Enable/disable bastion, defaults to false

2016-11-16 23:42:27 +05:30 · 2016-11-16 23:42:27 +05:30 · 2f1ebdea15
parent 5457b51c83
commit 2f1ebdea15
6 changed files with 41 additions and 20 deletions
--- a/cmd/kops/create.go
+++ b/cmd/kops/create.go
@ -18,9 +18,10 @@ package main

 import (
 	"fmt"
+	"io"
+
 	"github.com/golang/glog"
 	"github.com/spf13/cobra"
-	"io"
 	"k8s.io/kops/cmd/kops/util"
 	kopsapi "k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/util/pkg/vfs"
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -19,10 +19,12 @@ package main
 import (
 	"bytes"
 	"fmt"
-	"github.com/golang/glog"
-	"github.com/spf13/cobra"
 	"io"
 	"io/ioutil"
+	"strings"
+
+	"github.com/golang/glog"
+	"github.com/spf13/cobra"
 	"k8s.io/kops/cmd/kops/util"
 	api "k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/apis/kops/registry"
@ -32,7 +34,6 @@ import (
 	"k8s.io/kops/upup/pkg/fi/utils"
 	"k8s.io/kops/upup/pkg/kutil"
 	"k8s.io/kubernetes/pkg/util/sets"
-	"strings"
 )

 type CreateClusterOptions struct {
@ -62,6 +63,9 @@ type CreateClusterOptions struct {

 	// The network topology to use
 	Topology string
+
+	// Enable/Disable Bastion Host complete setup
+	Bastion bool
 }

 func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
@ -117,6 +121,9 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	// Network topology
 	cmd.Flags().StringVarP(&options.Topology, "topology", "t", "public", "Controls network topology for the cluster. public|private. Default is 'public'.")

+	// Bastion
+	cmd.Flags().BoolVar(&options.Bastion, "bastion", false, "Specify --bastion=[true|false] to turn enable/disable bastion setup. Default is 'false'.")
+
 	return cmd
 }

@ -139,7 +146,6 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io
 		isDryrun = true
 		targetName = cloudup.TargetDryRun
 	}
-
 	clusterName := rootCommand.clusterName
 	if clusterName == "" {
 		return fmt.Errorf("--name is required")
@ -175,6 +181,7 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io
 	if err != nil {
 		return err
 	}
+
 	if channel.Spec.Cluster != nil {
 		cluster.Spec = *channel.Spec.Cluster
 	}
@ -211,7 +218,6 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io
 		for _, zone := range cluster.Spec.Zones {
 			existingZones[zone.Name] = zone
 		}
-
 		for _, zone := range parseZoneList(c.Zones) {
 			if existingZones[zone] == nil {
 				cluster.Spec.Zones = append(cluster.Spec.Zones, &api.ClusterZoneSpec{
@ -372,17 +378,22 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io
 		}
 	}

+	//Bastion
+	if c.Topology == api.TopologyPublic && c.Bastion == true {
+		return fmt.Errorf("Bastion supports --topology='private' only.")
+	}
+
 	// Network Topology
 	switch c.Topology {
 	case api.TopologyPublic:
-		cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic, BypassBastion: false}
+		cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic, BypassBastion: !c.Bastion}
 	case api.TopologyPrivate:
 		if !supportsPrivateTopology(cluster.Spec.Networking) {
 			return fmt.Errorf("Invalid networking option %s. Currently only '--networking cni', '--networking kopeio-vxlan', '--networking weave' are supported for private topologies", c.Networking)
 		}
-		cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPrivate, Nodes: api.TopologyPrivate, BypassBastion: false}
+		cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPrivate, Nodes: api.TopologyPrivate, BypassBastion: !c.Bastion}
 	case "":
-		glog.Warningf("Empty topology. Defaulting to public topology.")
+		glog.Warningf("Empty topology. Defaulting to public topology without bastion")
 		cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic, BypassBastion: false}
 	default:
 		return fmt.Errorf("Invalid topology %s.", c.Topology)
--- a/cmd/kops/root.go
+++ b/cmd/kops/root.go
@ -19,10 +19,12 @@ package main
 import (
 	goflag "flag"
 	"fmt"
+	"io"
+	"os"
+
 	"github.com/golang/glog"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"io"
 	"k8s.io/kops/cmd/kops/util"
 	kopsapi "k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/apis/kops/v1alpha1"
@ -30,7 +32,6 @@ import (
 	"k8s.io/kops/upup/pkg/kutil"
 	k8sapi "k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
-	"os"
 )

 type Factory interface {
--- a/docs/cli/kops_create_cluster.md
+++ b/docs/cli/kops_create_cluster.md
@ -36,7 +36,7 @@ kops create cluster
      --yes                         Specify --yes to immediately create the cluster
      --zones string                Zones in which to run the cluster
      --topology string             Specify --topology=[public|private] to enable/disable public/private networking for all master and nodes. Default is 'public'
-
+      --bastion bool                Specify --bastion=[true|false] to enable/disable bastion setup
 ```

 ### Options inherited from parent commands
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@ -19,12 +19,13 @@ package kops
 import (
 	"encoding/binary"
 	"fmt"
-	"github.com/golang/glog"
-	"k8s.io/kops/util/pkg/vfs"
-	"k8s.io/kubernetes/pkg/api/unversioned"
 	"net"
 	"strconv"
 	"strings"
+
+	"github.com/golang/glog"
+	"k8s.io/kops/util/pkg/vfs"
+	"k8s.io/kubernetes/pkg/api/unversioned"
 )

 type Cluster struct {
--- a/pkg/apis/kops/validation.go
+++ b/pkg/apis/kops/validation.go
@ -18,13 +18,14 @@ package kops

 import (
 	"fmt"
+	"net"
+	"net/url"
+	"strings"
+
 	"github.com/blang/semver"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kubernetes/pkg/util/validation"
 	"k8s.io/kubernetes/pkg/util/validation/field"
-	"net"
-	"net/url"
-	"strings"
 )

 func (c *Cluster) Validate(strict bool) error {
@ -310,15 +311,21 @@ func (c *Cluster) Validate(strict bool) error {
 			return fmt.Errorf("Invalid Masters value for Topology")
 		} else if c.Spec.Topology.Nodes != TopologyPublic && c.Spec.Topology.Nodes != TopologyPrivate {
 			return fmt.Errorf("Invalid Nodes value for Topology")
-		// Until we support other topologies - these must match
+			// Until we support other topologies - these must match
 		} else if c.Spec.Topology.Masters != c.Spec.Topology.Nodes {
 			return fmt.Errorf("Topology Nodes must match Topology Masters")
 		}

-	}else{
+	} else {
 		return fmt.Errorf("Topology requires non-nil values for Masters and Nodes")
 	}

+	// Bastion
+	if !c.Spec.Topology.BypassBastion {
+		if c.Spec.Topology.Masters == TopologyPublic || c.Spec.Topology.Nodes == TopologyPublic {
+			return fmt.Errorf("Bastion supports only Private Masters and Nodes")
+		}
+	}
 	// Etcd
 	{
 		if len(c.Spec.EtcdClusters) == 0 {