Use existing subnets when creating/updating cluster #227
Conversation
|
I am not terribly familiar with CF, but I can't see how would it work: |
|
Thanks for the PR @Sasso! In addition to what @redbaron described, I'd recommend you to take a look into https://github.com/coreos/kube-aws/blob/37c242126fd56db938c3f170e51fddd7a6757207/nodepool/config/config.go#L228 to see how it could be achieved; not tested but maybe what you'd need is something like: func (s Subnet) LogicalName() string {
logicalNameOfTheSubnet := // something
return logicalNameOfTheSubnet
}
func (s Subnet) Ref() string {
if s.SubnetId != "" {
return fmt.Sprintf("%q", c.SubnetId)
}
return fmt.Sprintf(`{"Ref" : "%s"}}`, s.LogicalName())
}With calling the |
| @@ -299,6 +299,9 @@ type Cluster struct { | |||
| type Subnet struct { | |||
| AvailabilityZone string `yaml:"availabilityZone,omitempty"` | |||
| InstanceCIDR string `yaml:"instanceCIDR,omitempty"` | |||
| SubnetId string `yaml:"subnetId,omitempty"` | |||
| Create bool | |||
There was a problem hiding this comment.
this looks redundant, it is always == (subnet.SubnetId != "") so might as well remove it
| @@ -1032,6 +1044,9 @@ func (c *Cluster) ValidateExistingVPC(existingVPCCIDR string, existingSubnetCIDR | |||
| // Loop through all subnets | |||
| // Note: legacy instanceCIDR/availabilityZone stuff has already been marshalled into this format | |||
| for _, subnet := range c.Subnets { | |||
| if !subnet.Create { | |||
There was a problem hiding this comment.
validation is still needed, instead of checking for IP ranges, check that subnet actually exist
There was a problem hiding this comment.
is there a reason validation is only done in create https://github.com/coreos/kube-aws/blob/master/cluster/cluster.go#L126
shouldn't we validate on update and render too?
| @@ -169,8 +169,10 @@ controller: | |||
| # subnets: | |||
| # - availabilityZone: us-west-1a | |||
| # instanceCIDR: "10.0.0.0/24" | |||
| # subnetId: "subnet-xxxxxxxx" #optional | |||
There was a problem hiding this comment.
ideally it should work with just subnetId specified
subnets:
- subnetId: subnet-aaaaa
- subnetId: subnet-zzzzz
does it work like that already?
There was a problem hiding this comment.
No I did not pull any data from AWS, it uses {{$subnet.AvailabilityZone}} at some points so I used the static value. I'll look into pulling that from existing subnet
There was a problem hiding this comment.
why AvailabilityZone is even needed if subnets are specified?
There was a problem hiding this comment.
So I tried getting data from AWS but I couldn't find a nice place to put that checks as i would also need to set availabilityZone and instanceCIDR to not break other stuff. So i ran into other validation failing when removing this out.
I don't mind setting availabilityZone and instanceCIDR and I will leave it as is for now. It would take me to much time to correctly do this. If anyone has an suggestion, easy fix or want to help whit this that would be awesome.
| @@ -1037,10 +1027,10 @@ | |||
| } | |||
| {{if $.ElasticFileSystemID}} | |||
| , | |||
| "{{$subnetLogicalName}}MountTarget": { | |||
| "{{$subnet.SubnetLogicalName}}MountTarget": { | |||
There was a problem hiding this comment.
this makes a confusing resource name if we use existing subnets. Not sure it is worth fixing though :)
this wont work as subnetId has '-' symbol in it which is not alphanumeric and therefore can't be used in CF resource names
There was a problem hiding this comment.
I also need to move this out of the subnet create block
Current coverage is 67.49% (diff: 40.74%)
|
|
I also added validation for update and export. It seems bad not validating data there. |
|
This works now. Tested without subnets (regular mode) and with subnetIDs (pre-existing). All tests pass! Anything else we should do to get this accepted? Thanks! |
|
Tested it too today, works as expected. I didn't test nodepools yet though |
|
@Sasso Thanks for your effort!
|
|
We use node pools but with the static IDs and it is working. However, I went to test the scenario where users do not have pre-existing subnets and I'm having some problems. We will keep hacking on this.. Might be a few days.. fyi. Thanks! |
|
@jeremyd users NOT having pre-existing subnets is the exact scenario kube-aws originally supports, what kind of problem you encounter? does this PR break it? |
|
It's not supposed to. Right now it seems to break node pools in that
scenario. We are working on it. Unfortunately it's time consuming to test
as the only integration test appears to be hard coded to coreos AWS account.
