New IPv6 clusters now default to private topology

2022-11-11 19:41:47 -08:00 · 2022-11-11 19:41:47 -08:00 · 26cec727ab
parent 7fe820e96d
commit 26cec727ab
4 changed files with 14 additions and 5 deletions
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -327,7 +327,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.RegisterFlagCompletionFunc("channel", completeChannel)

 	// Network topology
-	cmd.Flags().StringVarP(&options.Topology, "topology", "t", options.Topology, "Network topology for the cluster: public or private")
+	cmd.Flags().StringVarP(&options.Topology, "topology", "t", options.Topology, "Network topology for the cluster: 'public' or 'private'. Defaults to 'public' for IPv4 clusters and 'private' for IPv6 clusters.")
 	cmd.RegisterFlagCompletionFunc("topology", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		return []string{api.TopologyPublic, api.TopologyPrivate}, cobra.ShellCompDirectiveNoFileComp
 	})
--- a/docs/cli/kops_create_cluster.md
+++ b/docs/cli/kops_create_cluster.md
@ -121,7 +121,7 @@ kops create cluster [CLUSTER] [flags]
      --ssh-public-key string            SSH public key to use
      --subnets strings                  Shared subnets to use
      --target string                    Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kOps to generate terraform (default "direct")
-  -t, --topology string                  Network topology for the cluster: public or private (default "public")
+  -t, --topology string                  Network topology for the cluster: 'public' or 'private'. Defaults to 'public' for IPv4 clusters and 'private' for IPv6 clusters.
      --unset strings                    Directly unset values in the spec
      --utility-subnets strings          Shared utility subnets to use
  -y, --yes                              Specify --yes to immediately create the cluster
--- a/docs/releases/1.26-NOTES.md
+++ b/docs/releases/1.26-NOTES.md
@ -18,6 +18,8 @@ This is a document to gather the release notes prior to the release.

 * As of Kubernetes version 1.26 and with IRSA enabled, control plane nodes will now run with a max hop limit of 1 for the metadata service. This will prevent Pods without host networking from accessing the instance metadata service.

+* New IPv6 clusters now default to using private topology.
+
 # Breaking changes

 ## Other breaking changes
--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@ -136,7 +136,7 @@ type NewClusterOptions struct {

 	// Networking is the networking provider/node to use.
 	Networking string
-	// Topology is the network topology to use. Defaults to "public".
+	// Topology is the network topology to use. Defaults to "public" for IPv4 clusters and "private" for IPv6 clusters.
 	Topology string
 	// DNSType is the DNS type to use; "public" or "private". Defaults to "public".
 	DNSType string
@ -166,7 +166,6 @@ func (o *NewClusterOptions) InitDefaults() {
 	o.Authorization = AuthorizationFlagRBAC
 	o.AdminAccess = []string{"0.0.0.0/0", "::/0"}
 	o.Networking = "cilium"
-	o.Topology = api.TopologyPublic
 	o.InstanceManager = "cloudgroups"
 }

@ -1124,8 +1123,16 @@ func setupNetworking(opt *NewClusterOptions, cluster *api.Cluster) error {
 func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.String) ([]*api.InstanceGroup, error) {
 	var bastions []*api.InstanceGroup

+	if opt.Topology == "" {
+		if opt.IPv6 {
+			opt.Topology = kopsapi.TopologyPrivate
+		} else {
+			opt.Topology = kopsapi.TopologyPublic
+		}
+	}
+
 	switch opt.Topology {
-	case api.TopologyPublic, "":
+	case api.TopologyPublic:
 		cluster.Spec.Topology = &api.TopologySpec{
 			ControlPlane: api.TopologyPublic,
 			Nodes:        api.TopologyPublic,