kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename -> AccessSpec, ELB -> LoadBalancer 

Also add docs
This commit is contained in:
Justin Santa Barbara 2017-01-03 10:47:21 -05:00
parent 02f92979a6
commit 2912dee6e1
16 changed files with 200 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
docs/cluster_spec.md
View File

@ -4,7 +4,34 @@ This list is not complete, but aims to document any keys that are less than self
## spec
### adminAccess
### api
This object configures how we expose the API:
* `dns` will allow direct access to master instances, and configure DNS to point directly to the master nodes.
* `loadBalancer` will configure a load balancer (ELB) in front of the master nodes, and configure DNS to point to the ELB.
DNS example:
```yaml
spec:
api:
dns: {}
```
When configuring a LoadBalancer, you can also choose to have a public ELB or an internal (VPC only) ELB. The `type`
field should be `Public` or `Internal`.
```yaml
spec:
api:
loadBalancer:
type: Public
```
### sshAccess
This array configures the CIDRs that are able to ssh into nodes. On AWS this is manifested as inbound security group rules on the `nodes` and `master` security groups.
@ -12,7 +39,19 @@ Use this key to restrict cluster access to an office ip address range, for examp
```yaml
spec:
adminAccess:
sshAccess:
- 12.34.56.78/32
```
### apiAccess
This array configures the CIDRs that are able to access the kubernetes API. On AWS this is manifested as inbound security group rules on the ELB or master security groups.
Use this key to restrict cluster access to an office ip address range, for example.
```yaml
spec:
apiAccess:
- 12.34.56.78/32
```

26
pkg/apis/kops/cluster.go
View File

@ -235,31 +235,31 @@ type ClusterSpec struct {
Networking *NetworkingSpec `json:"networking,omitempty"`
// API field controls how the API is exposed outside the cluster
API *PublishSpec `json:"api,omitempty"`
API *AccessSpec `json:"api,omitempty"`
}
type PublishSpec struct {
DNS *DNSPublishSpec `json:"dns,omitempty"`
ELB *ELBPublishSpec `json:"elb,omitempty"`
type AccessSpec struct {
DNS *DNSAccessSpec `json:"dns,omitempty"`
LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`
}
func (s *PublishSpec) IsEmpty() bool {
return s.DNS == nil && s.ELB == nil
func (s *AccessSpec) IsEmpty() bool {
return s.DNS == nil && s.LoadBalancer == nil
}
type DNSPublishSpec struct {
type DNSAccessSpec struct {
}
// ELBType string describes ELB types (public, internal)
type ELBType string
// LoadBalancerType string describes LoadBalancer types (public, internal)
type LoadBalancerType string
const (
ELBTypePublic ELBType = "Public"
ELBTypeInternal ELBType = "Internal"
LoadBalancerTypePublic LoadBalancerType = "Public"
LoadBalancerTypeInternal LoadBalancerType = "Internal"
)
type ELBPublishSpec struct {
Type ELBType `json:"type,omitempty"`
type LoadBalancerAccessSpec struct {
Type LoadBalancerType `json:"type,omitempty"`
}
type KubeDNSConfig struct {

26
pkg/apis/kops/v1alpha1/cluster.go
View File

@ -231,31 +231,31 @@ type ClusterSpec struct {
Networking *NetworkingSpec `json:"networking,omitempty"`
// API field controls how the API is exposed outside the cluster
API *PublishSpec `json:"api,omitempty"`
API *AccessSpec `json:"api,omitempty"`
}
type PublishSpec struct {
DNS *DNSPublishSpec `json:"dns,omitempty"`
ELB *ELBPublishSpec `json:"elb,omitempty"`
type AccessSpec struct {
DNS *DNSAccessSpec `json:"dns,omitempty"`
LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`
}
func (s *PublishSpec) IsEmpty() bool {
return s.DNS == nil && s.ELB == nil
func (s *AccessSpec) IsEmpty() bool {
return s.DNS == nil && s.LoadBalancer == nil
}
type DNSPublishSpec struct {
type DNSAccessSpec struct {
}
// ELBType string describes ELB types (public, internal)
type ELBType string
// LoadBalancerType string describes LoadBalancer types (public, internal)
type LoadBalancerType string
const (
ELBTypePublic ELBType = "Public"
ELBTypeInternal ELBType = "Internal"
LoadBalancerTypePublic LoadBalancerType = "Public"
LoadBalancerTypeInternal LoadBalancerType = "Internal"
)
type ELBPublishSpec struct {
Type ELBType `json:"type,omitempty"`
type LoadBalancerAccessSpec struct {
Type LoadBalancerType `json:"type,omitempty"`
}
type KubeDNSConfig struct {

