Create GCE networks in auto mode, not legacy mode

cmd/kops/integration_test.go

@@ -41,24 +41,32 @@ import (
 
 	"github.com/ghodss/yaml"
 	"golang.org/x/crypto/ssh"
+	"k8s.io/kops/pkg/featureflag"
+	"k8s.io/kops/upup/pkg/fi/cloudup/gce"
 )
 
 // TestMinimal runs the test on a minimum configuration, similar to kops create cluster minimal.example.com --zones us-west-1a
 func TestMinimal(t *testing.T) {
-	runTest(t, "minimal.example.com", "../../tests/integration/minimal", "v1alpha0", false, 1)
-	runTest(t, "minimal.example.com", "../../tests/integration/minimal", "v1alpha1", false, 1)
-	runTest(t, "minimal.example.com", "../../tests/integration/minimal", "v1alpha2", false, 1)
+	runTestAWS(t, "minimal.example.com", "../../tests/integration/minimal", "v1alpha0", false, 1)
+	runTestAWS(t, "minimal.example.com", "../../tests/integration/minimal", "v1alpha1", false, 1)
+	runTestAWS(t, "minimal.example.com", "../../tests/integration/minimal", "v1alpha2", false, 1)
 }
 
 // TestHA runs the test on a simple HA configuration, similar to kops create cluster minimal.example.com --zones us-west-1a,us-west-1b,us-west-1c --master-count=3
 func TestHA(t *testing.T) {
-	runTest(t, "ha.example.com", "../../tests/integration/ha", "v1alpha1", false, 3)
-	runTest(t, "ha.example.com", "../../tests/integration/ha", "v1alpha2", false, 3)
+	runTestAWS(t, "ha.example.com", "../../tests/integration/ha", "v1alpha1", false, 3)
+	runTestAWS(t, "ha.example.com", "../../tests/integration/ha", "v1alpha2", false, 3)
+}
+
+// TestHighAvailabilityGCE runs the test on a simple HA GCE configuration, similar to kops create cluster ha-gce.example.com
+// --zones us-test1-a,us-test1-b,us-test1-c --master-count=3
+func TestHighAvailabilityGCE(t *testing.T) {
+	runTestGCE(t, "ha-gce.example.com", "../../tests/integration/ha_gce", "v1alpha2", false, 3)
 }
 
 // TestComplex runs the test on a more complex configuration, intended to hit more of the edge cases
 func TestComplex(t *testing.T) {
-	runTest(t, "complex.example.com", "../../tests/integration/complex", "v1alpha2", false, 1)
+	runTestAWS(t, "complex.example.com", "../../tests/integration/complex", "v1alpha2", false, 1)
 }
 
 // TestMinimalCloudformation runs the test on a minimum configuration, similar to kops create cluster minimal.example.com --zones us-west-1a
@@ -70,59 +78,59 @@ func TestMinimalCloudformation(t *testing.T) {
 
 // TestMinimal_141 runs the test on a configuration from 1.4.1 release
 func TestMinimal_141(t *testing.T) {
-	runTest(t, "minimal-141.example.com", "../../tests/integration/minimal-141", "v1alpha0", false, 1)
+	runTestAWS(t, "minimal-141.example.com", "../../tests/integration/minimal-141", "v1alpha0", false, 1)
 }
 
 // TestPrivateWeave runs the test on a configuration with private topology, weave networking
 func TestPrivateWeave(t *testing.T) {
-	runTest(t, "privateweave.example.com", "../../tests/integration/privateweave", "v1alpha1", true, 1)
-	runTest(t, "privateweave.example.com", "../../tests/integration/privateweave", "v1alpha2", true, 1)
+	runTestAWS(t, "privateweave.example.com", "../../tests/integration/privateweave", "v1alpha1", true, 1)
+	runTestAWS(t, "privateweave.example.com", "../../tests/integration/privateweave", "v1alpha2", true, 1)
 }
 
