kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename -> AccessSpec, ELB -> LoadBalancer 

Also add docs
This commit is contained in:
Justin Santa Barbara 2017-01-03 10:47:21 -05:00
parent 02f92979a6
commit 2912dee6e1
16 changed files with 200 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
docs/cluster_spec.md
View File

@ -4,7 +4,34 @@ This list is not complete, but aims to document any keys that are less than self
## spec ## spec
### adminAccess
### api
This object configures how we expose the API:
* `dns` will allow direct access to master instances, and configure DNS to point directly to the master nodes.
* `loadBalancer` will configure a load balancer (ELB) in front of the master nodes, and configure DNS to point to the ELB.
DNS example:
```yaml
spec:
api:
dns: {}
```
When configuring a LoadBalancer, you can also choose to have a public ELB or an internal (VPC only) ELB. The `type`
field should be `Public` or `Internal`.
```yaml
spec:
api:
loadBalancer:
type: Public
```
### sshAccess
This array configures the CIDRs that are able to ssh into nodes. On AWS this is manifested as inbound security group rules on the `nodes` and `master` security groups. This array configures the CIDRs that are able to ssh into nodes. On AWS this is manifested as inbound security group rules on the `nodes` and `master` security groups.
@ -12,7 +39,19 @@ Use this key to restrict cluster access to an office ip address range, for examp
```yaml ```yaml
spec: spec:
adminAccess: sshAccess:
- 12.34.56.78/32
```
### apiAccess
This array configures the CIDRs that are able to access the kubernetes API. On AWS this is manifested as inbound security group rules on the ELB or master security groups.
Use this key to restrict cluster access to an office ip address range, for example.
```yaml
spec:
apiAccess:
- 12.34.56.78/32 - 12.34.56.78/32
``` ```

26
pkg/apis/kops/cluster.go
View File

@ -235,31 +235,31 @@ type ClusterSpec struct {
Networking *NetworkingSpec `json:"networking,omitempty"` Networking *NetworkingSpec `json:"networking,omitempty"`
// API field controls how the API is exposed outside the cluster // API field controls how the API is exposed outside the cluster
API *PublishSpec `json:"api,omitempty"` API *AccessSpec `json:"api,omitempty"`
} }
type PublishSpec struct { type AccessSpec struct {
DNS *DNSPublishSpec `json:"dns,omitempty"` DNS *DNSAccessSpec `json:"dns,omitempty"`
ELB *ELBPublishSpec `json:"elb,omitempty"` LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`
} }
func (s *PublishSpec) IsEmpty() bool { func (s *AccessSpec) IsEmpty() bool {
return s.DNS == nil && s.ELB == nil return s.DNS == nil && s.LoadBalancer == nil
} }
type DNSPublishSpec struct { type DNSAccessSpec struct {
} }
// ELBType string describes ELB types (public, internal) // LoadBalancerType string describes LoadBalancer types (public, internal)
type ELBType string type LoadBalancerType string
const ( const (
ELBTypePublic ELBType = "Public" LoadBalancerTypePublic LoadBalancerType = "Public"
ELBTypeInternal ELBType = "Internal" LoadBalancerTypeInternal LoadBalancerType = "Internal"
) )
type ELBPublishSpec struct { type LoadBalancerAccessSpec struct {
Type ELBType `json:"type,omitempty"` Type LoadBalancerType `json:"type,omitempty"`
} }
type KubeDNSConfig struct { type KubeDNSConfig struct {

