Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

added a separate vnet for PEs, peerings between RP and PE vnets, changed PE creation.

This commit is contained in:
Leszek Jakubowski 2020-01-30 10:53:13 +01:00 коммит произвёл Jim Minter
Родитель d5e9020aad
Коммит 78a39e33aa
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 0730CBDA10D1A2D3
8 изменённых файлов: 172 добавлений и 68 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

64
deploy/rp-development.json
Просмотреть файл

@ -93,7 +93,7 @@
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/8"
"10.0.0.0/24"
]
},
"subnets": [
@ -106,10 +106,25 @@
}
},
"name": "rp-subnet"
},
}
]
},
"name": "rp-vnet",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01"
},
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.4.0/22"
]
},
"subnets": [
{
"properties": {
"addressPrefix": "10.1.0.0/16",
"addressPrefix": "10.0.4.0/22",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]",
"tags": null
@ -120,14 +135,49 @@
}
]
},
"name": "rp-vnet",
"name": "rp-pe-vnet-001",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"tags": {
"vnet": "rp"
},
"apiVersion": "2019-07-01"
},
{
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/', 'rp-pe-vnet-001')]"
}
},
"name": "'rp-vnet/peering-rp-pe-vnet-001'",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
],
"location": "[resourceGroup().location]"
},
{
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/', 'rp-vnet')]"
}
},
"name": "'rp-pe-vnet-001/peering-rp-vnet'",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
],
"location": "[resourceGroup().location]"
},
{
"kind": "GlobalDocumentDB",
"properties": {

64
deploy/rp-production.json
Просмотреть файл

@ -301,7 +301,7 @@
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/8"
"10.0.0.0/24"
]
},
"subnets": [
@ -328,10 +328,25 @@
]
},
"name": "rp-subnet"
},
}
]
},
"name": "rp-vnet",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01"
},
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.4.0/22"
]
},
"subnets": [
{
"properties": {
"addressPrefix": "10.1.0.0/16",
"addressPrefix": "10.0.4.0/22",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]",
"tags": null
@ -342,14 +357,49 @@
}
]
},
"name": "rp-vnet",
"name": "rp-pe-vnet-001",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"tags": {
"vnet": "rp"
},
"apiVersion": "2019-07-01"
},
{
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/', 'rp-pe-vnet-001')]"
}
},
"name": "'rp-vnet/peering-rp-pe-vnet-001'",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
],
"location": "[resourceGroup().location]"
},
{
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/', 'rp-vnet')]"
}
},
"name": "'rp-pe-vnet-001/peering-rp-vnet'",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
],
"location": "[resourceGroup().location]"
},
{
"kind": "GlobalDocumentDB",
"properties": {