 // TestPrivateFlannel runs the test on a configuration with private topology, flannel networking
 func TestPrivateFlannel(t *testing.T) {
-	runTest(t, "privateflannel.example.com", "../../tests/integration/privateflannel", "v1alpha1", true, 1)
-	runTest(t, "privateflannel.example.com", "../../tests/integration/privateflannel", "v1alpha2", true, 1)
+	runTestAWS(t, "privateflannel.example.com", "../../tests/integration/privateflannel", "v1alpha1", true, 1)
+	runTestAWS(t, "privateflannel.example.com", "../../tests/integration/privateflannel", "v1alpha2", true, 1)
 }
 
 // TestPrivateCalico runs the test on a configuration with private topology, calico networking
 func TestPrivateCalico(t *testing.T) {
-	runTest(t, "privatecalico.example.com", "../../tests/integration/privatecalico", "v1alpha1", true, 1)
-	runTest(t, "privatecalico.example.com", "../../tests/integration/privatecalico", "v1alpha2", true, 1)
+	runTestAWS(t, "privatecalico.example.com", "../../tests/integration/privatecalico", "v1alpha1", true, 1)
+	runTestAWS(t, "privatecalico.example.com", "../../tests/integration/privatecalico", "v1alpha2", true, 1)
 }
 
 // TestPrivateCanal runs the test on a configuration with private topology, canal networking
 func TestPrivateCanal(t *testing.T) {
-	runTest(t, "privatecanal.example.com", "../../tests/integration/privatecanal", "v1alpha1", true, 1)
-	runTest(t, "privatecanal.example.com", "../../tests/integration/privatecanal", "v1alpha2", true, 1)
+	runTestAWS(t, "privatecanal.example.com", "../../tests/integration/privatecanal", "v1alpha1", true, 1)
+	runTestAWS(t, "privatecanal.example.com", "../../tests/integration/privatecanal", "v1alpha2", true, 1)
 }
 
 // TestPrivateKopeio runs the test on a configuration with private topology, kopeio networking
 func TestPrivateKopeio(t *testing.T) {
-	runTest(t, "privatekopeio.example.com", "../../tests/integration/privatekopeio", "v1alpha2", true, 1)
+	runTestAWS(t, "privatekopeio.example.com", "../../tests/integration/privatekopeio", "v1alpha2", true, 1)
 }
 
 // TestPrivateDns1 runs the test on a configuration with private topology, private dns
 func TestPrivateDns1(t *testing.T) {
-	runTest(t, "privatedns1.example.com", "../../tests/integration/privatedns1", "v1alpha2", true, 1)
+	runTestAWS(t, "privatedns1.example.com", "../../tests/integration/privatedns1", "v1alpha2", true, 1)
 }
 
 // TestPrivateDns2 runs the test on a configuration with private topology, private dns, extant vpc
 func TestPrivateDns2(t *testing.T) {
-	runTest(t, "privatedns2.example.com", "../../tests/integration/privatedns2", "v1alpha2", true, 1)
+	runTestAWS(t, "privatedns2.example.com", "../../tests/integration/privatedns2", "v1alpha2", true, 1)
 }
 
 // TestSharedSubnet runs the test on a configuration with a shared subnet (and VPC)
 func TestSharedSubnet(t *testing.T) {
-	runTest(t, "sharedsubnet.example.com", "../../tests/integration/shared_subnet", "v1alpha2", false, 1)
+	runTestAWS(t, "sharedsubnet.example.com", "../../tests/integration/shared_subnet", "v1alpha2", false, 1)
 }
 
 // TestSharedVPC runs the test on a configuration with a shared VPC
 func TestSharedVPC(t *testing.T) {
-	runTest(t, "sharedvpc.example.com", "../../tests/integration/shared_vpc", "v1alpha2", false, 1)
+	runTestAWS(t, "sharedvpc.example.com", "../../tests/integration/shared_vpc", "v1alpha2", false, 1)
 }
 
-func runTest(t *testing.T, clusterName string, srcDir string, version string, private bool, zones int) {
+func runTest(t *testing.T, h *testutils.IntegrationTestHarness, clusterName string, srcDir string, version string, private bool, zones int, expectedFilenames []string) {
 	var stdout bytes.Buffer
 
 	inputYAML := "in-" + version + ".yaml"
@@ -131,11 +139,6 @@ func runTest(t *testing.T, clusterName string, srcDir string, version string, pr
 	factoryOptions := &util.FactoryOptions{}
 	factoryOptions.RegistryPath = "memfs://tests"
 