26
pkg/apis/kops/v1alpha1/cluster.go
View File

@ -231,31 +231,31 @@ type ClusterSpec struct {
Networking *NetworkingSpec `json:"networking,omitempty"` Networking *NetworkingSpec `json:"networking,omitempty"`
// API field controls how the API is exposed outside the cluster // API field controls how the API is exposed outside the cluster
API *PublishSpec `json:"api,omitempty"` API *AccessSpec `json:"api,omitempty"`
} }
type PublishSpec struct { type AccessSpec struct {
DNS *DNSPublishSpec `json:"dns,omitempty"` DNS *DNSAccessSpec `json:"dns,omitempty"`
ELB *ELBPublishSpec `json:"elb,omitempty"` LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`
} }
func (s *PublishSpec) IsEmpty() bool { func (s *AccessSpec) IsEmpty() bool {
return s.DNS == nil && s.ELB == nil return s.DNS == nil && s.LoadBalancer == nil
} }
type DNSPublishSpec struct { type DNSAccessSpec struct {
} }
// ELBType string describes ELB types (public, internal) // LoadBalancerType string describes LoadBalancer types (public, internal)
type ELBType string type LoadBalancerType string
const ( const (
ELBTypePublic ELBType = "Public" LoadBalancerTypePublic LoadBalancerType = "Public"
ELBTypeInternal ELBType = "Internal" LoadBalancerTypeInternal LoadBalancerType = "Internal"
) )
type ELBPublishSpec struct { type LoadBalancerAccessSpec struct {
Type ELBType `json:"type,omitempty"` Type LoadBalancerType `json:"type,omitempty"`
} }
type KubeDNSConfig struct { type KubeDNSConfig struct {

10
pkg/apis/kops/v1alpha1/defaults.go
View File

@ -42,23 +42,23 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
} }
if obj.API == nil { if obj.API == nil {
obj.API = &PublishSpec{} obj.API = &AccessSpec{}
} }
if obj.API.IsEmpty() { if obj.API.IsEmpty() {
switch obj.Topology.Masters { switch obj.Topology.Masters {
case TopologyPublic: case TopologyPublic:
obj.API.DNS = &DNSPublishSpec{} obj.API.DNS = &DNSAccessSpec{}
case TopologyPrivate: case TopologyPrivate:
obj.API.ELB = &ELBPublishSpec{} obj.API.LoadBalancer = &LoadBalancerAccessSpec{}
default: default:
glog.Infof("unknown master topology type: %q", obj.Topology.Masters) glog.Infof("unknown master topology type: %q", obj.Topology.Masters)
} }
} }
if obj.API.ELB != nil && obj.API.ELB.Type == "" { if obj.API.LoadBalancer != nil && obj.API.LoadBalancer.Type == "" {
obj.API.ELB.Type = ELBTypePublic obj.API.LoadBalancer.Type = LoadBalancerTypePublic
} }
} }

