Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automated cherry pick of #7177: Instance protection #7180

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions docs/instance_groups.md
Original file line number Diff line number Diff line change
Expand Up @@ -474,6 +474,27 @@ spec:
- AZRebalance
```

## Protect new instances from scale in

Autoscaling groups may scale up or down automatically to balance types of instances, regions, etc.
[Instance protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) prevents the ASG from being scaled in.

```
# Example for nodes
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
labels:
kops.k8s.io/cluster: k8s.dev.local
name: nodes
spec:
machineType: m4.xlarge
maxSize: 20
minSize: 2
role: Node
instanceProtection: true
```

## Attaching existing Load Balancers to Instance Groups

Instance groups can be linked to up to 10 load balancers. When attached, any instance launched will
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/kops/instancegroup.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,8 @@ type InstanceGroupSpec struct {
IAM *IAMProfileSpec `json:"iam,omitempty"`
// SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only).
SecurityGroupOverride *string `json:"securityGroupOverride,omitempty"`
// InstanceProtection makes new instances in an autoscaling group protected from scale in
InstanceProtection *bool `json:"instanceProtection,omitempty"`
}

const (
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/kops/v1alpha1/instancegroup.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,8 @@ type InstanceGroupSpec struct {
IAM *IAMProfileSpec `json:"iam,omitempty"`
// SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only).
SecurityGroupOverride *string `json:"securityGroupOverride,omitempty"`
// InstanceProtection makes new instances in an autoscaling group protected from scale in
InstanceProtection *bool `json:"instanceProtection,omitempty"`
}

const (
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/kops/v1alpha1/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pkg/apis/kops/v1alpha2/instancegroup.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,8 @@ type InstanceGroupSpec struct {
IAM *IAMProfileSpec `json:"iam,omitempty"`
// SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only).
SecurityGroupOverride *string `json:"securityGroupOverride,omitempty"`
// InstanceProtection makes new instances in an autoscaling group protected from scale in
InstanceProtection *bool `json:"instanceProtection,omitempty"`
}

const (
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/kops/v1alpha2/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions pkg/apis/kops/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pkg/model/awsmodel/autoscalinggroup.go
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,8 @@ func (b *AutoscalingGroupModelBuilder) buildAutoScalingGroupTask(c *fi.ModelBuil
}
t.SuspendProcesses = &processes

t.InstanceProtection = ig.Spec.InstanceProtection

// @step: are we using a mixed instance policy
if ig.Spec.MixedInstancesPolicy != nil {
spec := ig.Spec.MixedInstancesPolicy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ spec:
maxSize: 2
minSize: 2
role: Node
instanceProtection: true
subnets:
- us-test-1b
mixedInstancesPolicy:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -228,8 +228,9 @@ resource "aws_autoscaling_group" "nodes-mixedinstances-example-com" {
propagate_at_launch = true
}

metrics_granularity = "1Minute"
enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
metrics_granularity = "1Minute"
enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
protect_from_scale_in = true
}

resource "aws_ebs_volume" "us-test-1a-etcd-events-mixedinstances-example-com" {
Expand Down
18 changes: 18 additions & 0 deletions upup/pkg/fi/cloudup/awstasks/autoscalinggroup.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ type AutoscalingGroup struct {

// Granularity specifys the granularity of the metrics
Granularity *string
// InstanceProtection makes new instances in an autoscaling group protected from scale in
InstanceProtection *bool
// LaunchConfiguration is the launch configuration for the autoscaling group
LaunchConfiguration *LaunchConfiguration
// LaunchTemplate is the launch template for the asg
Expand Down Expand Up @@ -171,6 +173,10 @@ func (e *AutoscalingGroup) Find(c *fi.Context) (*AutoscalingGroup, error) {
// Avoid spurious changes
actual.Lifecycle = e.Lifecycle

if g.NewInstancesProtectedFromScaleIn != nil {
actual.InstanceProtection = g.NewInstancesProtectedFromScaleIn
}

return actual, nil
}

Expand Down Expand Up @@ -315,6 +321,11 @@ func (v *AutoscalingGroup) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *Autos
return fmt.Errorf("error suspending processes: %v", err)
}
}

if e.InstanceProtection != nil {
request.NewInstancesProtectedFromScaleIn = e.InstanceProtection
}

} else {
// @logic: else we have found a autoscaling group and we need to evaluate the difference
request := &autoscaling.UpdateAutoScalingGroupInput{
Expand Down Expand Up @@ -451,6 +462,11 @@ func (v *AutoscalingGroup) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *Autos
changes.SuspendProcesses = nil
}

if changes.InstanceProtection != nil {
request.NewInstancesProtectedFromScaleIn = e.InstanceProtection
changes.InstanceProtection = nil
}

empty := &AutoscalingGroup{}
if !reflect.DeepEqual(empty, changes) {
klog.Warningf("cannot apply changes to AutoScalingGroup: %v", changes)
Expand Down Expand Up @@ -628,6 +644,7 @@ type terraformAutoscalingGroup struct {
MetricsGranularity *string `json:"metrics_granularity,omitempty"`
EnabledMetrics []*string `json:"enabled_metrics,omitempty"`
SuspendedProcesses []*string `json:"suspended_processes,omitempty"`
InstanceProtection *bool `json:"protect_from_scale_in,omitempty"`
}

// RenderTerraform is responsible for rendering the terraform codebase
Expand All @@ -638,6 +655,7 @@ func (_ *AutoscalingGroup) RenderTerraform(t *terraform.TerraformTarget, a, e, c
MaxSize: e.MaxSize,
MetricsGranularity: e.Granularity,
EnabledMetrics: aws.StringSlice(e.Metrics),
InstanceProtection: e.InstanceProtection,
}

for _, s := range e.Subnets {
Expand Down