From bb30f51fc4da805e088861c8b0572f3af270f1d0 Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Fri, 12 May 2017 14:00:29 -0400 Subject: [PATCH] Add api-loadbalancer option to force public or internal loadbalancer for the masters --- cmd/kops/create_cluster.go | 36 +++++++++++++++++++++++++-------- docs/cli/kops_create_cluster.md | 1 + 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index c2c8b08cac..c5b256a60a 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -99,6 +99,9 @@ type CreateClusterOptions struct { MasterTenancy string NodeTenancy string + // Specify API loadbalancer as public or internal + APILoadbalancer string + // vSphere options VSphereServer string VSphereDatacenter string @@ -270,6 +273,8 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command { cmd.Flags().StringVar(&options.MasterTenancy, "master-tenancy", options.MasterTenancy, "The tenancy of the master group on AWS. Can either be default or dedicated.") cmd.Flags().StringVar(&options.NodeTenancy, "node-tenancy", options.NodeTenancy, "The tenancy of the node group on AWS. Can be either default or dedicated.") + cmd.Flags().StringVar(&options.APILoadbalancer, "api-loadbalancer", options.APILoadbalancer, "Sets the API loadbalancer to either 'public' or 'internal'") + if featureflag.VSphereCloudProvider.Enabled() { // vSphere flags cmd.Flags().StringVar(&options.VSphereServer, "vsphere-server", options.VSphereServer, "vsphere-server is required for vSphere. Set vCenter URL Ex: 10.192.10.30 or myvcenter.io (without https://)") @@ -766,19 +771,34 @@ func RunCreateCluster(f *util.Factory, out io.Writer, c *CreateClusterOptions) e cluster.Spec.API = &api.AccessSpec{} } if cluster.Spec.API.IsEmpty() { - switch cluster.Spec.Topology.Masters { - case api.TopologyPublic: - cluster.Spec.API.DNS = &api.DNSAccessSpec{} - - case api.TopologyPrivate: + if c.APILoadbalancer != "" { cluster.Spec.API.LoadBalancer = &api.LoadBalancerAccessSpec{} + } else { + switch cluster.Spec.Topology.Masters { + case api.TopologyPublic: + cluster.Spec.API.DNS = &api.DNSAccessSpec{} - default: - return fmt.Errorf("unknown master topology type: %q", cluster.Spec.Topology.Masters) + case api.TopologyPrivate: + cluster.Spec.API.LoadBalancer = &api.LoadBalancerAccessSpec{} + + default: + return fmt.Errorf("unknown master topology type: %q", cluster.Spec.Topology.Masters) + } } } if cluster.Spec.API.LoadBalancer != nil && cluster.Spec.API.LoadBalancer.Type == "" { - cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypePublic + if c.APILoadbalancer == "" { + cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypePublic + } else { + switch c.APILoadbalancer { + case "public": + cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypePublic + case "internal": + cluster.Spec.API.LoadBalancer.Type = api.LoadBalancerTypeInternal + default: + return fmt.Errorf("unkown api-loadbalancer type: %q", c.APILoadbalancer) + } + } } sshPublicKeys := make(map[string][]byte) diff --git a/docs/cli/kops_create_cluster.md b/docs/cli/kops_create_cluster.md index 28a90d0c99..dd44920011 100644 --- a/docs/cli/kops_create_cluster.md +++ b/docs/cli/kops_create_cluster.md @@ -59,6 +59,7 @@ kops create cluster ``` --admin-access stringSlice Restrict access to admin endpoints (SSH, HTTPS) to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0]) + --api-loadbalancer string Sets the API loadbalancer to either 'public' or 'internal' --associate-public-ip Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'. --authorization string Authorization mode to use: AlwaysAllow or RBAC (default "AlwaysAllow") --bastion Pass the --bastion flag to enable a bastion instance group. Only applies to private topology.