10
pkg/apis/kops/v1alpha1/defaults.go
View File

@ -42,23 +42,23 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
}
if obj.API == nil {
obj.API = &PublishSpec{}
obj.API = &AccessSpec{}
}
if obj.API.IsEmpty() {
switch obj.Topology.Masters {
case TopologyPublic:
obj.API.DNS = &DNSPublishSpec{}
obj.API.DNS = &DNSAccessSpec{}
case TopologyPrivate:
obj.API.ELB = &ELBPublishSpec{}
obj.API.LoadBalancer = &LoadBalancerAccessSpec{}
default:
glog.Infof("unknown master topology type: %q", obj.Topology.Masters)
}
}
if obj.API.ELB != nil && obj.API.ELB.Type == "" {
obj.API.ELB.Type = ELBTypePublic
if obj.API.LoadBalancer != nil && obj.API.LoadBalancer.Type == "" {
obj.API.LoadBalancer.Type = LoadBalancerTypePublic
}
}

174
pkg/apis/kops/v1alpha1/zz_generated.conversion.go
View File

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2016 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -34,6 +34,8 @@ func init() {
// Public to allow building arbitrary schemes.
func RegisterConversions(scheme *runtime.Scheme) error {
return scheme.AddGeneratedConversionFuncs(
Convert_v1alpha1_AccessSpec_To_kops_AccessSpec,
Convert_kops_AccessSpec_To_v1alpha1_AccessSpec,
Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec,
Convert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec,
Convert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec,
@ -46,12 +48,10 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_kops_ClusterList_To_v1alpha1_ClusterList,
Convert_v1alpha1_ClusterSpec_To_kops_ClusterSpec,
Convert_kops_ClusterSpec_To_v1alpha1_ClusterSpec,
Convert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec,
Convert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec,
Convert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec,
Convert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec,
Convert_v1alpha1_DockerConfig_To_kops_DockerConfig,
Convert_kops_DockerConfig_To_v1alpha1_DockerConfig,
Convert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec,
Convert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec,
Convert_v1alpha1_EtcdClusterSpec_To_kops_EtcdClusterSpec,
Convert_kops_EtcdClusterSpec_To_v1alpha1_EtcdClusterSpec,
Convert_v1alpha1_EtcdMemberSpec_To_kops_EtcdMemberSpec,
@ -88,15 +88,67 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_kops_KubenetNetworkingSpec_To_v1alpha1_KubenetNetworkingSpec,
Convert_v1alpha1_LeaderElectionConfiguration_To_kops_LeaderElectionConfiguration,
Convert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration,
Convert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec,
Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec,
Convert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec,
Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec,
Convert_v1alpha1_PublishSpec_To_kops_PublishSpec,
Convert_kops_PublishSpec_To_v1alpha1_PublishSpec,
Convert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec,
Convert_kops_WeaveNetworkingSpec_To_v1alpha1_WeaveNetworkingSpec,
)
}
func autoConvert_v1alpha1_AccessSpec_To_kops_AccessSpec(in *AccessSpec, out *kops.AccessSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(kops.DNSAccessSpec)
if err := Convert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(kops.LoadBalancerAccessSpec)
if err := Convert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.LoadBalancer = nil
}
return nil
}
func Convert_v1alpha1_AccessSpec_To_kops_AccessSpec(in *AccessSpec, out *kops.AccessSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_AccessSpec_To_kops_AccessSpec(in, out, s)
}
func autoConvert_kops_AccessSpec_To_v1alpha1_AccessSpec(in *kops.AccessSpec, out *AccessSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(DNSAccessSpec)
if err := Convert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(LoadBalancerAccessSpec)
if err := Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.LoadBalancer = nil
}
return nil
}
func Convert_kops_AccessSpec_To_v1alpha1_AccessSpec(in *kops.AccessSpec, out *AccessSpec, s conversion.Scope) error {
return autoConvert_kops_AccessSpec_To_v1alpha1_AccessSpec(in, out, s)
}
func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error {
return nil
}
@ -335,8 +387,8 @@ func autoConvert_v1alpha1_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
}
if in.API != nil {
in, out := &in.API, &out.API
*out = new(kops.PublishSpec)
if err := Convert_v1alpha1_PublishSpec_To_kops_PublishSpec(*in, *out, s); err != nil {
*out = new(kops.AccessSpec)
if err := Convert_v1alpha1_AccessSpec_To_kops_AccessSpec(*in, *out, s); err != nil {
return err
}
} else {
@ -471,8 +523,8 @@ func autoConvert_kops_ClusterSpec_To_v1alpha1_ClusterSpec(in *kops.ClusterSpec,
}
if in.API != nil {
in, out := &in.API, &out.API
*out = new(PublishSpec)
if err := Convert_kops_PublishSpec_To_v1alpha1_PublishSpec(*in, *out, s); err != nil {
*out = new(AccessSpec)
if err := Convert_kops_AccessSpec_To_v1alpha1_AccessSpec(*in, *out, s); err != nil {
return err
}
} else {
@ -481,20 +533,20 @@ func autoConvert_kops_ClusterSpec_To_v1alpha1_ClusterSpec(in *kops.ClusterSpec,
return nil
}
func autoConvert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(in *DNSPublishSpec, out *kops.DNSPublishSpec, s conversion.Scope) error {
