Merge pull request #14498 from johngmyers/topology-apiv5

Update TopologySpec for v1alpha3 API
2022-11-06 12:12:16 -08:00 · 2022-11-06 12:12:16 -08:00 · f8fe433b4c
parent f982934ae2 64be690211
commit f8fe433b4c
49 changed files with 171 additions and 317 deletions
--- a/examples/kops-api-example/up.go
+++ b/examples/kops-api-example/up.go
@ -42,7 +42,7 @@ func up(ctx context.Context) error {
 		ConfigBase: registryBase.Join(cluster.ObjectMeta.Name).Path(),
 		Topology:   &api.TopologySpec{},
 	}
-	cluster.Spec.Topology.Masters = api.TopologyPublic
+	cluster.Spec.Topology.ControlPlane = api.TopologyPublic
 	cluster.Spec.Topology.Nodes = api.TopologyPublic

 	for _, z := range nodeZones {
--- a/nodeup/pkg/model/kube_apiserver.go
+++ b/nodeup/pkg/model/kube_apiserver.go
@ -398,7 +398,7 @@ func (b *KubeAPIServerBuilder) writeServerCertificate(c *fi.ModelBuilderContext,
 			}
 		}
 		if b.CloudProvider == kops.CloudProviderOpenstack {
-			if b.Cluster.Spec.Topology != nil && b.Cluster.Spec.Topology.Masters == kops.TopologyPrivate {
+			if b.Cluster.Spec.Topology != nil && b.Cluster.Spec.Topology.ControlPlane == kops.TopologyPrivate {
 				instanceAddress, err := getInstanceAddress()
 				if err != nil {
 					return err
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@ -786,8 +786,7 @@ func (t *TerraformSpec) IsEmpty() bool {
 func (c *Cluster) FillDefaults() error {
 	// Topology support
 	if c.Spec.Topology == nil {
-		c.Spec.Topology = &TopologySpec{Masters: TopologyPublic, Nodes: TopologyPublic}
-		c.Spec.Topology.DNS = &DNSSpec{Type: DNSTypePublic}
+		c.Spec.Topology = &TopologySpec{ControlPlane: TopologyPublic, Nodes: TopologyPublic, DNS: DNSTypePublic}
 	}

 	if c.Spec.Networking == nil {
@ -901,21 +900,21 @@ func (c *Cluster) IsGossip() bool {
 }

 func (c *Cluster) UsesPublicDNS() bool {
-	if c.Spec.Topology == nil || c.Spec.Topology.DNS == nil || c.Spec.Topology.DNS.Type == DNSTypePublic {
+	if c.Spec.Topology == nil || c.Spec.Topology.DNS == "" || c.Spec.Topology.DNS == DNSTypePublic {
 		return true
 	}
 	return false
 }

 func (c *Cluster) UsesPrivateDNS() bool {
-	if c.Spec.Topology != nil && c.Spec.Topology.DNS != nil && c.Spec.Topology.DNS.Type == DNSTypePrivate {
+	if c.Spec.Topology != nil && c.Spec.Topology.DNS == DNSTypePrivate {
 		return true
 	}
 	return false
 }

 func (c *Cluster) UsesNoneDNS() bool {
-	if c.Spec.Topology != nil && c.Spec.Topology.DNS != nil && c.Spec.Topology.DNS.Type == DNSTypeNone {
+	if c.Spec.Topology != nil && c.Spec.Topology.DNS == DNSTypeNone {
 		return true
 	}
 	return false
--- a/pkg/apis/kops/topology.go
+++ b/pkg/apis/kops/topology.go
@ -33,25 +33,21 @@ var SupportedDnsTypes = []string{
 }

 type TopologySpec struct {
-	// The environment to launch the Kubernetes masters in public|private
-	Masters string `json:"masters,omitempty"`
+	// ControlPlane specifies the environment for launching the control plane nodes. (public, private)
+	ControlPlane string `json:"controlPlane,omitempty"`

-	// The environment to launch the Kubernetes nodes in public|private
+	// Nodes specifies the environment for launching the worker nodes. (public, private)
 	Nodes string `json:"nodes,omitempty"`

 	// Bastion provide an external facing point of entry into a network
 	// containing private network instances. This host can provide a single
 	// point of fortification or audit and can be started and stopped to enable
-	// or disable inbound SSH communication from the Internet, some call bastion
-	// as the "jump server".
+	// or disable inbound SSH communication from the Internet. Some call the bastion
+	// the "jump server".
 	Bastion *BastionSpec `json:"bastion,omitempty"`

