Add api-loadbalancer option to force public or internal loadbalancer for the masters

2017-05-12 14:00:29 -04:00 · 2017-05-12 14:00:29 -04:00 · bb30f51fc4
parent dbe83193cf
commit bb30f51fc4
2 changed files with 29 additions and 8 deletions
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -99,6 +99,9 @@ type CreateClusterOptions struct {
 	MasterTenancy string
 	NodeTenancy   string

+	// Specify API loadbalancer as public or internal
+	APILoadbalancer string
+
 	// vSphere options
 	VSphereServer        string
 	VSphereDatacenter    string
@ -270,6 +273,8 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.Flags().StringVar(&options.MasterTenancy, "master-tenancy", options.MasterTenancy, "The tenancy of the master group on AWS. Can either be default or dedicated.")
 	cmd.Flags().StringVar(&options.NodeTenancy, "node-tenancy", options.NodeTenancy, "The tenancy of the node group on AWS. Can be either default or dedicated.")

+	cmd.Flags().StringVar(&options.APILoadbalancer, "api-loadbalancer", options.APILoadbalancer, "Sets the API loadbalancer to either 'public' or 'internal'")
+
 	if featureflag.VSphereCloudProvider.Enabled() {
 		// vSphere flags
 		cmd.Flags().StringVar(&options.VSphereServer, "vsphere-server", options.VSphereServer, "vsphere-server is required for vSphere. Set vCenter URL Ex: 10.192.10.30 or myvcenter.io (without https://)")
@ -766,19 +771,34 @@ func RunCreateCluster(f *util.Factory, out io.Writer, c *CreateClusterOptions) e
 		cluster.Spec.API = &api.AccessSpec{}
 	}
 	if cluster.Spec.API.IsEmpty() {
-		switch cluster.Spec.Topology.Masters {
-		case api.TopologyPublic:
-			cluster.Spec.API.DNS = &api.DNSAccessSpec{}
-
-		case api.TopologyPrivate:
+		if c.APILoadbalancer != "" {
 			cluster.Spec.API.LoadBalancer = &api.LoadBalancerAccessSpec{}
+		} else {
+			switch cluster.Spec.Topology.Masters {
+			case api.TopologyPublic:
+				cluster.Spec.API.DNS = &api.DNSAccessSpec{}

-		default:
-			return fmt.Errorf("unknown master topology type: %q", cluster.Spec.Topology.Masters)
+			case api.TopologyPrivate:
+				cluster.Spec.API.LoadBalancer = &api.LoadBalancerAccessSpec{}
+
+			default:
+				return fmt.Errorf("unknown master topology type: %q", cluster.Spec.Topology.Masters)
+			}
 		}
 	}
 	if cluster.Spec.API.LoadBalancer != nil && cluster.Spec.API.LoadBalancer.Type == "" {
-		cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypePublic
+		if c.APILoadbalancer == "" {
+			cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypePublic
+		} else {
+			switch c.APILoadbalancer {
+			case "public":
+				cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypePublic
+			case "internal":
+				cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypeInternal
+			default:
+				return fmt.Errorf("unkown api-loadbalancer type: %q", c.APILoadbalancer)
+			}
+		}
 	}

 	sshPublicKeys := make(map[string][]byte)
--- a/docs/cli/kops_create_cluster.md
+++ b/docs/cli/kops_create_cluster.md
@ -59,6 +59,7 @@ kops create cluster

 ```
      --admin-access stringSlice             Restrict access to admin endpoints (SSH, HTTPS) to this CIDR.  If not set, access will not be restricted by IP. (default [0.0.0.0/0])
+      --api-loadbalancer string              Sets the API loadbalancer to either 'public' or 'internal'
      --associate-public-ip                  Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'.
      --authorization string                 Authorization mode to use: AlwaysAllow or RBAC (default "AlwaysAllow")
      --bastion                              Pass the --bastion flag to enable a bastion instance group. Only applies to private topology.