kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Made bastion as part of TopologySpec

This commit is contained in:
alok87 2016-12-01 09:56:45 +05:30
parent c9751b66a9
commit d4eccb2688
7 changed files with 39 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/kops/create_cluster.go
View File

@ -386,28 +386,36 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io
// Network Topology // Network Topology
switch c.Topology { switch c.Topology {
case api.TopologyPublic: case api.TopologyPublic:
cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic} cluster.Spec.Topology = &api.TopologySpec{
cluster.Spec.Bastion = &api.BastionSpec{Enable: c.Bastion} Masters: api.TopologyPublic,
Nodes: api.TopologyPublic,
Bastion: &api.BastionSpec{Enable: c.Bastion},
}
case api.TopologyPrivate: case api.TopologyPrivate:
if !supportsPrivateTopology(cluster.Spec.Networking) { if !supportsPrivateTopology(cluster.Spec.Networking) {
return fmt.Errorf("Invalid networking option %s. Currently only '--networking cni', '--networking kopeio-vxlan', '--networking weave' are supported for private topologies", c.Networking) return fmt.Errorf("Invalid networking option %s. Currently only '--networking cni', '--networking kopeio-vxlan', '--networking weave' are supported for private topologies", c.Networking)
} }
cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPrivate, Nodes: api.TopologyPrivate} cluster.Spec.Topology = &api.TopologySpec{
if cmd.Flags().Changed("Bastion") { Masters: api.TopologyPrivate,
cluster.Spec.Bastion = &api.BastionSpec{Enable: c.Bastion} Nodes: api.TopologyPrivate,
} else {
cluster.Spec.Bastion = &api.BastionSpec{Enable: true}
} }
if cmd.Flags().Changed("Bastion") {
cluster.Spec.Topology.Bastion = &api.BastionSpec{Enable: c.Bastion}
} else {
cluster.Spec.Topology.Bastion = &api.BastionSpec{Enable: true}
}
cluster.Spec.Topology.Bastion.MachineType = cloudup.DefaultBastionMachineType(cluster)
case "": case "":
glog.Warningf("Empty topology. Defaulting to public topology without bastion") glog.Warningf("Empty topology. Defaulting to public topology without bastion")
cluster.Spec.Topology = &api.TopologySpec{Masters: api.TopologyPublic, Nodes: api.TopologyPublic} cluster.Spec.Topology = &api.TopologySpec{
cluster.Spec.Bastion = &api.BastionSpec{Enable: false} Masters: api.TopologyPublic,
Nodes: api.TopologyPublic,
Bastion: &api.BastionSpec{Enable: false},
}
default: default:
return fmt.Errorf("Invalid topology %s.", c.Topology) return fmt.Errorf("Invalid topology %s.", c.Topology)
} }
cluster.Spec.Bastion.MachineType = cloudup.DefaultBastionMachineType(cluster)
sshPublicKeys := make(map[string][]byte) sshPublicKeys := make(map[string][]byte)
if c.SSHPublicKey != "" { if c.SSHPublicKey != "" {
c.SSHPublicKey = utils.ExpandPath(c.SSHPublicKey) c.SSHPublicKey = utils.ExpandPath(c.SSHPublicKey)

11
pkg/apis/kops/cluster.go
View File

@ -83,13 +83,6 @@ type ClusterSpec struct {
// to port out to GCE later if needed // to port out to GCE later if needed
Topology *TopologySpec `json:"topology,omitempty"` Topology *TopologySpec `json:"topology,omitempty"`
// Bastion provide an external facing point of entry into a network
// containing private network instances. This host can provide a single
// point of fortification or audit and can be started and stopped to enable
// or disable inbound SSH communication from the Internet, some call bastion
// as the "jump server".
Bastion *BastionSpec `json:"bastion,omitempty"`
// SecretStore is the VFS path to where secrets are stored // SecretStore is the VFS path to where secrets are stored
SecretStore string `json:"secretStore,omitempty"` SecretStore string `json:"secretStore,omitempty"`
// KeyStore is the VFS path to where SSL keys and certificates are stored // KeyStore is the VFS path to where SSL keys and certificates are stored
@ -556,8 +549,8 @@ func (c *Cluster) IsTopologyPrivateMasters() bool {
} }
func (c *Cluster) GetBastionMachineType() string { func (c *Cluster) GetBastionMachineType() string {
return c.Spec.Bastion.MachineType return c.Spec.Topology.Bastion.MachineType
} }
func (c *Cluster) GetBastionPublicName() string { func (c *Cluster) GetBastionPublicName() string {
return c.Spec.Bastion.PublicName return c.Spec.Topology.Bastion.PublicName
} }

7
pkg/apis/kops/topology.go
View File

@ -27,4 +27,11 @@ type TopologySpec struct {
// The environment to launch the Kubernetes nodes in public|private // The environment to launch the Kubernetes nodes in public|private
Nodes string `json:"nodes,omitempty"` Nodes string `json:"nodes,omitempty"`
// Bastion provide an external facing point of entry into a network
// containing private network instances. This host can provide a single
// point of fortification or audit and can be started and stopped to enable
// or disable inbound SSH communication from the Internet, some call bastion
// as the "jump server".
Bastion *BastionSpec `json:"bastion,omitempty"`
} }