-	// DNS configures options relating to DNS, in particular whether we use a public or a private hosted zone
-	DNS *DNSSpec `json:"dns,omitempty"`
-}
-
-type DNSSpec struct {
-	Type DNSType `json:"type,omitempty"`
+	// DNS specifies the environment for hosted DNS zones. (Public, Private, None)
+	DNS DNSType `json:"dns,omitempty"`
 }

 type DNSType string
--- a/pkg/apis/kops/v1alpha2/conversion.go
+++ b/pkg/apis/kops/v1alpha2/conversion.go
@ -185,3 +185,23 @@ func Convert_kops_ExternalDNSConfig_To_v1alpha2_ExternalDNSConfig(in *kops.Exter
 	}
 	return nil
 }
+
+func Convert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error {
+	if err := autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in, out, s); err != nil {
+		return err
+	}
+	if in.LegacyDNS != nil {
+		out.DNS = kops.DNSType(in.LegacyDNS.Type)
+	}
+	return nil
+}
+
+func Convert_kops_TopologySpec_To_v1alpha2_TopologySpec(in *kops.TopologySpec, out *TopologySpec, s conversion.Scope) error {
+	if err := autoConvert_kops_TopologySpec_To_v1alpha2_TopologySpec(in, out, s); err != nil {
+		return err
+	}
+	if in.DNS != "" {
+		out.LegacyDNS = &DNSSpec{Type: DNSType(in.DNS)}
+	}
+	return nil
+}
--- a/pkg/apis/kops/v1alpha2/defaults.go
+++ b/pkg/apis/kops/v1alpha2/defaults.go
@ -38,16 +38,16 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 		obj.Topology = &TopologySpec{}
 	}

-	rebindIfEmpty(&obj.Topology.Masters, TopologyPublic)
+	rebindIfEmpty(&obj.Topology.ControlPlane, TopologyPublic)

 	rebindIfEmpty(&obj.Topology.Nodes, TopologyPublic)

-	if obj.Topology.DNS == nil {
-		obj.Topology.DNS = &DNSSpec{}
+	if obj.Topology.LegacyDNS == nil {
+		obj.Topology.LegacyDNS = &DNSSpec{}
 	}

-	if obj.Topology.DNS.Type == "" {
-		obj.Topology.DNS.Type = DNSTypePublic
+	if obj.Topology.LegacyDNS.Type == "" {
+		obj.Topology.LegacyDNS.Type = DNSTypePublic
 	}

 	if obj.LegacyCloudProvider != "openstack" {
@ -56,7 +56,7 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 		}

 		if obj.API.IsEmpty() {
-			switch obj.Topology.Masters {
+			switch obj.Topology.ControlPlane {
 			case TopologyPublic:
 				obj.API.DNS = &DNSAccessSpec{}

@ -64,7 +64,7 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 				obj.API.LoadBalancer = &LoadBalancerAccessSpec{}

 			default:
-				klog.Infof("unknown master topology type: %q", obj.Topology.Masters)
+				klog.Infof("unknown master topology type: %q", obj.Topology.ControlPlane)
 			}
 		}

--- a/pkg/apis/kops/v1alpha2/topology.go
+++ b/pkg/apis/kops/v1alpha2/topology.go
@ -23,7 +23,7 @@ const (

 type TopologySpec struct {
 	// The environment to launch the Kubernetes masters in public|private
-	Masters string `json:"masters,omitempty"`
+	ControlPlane string `json:"masters,omitempty"`

 	// The environment to launch the Kubernetes nodes in public|private
 	Nodes string `json:"nodes,omitempty"`
@ -35,8 +35,11 @@ type TopologySpec struct {
 	// as the "jump server".
 	Bastion *BastionSpec `json:"bastion,omitempty"`

