Merge pull request #8573 from justinsb/fix_2881_option_2

Don't try to configure a bastion DNS name in gossip mode
2020-02-23 20:40:47 -08:00 · 2020-02-23 20:40:47 -08:00 · 92a8c1b0ed
parent a264f1d4d7 1e69835693
commit 92a8c1b0ed
2 changed files with 17 additions and 3 deletions
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -1144,10 +1144,11 @@ func RunCreateCluster(f *util.Factory, out io.Writer, c *CreateClusterOptions) e
 			bastionGroup.Spec.Image = c.Image
 			instanceGroups = append(instanceGroups, bastionGroup)

-			cluster.Spec.Topology.Bastion = &api.BastionSpec{
-				BastionPublicName: "bastion." + clusterName,
+			if !dns.IsGossipHostname(clusterName) {
+				cluster.Spec.Topology.Bastion = &api.BastionSpec{
+					BastionPublicName: "bastion." + clusterName,
+				}
 			}
-
 		}

 	default:
--- a/docs/bastion.md
+++ b/docs/bastion.md
@ -73,6 +73,19 @@ spec:
      bastionPublicName: bastion.mycluster.example.com
 ```

+### Access when using gossip (k8s.local)
+
+When using gossip mode, there is no DNS zone where we can configure a
+CNAME for the bastion.  Because bastions are fronted with a load
+balancer, you can instead use the endpoint of the load balancer to
+reach your bastion.
+
+On AWS, an easy way to find this DNS name is with kops toolbox:
+
+```
+kops toolbox dump -ojson | grep 'bastion.*elb.amazonaws.com'
+```
+
 ### Using SSH agent to access your bastion

 Verify your local agent is configured correctly