From d4eccb2688782da912c5c18a7fa28d14e9cf5afd Mon Sep 17 00:00:00 2001 From: alok87 Date: Thu, 1 Dec 2016 09:56:45 +0530 Subject: [PATCH] Made bastion as part of TopologySpec --- cmd/kops/create_cluster.go | 30 +++++++++++++------- pkg/apis/kops/cluster.go | 11 ++----- pkg/apis/kops/topology.go | 7 +++++ pkg/apis/kops/validation.go | 4 +-- upup/pkg/fi/cloudup/populate_cluster_spec.go | 4 +-- upup/pkg/fi/cloudup/populatecluster_test.go | 10 +++---- upup/pkg/fi/cloudup/template_functions.go | 4 +-- 7 files changed, 39 insertions(+), 31 deletions(-) diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index c45568e932..10071aa610 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -386,28 +386,36 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io // Network Topology switch c.Topology { case api.TopologyPublic: - cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic} - cluster.Spec.Bastion = &api.BastionSpec{Enable: c.Bastion} + cluster.Spec.Topology = &api.TopologySpec{ + Masters: api.TopologyPublic, + Nodes: api.TopologyPublic, + Bastion: &api.BastionSpec{Enable: c.Bastion}, + } case api.TopologyPrivate: if !supportsPrivateTopology(cluster.Spec.Networking) { return fmt.Errorf("Invalid networking option %s. Currently only '--networking cni', '--networking kopeio-vxlan', '--networking weave' are supported for private topologies", c.Networking) } - cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPrivate, Nodes: api.TopologyPrivate} - if cmd.Flags().Changed("Bastion") { - cluster.Spec.Bastion = &api.BastionSpec{Enable: c.Bastion} - } else { - cluster.Spec.Bastion = &api.BastionSpec{Enable: true} + cluster.Spec.Topology = &api.TopologySpec{ + Masters: api.TopologyPrivate, + Nodes: api.TopologyPrivate, } + if cmd.Flags().Changed("Bastion") { + cluster.Spec.Topology.Bastion = &api.BastionSpec{Enable: c.Bastion} + } else { + cluster.Spec.Topology.Bastion = &api.BastionSpec{Enable: true} + } + cluster.Spec.Topology.Bastion.MachineType = cloudup.DefaultBastionMachineType(cluster) case "": glog.Warningf("Empty topology. Defaulting to public topology without bastion") - cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic} - cluster.Spec.Bastion = &api.BastionSpec{Enable: false} + cluster.Spec.Topology = &api.TopologySpec{ + Masters: api.TopologyPublic, + Nodes: api.TopologyPublic, + Bastion: &api.BastionSpec{Enable: false}, + } default: return fmt.Errorf("Invalid topology %s.", c.Topology) } - cluster.Spec.Bastion.MachineType = cloudup.DefaultBastionMachineType(cluster) - sshPublicKeys := make(map[string][]byte) if c.SSHPublicKey != "" { c.SSHPublicKey = utils.ExpandPath(c.SSHPublicKey) diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index d9d87511ed..ca48461be2 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -83,13 +83,6 @@ type ClusterSpec struct { // to port out to GCE later if needed Topology *TopologySpec `json:"topology,omitempty"` - // Bastion provide an external facing point of entry into a network - // containing private network instances. This host can provide a single - // point of fortification or audit and can be started and stopped to enable - // or disable inbound SSH communication from the Internet, some call bastion - // as the "jump server". - Bastion *BastionSpec `json:"bastion,omitempty"` - // SecretStore is the VFS path to where secrets are stored SecretStore string `json:"secretStore,omitempty"` // KeyStore is the VFS path to where SSL keys and certificates are stored @@ -556,8 +549,8 @@ func (c *Cluster) IsTopologyPrivateMasters() bool { } func (c *Cluster) GetBastionMachineType() string { - return c.Spec.Bastion.MachineType + return c.Spec.Topology.Bastion.MachineType } func (c *Cluster) GetBastionPublicName() string { - return c.Spec.Bastion.PublicName + return c.Spec.Topology.Bastion.PublicName } diff --git a/pkg/apis/kops/topology.go b/pkg/apis/kops/topology.go index 36b27bd3c4..b918b6c21c 100644 --- a/pkg/apis/kops/topology.go +++ b/pkg/apis/kops/topology.go @@ -27,4 +27,11 @@ type TopologySpec struct { // The