kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make the AdminAccess default inclusive of IPv6

This commit is contained in:
John Gardiner Myers 2021-06-14 21:15:01 -07:00
parent bfd0b6d9ba
commit 1356818d83
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kops/create_cluster.go
View File

@ -257,7 +257,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
cmd.Flags().StringVar(&options.DNSZone, "dns-zone", options.DNSZone, "DNS hosted zone to use (defaults to longest matching zone)") cmd.Flags().StringVar(&options.DNSZone, "dns-zone", options.DNSZone, "DNS hosted zone to use (defaults to longest matching zone)")
cmd.Flags().StringVar(&options.OutDir, "out", options.OutDir, "Path to write any local output") cmd.Flags().StringVar(&options.OutDir, "out", options.OutDir, "Path to write any local output")
cmd.Flags().StringSliceVar(&options.AdminAccess, "admin-access", options.AdminAccess, "Restrict API access to this CIDR. If not set, access will not be restricted by IP.") cmd.Flags().StringSliceVar(&options.AdminAccess, "admin-access", options.AdminAccess, "Restrict API access to this CIDR. If not set, access will not be restricted by IP.")
cmd.Flags().StringSliceVar(&options.SSHAccess, "ssh-access", options.SSHAccess, "Restrict SSH access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0])") cmd.Flags().StringSliceVar(&options.SSHAccess, "ssh-access", options.SSHAccess, "Restrict SSH access to this CIDR. If not set, uses the value of the admin-access flag.")
// TODO: Can we deprecate this flag - it is awkward? // TODO: Can we deprecate this flag - it is awkward?
cmd.Flags().BoolVar(&associatePublicIP, "associate-public-ip", false, "Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'.") cmd.Flags().BoolVar(&associatePublicIP, "associate-public-ip", false, "Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'.")

4
docs/cli/kops_create_cluster.md generated
View File

@ -66,7 +66,7 @@ kops create cluster [flags]
### Options ### Options
``` ```
--admin-access strings Restrict API access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0]) --admin-access strings Restrict API access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0,::/0])
--api-loadbalancer-class string Currently only supported in AWS. Sets the API loadbalancer class to either 'classic' or 'network' --api-loadbalancer-class string Currently only supported in AWS. Sets the API loadbalancer class to either 'classic' or 'network'
--api-loadbalancer-type string Sets the API loadbalancer type to either 'public' or 'internal' --api-loadbalancer-type string Sets the API loadbalancer type to either 'public' or 'internal'
--api-ssl-certificate string Currently only supported in AWS. Sets the ARN of the SSL Certificate to use for the API server loadbalancer. --api-ssl-certificate string Currently only supported in AWS. Sets the ARN of the SSL Certificate to use for the API server loadbalancer.
@ -113,7 +113,7 @@ kops create cluster [flags]
--out string Path to write any local output --out string Path to write any local output
-o, --output string Output format. One of json|yaml. Used with the --dry-run flag. -o, --output string Output format. One of json|yaml. Used with the --dry-run flag.
--project string Project to use (must be set on GCE) --project string Project to use (must be set on GCE)
--ssh-access strings Restrict SSH access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0]) --ssh-access strings Restrict SSH access to this CIDR. If not set, uses the value of the admin-access flag.
--ssh-public-key string SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS) --ssh-public-key string SSH public key to use (defaults to ~/.ssh/id_rsa.pub on AWS)
--subnets strings Set to use shared subnets --subnets strings Set to use shared subnets
--target string Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kOps to generate terraform (default "direct") --target string Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kOps to generate terraform (default "direct")

6
upup/pkg/fi/cloudup/new_cluster.go
View File

@ -59,7 +59,7 @@ type NewClusterOptions struct {
ConfigBase string ConfigBase string
// KubernetesVersion is the version of Kubernetes to deploy. It defaults to the version recommended by the channel. // KubernetesVersion is the version of Kubernetes to deploy. It defaults to the version recommended by the channel.
KubernetesVersion string KubernetesVersion string
// AdminAccess is the set of CIDR blocks permitted to connect to the Kubernetes API. It defaults to "0.0.0.0/0". // AdminAccess is the set of CIDR blocks permitted to connect to the Kubernetes API. It defaults to "0.0.0.0/0" and "::/0".
AdminAccess []string AdminAccess []string
// SSHAccess is the set of CIDR blocks permitted to connect to SSH on the nodes. It defaults to the value of AdminAccess. // SSHAccess is the set of CIDR blocks permitted to connect to SSH on the nodes. It defaults to the value of AdminAccess.
SSHAccess []string SSHAccess []string
@ -145,7 +145,7 @@ type NewClusterOptions struct {
func (o *NewClusterOptions) InitDefaults() { func (o *NewClusterOptions) InitDefaults() {
o.Channel = api.DefaultChannel o.Channel = api.DefaultChannel
o.Authorization = AuthorizationFlagRBAC o.Authorization = AuthorizationFlagRBAC
o.AdminAccess = []string{"0.0.0.0/0"} o.AdminAccess = []string{"0.0.0.0/0", "::/0"}
o.Networking = "kubenet" o.Networking = "kubenet"
o.Topology = api.TopologyPublic o.Topology = api.TopologyPublic
o.DNSType = string(api.DNSTypePublic) o.DNSType = string(api.DNSTypePublic)
@ -220,7 +220,7 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster
} }
if len(opt.AdminAccess) == 0 { if len(opt.AdminAccess) == 0 {
opt.AdminAccess = []string{"0.0.0.0/0"} opt.AdminAccess = []string{"0.0.0.0/0", "::/0"}
} }
cluster.Spec.KubernetesAPIAccess = opt.AdminAccess cluster.Spec.KubernetesAPIAccess = opt.AdminAccess
if len(opt.SSHAccess) != 0 { if len(opt.SSHAccess) != 0 {