Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fetch resource group, vNet, subnet value from Infra status #492

Closed
wants to merge 2 commits into from

Conversation

tedteng
Copy link
Contributor

@tedteng tedteng commented Apr 27, 2022

How to categorize this PR?

/area ops-productivity
/kind bug
/platform azure

What this PR does / why we need it:
fetch vNet, subnet value from Infra status, instead of joint name value
Which issue(s) this PR fixes:
Fixes #485

Special notes for your reviewer:
current solution logic depends on SingleSubnet

if infrastructureStatus.Networks.Layout != "SingleSubnet" {
return fmt.Errorf("unsupported network layout %s", infrastructureStatus.Networks.Layout)
}

Release note:

fetch resource group, vNet, subnet value from Infra status, instead of joint name value

@gardener-robot gardener-robot added area/ops-productivity Operator productivity related (how to improve operations) kind/bug Bug platform/azure Microsoft Azure platform/infrastructure needs/review Needs review size/s Size of pull request is small (see gardener-robot robot/bots/size.py) labels Apr 27, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 27, 2022
@gardener-robot-ci-2 gardener-robot-ci-2 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 27, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 27, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 27, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 27, 2022
@tedteng
Copy link
Contributor Author

tedteng commented Apr 27, 2022

/test

@testmachinery
Copy link

testmachinery bot commented Apr 27, 2022

Testrun: e2e-csgc5
Workflow: e2e-csgc5-wf
Phase: Failed

+---------------------+---------------------+-----------+----------+
|        NAME         |        STEP         |   PHASE   | DURATION |
+---------------------+---------------------+-----------+----------+
| infrastructure-test | infrastructure-test | Succeeded | 34m39s   |
| bastion-test        | bastion-test        | Failed    | 6m9s     |
+---------------------+---------------------+-----------+----------+

@gardener-robot gardener-robot added the size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) label Apr 28, 2022
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 28, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 28, 2022
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 28, 2022
@gardener-robot gardener-robot removed the size/s Size of pull request is small (see gardener-robot robot/bots/size.py) label Apr 28, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 28, 2022
@tedteng
Copy link
Contributor Author

tedteng commented Apr 28, 2022

/test

@testmachinery
Copy link

testmachinery bot commented Apr 28, 2022

Testrun: e2e-57z2d
Workflow: e2e-57z2d-wf
Phase: Succeeded

+---------------------+---------------------+-----------+----------+
|        NAME         |        STEP         |   PHASE   | DURATION |
+---------------------+---------------------+-----------+----------+
| infrastructure-test | infrastructure-test | Succeeded | 40m57s   |
| bastion-test        | bastion-test        | Succeeded | 11m7s    |
+---------------------+---------------------+-----------+----------+

@tedteng tedteng changed the title fetch the value from Infra status fetch vNet, subnet value from Infra status Apr 28, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 28, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 28, 2022
@tedteng tedteng marked this pull request as ready for review May 3, 2022 04:51
@tedteng
Copy link
Contributor Author

tedteng commented May 3, 2022

/test

@testmachinery
Copy link

testmachinery bot commented May 3, 2022

Testrun: e2e-pl4xf
Workflow: e2e-pl4xf-wf
Phase: Succeeded

+---------------------+---------------------+-----------+----------+
|        NAME         |        STEP         |   PHASE   | DURATION |
+---------------------+---------------------+-----------+----------+
| infrastructure-test | infrastructure-test | Succeeded | 28m24s   |
| bastion-test        | bastion-test        | Succeeded | 12m56s   |
+---------------------+---------------------+-----------+----------+

@tedteng tedteng changed the title fetch vNet, subnet value from Infra status fetch resource group, vNet, subnet value from Infra status May 4, 2022
@gardener-robot
Copy link

@tedteng You need rebase this pull request with latest master branch. Please check.

@gardener-robot gardener-robot added needs/rebase Needs git rebase size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else and removed size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels May 23, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 23, 2022
@gardener-robot gardener-robot added size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) and removed size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) labels May 23, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 23, 2022
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 23, 2022
@tedteng
Copy link
Contributor Author

tedteng commented May 23, 2022

/test

@testmachinery
Copy link

testmachinery bot commented May 23, 2022

Testrun: e2e-hc56x
Workflow: e2e-hc56x-wf
Phase: Succeeded

+---------------------+---------------------+-----------+----------+
|        NAME         |        STEP         |   PHASE   | DURATION |
+---------------------+---------------------+-----------+----------+
| infrastructure-test | infrastructure-test | Succeeded | 29m48s   |
| bastion-test        | bastion-test        | Succeeded | 10m36s   |
+---------------------+---------------------+-----------+----------+

@tedteng
Copy link
Contributor Author

tedteng commented May 23, 2022

rebased as request, Please reveiw and process the PR when available @gardener/gardener-extension-provider-azure-maintainers Thanks

@kon-angelo kon-angelo added this to the v1.28 milestone May 30, 2022
@@ -62,7 +70,15 @@ func (a *actuator) Reconcile(ctx context.Context, bastion *extensionsv1alpha1.Ba
return err
}

nic, err := ensureNic(ctx, factory, opt, publicIP)
if infrastructureStatus.Networks.Layout != "SingleSubnet" {
Copy link
Contributor

@kon-angelo kon-angelo Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it really not work when there are multiple subnets? I would think that the bastion instance would be able to reach the other nodes, even if multiple subnets are used.

Copy link
Contributor Author

@tedteng tedteng Jun 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't test it, the main Azure bastion PR base on a single Subnet mode is completed before multiple subnets are achieved #331. but we have an internal ticket about Bastion Azure extension multi zones support in SRE backlog

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @kon-angelo, there are Firewall rules created together with Bastion that limit connections to the certain subnet. Originally there was a plan to implement multi-AZ right after the main Bastion development but priorities were changed, unfortunately...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just in case I dismiss our internal ticket because it's not visible to anyone...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after rethinking, I think this PR also covers multiple subnets supported by a bastion extension now. By default, Azure subnets communicate with each other under the same virtual network. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#:~:text=Azure%20automatically%20routes%20traffic,of%20a%20virtual%20network

I am assuming infrastructureStatus.Networks.Subnets always keep subnets which used by the gardener only, by default bastion uses the first subnet to create a bastion

nic, err := ensureNic(ctx, factory, opt, infrastructureStatus.Networks.VNet.Name, infrastructureStatus.Networks.Subnets[0].Name, publicIP)

will remove the SingleSubnet mode check logic

Copy link
Contributor Author

@tedteng tedteng Jun 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

@kon-angelo kon-angelo Jun 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tedteng I checked it and as it is just removing the SingleSubnet check is not enough.
Here is a solution in a draft PR i opened based on this one. You can do some testing yourself too to see that it works E2E.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, It works. I will close the PR.
Please process the draft PR you opened

@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jun 8, 2022
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jun 8, 2022
@tedteng tedteng closed this Jun 13, 2022
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Jun 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ops-productivity Operator productivity related (how to improve operations) kind/bug Bug needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/rebase Needs git rebase needs/review Needs review needs/second-opinion Needs second review by someone else platform/azure Microsoft Azure platform/infrastructure size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bastion controller does not respect InfrastructureStatus
7 participants