Merge pull request #619 from hidekazuna/bastion

✨ Add bastion host to login the nodes and update non HA template

Author: k8s-ci-robot

.zuul/playbooks/run.yaml

@@ -48,6 +48,8 @@
         openstack availability zone list
         openstack domain list
 
+        openstack flavor delete m1.tiny
+        openstack flavor create --ram 128 --disk 1 --vcpus 1 --public --id 1 m1.tiny --property hw_rng:allowed='True'
         openstack flavor delete m1.small
         openstack flavor create --ram 4096 --disk 10 --vcpus 2 --public --id 2 m1.small --property hw_rng:allowed='True'
         openstack flavor delete m1.medium

Makefile

@@ -298,8 +298,10 @@ OPENSTACK_CLOUD_PROVIDER_CONF_B64 ?= ""
 OPENSTACK_CLOUD_YAML_B64 ?= ""
 OPENSTACK_DNS_NAMESERVERS ?= ""
 OPENSTACK_IMAGE_NAME ?= "ubuntu-1910-kube-v1.17.3"
+OPENSTACK_BASTION_IMAGE_NAME ?= "cirros"
 OPENSTACK_NODE_MACHINE_FLAVOR ?= "m1.small"
 OPENSTACK_CONTROL_PLANE_MACHINE_FLAVOR ?= "m1.medium"
+OPENSTACK_BASTION_MACHINE_FLAVOR ?= "m1.tiny"
 CLUSTER_NAME ?= "capi-quickstart"
 OPENSTACK_SSH_KEY_NAME ?= "${CLUSTER_NAME}-key"
 OPENSTACK_CLUSTER_TEMPLATE ?= "./templates/cluster-template-without-lb.yaml"
@@ -382,7 +384,10 @@ create-cluster: $(CLUSTERCTL) $(KUSTOMIZE) $(ENVSUBST) ## Create a development K
 	  sed "s|\$${OPENSTACK_CLOUD_PROVIDER_CONF_B64}|$(OPENSTACK_CLOUD_PROVIDER_CONF_B64)|" | \
 	  sed "s|\$${OPENSTACK_CLOUD_CACERT_B64}|$(OPENSTACK_CLOUD_CACERT_B64)|" | \
 	  sed "s|\$${KUBERNETES_VERSION}|$(KUBERNETES_VERSION)|" | \
-	  sed "s|\$${CLUSTER_NAME}|$(CLUSTER_NAME)|"  \
+	  sed "s|\$${CLUSTER_NAME}|$(CLUSTER_NAME)|" | \
+	  sed "s|\$${OPENSTACK_BASTION_MACHINE_FLAVOR}|$(OPENSTACK_BASTION_MACHINE_FLAVOR)|" | \
+	  sed "s|\$${OPENSTACK_BASTION_IMAGE_NAME}|$(OPENSTACK_BASTION_IMAGE_NAME)|" | \
+	  sed "s|\$${OPENSTACK_SSH_KEY_NAME}|$(OPENSTACK_SSH_KEY_NAME)|" \
 	   > ./hack/ci/e2e-conformance/e2e-conformance_patch.yaml
 	$(KUSTOMIZE) build --reorder=none hack/ci/e2e-conformance  > ./out/cluster.yaml
 

api/v1alpha3/openstackcluster_types.go

@@ -105,6 +105,10 @@ type OpenStackClusterSpec struct {
 
 	// ControlPlaneAvailabilityZones is the az to deploy control plane to
 	ControlPlaneAvailabilityZones []string `json:"controlPlaneAvailabilityZones,omitempty"`
+
+	// Bastion is the OpenStack instance to login the nodes
+	//+optional
+	Bastion *Bastion `json:"bastion,omitempty"`
 }
 
 // OpenStackClusterStatus defines the observed state of OpenStackCluster
@@ -129,6 +133,10 @@ type OpenStackClusterStatus struct {
 	// WorkerSecurityGroup contains all the information about the OpenStack Security
 	// Group that needs to be applied to worker nodes.
 	WorkerSecurityGroup *SecurityGroup `json:"workerSecurityGroup,omitempty"`
+
+	BastionSecurityGroup *SecurityGroup `json:"bastionSecurityGroup,omitempty"`
+
+	Bastion *Bastion `json:"bastion,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -140,6 +148,7 @@ type OpenStackClusterStatus struct {
 // +kubebuilder:printcolumn:name="Network",type="string",JSONPath=".status.network.id",description="Network the cluster is using"
 // +kubebuilder:printcolumn:name="Subnet",type="string",JSONPath=".status.network.subnet.id",description="Subnet the cluster is using"
 // +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint.host",description="API Endpoint",priority=1
+// +kubebuilder:printcolumn:name="Bastion",type="string",JSONPath=".status.bastion.floatingIP",description="Bastion floating IP"
 