+	DNS DNSType `json:"-"`
+
 	// DNS configures options relating to DNS, in particular whether we use a public or a private hosted zone
-	DNS *DNSSpec `json:"dns,omitempty"`
+	// +k8s:conversion-gen=false
+	LegacyDNS *DNSSpec `json:"dns,omitempty"`
 }

 type DNSSpec struct {
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@ -354,16 +354,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*DNSSpec)(nil), (*kops.DNSSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha2_DNSSpec_To_kops_DNSSpec(a.(*DNSSpec), b.(*kops.DNSSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*kops.DNSSpec)(nil), (*DNSSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_kops_DNSSpec_To_v1alpha2_DNSSpec(a.(*kops.DNSSpec), b.(*DNSSpec), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*DockerConfig)(nil), (*kops.DockerConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha2_DockerConfig_To_kops_DockerConfig(a.(*DockerConfig), b.(*kops.DockerConfig), scope)
 	}); err != nil {
@ -1144,16 +1134,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*TopologySpec)(nil), (*kops.TopologySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha2_TopologySpec_To_kops_TopologySpec(a.(*TopologySpec), b.(*kops.TopologySpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*kops.TopologySpec)(nil), (*TopologySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_kops_TopologySpec_To_v1alpha2_TopologySpec(a.(*kops.TopologySpec), b.(*TopologySpec), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*UserData)(nil), (*kops.UserData)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha2_UserData_To_kops_UserData(a.(*UserData), b.(*kops.UserData), scope)
 	}); err != nil {
@ -1224,6 +1204,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*kops.TopologySpec)(nil), (*TopologySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kops_TopologySpec_To_v1alpha2_TopologySpec(a.(*kops.TopologySpec), b.(*TopologySpec), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*CanalNetworkingSpec)(nil), (*kops.CanalNetworkingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(a.(*CanalNetworkingSpec), b.(*kops.CanalNetworkingSpec), scope)
 	}); err != nil {
@ -1244,6 +1229,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*TopologySpec)(nil), (*kops.TopologySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha2_TopologySpec_To_kops_TopologySpec(a.(*TopologySpec), b.(*kops.TopologySpec), scope)
+	}); err != nil {
+		return err
+	}
 	return nil
 }

@ -3520,26 +3510,6 @@ func Convert_kops_DNSControllerGossipConfigSecondary_To_v1alpha2_DNSControllerGo
 	return autoConvert_kops_DNSControllerGossipConfigSecondary_To_v1alpha2_DNSControllerGossipConfigSecondary(in, out, s)
 }

-func autoConvert_v1alpha2_DNSSpec_To_kops_DNSSpec(in *DNSSpec, out *kops.DNSSpec, s conversion.Scope) error {
-	out.Type = kops.DNSType(in.Type)
-	return nil
-}
-
-// Convert_v1alpha2_DNSSpec_To_kops_DNSSpec is an autogenerated conversion function.
-func Convert_v1alpha2_DNSSpec_To_kops_DNSSpec(in *DNSSpec, out *kops.DNSSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha2_DNSSpec_To_kops_DNSSpec(in, out, s)
-}
-
-func autoConvert_kops_DNSSpec_To_v1alpha2_DNSSpec(in *kops.DNSSpec, out *DNSSpec, s conversion.Scope) error {
-	out.Type = DNSType(in.Type)
-	return nil
-}
-
-// Convert_kops_DNSSpec_To_v1alpha2_DNSSpec is an autogenerated conversion function.
-func Convert_kops_DNSSpec_To_v1alpha2_DNSSpec(in *kops.DNSSpec, out *DNSSpec, s conversion.Scope) error {
-	return autoConvert_kops_DNSSpec_To_v1alpha2_DNSSpec(in, out, s)
-}
-
 func autoConvert_v1alpha2_DockerConfig_To_kops_DockerConfig(in *DockerConfig, out *kops.DockerConfig, s conversion.Scope) error {
 	out.AuthorizationPlugins = in.AuthorizationPlugins
 	out.Bridge = in.Bridge
@ -7290,7 +7260,7 @@ func Convert_kops_TerraformSpec_To_v1alpha2_TerraformSpec(in *kops.TerraformSpec
 }

 func autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error {
-	out.Masters = in.Masters
+	out.ControlPlane = in.ControlPlane
 	out.Nodes = in.Nodes
 	if in.Bastion != nil {
 		in, out := &in.Bastion, &out.Bastion
@ -7301,25 +7271,13 @@ func autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, ou
 	} else {
 		out.Bastion = nil
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
-		*out = new(kops.DNSSpec)
-		if err := Convert_v1alpha2_DNSSpec_To_kops_DNSSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.DNS = nil
-	}
+	out.DNS = kops.DNSType(in.DNS)
+	// INFO: in.LegacyDNS opted out of conversion generation
 	return nil
 }