-	h := testutils.NewIntegrationTestHarness(t)
-	defer h.Close()
-
-	h.SetupMockAWS()
-
 	factory := util.NewFactory(factoryOptions)
 
 	{
@@ -224,30 +227,6 @@ func runTest(t *testing.T, clusterName string, srcDir string, version string, pr
 			actualFilenames = append(actualFilenames, f.Name())
 		}
 
-		expectedFilenames := []string{
-			"aws_iam_role_masters." + clusterName + "_policy",
-			"aws_iam_role_nodes." + clusterName + "_policy",
-			"aws_iam_role_policy_masters." + clusterName + "_policy",
-			"aws_iam_role_policy_nodes." + clusterName + "_policy",
-			"aws_key_pair_kubernetes." + clusterName + "-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key",
-			"aws_launch_configuration_nodes." + clusterName + "_user_data",
-		}
-
-		for i := 0; i < zones; i++ {
-			zone := "us-test-1" + string([]byte{byte('a') + byte(i)})
-			s := "aws_launch_configuration_master-" + zone + ".masters." + clusterName + "_user_data"
-			expectedFilenames = append(expectedFilenames, s)
-		}
-
-		if private {
-			expectedFilenames = append(expectedFilenames, []string{
-				"aws_iam_role_bastions." + clusterName + "_policy",
-				"aws_iam_role_policy_bastions." + clusterName + "_policy",
-
-				// bastions don't have any userdata
-				// "aws_launch_configuration_bastions." + clusterName + "_user_data",
-			}...)
-		}
 		sort.Strings(expectedFilenames)
 		if !reflect.DeepEqual(actualFilenames, expectedFilenames) {
 			t.Fatalf("unexpected data files.  actual=%q, expected=%q", actualFilenames, expectedFilenames)
@@ -257,6 +236,63 @@ func runTest(t *testing.T, clusterName string, srcDir string, version string, pr
 	}
 }
 
+func runTestAWS(t *testing.T, clusterName string, srcDir string, version string, private bool, zones int) {
+	h := testutils.NewIntegrationTestHarness(t)
+	defer h.Close()
+
+	h.SetupMockAWS()
+
+	expectedFilenames := []string{
+		"aws_iam_role_masters." + clusterName + "_policy",
+		"aws_iam_role_nodes." + clusterName + "_policy",
+		"aws_iam_role_policy_masters." + clusterName + "_policy",
+		"aws_iam_role_policy_nodes." + clusterName + "_policy",
+		"aws_key_pair_kubernetes." + clusterName + "-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key",
+		"aws_launch_configuration_nodes." + clusterName + "_user_data",
+	}
+
+	for i := 0; i < zones; i++ {
+		zone := "us-test-1" + string([]byte{byte('a') + byte(i)})
+		s := "aws_launch_configuration_master-" + zone + ".masters." + clusterName + "_user_data"
+		expectedFilenames = append(expectedFilenames, s)
+	}
+
+	if private {
+		expectedFilenames = append(expectedFilenames, []string{
+			"aws_iam_role_bastions." + clusterName + "_policy",
+			"aws_iam_role_policy_bastions." + clusterName + "_policy",
+
+			// bastions don't have any userdata
+			// "aws_launch_configuration_bastions." + clusterName + "_user_data",
+		}...)
+	}
+	runTest(t, h, clusterName, srcDir, version, private, zones, expectedFilenames)
+}
+
+func runTestGCE(t *testing.T, clusterName string, srcDir string, version string, private bool, zones int) {
+	featureflag.ParseFlags("+AlphaAllowGCE")
+
+	h := testutils.NewIntegrationTestHarness(t)
+	defer h.Close()
+
+	h.SetupMockGCE()
+
+	expectedFilenames := []string{
+		"google_compute_instance_template_nodes-" + gce.SafeClusterName(clusterName) + "_metadata_cluster-name",
+		"google_compute_instance_template_nodes-" + gce.SafeClusterName(clusterName) + "_metadata_startup-script",
+	}
+
+	for i := 0; i < zones; i++ {
+		zone := "us-test1-" + string([]byte{byte('a') + byte(i)})
+		prefix := "google_compute_instance_template_master-" + zone + "-" + gce.SafeClusterName(clusterName) + "_metadata_"
+
+		expectedFilenames = append(expectedFilenames, prefix+"cluster-name")
+		expectedFilenames = append(expectedFilenames, prefix+"startup-script")
+	}
+
+	runTest(t, h, clusterName, srcDir, version, private, zones, expectedFilenames)
+}
+
 func runTestCloudformation(t *testing.T, clusterName string, srcDir string, version string, private bool) {
 	var stdout bytes.Buffer
 