174
pkg/apis/kops/v1alpha1/zz_generated.conversion.go
View File

@ -1,7 +1,7 @@
// +build !ignore_autogenerated // +build !ignore_autogenerated
/* /*
Copyright 2016 The Kubernetes Authors. Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -34,6 +34,8 @@ func init() {
// Public to allow building arbitrary schemes. // Public to allow building arbitrary schemes.
func RegisterConversions(scheme *runtime.Scheme) error { func RegisterConversions(scheme *runtime.Scheme) error {
return scheme.AddGeneratedConversionFuncs( return scheme.AddGeneratedConversionFuncs(
Convert_v1alpha1_AccessSpec_To_kops_AccessSpec,
Convert_kops_AccessSpec_To_v1alpha1_AccessSpec,
Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec, Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec,
Convert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec, Convert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec,
Convert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec, Convert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec,
@ -46,12 +48,10 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_kops_ClusterList_To_v1alpha1_ClusterList, Convert_kops_ClusterList_To_v1alpha1_ClusterList,
Convert_v1alpha1_ClusterSpec_To_kops_ClusterSpec, Convert_v1alpha1_ClusterSpec_To_kops_ClusterSpec,
Convert_kops_ClusterSpec_To_v1alpha1_ClusterSpec, Convert_kops_ClusterSpec_To_v1alpha1_ClusterSpec,
Convert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec, Convert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec,
Convert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec, Convert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec,
Convert_v1alpha1_DockerConfig_To_kops_DockerConfig, Convert_v1alpha1_DockerConfig_To_kops_DockerConfig,
Convert_kops_DockerConfig_To_v1alpha1_DockerConfig, Convert_kops_DockerConfig_To_v1alpha1_DockerConfig,
Convert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec,
Convert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec,
Convert_v1alpha1_EtcdClusterSpec_To_kops_EtcdClusterSpec, Convert_v1alpha1_EtcdClusterSpec_To_kops_EtcdClusterSpec,
Convert_kops_EtcdClusterSpec_To_v1alpha1_EtcdClusterSpec, Convert_kops_EtcdClusterSpec_To_v1alpha1_EtcdClusterSpec,
Convert_v1alpha1_EtcdMemberSpec_To_kops_EtcdMemberSpec, Convert_v1alpha1_EtcdMemberSpec_To_kops_EtcdMemberSpec,
@ -88,15 +88,67 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_kops_KubenetNetworkingSpec_To_v1alpha1_KubenetNetworkingSpec, Convert_kops_KubenetNetworkingSpec_To_v1alpha1_KubenetNetworkingSpec,
Convert_v1alpha1_LeaderElectionConfiguration_To_kops_LeaderElectionConfiguration, Convert_v1alpha1_LeaderElectionConfiguration_To_kops_LeaderElectionConfiguration,
Convert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration, Convert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration,
Convert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec,
Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec,
Convert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec, Convert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec,
Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec, Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec,
Convert_v1alpha1_PublishSpec_To_kops_PublishSpec,
Convert_kops_PublishSpec_To_v1alpha1_PublishSpec,
Convert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec, Convert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec,
Convert_kops_WeaveNetworkingSpec_To_v1alpha1_WeaveNetworkingSpec, Convert_kops_WeaveNetworkingSpec_To_v1alpha1_WeaveNetworkingSpec,
) )
} }
func autoConvert_v1alpha1_AccessSpec_To_kops_AccessSpec(in *AccessSpec, out *kops.AccessSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(kops.DNSAccessSpec)
if err := Convert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(kops.LoadBalancerAccessSpec)
if err := Convert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.LoadBalancer = nil
}
return nil
}
func Convert_v1alpha1_AccessSpec_To_kops_AccessSpec(in *AccessSpec, out *kops.AccessSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_AccessSpec_To_kops_AccessSpec(in, out, s)
}
func autoConvert_kops_AccessSpec_To_v1alpha1_AccessSpec(in *kops.AccessSpec, out *AccessSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(DNSAccessSpec)
if err := Convert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(LoadBalancerAccessSpec)
if err := Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(*in, *out, s); err != nil {
return err
}
} else {
out.LoadBalancer = nil
}
return nil
}
func Convert_kops_AccessSpec_To_v1alpha1_AccessSpec(in *kops.AccessSpec, out *AccessSpec, s conversion.Scope) error {
return autoConvert_kops_AccessSpec_To_v1alpha1_AccessSpec(in, out, s)
}
func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error { func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error {
return nil return nil
} }
@ -335,8 +387,8 @@ func autoConvert_v1alpha1_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
} }
if in.API != nil { if in.API != nil {
in, out := &in.API, &out.API in, out := &in.API, &out.API
*out = new(kops.PublishSpec) *out = new(kops.AccessSpec)
if err := Convert_v1alpha1_PublishSpec_To_kops_PublishSpec(*in, *out, s); err != nil { if err := Convert_v1alpha1_AccessSpec_To_kops_AccessSpec(*in, *out, s); err != nil {
return err return err
} }
} else { } else {
@ -471,8 +523,8 @@ func autoConvert_kops_ClusterSpec_To_v1alpha1_ClusterSpec(in *kops.ClusterSpec,
} }
if in.API != nil { if in.API != nil {
in, out := &in.API, &out.API in, out := &in.API, &out.API
*out = new(PublishSpec) *out = new(AccessSpec)
if err := Convert_kops_PublishSpec_To_v1alpha1_PublishSpec(*in, *out, s); err != nil { if err := Convert_kops_AccessSpec_To_v1alpha1_AccessSpec(*in, *out, s); err != nil {
return err return err
} }
} else { } else {
@ -481,20 +533,20 @@ func autoConvert_kops_ClusterSpec_To_v1alpha1_ClusterSpec(in *kops.ClusterSpec,
return nil return nil
} }
func autoConvert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(in *DNSPublishSpec, out *kops.DNSPublishSpec, s conversion.Scope) error { func autoConvert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(in *DNSAccessSpec, out *kops.DNSAccessSpec, s conversion.Scope) error {
return nil return nil
} }
