Merge remote-tracking branch 'kubernetes-incubator/master'

* kubernetes-incubator/master:
  Add rkt container cleanup to journald-cloudwatch-logs service
  Support EC2 instance tags per node role This feature will be handy when e.g. your monitoring tools discovers EC2 instances and then groups resource metrics with EC2 instance tags.
  Fix the default FleetIamRole Closes kubernetes-retired#1022
  Fix the default FleetIamRole Closes kubernetes-retired#1022

core/controlplane/config/templates/cloud-config-controller

@@ -106,7 +106,9 @@ coreos:
                   --mount volume=journal,target=/var/log/journal \
                   --volume machine-id,kind=host,source=/etc/machine-id,readOnly=true \
                   --mount volume=machine-id,target=/etc/machine-id \
+                  --uuid-file-save=/var/journald-cloudwatch-logs/journald-cloudwatch-logs.uuid \
                   {{ .JournaldCloudWatchLogsImage.RktRepo }} -- {{.ClusterName}}
+        ExecStopPost=/usr/bin/rkt rm --uuid-file=/var/journald-cloudwatch-logs/journald-cloudwatch-logs.uuid
         Restart=always
         RestartSec=60s
 

core/controlplane/config/templates/cloud-config-etcd

@@ -129,7 +129,9 @@ coreos:
                   --mount volume=journal,target=/var/log/journal \
                   --volume machine-id,kind=host,source=/etc/machine-id,readOnly=true \
                   --mount volume=machine-id,target=/etc/machine-id \
+                  --uuid-file-save=/var/journald-cloudwatch-logs/journald-cloudwatch-logs.uuid \
                   {{ .JournaldCloudWatchLogsImage.RktRepo }} -- {{.ClusterName}}
+        ExecStopPost=/usr/bin/rkt rm --uuid-file=/var/journald-cloudwatch-logs/journald-cloudwatch-logs.uuid
         Restart=always
         RestartSec=60s
 

core/controlplane/config/templates/cloud-config-worker

@@ -141,7 +141,9 @@ coreos:
                   --mount volume=journal,target=/var/log/journal \
                   --volume machine-id,kind=host,source=/etc/machine-id,readOnly=true \
                   --mount volume=machine-id,target=/etc/machine-id \
+                  --uuid-file-save=/var/journald-cloudwatch-logs/journald-cloudwatch-logs.uuid \
                   {{ .JournaldCloudWatchLogsImage.RktRepo }} -- {{.ClusterName}}
+        ExecStopPost=/usr/bin/rkt rm --uuid-file=/var/journald-cloudwatch-logs/journald-cloudwatch-logs.uuid
         Restart=always
         RestartSec=60s
 
@@ -881,6 +883,25 @@ write_files:
 
       instance_id=$(curl http://169.254.169.254/latest/meta-data/instance-id)
 
+      TAGS=""
+      TAGS="${TAGS}Key=\"kubernetes.io/cluster/{{ .ClusterName }}\",Value=\"owned\" "
+      TAGS="${TAGS}Key=\"kube-aws:node-pool:name\",Value=\"{{.NodePoolName}}\" "
+      TAGS="${TAGS}Key=\"Name\",Value=\"{{.ClusterName}}-{{.StackName}}-kube-aws-worker\" "
+
+      {{if .Autoscaling.ClusterAutoscaler.Enabled -}}
+      TAGS="${TAGS}Key=\"{{.Autoscaling.ClusterAutoscaler.AutoDiscoveryTagKey}}\",Value=\"\" "
+      {{end -}}
+
+      {{range $k, $v := .StackTags -}}
+      TAGS="${TAGS}Key=\"{{$k}}\",Value=\"{{$v}}\" "
+      {{end -}}
+
+      {{range $k, $v := .InstanceTags -}}
+      TAGS="${TAGS}Key=\"{{$k}}\",Value=\"{{$v}}\" "
+      {{end -}}
+
+      echo Tagging this EC2 instance with: "$TAGS"
+
       rkt run \
         --volume=ssl,kind=host,source=/etc/kubernetes/ssl,readOnly=false \
         --mount=volume=ssl,target=/etc/kubernetes/ssl \
@@ -896,7 +917,7 @@ write_files:
            /usr/bin/aws \
              --region {{.Region}} ec2 create-tags \
              --resource $instance_id \
-             --tags '"'"'Key=kubernetes.io/cluster/{{.ClusterName}},Value=""'"'"' '"'"'Key=Name,Value="{{.ClusterName}}-{{.StackName}}-kube-aws-worker"'"'"' '"'"'Key="kube-aws:node-pool:name",Value="{{.NodePoolName}}"'"'"'
+             --tags '"$TAGS"'
            echo done.'
 