-// Convert_v1alpha2_TopologySpec_To_kops_TopologySpec is an autogenerated conversion function.
-func Convert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error {
-	return autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in, out, s)
-}
-
 func autoConvert_kops_TopologySpec_To_v1alpha2_TopologySpec(in *kops.TopologySpec, out *TopologySpec, s conversion.Scope) error {
-	out.Masters = in.Masters
+	out.ControlPlane = in.ControlPlane
 	out.Nodes = in.Nodes
 	if in.Bastion != nil {
 		in, out := &in.Bastion, &out.Bastion
@ -7330,23 +7288,10 @@ func autoConvert_kops_TopologySpec_To_v1alpha2_TopologySpec(in *kops.TopologySpe
 	} else {
 		out.Bastion = nil
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
-		*out = new(DNSSpec)
-		if err := Convert_kops_DNSSpec_To_v1alpha2_DNSSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.DNS = nil
-	}
+	out.DNS = DNSType(in.DNS)
 	return nil
 }

-// Convert_kops_TopologySpec_To_v1alpha2_TopologySpec is an autogenerated conversion function.
-func Convert_kops_TopologySpec_To_v1alpha2_TopologySpec(in *kops.TopologySpec, out *TopologySpec, s conversion.Scope) error {
-	return autoConvert_kops_TopologySpec_To_v1alpha2_TopologySpec(in, out, s)
-}
-
 func autoConvert_v1alpha2_UserData_To_kops_UserData(in *UserData, out *kops.UserData, s conversion.Scope) error {
 	out.Name = in.Name
 	out.Type = in.Type
--- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
@ -5290,8 +5290,8 @@ func (in *TopologySpec) DeepCopyInto(out *TopologySpec) {
 		*out = new(BastionSpec)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
+	if in.LegacyDNS != nil {
+		in, out := &in.LegacyDNS, &out.LegacyDNS
 		*out = new(DNSSpec)
 		**out = **in
 	}
--- a/pkg/apis/kops/v1alpha3/defaults.go
+++ b/pkg/apis/kops/v1alpha3/defaults.go
@ -38,16 +38,12 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 		obj.Topology = &TopologySpec{}
 	}

-	rebindIfEmpty(&obj.Topology.Masters, TopologyPublic)
+	rebindIfEmpty(&obj.Topology.ControlPlane, TopologyPublic)

 	rebindIfEmpty(&obj.Topology.Nodes, TopologyPublic)

-	if obj.Topology.DNS == nil {
-		obj.Topology.DNS = &DNSSpec{}
-	}
-
-	if obj.Topology.DNS.Type == "" {
-		obj.Topology.DNS.Type = DNSTypePublic
+	if obj.Topology.DNS == "" {
+		obj.Topology.DNS = DNSTypePublic
 	}

 	if obj.CloudProvider.Openstack == nil {
@ -56,7 +52,7 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 		}

 		if obj.API.IsEmpty() {
-			switch obj.Topology.Masters {
+			switch obj.Topology.ControlPlane {
 			case TopologyPublic:
 				obj.API.DNS = &DNSAccessSpec{}

@ -64,7 +60,7 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 				obj.API.LoadBalancer = &LoadBalancerAccessSpec{}

 			default:
-				klog.Infof("unknown master topology type: %q", obj.Topology.Masters)
+				klog.Infof("unknown controlPlane topology type: %q", obj.Topology.ControlPlane)
 			}
 		}

--- a/pkg/apis/kops/v1alpha3/topology.go
+++ b/pkg/apis/kops/v1alpha3/topology.go
@ -22,25 +22,21 @@ const (
 )

 type TopologySpec struct {
-	// The environment to launch the Kubernetes masters in public|private
-	Masters string `json:"masters,omitempty"`
+	// ControlPlane specifies the environment for launching the control plane nodes. (public, private)
+	ControlPlane string `json:"controlPlane,omitempty"`

-	// The environment to launch the Kubernetes nodes in public|private
+	// Nodes specifies the environment for launching the worker nodes. (public, private)
 	Nodes string `json:"nodes,omitempty"`

 	// Bastion provide an external facing point of entry into a network
 	// containing private network instances. This host can provide a single
 	// point of fortification or audit and can be started and stopped to enable
-	// or disable inbound SSH communication from the Internet, some call bastion
-	// as the "jump server".
+	// or disable inbound SSH communication from the Internet. Some call the bastion
+	// the "jump server".
 	Bastion *BastionSpec `json:"bastion,omitempty"`

