kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4748 from justinsb/internal_elb 

Don't use ELB DNS name for internal ELBs
This commit is contained in:
k8s-ci-robot 2018-03-21 17:54:02 -07:00 committed by GitHub
parent bc56319d35 45bc6a559d
commit 55880a4db2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/kubeconfig/create_kubecfg.go
View File

@ -35,9 +35,26 @@ func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.Se
}
server := "https://" + master
topology := cluster.Spec.Topology
if dns.IsGossipHostname(master) || topology.DNS.Type == kops.DNSTypePrivate {
// We use the LoadBalancer where we know the master DNS name is otherwise unreachable
useELBName := false
// If the master DNS is a gossip DNS name; there's no way that name can resolve outside the cluster
if dns.IsGossipHostname(master) {
useELBName = true
}
// If the DNS is set up as a private HostedZone, but here we have to be
// careful that we aren't accessing the API over DirectConnect (or a VPN).
// We differentiate using the heuristic that if we have an internal ELB
// we are likely connected directly to the VPC.
privateDNS := cluster.Spec.Topology != nil && cluster.Spec.Topology.DNS.Type == kops.DNSTypePrivate
internalELB := cluster.Spec.API != nil && cluster.Spec.API.LoadBalancer != nil && cluster.Spec.API.LoadBalancer.Type == kops.LoadBalancerTypeInternal
if privateDNS && !internalELB {
useELBName = true
}
if useELBName {
ingresses, err := status.GetApiIngressStatus(cluster)
if err != nil {
return nil, fmt.Errorf("error getting ingress status: %v", err)