63
pkg/deploy/rp.go
Просмотреть файл

@ -48,7 +48,32 @@ func newGenerator(production bool) *generator {
}
}
func (g *generator) vnet() *arm.Resource {
// halfPeering configures vnetA to peer with vnetB, two symmetrical configurations have to be applied for a peering to work
func (g *generator) halfPeering(vnetA string, vnetB string) *arm.Resource {
return &arm.Resource{
Resource: &mgmtnetwork.VirtualNetworkPeering{
VirtualNetworkPeeringPropertiesFormat: &mgmtnetwork.VirtualNetworkPeeringPropertiesFormat{
AllowVirtualNetworkAccess: to.BoolPtr(true),
AllowForwardedTraffic: to.BoolPtr(true),
AllowGatewayTransit: to.BoolPtr(false),
UseRemoteGateways: to.BoolPtr(false),
RemoteVirtualNetwork: &mgmtnetwork.SubResource{
ID: to.StringPtr(fmt.Sprintf("[resourceId('Microsoft.Network/virtualNetworks/', '%s')]", vnetB)),
},
},
Name: to.StringPtr(fmt.Sprintf("'%s/peering-%s'", vnetA, vnetB)),
},
APIVersion: apiVersions["network"],
DependsOn: []string{
fmt.Sprintf("[resourceId('Microsoft.Network/virtualNetworks', '%s')]", vnetA),
fmt.Sprintf("[resourceId('Microsoft.Network/virtualNetworks', '%s')]", vnetB),
},
Type: "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
Location: "[resourceGroup().location]",
}
}
func (g *generator) rpvnet() *arm.Resource {
subnet := mgmtnetwork.Subnet{
SubnetPropertiesFormat: &mgmtnetwork.SubnetPropertiesFormat{
AddressPrefix: to.StringPtr("10.0.0.0/24"),
@ -77,14 +102,34 @@ func (g *generator) vnet() *arm.Resource {
VirtualNetworkPropertiesFormat: &mgmtnetwork.VirtualNetworkPropertiesFormat{
AddressSpace: &mgmtnetwork.AddressSpace{
AddressPrefixes: &[]string{
"10.0.0.0/8",
"10.0.0.0/24",
},
},
Subnets: &[]mgmtnetwork.Subnet{
subnet,
},
},
Name: to.StringPtr("rp-vnet"),
Type: to.StringPtr("Microsoft.Network/virtualNetworks"),
Location: to.StringPtr("[resourceGroup().location]"),
},
APIVersion: apiVersions["network"],
}
}
func (g *generator) pevnet() *arm.Resource {
return &arm.Resource{
Resource: &mgmtnetwork.VirtualNetwork{
VirtualNetworkPropertiesFormat: &mgmtnetwork.VirtualNetworkPropertiesFormat{
AddressSpace: &mgmtnetwork.AddressSpace{
AddressPrefixes: &[]string{
"10.0.4.0/22",
},
},
Subnets: &[]mgmtnetwork.Subnet{
{
SubnetPropertiesFormat: &mgmtnetwork.SubnetPropertiesFormat{
AddressPrefix: to.StringPtr("10.1.0.0/16"),
AddressPrefix: to.StringPtr("10.0.4.0/22"),
NetworkSecurityGroup: &mgmtnetwork.SecurityGroup{
ID: to.StringPtr("[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]"),
},
@ -94,12 +139,9 @@ func (g *generator) vnet() *arm.Resource {
},
},
},
Name: to.StringPtr("rp-vnet"),
Name: to.StringPtr("rp-pe-vnet-001"),
Type: to.StringPtr("Microsoft.Network/virtualNetworks"),
Location: to.StringPtr("[resourceGroup().location]"),
Tags: map[string]*string{
"vnet": to.StringPtr("rp"),
},
},
APIVersion: apiVersions["network"],
}
@ -887,7 +929,12 @@ func (g *generator) template() *arm.Template {
t.Resources = append(t.Resources, g.pip(), g.lb(), g.vmss())
}
// clustersKeyvault must preceed serviceKeyvault due to terrible bytes.Replace below
t.Resources = append(t.Resources, g.zone(), g.clustersKeyvault(), g.serviceKeyvault(), g.vnet())
t.Resources = append(t.Resources, g.zone(),
g.clustersKeyvault(), g.serviceKeyvault(),
g.rpvnet(), g.pevnet(),
g.halfPeering("rp-vnet", "rp-pe-vnet-001"),
g.halfPeering("rp-pe-vnet-001", "rp-vnet"))
if g.production {
t.Resources = append(t.Resources, g.cosmosdb("'ARO'")...)
} else {

1
pkg/env/env.go поставляемый
Просмотреть файл

@ -32,7 +32,6 @@ type Interface interface {
GetSecret(context.Context, string) ([]byte, error)
Listen() (net.Listener, error)
ManagedDomain(string) (string, error)
VnetName() string
Zones(vmSize string) ([]string, error)
}

36
pkg/env/prod.go поставляемый
Просмотреть файл

@ -27,7 +27,6 @@ import (
"github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/dns"
"github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/documentdb"
"github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/keyvault"
"github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/network"
"github.com/Azure/ARO-RP/pkg/util/clientauthorizer"
"github.com/Azure/ARO-RP/pkg/util/instancemetadata"
)
@ -43,7 +42,6 @@ type prod struct {
cosmosDBPrimaryMasterKey string
domain string
serviceKeyvaultURI string
vnetName string
zones map[string][]string
fpCertificate *x509.Certificate
@ -91,11 +89,6 @@ func newProd(ctx context.Context, log *logrus.Entry, instancemetadata instanceme
return nil, err
}
err = p.populateVnet(ctx, rpAuthorizer)
if err != nil {
return nil, err
}
err = p.populateZones(ctx, rpAuthorizer)
if err != nil {
return nil, err
@ -182,31 +175,6 @@ func (p *prod) populateVaultURIs(ctx context.Context, rpAuthorizer autorest.Auth
return nil
}
func (p *prod) populateVnet(ctx context.Context, rpAuthorizer autorest.Authorizer) error {
virtualnetworks := network.NewVirtualNetworksClient(p.SubscriptionID(), rpAuthorizer)
vnets, err := virtualnetworks.List(ctx, p.ResourceGroup())
if err != nil {
return err
}
for i := 0; i < len(vnets); {
if vnets[i].Tags["vnet"] == nil || *vnets[i].Tags["vnet"] != "rp" {
vnets = append(vnets[:i], vnets[i+1:]...)
} else {
i++
}
}
if len(vnets) != 1 {
return fmt.Errorf("found %d virtual networks, expected 1", len(vnets))
}
p.vnetName = *(vnets[0]).Name
return nil
}
func (p *prod) populateZones(ctx context.Context, rpAuthorizer autorest.Authorizer) error {
c := compute.NewResourceSkusClient(p.SubscriptionID(), rpAuthorizer)
@ -344,10 +312,6 @@ func (p *prod) ManagedDomain(domain string) (string, error) {
return domain + "." + p.Domain(), nil
}
func (p *prod) VnetName() string {
return p.vnetName
}
func (p *prod) Zones(vmSize string) ([]string, error) {
zones, found := p.zones[vmSize]
if !found {