-	// DNS configures options relating to DNS, in particular whether we use a public or a private hosted zone
-	DNS *DNSSpec `json:"dns,omitempty"`
-}
-
-type DNSSpec struct {
-	Type DNSType `json:"type,omitempty"`
+	// DNS specifies the environment for hosted DNS zones. (Public, Private, None)
+	DNS DNSType `json:"dns,omitempty"`
 }

 type DNSType string
@ -48,4 +44,5 @@ type DNSType string
 const (
 	DNSTypePublic  DNSType = "Public"
 	DNSTypePrivate DNSType = "Private"
+	DNSTypeNone    DNSType = "None"
 )
--- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
@ -394,16 +394,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*DNSSpec)(nil), (*kops.DNSSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha3_DNSSpec_To_kops_DNSSpec(a.(*DNSSpec), b.(*kops.DNSSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*kops.DNSSpec)(nil), (*DNSSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_kops_DNSSpec_To_v1alpha3_DNSSpec(a.(*kops.DNSSpec), b.(*DNSSpec), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*DOSpec)(nil), (*kops.DOSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha3_DOSpec_To_kops_DOSpec(a.(*DOSpec), b.(*kops.DOSpec), scope)
 	}); err != nil {
@ -3625,26 +3615,6 @@ func Convert_kops_DNSControllerGossipConfigSecondary_To_v1alpha3_DNSControllerGo
 	return autoConvert_kops_DNSControllerGossipConfigSecondary_To_v1alpha3_DNSControllerGossipConfigSecondary(in, out, s)
 }

-func autoConvert_v1alpha3_DNSSpec_To_kops_DNSSpec(in *DNSSpec, out *kops.DNSSpec, s conversion.Scope) error {
-	out.Type = kops.DNSType(in.Type)
-	return nil
-}
-
-// Convert_v1alpha3_DNSSpec_To_kops_DNSSpec is an autogenerated conversion function.
-func Convert_v1alpha3_DNSSpec_To_kops_DNSSpec(in *DNSSpec, out *kops.DNSSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha3_DNSSpec_To_kops_DNSSpec(in, out, s)
-}
-
-func autoConvert_kops_DNSSpec_To_v1alpha3_DNSSpec(in *kops.DNSSpec, out *DNSSpec, s conversion.Scope) error {
-	out.Type = DNSType(in.Type)
-	return nil
-}
-
-// Convert_kops_DNSSpec_To_v1alpha3_DNSSpec is an autogenerated conversion function.
-func Convert_kops_DNSSpec_To_v1alpha3_DNSSpec(in *kops.DNSSpec, out *DNSSpec, s conversion.Scope) error {
-	return autoConvert_kops_DNSSpec_To_v1alpha3_DNSSpec(in, out, s)
-}
-
 func autoConvert_v1alpha3_DOSpec_To_kops_DOSpec(in *DOSpec, out *kops.DOSpec, s conversion.Scope) error {
 	return nil
 }
@ -7312,7 +7282,7 @@ func Convert_kops_TerraformSpec_To_v1alpha3_TerraformSpec(in *kops.TerraformSpec
 }

 func autoConvert_v1alpha3_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error {
-	out.Masters = in.Masters
+	out.ControlPlane = in.ControlPlane
 	out.Nodes = in.Nodes
 	if in.Bastion != nil {
 		in, out := &in.Bastion, &out.Bastion
@ -7323,15 +7293,7 @@ func autoConvert_v1alpha3_TopologySpec_To_kops_TopologySpec(in *TopologySpec, ou
 	} else {
 		out.Bastion = nil
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
-		*out = new(kops.DNSSpec)
-		if err := Convert_v1alpha3_DNSSpec_To_kops_DNSSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.DNS = nil
-	}
+	out.DNS = kops.DNSType(in.DNS)
 	return nil
 }

@ -7341,7 +7303,7 @@ func Convert_v1alpha3_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *k
 }

 func autoConvert_kops_TopologySpec_To_v1alpha3_TopologySpec(in *kops.TopologySpec, out *TopologySpec, s conversion.Scope) error {
-	out.Masters = in.Masters
+	out.ControlPlane = in.ControlPlane
 	out.Nodes = in.Nodes
 	if in.Bastion != nil {
 		in, out := &in.Bastion, &out.Bastion
@ -7352,15 +7314,7 @@ func autoConvert_kops_TopologySpec_To_v1alpha3_TopologySpec(in *kops.TopologySpe
 	} else {
 		out.Bastion = nil
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
-		*out = new(DNSSpec)
-		if err := Convert_kops_DNSSpec_To_v1alpha3_DNSSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.DNS = nil
-	}
+	out.DNS = DNSType(in.DNS)
 	return nil
 }

