openshift/installer
1
0
Fork 0
mirror of https://github.com/openshift/installer.git synced 2026-02-05 15:47:14 +01:00
Code Issues Releases Activity

OCPBUGS-38722: aws/validation: check config for public-only subnets

Browse Source 
A public-only subnets cluster install requires:
1. publish method to not be "Internal"
2. a BYO VPC with public subnets
This commit is contained in:
Rafael Fonseca
2024-08-20 16:49:34 +02:00
committed by openshift-cherrypick-robot
parent 370e9b6b5c
commit 65cbbf78b5
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/asset/installconfig/aws/validation.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/route53"
"github.com/sirupsen/logrus"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation/field"
@@ -49,6 +50,13 @@ func Validate(ctx context.Context, meta *Metadata, config *types.InstallConfig)
allErrs = append(allErrs, validatePublicIpv4Pool(ctx, meta, field.NewPath("platform", "aws", "publicIpv4PoolId"), config)...)
allErrs = append(allErrs, validatePlatform(ctx, meta, field.NewPath("platform", "aws"), config.Platform.AWS, config.Networking, config.Publish)...)
if awstypes.IsPublicOnlySubnetsEnabled() {
logrus.Warnln("Public-only subnets install. Please be warned this is not supported")
if config.Publish == types.InternalPublishingStrategy {
allErrs = append(allErrs, field.Invalid(field.NewPath("publish"), config.Publish, "cluster cannot be private with public subnets"))
}
}
if config.ControlPlane != nil {
arch := string(config.ControlPlane.Architecture)
pool := &awstypes.MachinePool{}
@@ -88,6 +96,8 @@ func validatePlatform(ctx context.Context, meta *Metadata, fldPath *field.Path,
if len(platform.Subnets) > 0 {
allErrs = append(allErrs, validateSubnets(ctx, meta, fldPath.Child("subnets"), platform.Subnets, networking, publish)...)
} else if awstypes.IsPublicOnlySubnetsEnabled() {
allErrs = append(allErrs, field.Required(fldPath.Child("subnets"), "subnets must be specified for public-only subnets clusters"))
}
if platform.DefaultMachinePlatform != nil {
allErrs = append(allErrs, validateMachinePool(ctx, meta, fldPath.Child("defaultMachinePlatform"), platform, platform.DefaultMachinePlatform, controlPlaneReq, "", "")...)
@@ -209,6 +219,9 @@ func validateSubnets(ctx context.Context, meta *Metadata, fldPath *field.Path, s
publicSubnetsIdx[id] = idx
}
}
if len(publicSubnets) == 0 && awstypes.IsPublicOnlySubnetsEnabled() {
allErrs = append(allErrs, field.Required(fldPath, "public subnets are required for a public-only subnets cluster"))
}
edgeSubnets, err := meta.EdgeSubnets(ctx)
if err != nil {