func autoConvert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(in *DNSAccessSpec, out *kops.DNSAccessSpec, s conversion.Scope) error {
return nil
}
func Convert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(in *DNSPublishSpec, out *kops.DNSPublishSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(in, out, s)
func Convert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(in *DNSAccessSpec, out *kops.DNSAccessSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(in, out, s)
}
func autoConvert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(in *kops.DNSPublishSpec, out *DNSPublishSpec, s conversion.Scope) error {
func autoConvert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(in *kops.DNSAccessSpec, out *DNSAccessSpec, s conversion.Scope) error {
return nil
}
func Convert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(in *kops.DNSPublishSpec, out *DNSPublishSpec, s conversion.Scope) error {
return autoConvert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(in, out, s)
func Convert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(in *kops.DNSAccessSpec, out *DNSAccessSpec, s conversion.Scope) error {
return autoConvert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(in, out, s)
}
func autoConvert_v1alpha1_DockerConfig_To_kops_DockerConfig(in *DockerConfig, out *kops.DockerConfig, s conversion.Scope) error {
@ -529,24 +581,6 @@ func Convert_kops_DockerConfig_To_v1alpha1_DockerConfig(in *kops.DockerConfig, o
return autoConvert_kops_DockerConfig_To_v1alpha1_DockerConfig(in, out, s)
}
func autoConvert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(in *ELBPublishSpec, out *kops.ELBPublishSpec, s conversion.Scope) error {
out.Type = kops.ELBType(in.Type)
return nil
}
func Convert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(in *ELBPublishSpec, out *kops.ELBPublishSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(in, out, s)
}
func autoConvert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(in *kops.ELBPublishSpec, out *ELBPublishSpec, s conversion.Scope) error {
out.Type = ELBType(in.Type)
return nil
}
func Convert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(in *kops.ELBPublishSpec, out *ELBPublishSpec, s conversion.Scope) error {
return autoConvert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(in, out, s)
}
func autoConvert_v1alpha1_EtcdClusterSpec_To_kops_EtcdClusterSpec(in *EtcdClusterSpec, out *kops.EtcdClusterSpec, s conversion.Scope) error {
out.Name = in.Name
if in.Members != nil {
@ -1123,6 +1157,24 @@ func Convert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfigur
return autoConvert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration(in, out, s)
}
func autoConvert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(in *LoadBalancerAccessSpec, out *kops.LoadBalancerAccessSpec, s conversion.Scope) error {
out.Type = kops.LoadBalancerType(in.Type)
return nil
}
func Convert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(in *LoadBalancerAccessSpec, out *kops.LoadBalancerAccessSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(in, out, s)
}
func autoConvert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(in *kops.LoadBalancerAccessSpec, out *LoadBalancerAccessSpec, s conversion.Scope) error {
out.Type = LoadBalancerType(in.Type)
return nil
}
func Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(in *kops.LoadBalancerAccessSpec, out *LoadBalancerAccessSpec, s conversion.Scope) error {
return autoConvert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(in, out, s)
}
func autoConvert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec(in *NetworkingSpec, out *kops.NetworkingSpec, s conversion.Scope) error {
if in.Classic != nil {
in, out := &in.Classic, &out.Classic
@ -1265,58 +1317,6 @@ func Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in *kops.NetworkingS
return autoConvert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in, out, s)
}
func autoConvert_v1alpha1_PublishSpec_To_kops_PublishSpec(in *PublishSpec, out *kops.PublishSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(kops.DNSPublishSpec)
if err := Convert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.ELB != nil {
in, out := &in.ELB, &out.ELB
*out = new(kops.ELBPublishSpec)
if err := Convert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.ELB = nil
}
return nil
}
func Convert_v1alpha1_PublishSpec_To_kops_PublishSpec(in *PublishSpec, out *kops.PublishSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_PublishSpec_To_kops_PublishSpec(in, out, s)
}
func autoConvert_kops_PublishSpec_To_v1alpha1_PublishSpec(in *kops.PublishSpec, out *PublishSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(DNSPublishSpec)
if err := Convert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.ELB != nil {
in, out := &in.ELB, &out.ELB
*out = new(ELBPublishSpec)
if err := Convert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.ELB = nil
}
return nil
}
func Convert_kops_PublishSpec_To_v1alpha1_PublishSpec(in *kops.PublishSpec, out *PublishSpec, s conversion.Scope) error {
return autoConvert_kops_PublishSpec_To_v1alpha1_PublishSpec(in, out, s)
}
func autoConvert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec(in *WeaveNetworkingSpec, out *kops.WeaveNetworkingSpec, s conversion.Scope) error {
return nil
}