--- a/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
@ -1537,22 +1537,6 @@ func (in *DNSControllerGossipConfigSecondary) DeepCopy() *DNSControllerGossipCon
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *DNSSpec) DeepCopyInto(out *DNSSpec) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSpec.
-func (in *DNSSpec) DeepCopy() *DNSSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(DNSSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DOSpec) DeepCopyInto(out *DOSpec) {
 	*out = *in
@ -5211,11 +5195,6 @@ func (in *TopologySpec) DeepCopyInto(out *TopologySpec) {
 		*out = new(BastionSpec)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
-		*out = new(DNSSpec)
-		**out = **in
-	}
 	return
 }

--- a/pkg/apis/kops/validation/openstack.go
+++ b/pkg/apis/kops/validation/openstack.go
@ -30,8 +30,8 @@ func openstackValidateCluster(c *kops.Cluster) (errList field.ErrorList) {
 		if topology == nil || topology.Nodes == kops.TopologyPublic {
 			errList = append(errList, field.Forbidden(field.NewPath("spec", "topology", "nodes"), "Public topology requires an external network"))
 		}
-		if topology == nil || topology.Masters == kops.TopologyPublic {
-			errList = append(errList, field.Forbidden(field.NewPath("spec", "topology", "masters"), "Public topology requires an external network"))
+		if topology == nil || topology.ControlPlane == kops.TopologyPublic {
+			errList = append(errList, field.Forbidden(field.NewPath("spec", "topology", "controlPlane"), "Public topology requires an external network"))
 		}
 	}
 	return errList
--- a/pkg/apis/kops/validation/openstack_test.go
+++ b/pkg/apis/kops/validation/openstack_test.go
@ -37,7 +37,7 @@ func Test_ValidateTopology(t *testing.T) {
 			},
 			ExpectedErrors: []string{
 				"Forbidden::spec.topology.nodes",
-				"Forbidden::spec.topology.masters",
+				"Forbidden::spec.topology.controlPlane",
 			},
 		},
 		{
@ -50,7 +50,7 @@ func Test_ValidateTopology(t *testing.T) {
 			},
 			ExpectedErrors: []string{
 				"Forbidden::spec.topology.nodes",
-				"Forbidden::spec.topology.masters",
+				"Forbidden::spec.topology.controlPlane",
 			},
 		},
 		{
@ -59,8 +59,8 @@ func Test_ValidateTopology(t *testing.T) {
 					Openstack: &kops.OpenstackSpec{},
 				},
 				Topology: &kops.TopologySpec{
-					Masters: kops.TopologyPrivate,
-					Nodes:   kops.TopologyPrivate,
+					ControlPlane: kops.TopologyPrivate,
+					Nodes:        kops.TopologyPrivate,
 				},
 			},
 			ExpectedErrors: []string{},
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@ -397,10 +397,10 @@ func validateIPv6CIDR(cidr string, fieldPath *field.Path) field.ErrorList {
 func validateTopology(c *kops.Cluster, topology *kops.TopologySpec, fieldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}

-	if topology.Masters == "" {
-		allErrs = append(allErrs, field.Required(fieldPath.Child("masters"), ""))
+	if topology.ControlPlane == "" {
+		allErrs = append(allErrs, field.Required(fieldPath.Child("controlPlane"), ""))
 	} else {
-		allErrs = append(allErrs, IsValidValue(fieldPath.Child("masters"), &topology.Masters, kops.SupportedTopologies)...)
+		allErrs = append(allErrs, IsValidValue(fieldPath.Child("controlPlane"), &topology.ControlPlane, kops.SupportedTopologies)...)
 	}

 	if topology.Nodes == "" {
@ -414,14 +414,14 @@ func validateTopology(c *kops.Cluster, topology *kops.TopologySpec, fieldPath *f
 	}

 	if topology.Bastion != nil {
-		if topology.Masters == kops.TopologyPublic || topology.Nodes == kops.TopologyPublic {
-			allErrs = append(allErrs, field.Forbidden(fieldPath.Child("bastion"), "bastion requires masters and nodes to have private topology"))
+		if topology.ControlPlane == kops.TopologyPublic || topology.Nodes == kops.TopologyPublic {
+			allErrs = append(allErrs, field.Forbidden(fieldPath.Child("bastion"), "bastion requires control plane and nodes to have private topology"))
 		}
 	}

