Merge pull request #14531 from johngmyers/ipv6-private

New IPv6 clusters now default to private topology
2022-11-19 01:20:29 -08:00 · 2022-11-19 01:20:29 -08:00 · 498eea0ef1
parent 7a5e616da2 0af0ff27f9
commit 498eea0ef1
5 changed files with 32 additions and 12 deletions
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -327,7 +327,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.RegisterFlagCompletionFunc("channel", completeChannel)

 	// Network topology
-	cmd.Flags().StringVarP(&options.Topology, "topology", "t", options.Topology, "Network topology for the cluster: public or private")
+	cmd.Flags().StringVarP(&options.Topology, "topology", "t", options.Topology, "Network topology for the cluster: 'public' or 'private'. Defaults to 'public' for IPv4 clusters and 'private' for IPv6 clusters.")
 	cmd.RegisterFlagCompletionFunc("topology", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		return []string{api.TopologyPublic, api.TopologyPrivate}, cobra.ShellCompDirectiveNoFileComp
 	})
--- a/docs/cli/kops_create_cluster.md
+++ b/docs/cli/kops_create_cluster.md
@ -121,7 +121,7 @@ kops create cluster [CLUSTER] [flags]
      --ssh-public-key string            SSH public key to use
      --subnets strings                  Shared subnets to use
      --target string                    Valid targets: direct, terraform, cloudformation. Set this flag to terraform if you want kOps to generate terraform (default "direct")
-  -t, --topology string                  Network topology for the cluster: public or private (default "public")
+  -t, --topology string                  Network topology for the cluster: 'public' or 'private'. Defaults to 'public' for IPv4 clusters and 'private' for IPv6 clusters.
      --unset strings                    Directly unset values in the spec
      --utility-subnets strings          Shared utility subnets to use
  -y, --yes                              Specify --yes to immediately create the cluster
--- a/docs/releases/1.26-NOTES.md
+++ b/docs/releases/1.26-NOTES.md
@ -18,6 +18,8 @@ This is a document to gather the release notes prior to the release.

 * As of Kubernetes version 1.26 and with IRSA enabled, control plane nodes will now run with a max hop limit of 1 for the metadata service. This will prevent Pods without host networking from accessing the instance metadata service.

+* New IPv6 clusters now default to using private topology.
+
 # Breaking changes

 ## Other breaking changes
--- a/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml
@ -5,7 +5,9 @@ metadata:
  name: ipv6.example.com
 spec:
  api:
-    dns: {}
+    loadBalancer:
+      class: Network
+      type: Public
  authorization:
    rbac: {}
  channel: stable
@ -45,16 +47,25 @@ spec:
  - 0.0.0.0/0
  - ::/0
  subnets:
-  - cidr: 172.20.32.0/19
-    ipv6CIDR: /64#0
+  - ipv6CIDR: /64#0
    name: us-test-1a
-    type: Public
+    type: Private
+    zone: us-test-1a
+  - cidr: 172.20.32.0/19
+    ipv6CIDR: /64#1
+    name: dualstack-us-test-1a
+    type: DualStack
+    zone: us-test-1a
+  - cidr: 172.20.0.0/22
+    ipv6CIDR: /64#2
+    name: utility-us-test-1a
+    type: Utility
    zone: us-test-1a
  topology:
    dns:
      type: Public
-    masters: public
-    nodes: public
+    masters: private
+    nodes: private

 ---

@ -75,7 +86,7 @@ spec:
  minSize: 1
  role: Master
  subnets:
-  - us-test-1a
+  - dualstack-us-test-1a

 ---

--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@ -136,7 +136,7 @@ type NewClusterOptions struct {

 	// Networking is the networking provider/node to use.
 	Networking string
-	// Topology is the network topology to use. Defaults to "public".
+	// Topology is the network topology to use. Defaults to "public" for IPv4 clusters and "private" for IPv6 clusters.
 	Topology string
 	// DNSType is the DNS type to use; "public" or "private". Defaults to "public".
 	DNSType string
@ -166,7 +166,6 @@ func (o *NewClusterOptions) InitDefaults() {
 	o.Authorization = AuthorizationFlagRBAC
 	o.AdminAccess = []string{"0.0.0.0/0", "::/0"}
 	o.Networking = "cilium"
-	o.Topology = api.TopologyPublic
 	o.InstanceManager = "cloudgroups"
 }

@ -1124,8 +1123,16 @@ func setupNetworking(opt *NewClusterOptions, cluster *api.Cluster) error {
 func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.String) ([]*api.InstanceGroup, error) {
 	var bastions []*api.InstanceGroup

+	if opt.Topology == "" {
+		if opt.IPv6 {
+			opt.Topology = kopsapi.TopologyPrivate
+		} else {
+			opt.Topology = kopsapi.TopologyPublic
+		}
+	}
+
 	switch opt.Topology {
-	case api.TopologyPublic, "":
+	case api.TopologyPublic:
 		cluster.Spec.Topology = &api.TopologySpec{
 			ControlPlane: api.TopologyPublic,
 			Nodes:        api.TopologyPublic,