1 package k8objectsutils
2
3 import (
4 "fmt"
5
6 containerApi "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/container/v1beta1"
7 kcck8s "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/k8s/v1alpha1"
8 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
9 k8sTypes "k8s.io/apimachinery/pkg/types"
10
11 "edge-infra.dev/pkg/edge/api/graph/mapper"
12 gkeClusterApi "edge-infra.dev/pkg/edge/apis/gkecluster/v1alpha1"
13 edgeconstants "edge-infra.dev/pkg/edge/constants"
14 "edge-infra.dev/pkg/k8s/konfigkonnector/apis/meta"
15 "edge-infra.dev/pkg/lib/featureflag"
16 gcpsecurity "edge-infra.dev/pkg/lib/ncr/gcp/security"
17 )
18
19 const defaultNodePoolAnno = "cnrm.cloud.google.com/remove-default-node-pool"
20
21 func BuildContainerCluster(cluster *gkeClusterApi.GKECluster, key k8sTypes.NamespacedName) *containerApi.ContainerCluster {
22 workloadPool := fmt.Sprintf("%s.svc.id.goog", cluster.Spec.ProjectID)
23 releaseChannel := &containerApi.ClusterReleaseChannel{Channel: "STABLE"}
24 var manConfig *containerApi.ClusterMasterAuthorizedNetworksConfig
25 manEnabled, err := featureflag.FeatureEnabled(featureflag.UseMasterAuthorizedNetworks, false)
26 if err != nil {
27 manEnabled = false
28 }
29 if manEnabled {
30 cidrs := []containerApi.ClusterCidrBlocks{}
31 for _, v := range gcpsecurity.ZscalerIPs() {
32 blk := containerApi.ClusterCidrBlocks{
33 CidrBlock: v,
34 }
35 cidrs = append(cidrs, blk)
36 }
37 manConfig = &containerApi.ClusterMasterAuthorizedNetworksConfig{
38 CidrBlocks: cidrs,
39 }
40 }
41
42 return &containerApi.ContainerCluster{
43 TypeMeta: metav1.TypeMeta{
44 Kind: containerApi.ContainerClusterGVK.Kind,
45 APIVersion: containerApi.SchemeGroupVersion.String(),
46 },
47 ObjectMeta: metav1.ObjectMeta{
48 Name: mapper.ConvertK8sName(key.Name),
49 Namespace: key.Namespace,
50 Annotations: map[string]string{
51 defaultNodePoolAnno: "true",
52 meta.ProjectAnnotation: mapper.ConvertK8sName(cluster.Spec.ProjectID),
53 edgeconstants.Tenant: mapper.ConvertK8sName(cluster.Spec.ProjectID),
54 edgeconstants.Fleet: string(cluster.Spec.Fleet),
55 edgeconstants.Banner: cluster.Spec.Banner,
56 edgeconstants.Organization: cluster.Spec.Organization,
57 meta.DeletionPolicyAnnotation: meta.DeletionPolicyAbandon,
58 },
59
60 Labels: map[string]string{
61 edgeconstants.GKEFleet: string(cluster.Spec.Fleet),
62 edgeconstants.GKEBanner: cluster.Spec.Banner,
63 edgeconstants.GKEOrganization: cluster.Spec.Organization,
64 edgeconstants.GKECluster: cluster.Spec.Name,
65 edgeconstants.GKEClusterUUID: cluster.ObjectMeta.Name,
66 },
67 },
68 Spec: containerApi.ContainerClusterSpec{
69 InitialNodeCount: &cluster.Spec.NumNode,
70 WorkloadIdentityConfig: &containerApi.ClusterWorkloadIdentityConfig{
71 WorkloadPool: &workloadPool,
72 },
73 Location: cluster.Spec.Location,
74 LoggingConfig: &containerApi.ClusterLoggingConfig{
75 EnableComponents: []string{"SYSTEM_COMPONENTS"},
76 },
77 MasterAuth: &containerApi.ClusterMasterAuth{
78 ClientCertificateConfig: &containerApi.ClusterClientCertificateConfig{
79 IssueClientCertificate: true,
80 },
81 },
82 MasterAuthorizedNetworksConfig: manConfig,
83 ReleaseChannel: releaseChannel,
84 },
85 }
86 }
87
88 func BuildContainerNodePool(projectID, banner, bslOrg, namespace, name, location, machineType string, nodeCount, minNodes, maxNodes int, fleet string, autoscale bool) *containerApi.ContainerNodePool {
89 auto := true
90 private := true
91 podPidsLimit := 0
92 autoscaling := &containerApi.NodepoolAutoscaling{
93 MaxNodeCount: &maxNodes,
94 MinNodeCount: &minNodes,
95 }
96 if !autoscale {
97 autoscaling = nil
98 }
99 return &containerApi.ContainerNodePool{
100 TypeMeta: metav1.TypeMeta{
101 Kind: containerApi.ContainerNodePoolGVK.Kind,
102 APIVersion: containerApi.SchemeGroupVersion.String(),
103 },
104 ObjectMeta: metav1.ObjectMeta{
105 Name: mapper.ConvertK8sName(name),
106 Namespace: namespace,
107 Annotations: map[string]string{
108 edgeconstants.Tenant: mapper.ConvertK8sName(projectID),
109 edgeconstants.Fleet: fleet,
110 edgeconstants.Banner: banner,
111 edgeconstants.Organization: bslOrg,
112 meta.ProjectAnnotation: mapper.ConvertK8sName(projectID),
113 meta.DeletionPolicyAnnotation: meta.DeletionPolicyAbandon,
114 },
115 },
116 Spec: containerApi.ContainerNodePoolSpec{
117 InitialNodeCount: &nodeCount,
118 NodeConfig: &containerApi.NodepoolNodeConfig{
119 MachineType: &machineType,
120 Metadata: map[string]string{
121 "disable-legacy-endpoints": "true",
122 },
123 OauthScopes: []string{
124 "https://www.googleapis.com/auth/monitoring",
125 "https://www.googleapis.com/auth/devstorage.read_only",
126 "https://www.googleapis.com/auth/cloud-platform",
127 },
128 KubeletConfig: &containerApi.NodepoolKubeletConfig{
129 CpuManagerPolicy: "",
130 PodPidsLimit: &podPidsLimit,
131 },
132 },
133 ClusterRef: kcck8s.ResourceRef{
134 Name: mapper.ConvertK8sName(name),
135 Namespace: namespace,
136 },
137 Location: location,
138 Management: &containerApi.NodepoolManagement{
139 AutoRepair: &auto,
140 AutoUpgrade: &auto,
141 },
142 Autoscaling: autoscaling,
143 NetworkConfig: &containerApi.NodepoolNetworkConfig{
144 EnablePrivateNodes: &private,
145 },
146 },
147 }
148 }
149
150 func WithNetworkConfig(cluster *containerApi.ContainerCluster, network, subnetwork, netmask string) *containerApi.ContainerCluster {
151 cc := cluster.DeepCopy()
152 cc.Spec.NetworkRef = &kcck8s.ResourceRef{
153 External: network,
154 }
155 cc.Spec.SubnetworkRef = &kcck8s.ResourceRef{
156 External: subnetwork,
157 }
158 cc.Spec.IpAllocationPolicy = &containerApi.ClusterIpAllocationPolicy{
159 ClusterIpv4CidrBlock: &netmask,
160 ServicesIpv4CidrBlock: &netmask,
161 }
162 return cc
163 }
164
View as plain text