Merge pull request #1831 from randomvariable/bastion-instance-type

k8s-ci-robot · web-flow · commit ee8ea85f0282 · 2020-08-05T07:42:29.000-07:00
✨ bastion: Make instance type selectable, with new defaults
diff --git a/api/v1alpha2/awscluster_conversion.go b/api/v1alpha2/awscluster_conversion.go
@@ -55,6 +55,7 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 
 	dst.Spec.Bastion.AllowedCIDRBlocks = restored.Spec.Bastion.AllowedCIDRBlocks
 	dst.Spec.Bastion.DisableIngressRules = restored.Spec.Bastion.DisableIngressRules
+	dst.Spec.Bastion.InstanceType = restored.Spec.Bastion.InstanceType
 	dst.Spec.ImageLookupFormat = restored.Spec.ImageLookupFormat
 	dst.Spec.ImageLookupOrg = restored.Spec.ImageLookupOrg
 	dst.Spec.ImageLookupBaseOS = restored.Spec.ImageLookupBaseOS
diff --git a/api/v1alpha3/awscluster_types.go b/api/v1alpha3/awscluster_types.go
@@ -99,6 +99,11 @@ type Bastion struct {
 	// They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0).
 	// +optional
 	AllowedCIDRBlocks []string `json:"allowedCIDRBlocks,omitempty"`
+
+	// InstanceType will use the specified instance type for the bastion. If not specified,
+	// Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro
+	// will be the default.
+	InstanceType string `json:"instanceType,omitempty"`
 }
 
 // AWSLoadBalancerSpec defines the desired state of an AWS load balancer
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_awsclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_awsclusters.yaml
@@ -414,6 +414,9 @@ spec:
                   enabled:
                     description: Enabled allows this provider to create a bastion host instance with a public ip to access the VPC private network.
                     type: boolean
+                  instanceType:
+                    description: InstanceType will use the specified instance type for the bastion. If not specified, Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro will be the default.
+                    type: string
                 type: object
               controlPlaneEndpoint:
                 description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
diff --git a/pkg/cloud/services/ec2/bastion.go b/pkg/cloud/services/ec2/bastion.go
@@ -19,6 +19,7 @@ package ec2
 import (
 	"encoding/base64"
 	"fmt"
+	"strings"
 
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1alpha3"
 	"sigs.k8s.io/cluster-api/util/conditions"
@@ -37,6 +38,11 @@ const (
 	defaultSSHKeyName = "default"
 )
 
+var (
+	fallbackBastionInstanceType        = "t3.micro"
+	fallbackBastionUsEast1InstanceType = "t2.micro"
+)
+
 // ReconcileBastion ensures a bastion is created for the cluster
 func (s *Service) ReconcileBastion() error {
 	if !s.scope.Bastion().Enabled {
@@ -61,8 +67,6 @@ func (s *Service) ReconcileBastion() error {
 		return errors.New("failed to reconcile bastion host, no public subnets are available")
 	}
 
-	spec := s.getDefaultBastion()
-
 	// Describe bastion instance, if any.
 	instance, err := s.describeBastionInstance()
 	if awserrors.IsNotFound(err) { // nolint:nestif
@@ -72,7 +76,7 @@ func (s *Service) ReconcileBastion() error {
 				return errors.Wrap(err, "failed to patch conditions")
 			}
 		}
-		instance, err = s.runInstance("bastion", spec)
+		instance, err = s.runInstance("bastion", s.getDefaultBastion(s.scope.Bastion().InstanceType))
 		if err != nil {
 			record.Warnf(s.scope.InfraCluster(), "FailedCreateBastion", "Failed to create bastion instance: %v", err)
 			return err
@@ -147,7 +151,7 @@ func (s *Service) describeBastionInstance() (*infrav1.Instance, error) {
 	return nil, awserrors.NewNotFound(errors.New("bastion host not found"))
 }
 
-func (s *Service) getDefaultBastion() *infrav1.Instance {
+func (s *Service) getDefaultBastion(instanceType string) *infrav1.Instance {
 	name := fmt.Sprintf("%s-bastion", s.scope.Name())
 	userData, _ := userdata.NewBastion(&userdata.BastionInput{})
 
@@ -157,9 +161,19 @@ func (s *Service) getDefaultBastion() *infrav1.Instance {
 		keyName = aws.String(defaultSSHKeyName)
 	}
 
+	subnet := s.scope.Subnets().FilterPublic()[0]
+
+	if instanceType == "" {
+		if strings.Contains(subnet.AvailabilityZone, "us-east-1") {
+			instanceType = fallbackBastionUsEast1InstanceType
+		} else {
+			instanceType = fallbackBastionInstanceType
+		}
+	}
+
 	i := &infrav1.Instance{
-		Type:       "t2.micro",
-		SubnetID:   s.scope.Subnets().FilterPublic()[0].ID,
+		Type:       instanceType,
+		SubnetID:   subnet.ID,
 		ImageID:    s.defaultBastionAMILookup(s.scope.Region()),
 		SSHKeyName: keyName,
 		UserData:   aws.String(base64.StdEncoding.EncodeToString([]byte(userData))),