func Convert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(in *DNSPublishSpec, out *kops.DNSPublishSpec, s conversion.Scope) error { func Convert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(in *DNSAccessSpec, out *kops.DNSAccessSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(in, out, s) return autoConvert_v1alpha1_DNSAccessSpec_To_kops_DNSAccessSpec(in, out, s)
} }
func autoConvert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(in *kops.DNSPublishSpec, out *DNSPublishSpec, s conversion.Scope) error { func autoConvert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(in *kops.DNSAccessSpec, out *DNSAccessSpec, s conversion.Scope) error {
return nil return nil
} }
func Convert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(in *kops.DNSPublishSpec, out *DNSPublishSpec, s conversion.Scope) error { func Convert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(in *kops.DNSAccessSpec, out *DNSAccessSpec, s conversion.Scope) error {
return autoConvert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(in, out, s) return autoConvert_kops_DNSAccessSpec_To_v1alpha1_DNSAccessSpec(in, out, s)
} }
func autoConvert_v1alpha1_DockerConfig_To_kops_DockerConfig(in *DockerConfig, out *kops.DockerConfig, s conversion.Scope) error { func autoConvert_v1alpha1_DockerConfig_To_kops_DockerConfig(in *DockerConfig, out *kops.DockerConfig, s conversion.Scope) error {
@ -529,24 +581,6 @@ func Convert_kops_DockerConfig_To_v1alpha1_DockerConfig(in *kops.DockerConfig, o
return autoConvert_kops_DockerConfig_To_v1alpha1_DockerConfig(in, out, s) return autoConvert_kops_DockerConfig_To_v1alpha1_DockerConfig(in, out, s)
} }
func autoConvert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(in *ELBPublishSpec, out *kops.ELBPublishSpec, s conversion.Scope) error {
out.Type = kops.ELBType(in.Type)
return nil
}
func Convert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(in *ELBPublishSpec, out *kops.ELBPublishSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(in, out, s)
}
func autoConvert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(in *kops.ELBPublishSpec, out *ELBPublishSpec, s conversion.Scope) error {
out.Type = ELBType(in.Type)
return nil
}
func Convert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(in *kops.ELBPublishSpec, out *ELBPublishSpec, s conversion.Scope) error {
return autoConvert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(in, out, s)
}
func autoConvert_v1alpha1_EtcdClusterSpec_To_kops_EtcdClusterSpec(in *EtcdClusterSpec, out *kops.EtcdClusterSpec, s conversion.Scope) error { func autoConvert_v1alpha1_EtcdClusterSpec_To_kops_EtcdClusterSpec(in *EtcdClusterSpec, out *kops.EtcdClusterSpec, s conversion.Scope) error {
out.Name = in.Name out.Name = in.Name
if in.Members != nil { if in.Members != nil {
@ -1123,6 +1157,24 @@ func Convert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfigur
return autoConvert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration(in, out, s) return autoConvert_kops_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration(in, out, s)
} }
func autoConvert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(in *LoadBalancerAccessSpec, out *kops.LoadBalancerAccessSpec, s conversion.Scope) error {
out.Type = kops.LoadBalancerType(in.Type)
return nil
}
func Convert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(in *LoadBalancerAccessSpec, out *kops.LoadBalancerAccessSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_LoadBalancerAccessSpec_To_kops_LoadBalancerAccessSpec(in, out, s)
}
func autoConvert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(in *kops.LoadBalancerAccessSpec, out *LoadBalancerAccessSpec, s conversion.Scope) error {
out.Type = LoadBalancerType(in.Type)
return nil
}
func Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(in *kops.LoadBalancerAccessSpec, out *LoadBalancerAccessSpec, s conversion.Scope) error {
return autoConvert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec(in, out, s)
}
func autoConvert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec(in *NetworkingSpec, out *kops.NetworkingSpec, s conversion.Scope) error { func autoConvert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec(in *NetworkingSpec, out *kops.NetworkingSpec, s conversion.Scope) error {
if in.Classic != nil { if in.Classic != nil {
in, out := &in.Classic, &out.Classic in, out := &in.Classic, &out.Classic
@ -1265,58 +1317,6 @@ func Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in *kops.NetworkingS
return autoConvert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in, out, s) return autoConvert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in, out, s)
} }
func autoConvert_v1alpha1_PublishSpec_To_kops_PublishSpec(in *PublishSpec, out *kops.PublishSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(kops.DNSPublishSpec)
if err := Convert_v1alpha1_DNSPublishSpec_To_kops_DNSPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.ELB != nil {
in, out := &in.ELB, &out.ELB
*out = new(kops.ELBPublishSpec)
if err := Convert_v1alpha1_ELBPublishSpec_To_kops_ELBPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.ELB = nil
}
return nil
}
func Convert_v1alpha1_PublishSpec_To_kops_PublishSpec(in *PublishSpec, out *kops.PublishSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_PublishSpec_To_kops_PublishSpec(in, out, s)
}
func autoConvert_kops_PublishSpec_To_v1alpha1_PublishSpec(in *kops.PublishSpec, out *PublishSpec, s conversion.Scope) error {
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(DNSPublishSpec)
if err := Convert_kops_DNSPublishSpec_To_v1alpha1_DNSPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.DNS = nil
}
if in.ELB != nil {
in, out := &in.ELB, &out.ELB
*out = new(ELBPublishSpec)
if err := Convert_kops_ELBPublishSpec_To_v1alpha1_ELBPublishSpec(*in, *out, s); err != nil {
return err
}
} else {
out.ELB = nil
}
return nil
}
func Convert_kops_PublishSpec_To_v1alpha1_PublishSpec(in *kops.PublishSpec, out *PublishSpec, s conversion.Scope) error {
return autoConvert_kops_PublishSpec_To_v1alpha1_PublishSpec(in, out, s)
}
func autoConvert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec(in *WeaveNetworkingSpec, out *kops.WeaveNetworkingSpec, s conversion.Scope) error { func autoConvert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec(in *WeaveNetworkingSpec, out *kops.WeaveNetworkingSpec, s conversion.Scope) error {
return nil return nil
} }