2
pkg/apis/kops/v1alpha1/zz_generated.defaults.go
View File

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2016 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

26
pkg/apis/kops/v1alpha2/cluster.go
View File

@ -151,31 +151,31 @@ type ClusterSpec struct {
Networking *NetworkingSpec `json:"networking,omitempty"`
// API field controls how the API is exposed outside the cluster
API *PublishSpec `json:"api,omitempty"`
API *AccessSpec `json:"api,omitempty"`
}
type PublishSpec struct {
DNS *DNSPublishSpec `json:"dns,omitempty"`
ELB *ELBPublishSpec `json:"elb,omitempty"`
type AccessSpec struct {
DNS *DNSAccessSpec `json:"dns,omitempty"`
LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`
}
func (s *PublishSpec) IsEmpty() bool {
return s.DNS == nil && s.ELB == nil
func (s *AccessSpec) IsEmpty() bool {
return s.DNS == nil && s.LoadBalancer == nil
}
type DNSPublishSpec struct {
type DNSAccessSpec struct {
}
// ELBType string describes ELB types (public, internal)
type ELBType string
// LoadBalancerType string describes LoadBalancer types (public, internal)
type LoadBalancerType string
const (
ELBTypePublic ELBType = "Public"
ELBTypeInternal ELBType = "Internal"
LoadBalancerTypePublic LoadBalancerType = "Public"
LoadBalancerTypeInternal LoadBalancerType = "Internal"
)
type ELBPublishSpec struct {
Type ELBType `json:"type,omitempty"`
type LoadBalancerAccessSpec struct {
Type LoadBalancerType `json:"type,omitempty"`
}
type KubeDNSConfig struct {

10
pkg/apis/kops/v1alpha2/defaults.go
View File

@ -42,23 +42,23 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
}
if obj.API == nil {
obj.API = &PublishSpec{}
obj.API = &AccessSpec{}
}
if obj.API.IsEmpty() {
switch obj.Topology.Masters {
case TopologyPublic:
obj.API.DNS = &DNSPublishSpec{}
obj.API.DNS = &DNSAccessSpec{}
case TopologyPrivate:
obj.API.ELB = &ELBPublishSpec{}
obj.API.LoadBalancer = &LoadBalancerAccessSpec{}
default:
glog.Infof("unknown master topology type: %q", obj.Topology.Masters)
}
}
if obj.API.ELB != nil && obj.API.ELB.Type == "" {
obj.API.ELB.Type = ELBTypePublic
if obj.API.LoadBalancer != nil && obj.API.LoadBalancer.Type == "" {
obj.API.LoadBalancer.Type = LoadBalancerTypePublic
}
}