4
pkg/apis/kops/validation.go
View File

@ -320,11 +320,11 @@ func (c *Cluster) Validate(strict bool) error {
} }
// Bastion // Bastion
if c.Spec.Bastion.Enable { if c.Spec.Topology.Bastion.Enable {
if c.Spec.Topology.Masters == TopologyPublic || c.Spec.Topology.Nodes == TopologyPublic { if c.Spec.Topology.Masters == TopologyPublic || c.Spec.Topology.Nodes == TopologyPublic {
return fmt.Errorf("Bastion supports only Private Masters and Nodes") return fmt.Errorf("Bastion supports only Private Masters and Nodes")
} }
if c.Spec.Bastion.MachineType == "" { if c.Spec.Topology.Bastion.MachineType == "" {
return fmt.Errorf("Bastion MachineType can not be empty") return fmt.Errorf("Bastion MachineType can not be empty")
} }
} }

4
upup/pkg/fi/cloudup/populate_cluster_spec.go
View File

@ -220,7 +220,7 @@ func (c *populateClusterSpec) run() error {
// We want topology to pass through // We want topology to pass through
// Otherwise we were losing the pointer // Otherwise we were losing the pointer
cluster.Spec.Topology = c.InputCluster.Spec.Topology cluster.Spec.Topology = c.InputCluster.Spec.Topology
cluster.Spec.Bastion = c.InputCluster.Spec.Bastion cluster.Spec.Topology.Bastion = c.InputCluster.Spec.Topology.Bastion
if cluster.Spec.DNSZone == "" { if cluster.Spec.DNSZone == "" {
dns, err := cloud.DNS() dns, err := cloud.DNS()
@ -261,7 +261,7 @@ func (c *populateClusterSpec) run() error {
} }
completed.Topology = c.InputCluster.Spec.Topology completed.Topology = c.InputCluster.Spec.Topology
completed.Bastion = c.InputCluster.Spec.Bastion completed.Topology.Bastion = c.InputCluster.Spec.Topology.Bastion
fullCluster := &api.Cluster{} fullCluster := &api.Cluster{}
*fullCluster = *cluster *fullCluster = *cluster

10
upup/pkg/fi/cloudup/populatecluster_test.go
View File

@ -40,7 +40,7 @@ func buildMinimalCluster() *api.Cluster {
Masters: api.TopologyPublic, Masters: api.TopologyPublic,
Nodes: api.TopologyPublic, Nodes: api.TopologyPublic,
} }
c.Spec.Bastion = &api.BastionSpec{ c.Spec.Topology.Bastion = &api.BastionSpec{
Enable: false, Enable: false,
} }
c.Spec.NetworkCIDR = "172.20.0.0/16" c.Spec.NetworkCIDR = "172.20.0.0/16"
@ -48,7 +48,7 @@ func buildMinimalCluster() *api.Cluster {
c.Spec.CloudProvider = "aws" c.Spec.CloudProvider = "aws"
// Default bastion // Default bastion
c.Spec.Bastion = &api.BastionSpec{ c.Spec.Topology.Bastion = &api.BastionSpec{
Enable: false, Enable: false,
} }
@ -323,7 +323,7 @@ func TestPopulateCluster_BastionInvalidMatchingValues_Required(t *testing.T) {
c := buildMinimalCluster() c := buildMinimalCluster()
c.Spec.Topology.Masters = api.TopologyPublic c.Spec.Topology.Masters = api.TopologyPublic
c.Spec.Topology.Nodes = api.TopologyPublic c.Spec.Topology.Nodes = api.TopologyPublic
c.Spec.Bastion.Enable = true c.Spec.Topology.Bastion.Enable = true
expectErrorFromPopulateCluster(t, c, "Bastion") expectErrorFromPopulateCluster(t, c, "Bastion")
} }
@ -331,8 +331,8 @@ func TestPopulateCluster_BastionMachineTypeInvalidNil_Required(t *testing.T) {
c := buildMinimalCluster() c := buildMinimalCluster()
c.Spec.Topology.Masters = api.TopologyPrivate c.Spec.Topology.Masters = api.TopologyPrivate
c.Spec.Topology.Nodes = api.TopologyPrivate c.Spec.Topology.Nodes = api.TopologyPrivate
c.Spec.Bastion.Enable = true c.Spec.Topology.Bastion.Enable = true
c.Spec.Bastion.MachineType = "" c.Spec.Topology.Bastion.MachineType = ""
expectErrorFromPopulateCluster(t, c, "Bastion") expectErrorFromPopulateCluster(t, c, "Bastion")
} }

4
upup/pkg/fi/cloudup/template_functions.go
View File

@ -187,11 +187,11 @@ func (tf *TemplateFunctions) IsTopologyPrivateMasters() bool {
} }
func (tf *TemplateFunctions) WithBastion() bool { func (tf *TemplateFunctions) WithBastion() bool {
return tf.cluster.Spec.Bastion.Enable return tf.cluster.Spec.Topology.Bastion.Enable
} }
func (tf *TemplateFunctions) IsBastionDNS() bool { func (tf *TemplateFunctions) IsBastionDNS() bool {
if tf.cluster.Spec.Bastion.PublicName != "" { if tf.cluster.Spec.Topology.Bastion.PublicName != "" {
return false return false
} else { } else {
return true return true