pkg/model/gcemodel/network.go

@@ -33,7 +33,7 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	network := &gcetasks.Network{
 		Name:      s("default"),
 		Lifecycle: b.Lifecycle,
-		CIDR:      s(b.Cluster.Spec.NetworkCIDR), // Default: s("10.240.0.0/16"),
+		Mode:      "auto", // Automatically create subnets, but stop using legacy mode
 	}
 	c.AddTask(network)
 

tests/integration/ha_gce/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==

tests/integration/ha_gce/in-v1alpha2.yaml

@@ -0,0 +1,135 @@
+apiVersion: kops/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: 2017-01-01T00:00:00Z
+  name: ha-gce.example.com
+spec:
+  api:
+    dns: {}
+  authorization:
+    alwaysAllow: {}
+  channel: stable
+  cloudProvider: gce
+  configBase: memfs://tests/ha-gce.example.com
+  etcdClusters:
+  - etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: a
+    - instanceGroup: master-us-test1-b
+      name: b
+    - instanceGroup: master-us-test1-c
+      name: c
+    name: main
+  - etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: a
+    - instanceGroup: master-us-test1-b
+      name: b
+    - instanceGroup: master-us-test1-c
+      name: c
+    name: events
+  iam:
+    legacy: false
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  kubernetesVersion: v1.7.5
+  masterPublicName: api.ha-gce.example.com
+  networkCIDR: 172.20.0.0/16
+  networking:
+    kubenet: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  project: testproject
+  sshAccess:
+  - 0.0.0.0/0
+  subnets:
+  - cidr: 172.20.32.0/19
+    name: us-test1-a
+    type: Public
+    zone: us-test1-a
+  - cidr: 172.20.64.0/19
+    name: us-test1-b
+    type: Public
+    zone: us-test1-b
+  - cidr: 172.20.96.0/19
+    name: us-test1-c
+    type: Public
+    zone: us-test1-c
+  topology:
+    dns:
+      type: Public
+    masters: public
+    nodes: public
+
+---
+
+apiVersion: kops/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: 2017-01-01T00:00:00Z
+  labels:
+    kops.k8s.io/cluster: ha-gce.example.com
+  name: master-us-test1-a
+spec:
+  image: cos-cloud/cos-stable-57-9202-64-0
+  machineType: n1-standard-1
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-test1-a
+
+---
+
+apiVersion: kops/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: 2017-01-01T00:00:00Z
+  labels:
+    kops.k8s.io/cluster: ha-gce.example.com
+  name: master-us-test1-b
+spec:
+  image: cos-cloud/cos-stable-57-9202-64-0
+  machineType: n1-standard-1
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-test1-b
+
+---
+
+apiVersion: kops/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: 2017-01-01T00:00:00Z
+  labels:
+    kops.k8s.io/cluster: ha-gce.example.com
+  name: master-us-test1-c
+spec:
+  image: cos-cloud/cos-stable-57-9202-64-0
+  machineType: n1-standard-1
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-test1-c
+
+---
+
+apiVersion: kops/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: 2017-01-01T00:00:00Z
+  labels:
+    kops.k8s.io/cluster: ha-gce.example.com
+  name: nodes
+spec:
+  image: cos-cloud/cos-stable-57-9202-64-0
+  machineType: n1-standard-2
+  maxSize: 2
+  minSize: 2
+  role: Node
+  subnets:
+  - us-test1-a
+  - us-test1-b
+  - us-test1-c