       rkt rm --uuid-file=/var/run/coreos/tag-spot-instance.uuid || :

core/controlplane/config/templates/cluster.yaml

@@ -164,6 +164,10 @@ kmsKeyArn: "{{.KMSKeyARN}}"
 #  # CAUTION: Don't use t2.micro or the cluster won't work. See https://github.com/kubernetes/kubernetes/issues/18975
 #  instanceType: t2.medium
 #
+#  # EC2 instance tags for controller nodes
+#  instanceTags:
+#    instanceRole: controller
+#
 #  rootVolume:
 #    # Disk size (GiB) for controller node
 #    size: 30
@@ -343,6 +347,10 @@ worker:
 #      # CAUTION: Don't use t2.micro or the cluster won't work. See https://github.com/kubernetes/kubernetes/issues/16122
 #      instanceType: t2.medium
 #
+#      # EC2 instance tags for worker nodes
+#      instanceTags:
+#        instanceRole: worker
+#
 #      rootVolume:
 #        # Disk size (GiB) for worker nodes
 #        size: 30
@@ -397,7 +405,7 @@ worker:
 #        # IAM role to grant the Spot fleet permission to bid on, launch, and terminate instances on your behalf
 #        # See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites
 #        #
-#        # Defaults to "arn:aws:iam::youraccountid:role/aws-ec2-spot-fleet-role" assuming you've arrived "Spot Requests" in EC2 Dashboard
+#        # Defaults to "arn:aws:iam::youraccountid:role/aws-ec2-spot-fleet-tagging-role" assuming you've arrived "Spot Requests" in EC2 Dashboard
 #        # hence the role is automatically created for you
 #        iamFleetRoleArn: "arn:aws:iam::youraccountid:role/kube-aws-doesnt-create-this-for-you"
 #
@@ -577,6 +585,10 @@ worker:
 #  # Instance type for etcd node
 #  instanceType: t2.medium
 #
+#  # EC2 instance tags for etcd nodes
+#  instanceTags:
+#    instanceRole: etcd
+#
 #  rootVolume:
 #    # Root volume size (GiB) for etcd node
 #    size: 30

core/controlplane/config/templates/stack-template.json

@@ -26,6 +26,13 @@
         ],
         "MinSize": "{{.MinControllerCount}}",
         "Tags": [
+          {{range $k, $v := $.Controller.InstanceTags -}}
+          {
+            "Key": "{{$k}}",
+            "PropagateAtLaunch": "true",
+            "Value": "{{$v}}"
+          },
+          {{end -}}
           {
             "Key": "kubernetes.io/cluster/{{.ClusterName}}",
             "PropagateAtLaunch": "true",
@@ -647,6 +654,13 @@
         ],
         "MinSize": "1",
         "Tags": [
+          {{range $k, $v := $.Etcd.InstanceTags -}}
+          {
+            "Key": "{{$k}}",
+            "PropagateAtLaunch": "true",
+            "Value": "{{$v}}"
+          },
+          {{end -}}
           {
             "Key": "kubernetes.io/cluster/{{$.ClusterName}}",
             "PropagateAtLaunch": "true",

core/nodepool/config/templates/stack-template.json

@@ -134,6 +134,13 @@
             "Value": ""
           },
           {{end}}
+          {{range $k, $v := .InstanceTags -}}
+          {
+            "Key": "{{$k}}",
+            "PropagateAtLaunch": "true",
+            "Value": "{{$v}}"
+          },
+          {{end -}}
           {
             "Key": "kubernetes.io/cluster/{{ .ClusterName }}",
             "PropagateAtLaunch": "true",

model/ec2_instance.go

@@ -5,5 +5,6 @@ type EC2Instance struct {
 	CreateTimeout string `yaml:"createTimeout,omitempty"`
 	InstanceType  string `yaml:"instanceType,omitempty"`
 	RootVolume    `yaml:"rootVolume,omitempty"`
-	Tenancy       string `yaml:"tenancy,omitempty"`
+	Tenancy       string            `yaml:"tenancy,omitempty"`
+	InstanceTags  map[string]string `yaml:"instanceTags,omitempty"`
 }

model/spot_fleet.go

@@ -60,7 +60,7 @@ func (f *SpotFleet) UnmarshalYAML(unmarshal func(interface{}) error) error {
 
 func (f SpotFleet) IAMFleetRoleRef() string {
 	if f.IAMFleetRoleARN == "" {
-		return `{"Fn::Join":["", [ "arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":role/aws-ec2-spot-fleet-role" ]]}`
+		return `{"Fn::Join":["", [ "arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":role/aws-ec2-spot-fleet-tagging-role" ]]}`
 	} else {
 		return fmt.Sprintf(`"%s"`, f.IAMFleetRoleARN)
 	}