environment to launch the Kubernetes nodes in public|private Nodes string `json:"nodes,omitempty"` + + // Bastion provide an external facing point of entry into a network + // containing private network instances. This host can provide a single + // point of fortification or audit and can be started and stopped to enable + // or disable inbound SSH communication from the Internet, some call bastion + // as the "jump server". + Bastion *BastionSpec `json:"bastion,omitempty"` } diff --git a/pkg/apis/kops/validation.go b/pkg/apis/kops/validation.go index 8143e5fe17..761859e816 100644 --- a/pkg/apis/kops/validation.go +++ b/pkg/apis/kops/validation.go @@ -320,11 +320,11 @@ func (c *Cluster) Validate(strict bool) error { } // Bastion - if c.Spec.Bastion.Enable { + if c.Spec.Topology.Bastion.Enable { if c.Spec.Topology.Masters == TopologyPublic || c.Spec.Topology.Nodes == TopologyPublic { return fmt.Errorf("Bastion supports only Private Masters and Nodes") } - if c.Spec.Bastion.MachineType == "" { + if c.Spec.Topology.Bastion.MachineType == "" { return fmt.Errorf("Bastion MachineType can not be empty") } } diff --git a/upup/pkg/fi/cloudup/populate_cluster_spec.go b/upup/pkg/fi/cloudup/populate_cluster_spec.go index 4f4addb349..ea980d5c86 100644 --- a/upup/pkg/fi/cloudup/populate_cluster_spec.go +++ b/upup/pkg/fi/cloudup/populate_cluster_spec.go @@ -220,7 +220,7 @@ func (c *populateClusterSpec) run() error { // We want topology to pass through // Otherwise we were losing the pointer cluster.Spec.Topology = c.InputCluster.Spec.Topology - cluster.Spec.Bastion = c.InputCluster.Spec.Bastion + cluster.Spec.Topology.Bastion = c.InputCluster.Spec.Topology.Bastion if cluster.Spec.DNSZone == "" { dns, err := cloud.DNS() @@ -261,7 +261,7 @@ func (c *populateClusterSpec) run() error { } completed.Topology = c.InputCluster.Spec.Topology - completed.Bastion = c.InputCluster.Spec.Bastion + completed.Topology.Bastion = c.InputCluster.Spec.Topology.Bastion fullCluster := &api.Cluster{} *fullCluster = *cluster diff --git a/upup/pkg/fi/cloudup/populatecluster_test.go b/upup/pkg/fi/cloudup/populatecluster_test.go index d28bb04cba..209ce36da1 100644 --- a/upup/pkg/fi/cloudup/populatecluster_test.go +++ b/upup/pkg/fi/cloudup/populatecluster_test.go @@ -40,7 +40,7 @@ func buildMinimalCluster() *api.Cluster { Masters: api.TopologyPublic, Nodes: api.TopologyPublic, } - c.Spec.Bastion = &api.BastionSpec{ + c.Spec.Topology.Bastion = &api.BastionSpec{ Enable: false, } c.Spec.NetworkCIDR = "172.20.0.0/16" @@ -48,7 +48,7 @@ func buildMinimalCluster() *api.Cluster { c.Spec.CloudProvider = "aws" // Default bastion - c.Spec.Bastion = &api.BastionSpec{ + c.Spec.Topology.Bastion = &api.BastionSpec{ Enable: false, } @@ -323,7 +323,7 @@ func TestPopulateCluster_BastionInvalidMatchingValues_Required(t *testing.T) { c := buildMinimalCluster() c.Spec.Topology.Masters = api.TopologyPublic c.Spec.Topology.Nodes = api.TopologyPublic - c.Spec.Bastion.Enable = true + c.Spec.Topology.Bastion.Enable = true expectErrorFromPopulateCluster(t, c, "Bastion") } @@ -331,8 +331,8 @@ func TestPopulateCluster_BastionMachineTypeInvalidNil_Required(t *testing.T) { c := buildMinimalCluster() c.Spec.Topology.Masters = api.TopologyPrivate c.Spec.Topology.Nodes = api.TopologyPrivate - c.Spec.Bastion.Enable = true - c.Spec.Bastion.MachineType = "" + c.Spec.Topology.Bastion.Enable = true + c.Spec.Topology.Bastion.MachineType = "" expectErrorFromPopulateCluster(t, c, "Bastion") } diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index 39d19a7cca..a66d2009cc 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -187,11 +187,11 @@ func (tf *TemplateFunctions) IsTopologyPrivateMasters() bool { } func (tf *TemplateFunctions) WithBastion() bool { - return tf.cluster.Spec.Bastion.Enable + return tf.cluster.Spec.Topology.Bastion.Enable } func (tf *TemplateFunctions) IsBastionDNS() bool { - if tf.cluster.Spec.Bastion.PublicName != "" { + if tf.cluster.Spec.Topology.Bastion.PublicName != "" { return false } else { return true