2
pkg/apis/kops/v1alpha1/zz_generated.defaults.go
View File

@ -1,7 +1,7 @@
// +build !ignore_autogenerated // +build !ignore_autogenerated
/* /*
Copyright 2016 The Kubernetes Authors. Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

26
pkg/apis/kops/v1alpha2/cluster.go
View File

@ -151,31 +151,31 @@ type ClusterSpec struct {
Networking *NetworkingSpec `json:"networking,omitempty"` Networking *NetworkingSpec `json:"networking,omitempty"`
// API field controls how the API is exposed outside the cluster // API field controls how the API is exposed outside the cluster
API *PublishSpec `json:"api,omitempty"` API *AccessSpec `json:"api,omitempty"`
} }
type PublishSpec struct { type AccessSpec struct {
DNS *DNSPublishSpec `json:"dns,omitempty"` DNS *DNSAccessSpec `json:"dns,omitempty"`
ELB *ELBPublishSpec `json:"elb,omitempty"` LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`
} }
func (s *PublishSpec) IsEmpty() bool { func (s *AccessSpec) IsEmpty() bool {
return s.DNS == nil && s.ELB == nil return s.DNS == nil && s.LoadBalancer == nil
} }
type DNSPublishSpec struct { type DNSAccessSpec struct {
} }
// ELBType string describes ELB types (public, internal) // LoadBalancerType string describes LoadBalancer types (public, internal)
type ELBType string type LoadBalancerType string
const ( const (
ELBTypePublic ELBType = "Public" LoadBalancerTypePublic LoadBalancerType = "Public"
ELBTypeInternal ELBType = "Internal" LoadBalancerTypeInternal LoadBalancerType = "Internal"
) )
type ELBPublishSpec struct { type LoadBalancerAccessSpec struct {
Type ELBType `json:"type,omitempty"` Type LoadBalancerType `json:"type,omitempty"`
} }
type KubeDNSConfig struct { type KubeDNSConfig struct {