 // OpenStackCluster is the Schema for the openstackclusters API
 type OpenStackCluster struct {

api/v1alpha3/types.go

@@ -237,3 +237,19 @@ var (
 
 	InstanceStateShutoff = InstanceState("SHUTOFF")
 )
+
+// Bastion represents basic information about the bastion node
+type Bastion struct {
+	//+optional
+	Enabled bool `json:"enabled"`
+	//+optional
+	Flavor string `json:"flavor,omitempty"`
+	//+optional
+	Image string `json:"image,omitempty"`
+	//+optional
+	SSHKeyName string `json:"sshKeyName,omitempty"`
+	//+optional
+	SecurityGroups []SecurityGroupParam `json:"securityGroups,omitempty"`
+	//+optional
+	FloatingIP string `json:"floatingIP,omitempty"`
+}

api/v1alpha3/zz_generated.deepcopy.go

@@ -40,6 +40,10 @@ spec:
       name: Endpoint
       priority: 1
       type: string
+    - description: Bastion floating IP
+      jsonPath: .status.bastion.floatingIP
+      name: Bastion
+      type: string
     name: v1alpha3
     schema:
       openAPIV3Schema:
@@ -75,6 +79,61 @@ spec:
                 description: APIServerLoadBalancerPort is the port on which the listener
                   on the APIServer loadbalancer will be created
                 type: integer
+              bastion:
+                description: Bastion is the OpenStack instance to login the nodes
+                properties:
+                  enabled:
+                    type: boolean
+                  flavor:
+                    type: string
+                  floatingIP:
+                    type: string
+                  image:
+                    type: string
+                  securityGroups:
+                    items:
+                      properties:
+                        filter:
+                          description: Filters used to query security groups in openstack
+                          properties:
+                            description:
+                              type: string
+                            id:
+                              type: string
+                            limit:
+                              type: integer
+                            marker:
+                              type: string
+                            name:
+                              type: string
+                            notTags:
+                              type: string
+                            notTagsAny:
+                              type: string
+                            projectId:
+                              type: string
+                            sortDir:
+                              type: string
+                            sortKey:
+                              type: string
+                            tags:
+                              type: string
+                            tagsAny:
+                              type: string
+                            tenantId:
+                              type: string
+                          type: object
+                        name:
+                          description: Security Group name
+                          type: string
+                        uuid:
+                          description: Security Group UID
+                          type: string
+                      type: object
+                    type: array
+                  sshKeyName:
+                    type: string
+                type: object
               cloudName:
                 description: The name of the cloud to use from the clouds secret
                 type: string
@@ -311,6 +370,113 @@ spec:
           status:
             description: OpenStackClusterStatus defines the observed state of OpenStackCluster
             properties:
+              bastion:
+                description: Bastion represents basic information about the bastion
+                  node
+                properties:
+                  enabled:
+                    type: boolean
+                  flavor:
+                    type: string
+                  floatingIP:
+                    type: string
+                  image:
+                    type: string
+                  securityGroups:
+                    items:
+                      properties:
+                        filter:
+                          description: Filters used to query security groups in openstack
+                          properties:
+                            description:
+                              type: string
+                            id:
+                              type: string
+                            limit:
+                              type: integer
+                            marker:
+                              type: string
+                            name:
+                              type: string
+                            notTags:
+                              type: string
+                            notTagsAny:
+                              type: string
+                            projectId:
+                              type: string
+                            sortDir:
+                              type: string
+                            sortKey:
+                              type: string
+                            tags:
+                              type: string
+                            tagsAny:
+                              type: string
+                            tenantId:
+                              type: string
+                          type: object
+                        name:
+                          description: Security Group name
+                          type: string
+                        uuid:
+                          description: Security Group UID
+                          type: string
+                      type: object
+                    type: array
+                  sshKeyName:
+                    type: string
+                type: object
+              bastionSecurityGroup:
+                description: SecurityGroup represents the basic information of the
+                  associated OpenStack Neutron Security Group.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
               controlPlaneSecurityGroup:
                 description: 'ControlPlaneSecurityGroups contains all the information
                   about the OpenStack Security Group that needs to be applied to control