Merge pull request #569 from chengshifan/add-allow-ip-for-svc-gcp

[INT] add allow ip to access service-gcp

Author: chengshifan

deploy/infrabox/templates/scheduler/deployment.yaml

@@ -29,7 +29,7 @@ spec:
                         memory: "400Mi"
                     limits:
                         cpu: "500m"
-                        memory: "2Gi"
+                        memory: "4Gi"
                 env:
                 {{ include "env_database" . | indent 16 }}
                 {{ include "env_general" . | indent 16 }}

src/services/gcp/infrabox-service-gcp/templates/deployment.yaml

@@ -48,6 +48,8 @@ spec:
             value: {{ .Values.max_clusters | quote }}
           - name: LOG_LEVEL
             value: {{ .Values.log_level | quote }}
+          - name: ALLOW_IPS
+            value: {{ .Values.allow_ips | quote }}
           - name: GC_ENABLED
             value: {{ .Values.gc_enabled | quote }}
           {{ if .Values.gc_enabled }}

src/services/gcp/infrabox-service-gcp/values.yaml

@@ -21,3 +21,5 @@ gc_interval: 3600
 
 # info | debug | warn | error
 log_level: info
+
+allow_ips:

src/services/gcp/pkg/stub/handler.go

@@ -223,7 +223,11 @@ func createCluster(cr *v1alpha1.GKECluster, log *logrus.Entry) (*v1alpha1.GKEClu
     args = append(args, "--enable-private-nodes")
 	args = append(args, "--master-ipv4-cidr", finalCIDR)
 	args = append(args, "--enable-master-authorized-networks")
-    args = append(args, "--master-authorized-networks", "0.0.0.0/0")
+	master_authorized_networks := os.Getenv("ALLOW_IPS")
+	if master_authorized_networks == "" {
+	    master_authorized_networks = "0.0.0.0/0"
+	}
+    args = append(args, "--master-authorized-networks", master_authorized_networks)
     cmd := exec.Command("gcloud" , args...)
     out, err := cmd.CombinedOutput()