10
pkg/apis/kops/v1alpha2/defaults.go
View File

@ -42,23 +42,23 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
} }
if obj.API == nil { if obj.API == nil {
obj.API = &PublishSpec{} obj.API = &AccessSpec{}
} }
if obj.API.IsEmpty() { if obj.API.IsEmpty() {
switch obj.Topology.Masters { switch obj.Topology.Masters {
case TopologyPublic: case TopologyPublic:
obj.API.DNS = &DNSPublishSpec{} obj.API.DNS = &DNSAccessSpec{}
case TopologyPrivate: case TopologyPrivate:
obj.API.ELB = &ELBPublishSpec{} obj.API.LoadBalancer = &LoadBalancerAccessSpec{}
default: default:
glog.Infof("unknown master topology type: %q", obj.Topology.Masters) glog.Infof("unknown master topology type: %q", obj.Topology.Masters)
} }
} }
if obj.API.ELB != nil && obj.API.ELB.Type == "" { if obj.API.LoadBalancer != nil && obj.API.LoadBalancer.Type == "" {
obj.API.ELB.Type = ELBTypePublic obj.API.LoadBalancer.Type = LoadBalancerTypePublic
} }
} }

2
pkg/apis/kops/v1alpha2/zz_generated.defaults.go
View File

@ -1,7 +1,7 @@
// +build !ignore_autogenerated // +build !ignore_autogenerated
/* /*
Copyright 2016 The Kubernetes Authors. Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

12
pkg/model/api_loadbalancer.go
View File

@ -36,8 +36,8 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
return nil return nil
} }
elbSpec := b.Cluster.Spec.API.ELB lbSpec := b.Cluster.Spec.API.LoadBalancer
if elbSpec == nil { if lbSpec == nil {
// Skipping API ELB creation; not requested in Spec // Skipping API ELB creation; not requested in Spec
return nil return nil
} }
@ -95,13 +95,13 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
}, },
} }
switch elbSpec.Type { switch lbSpec.Type {
case kops.ELBTypeInternal: case kops.LoadBalancerTypeInternal:
elb.Scheme = s("internal") elb.Scheme = s("internal")
case kops.ELBTypePublic: case kops.LoadBalancerTypePublic:
elb.Scheme = nil elb.Scheme = nil
default: default:
return fmt.Errorf("unknown elb Type: %q", elbSpec.Type) return fmt.Errorf("unknown elb Type: %q", lbSpec.Type)
} }
c.AddTask(elb) c.AddTask(elb)

2
pkg/model/context.go
View File

@ -154,7 +154,7 @@ func (m *KopsModelContext) UseLoadBalancerForAPI() bool {
if m.Cluster.Spec.API == nil { if m.Cluster.Spec.API == nil {
return false return false
} }
return m.Cluster.Spec.API.ELB != nil return m.Cluster.Spec.API.LoadBalancer != nil
} }
func (m *KopsModelContext) UsePrivateDNS() bool { func (m *KopsModelContext) UsePrivateDNS() bool {