2
pkg/apis/kops/v1alpha2/zz_generated.defaults.go
View File

@ -1,7 +1,7 @@
// +build !ignore_autogenerated
/*
Copyright 2016 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

12
pkg/model/api_loadbalancer.go
View File

@ -36,8 +36,8 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
return nil
}
elbSpec := b.Cluster.Spec.API.ELB
if elbSpec == nil {
lbSpec := b.Cluster.Spec.API.LoadBalancer
if lbSpec == nil {
// Skipping API ELB creation; not requested in Spec
return nil
}
@ -95,13 +95,13 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
},
}
switch elbSpec.Type {
case kops.ELBTypeInternal:
switch lbSpec.Type {
case kops.LoadBalancerTypeInternal:
elb.Scheme = s("internal")
case kops.ELBTypePublic:
case kops.LoadBalancerTypePublic:
elb.Scheme = nil
default:
return fmt.Errorf("unknown elb Type: %q", elbSpec.Type)
return fmt.Errorf("unknown elb Type: %q", lbSpec.Type)
}
c.AddTask(elb)

2
pkg/model/context.go
View File

@ -154,7 +154,7 @@ func (m *KopsModelContext) UseLoadBalancerForAPI() bool {
if m.Cluster.Spec.API == nil {
return false
}
return m.Cluster.Spec.API.ELB != nil
return m.Cluster.Spec.API.LoadBalancer != nil
}
func (m *KopsModelContext) UsePrivateDNS() bool {

5
pkg/model/external_access.go
View File

@ -21,7 +21,6 @@ import (
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
"strconv"
)
// ExternalAccessModelBuilder configures security group rules for external access
@ -43,9 +42,9 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error {
// SSH is open to AdminCIDR set
if b.Cluster.Spec.Topology.Masters == kops.TopologyPublic {
for i, sshAccess := range b.Cluster.Spec.SSHAccess {
for _, sshAccess := range b.Cluster.Spec.SSHAccess {
c.AddTask(&awstasks.SecurityGroupRule{
Name: s("ssh-external-to-master-" + strconv.Itoa(i)),
Name: s("ssh-external-to-master-" + sshAccess),
SecurityGroup: b.LinkToSecurityGroup(kops.InstanceGroupRoleMaster),
Protocol: s("tcp"),
FromPort: i64(22),

3
tests/integration/create_cluster/private/expected-v1alpha1.yaml
View File

@ -4,6 +4,9 @@ metadata:
creationTimestamp: "2017-01-01T00:00:00Z"
name: private.example.com
spec:
api:
loadBalancer:
type: Public
channel: stable
cloudProvider: aws
configBase: memfs://tests/private.example.com

3
tests/integration/create_cluster/private/expected-v1alpha2.yaml
View File

@ -4,6 +4,9 @@ metadata:
creationTimestamp: "2017-01-01T00:00:00Z"
name: private.example.com
spec:
api:
loadBalancer:
type: Public
channel: stable
cloudProvider: aws
configBase: memfs://tests/private.example.com

6
tests/integration/minimal-141/kubernetes.tf
View File

@ -232,7 +232,7 @@ resource "aws_security_group_rule" "all-node-to-node" {
protocol = "-1"
}
resource "aws_security_group_rule" "https-external-to-master-0" {
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-141-example-com.id}"
from_port = 443
@ -259,7 +259,7 @@ resource "aws_security_group_rule" "node-egress" {
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "ssh-external-to-master-0" {
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-141-example-com.id}"
from_port = 22
@ -268,7 +268,7 @@ resource "aws_security_group_rule" "ssh-external-to-master-0" {
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "ssh-external-to-node-0" {
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-141-example-com.id}"
from_port = 22

6
tests/integration/minimal/kubernetes.tf
View File

@ -232,7 +232,7 @@ resource "aws_security_group_rule" "all-node-to-node" {
protocol = "-1"
}
resource "aws_security_group_rule" "https-external-to-master-0" {
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-example-com.id}"
from_port = 443
@ -259,7 +259,7 @@ resource "aws_security_group_rule" "node-egress" {
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "ssh-external-to-master-0" {
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-example-com.id}"
from_port = 22
@ -268,7 +268,7 @@ resource "aws_security_group_rule" "ssh-external-to-master-0" {
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "ssh-external-to-node-0" {
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-example-com.id}"
from_port = 22