ami.ImageType), - Architecture: string(ami.Architecture), - Public: ami.Public, - PlatformDetails: ami.PlatformDetails, - Ownerid: ami.OwnerId, - CreationTime: ami.CreationDate, - DeprecationTime: ami.DeprecationTime, - State: string(ami.State), - } - - tmpIn := []*securityv1alpha1.Instance{} - tmpIn = append(tmpIn, &securityv1alpha1.Instance{ - PublicDnsName: i.PublicDnsName, - HttpPutResponseHopLimit: i.MetadataOptions.HttpPutResponseHopLimit, - AmazonMachineImage: tmpAmi, - }) - tmpRes = append(tmpRes, &securityv1alpha1.Reservation{ - Instances: tmpIn, - }) - } + tmpIn = append(tmpIn, &securityv1alpha1.Instance{ + PublicDnsName: i.PublicDnsName, + HttpPutResponseHopLimit: i.MetadataOptions.HttpPutResponseHopLimit, + }) } - objNew.Status.EKSCluster.Compute.Reservations = tmpRes + tmpRes = append(tmpRes, &securityv1alpha1.Reservation{ + Instances: tmpIn, + }) } + objNew.Status.EKSCluster.Compute.Reservations = tmpRes } if x, err := ecrClient.DescribeRepositories(ctx, &ecr.DescribeRepositoriesInput{}); err != nil {