…On Fri, Jan 13, 2017, 12:29 AM Maxim Ivanov ***@***.***> wrote:
@jeremyd <https://github.com/jeremyd> users NOT having pre-existing
subnets is the exact scenario kube-aws originally supports, what kind of
problem you encounter? does this PR break it?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#227 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAP6PVdmteSMX_HiuUpLtsT_5lz4lKNks5rRzXZgaJpZM4LfLN5>
.
|
|
@jeremyd If you meant about the E2E test suite, it isn't hard-coded with a CoreOS AWS account(I don't even have access to one 😝) but you bring your own one for to run it. FYI the usage is documented in https://github.com/coreos/kube-aws/tree/master/e2e |
|
@Sasso , branch with conflicts resolved https://github.com/HotelsDotCom/kube-aws/tree/pull-227-conflicts-1 |
|
@Sasso , also added commit to remove validation during |
|
@jeremyd, can you check if latest version of this PR still breaks your case? |
|
@Sasso @jeremyd @redbaron It seems like my cluster fails in The stack template exported via "": {
"Properties": {
"AvailabilityZone": "ap-northeast-1a",
"CidrBlock": "10.0.0.0/24",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "kubeawstest4-"
},
{
"Key": "KubernetesCluster",
"Value": "kubeawstest4"
}
],
"VpcId": {
"Ref": "VPC"
}
},
"Type": "AWS::EC2::Subnet"
},which indeed seem like the source of the error. |
|
Would you mind if I add some code to default |
| , | ||
| "{{$subnetLogicalName}}RouteTableAssociation": { | ||
| "{{$subnet.SubnetLogicalName}}RouteTableAssociation": { |
There was a problem hiding this comment.
nit but we probably need to create a route table association if and only if the one doesn't exist for the subnet or I guess a cluster creation fails because of a duplicated association in the route table?
| {{if $.ElasticFileSystemID}} | ||
| , | ||
| "{{$subnetLogicalName}}MountTarget": { | ||
| "{{$subnet.SubnetLogicalName}}MountTarget": { |
There was a problem hiding this comment.
Note: When the $subnet is an existing one, we probably need to create a mount target if and only if it doesn't exist for the pair of the subnet and the EFS.
See #208 (comment)
| # - availabilityZone: us-west-1b | ||
| # instanceCIDR: "10.0.1.0/24" | ||
| # subnetId: "subnet-xxxxxxxx" #optional |
There was a problem hiding this comment.
Note: subnetId will be renamed to id in the future according to #195 (comment)
cc @icereval
|
Thanks to all for your efforts on this 🙇 |
|
Thanks so much! We were/are so busy going live in production using kube
from kube-aws and appreciate the maintainers for working with us on this!!
On Mon, Jan 23, 2017, 6:28 PM KUOKA Yusuke <notifications@github.com> wrote:
Thanks to all for your efforts on this 🙇
I've merged this to get the ball rolling.
Please send another pull request(s) for further fixes and improvements if
necessary.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#227 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAP6HTo_q94dYX8Hnn-gonm30nxEO8oks5rVWHSgaJpZM4LfLN5>
.
|
…ed#227) This commit introduces new keys named `subnetId` and `subnetLogiaclName` into items under the top-level `subnets` in `cluster.yaml` to allow deployments to existing subnets while customizing logical names of subnets. Notes on the current implementation: * `subnetId` will be changed to just `id` in the future. See kubernetes-retired#227 (comment) * Route table associations and EFS mount targets may fail while being created in in some cases. See kubernetes-retired#227 (comment) and kubernetes-retired#227 (comment) Notes from original commits before squashing: * Launch in existing subnets * Validate update and export * Don't try to validate config during update * Move r53 schecks to create, update nodepool stack template
If you define
subnetIdyou can reuse existing subnets.there is still some work needed to support node-pools, but I would love to hear opinions or any suggestions on this approach.
It's backward compatible and it uses CF Parameters to overload Subnets with existing subnet id's or references to new resources.
linked to #52