5
pkg/model/external_access.go
View File

@ -21,7 +21,6 @@ import (
"k8s.io/kops/pkg/apis/kops" "k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/upup/pkg/fi" "k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awstasks" "k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
"strconv"
) )
// ExternalAccessModelBuilder configures security group rules for external access // ExternalAccessModelBuilder configures security group rules for external access
@ -43,9 +42,9 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error {
// SSH is open to AdminCIDR set // SSH is open to AdminCIDR set
if b.Cluster.Spec.Topology.Masters == kops.TopologyPublic { if b.Cluster.Spec.Topology.Masters == kops.TopologyPublic {
for i, sshAccess := range b.Cluster.Spec.SSHAccess { for _, sshAccess := range b.Cluster.Spec.SSHAccess {
c.AddTask(&awstasks.SecurityGroupRule{ c.AddTask(&awstasks.SecurityGroupRule{
Name: s("ssh-external-to-master-" + strconv.Itoa(i)), Name: s("ssh-external-to-master-" + sshAccess),
SecurityGroup: b.LinkToSecurityGroup(kops.InstanceGroupRoleMaster), SecurityGroup: b.LinkToSecurityGroup(kops.InstanceGroupRoleMaster),
Protocol: s("tcp"), Protocol: s("tcp"),
FromPort: i64(22), FromPort: i64(22),

3
tests/integration/create_cluster/private/expected-v1alpha1.yaml
View File

@ -4,6 +4,9 @@ metadata:
creationTimestamp: "2017-01-01T00:00:00Z" creationTimestamp: "2017-01-01T00:00:00Z"
name: private.example.com name: private.example.com
spec: spec:
api:
loadBalancer:
type: Public
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/private.example.com configBase: memfs://tests/private.example.com

3
tests/integration/create_cluster/private/expected-v1alpha2.yaml
View File

@ -4,6 +4,9 @@ metadata:
creationTimestamp: "2017-01-01T00:00:00Z" creationTimestamp: "2017-01-01T00:00:00Z"
name: private.example.com name: private.example.com
spec: spec:
api:
loadBalancer:
type: Public
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/private.example.com configBase: memfs://tests/private.example.com

6
tests/integration/minimal-141/kubernetes.tf
View File

@ -232,7 +232,7 @@ resource "aws_security_group_rule" "all-node-to-node" {
protocol = "-1" protocol = "-1"
} }
resource "aws_security_group_rule" "https-external-to-master-0" { resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress" type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-141-example-com.id}" security_group_id = "${aws_security_group.masters-minimal-141-example-com.id}"
from_port = 443 from_port = 443
@ -259,7 +259,7 @@ resource "aws_security_group_rule" "node-egress" {
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
} }
resource "aws_security_group_rule" "ssh-external-to-master-0" { resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
type = "ingress" type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-141-example-com.id}" security_group_id = "${aws_security_group.masters-minimal-141-example-com.id}"
from_port = 22 from_port = 22
@ -268,7 +268,7 @@ resource "aws_security_group_rule" "ssh-external-to-master-0" {
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
} }
resource "aws_security_group_rule" "ssh-external-to-node-0" { resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
type = "ingress" type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-141-example-com.id}" security_group_id = "${aws_security_group.nodes-minimal-141-example-com.id}"
from_port = 22 from_port = 22

6
tests/integration/minimal/kubernetes.tf
View File

@ -232,7 +232,7 @@ resource "aws_security_group_rule" "all-node-to-node" {
protocol = "-1" protocol = "-1"
} }
resource "aws_security_group_rule" "https-external-to-master-0" { resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress" type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-example-com.id}" security_group_id = "${aws_security_group.masters-minimal-example-com.id}"
from_port = 443 from_port = 443
@ -259,7 +259,7 @@ resource "aws_security_group_rule" "node-egress" {
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
} }
resource "aws_security_group_rule" "ssh-external-to-master-0" { resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
type = "ingress" type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-example-com.id}" security_group_id = "${aws_security_group.masters-minimal-example-com.id}"
from_port = 22 from_port = 22
@ -268,7 +268,7 @@ resource "aws_security_group_rule" "ssh-external-to-master-0" {
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
} }
resource "aws_security_group_rule" "ssh-external-to-node-0" { resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
type = "ingress" type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-example-com.id}" security_group_id = "${aws_security_group.nodes-minimal-example-com.id}"
from_port = 22 from_port = 22