5
pkg/env/test.go поставляемый
Просмотреть файл

@ -24,7 +24,6 @@ type Test struct {
TestLocation string
TestResourceGroup string
TestDomain string
TestVNetName string
TestSecret []byte
TLSKey *rsa.PrivateKey
@ -82,7 +81,3 @@ func (t *Test) ResourceGroup() string {
func (t *Test) SubscriptionID() string {
return t.TestSubscriptionID
}
func (t *Test) VnetName() string {
return t.TestVNetName
}

2
pkg/util/privateendpoint/privateendpoint.go
Просмотреть файл

@ -41,7 +41,7 @@ func (m *manager) Create(ctx context.Context, doc *api.OpenShiftClusterDocument)
return m.privateendpoints.CreateOrUpdateAndWait(ctx, m.env.ResourceGroup(), prefix+doc.ID, mgmtnetwork.PrivateEndpoint{
PrivateEndpointProperties: &mgmtnetwork.PrivateEndpointProperties{
Subnet: &mgmtnetwork.Subnet{
ID: to.StringPtr("/subscriptions/" + m.env.SubscriptionID() + "/resourceGroups/" + m.env.ResourceGroup() + "/providers/Microsoft.Network/virtualNetworks/" + m.env.VnetName() + "/subnets/rp-pe-subnet"),
ID: to.StringPtr("/subscriptions/" + m.env.SubscriptionID() + "/resourceGroups/" + m.env.ResourceGroup() + "/providers/Microsoft.Network/virtualNetworks/rp-pe-vnet-001/subnets/rp-pe-subnet"),
},
ManualPrivateLinkServiceConnections: &[]mgmtnetwork.PrivateLinkServiceConnection{
{

5
pkg/util/privateendpoint/privateendpoint_test.go
Просмотреть файл

@ -35,7 +35,6 @@ func TestCreate(t *testing.T) {
env := &env.Test{
TestSubscriptionID: "rpSubscriptionId",
TestResourceGroup: "rpResourcegroup",
TestVNetName: "rpVnet",
}
type test struct {
@ -54,7 +53,7 @@ func TestCreate(t *testing.T) {
CreateOrUpdateAndWait(ctx, "rpResourcegroup", "rp-pe-id", mgmtnetwork.PrivateEndpoint{
PrivateEndpointProperties: &mgmtnetwork.PrivateEndpointProperties{
Subnet: &mgmtnetwork.Subnet{
ID: to.StringPtr("/subscriptions/rpSubscriptionId/resourceGroups/rpResourcegroup/providers/Microsoft.Network/virtualNetworks/rpVnet/subnets/rp-pe-subnet"),
ID: to.StringPtr("/subscriptions/rpSubscriptionId/resourceGroups/rpResourcegroup/providers/Microsoft.Network/virtualNetworks/rp-pe-vnet-001/subnets/rp-pe-subnet"),
},
ManualPrivateLinkServiceConnections: &[]mgmtnetwork.PrivateLinkServiceConnection{
{
@ -78,7 +77,7 @@ func TestCreate(t *testing.T) {
CreateOrUpdateAndWait(ctx, "rpResourcegroup", "rp-pe-id", mgmtnetwork.PrivateEndpoint{
PrivateEndpointProperties: &mgmtnetwork.PrivateEndpointProperties{
Subnet: &mgmtnetwork.Subnet{
ID: to.StringPtr("/subscriptions/rpSubscriptionId/resourceGroups/rpResourcegroup/providers/Microsoft.Network/virtualNetworks/rpVnet/subnets/rp-pe-subnet"),
ID: to.StringPtr("/subscriptions/rpSubscriptionId/resourceGroups/rpResourcegroup/providers/Microsoft.Network/virtualNetworks/rp-pe-vnet-001/subnets/rp-pe-subnet"),
},
ManualPrivateLinkServiceConnections: &[]mgmtnetwork.PrivateLinkServiceConnection{
{