-	if topology.DNS != nil {
+	if topology.DNS != "" {
 		cloud := c.Spec.GetCloudProvider()
-		value := string(topology.DNS.Type)
+		value := string(topology.DNS)
 		allErrs = append(allErrs, IsValidValue(fieldPath.Child("dns", "type"), &value, kops.SupportedDnsTypes)...)
 		if value == string(kops.DNSTypeNone) && cloud != kops.CloudProviderHetzner && cloud != kops.CloudProviderAWS {
 			allErrs = append(allErrs, field.Invalid(fieldPath.Child("dns", "type"), &value, fmt.Sprintf("not supported for %q", c.Spec.GetCloudProvider())))
--- a/pkg/apis/kops/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/zz_generated.deepcopy.go
@ -1657,22 +1657,6 @@ func (in *DNSControllerGossipConfigSecondary) DeepCopy() *DNSControllerGossipCon
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *DNSSpec) DeepCopyInto(out *DNSSpec) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSpec.
-func (in *DNSSpec) DeepCopy() *DNSSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(DNSSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DOSpec) DeepCopyInto(out *DOSpec) {
 	*out = *in
@ -5518,11 +5502,6 @@ func (in *TopologySpec) DeepCopyInto(out *TopologySpec) {
 		*out = new(BastionSpec)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.DNS != nil {
-		in, out := &in.DNS, &out.DNS
-		*out = new(DNSSpec)
-		**out = **in
-	}
 	return
 }

--- a/pkg/instancegroups/rollingupdate_os_test.go
+++ b/pkg/instancegroups/rollingupdate_os_test.go
@ -50,7 +50,7 @@ func getTestSetupOS(t *testing.T) (*RollingUpdateCluster, *openstack.MockCloud)
 	inCluster.Spec.CloudProvider.Openstack = &kopsapi.OpenstackSpec{}
 	inCluster.Name = "test.k8s.local"

-	inCluster.Spec.Topology.Masters = kopsapi.TopologyPrivate
+	inCluster.Spec.Topology.ControlPlane = kopsapi.TopologyPrivate
 	inCluster.Spec.Topology.Nodes = kopsapi.TopologyPrivate

 	err := cloudup.PerformAssignments(inCluster, mockcloud)
--- a/pkg/kubeconfig/create_kubecfg.go
+++ b/pkg/kubeconfig/create_kubecfg.go
@ -67,7 +67,7 @@ func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.Se
 	// careful that we aren't accessing the API over DirectConnect (or a VPN).
 	// We differentiate using the heuristic that if we have an internal ELB
 	// we are likely connected directly to the VPC.
-	privateDNS := cluster.Spec.Topology != nil && cluster.Spec.Topology.DNS.Type == kops.DNSTypePrivate
+	privateDNS := cluster.Spec.Topology != nil && cluster.Spec.Topology.DNS == kops.DNSTypePrivate
 	internalELB := cluster.Spec.API != nil && cluster.Spec.API.LoadBalancer != nil && cluster.Spec.API.LoadBalancer.Type == kops.LoadBalancerTypeInternal
 	if privateDNS && !internalELB {
 		useELBName = true
--- a/pkg/model/awsmodel/dns.go
+++ b/pkg/model/awsmodel/dns.go
@ -45,8 +45,8 @@ func (b *DNSModelBuilder) ensureDNSZone(c *fi.ModelBuilderContext) error {
 	}

 	topology := b.Cluster.Spec.Topology
-	if topology != nil && topology.DNS != nil {
-		switch topology.DNS.Type {
+	if topology != nil {
+		switch topology.DNS {
 		case kops.DNSTypePublic:
 		// Ignore

@ -55,7 +55,7 @@ func (b *DNSModelBuilder) ensureDNSZone(c *fi.ModelBuilderContext) error {
 			dnsZone.PrivateVPC = b.LinkToVPC()

 		default:
-			return fmt.Errorf("unknown DNS type %q", topology.DNS.Type)
+			return fmt.Errorf("unknown DNS type %q", topology.DNS)
 		}
 	}

--- a/pkg/model/components/kubescheduler/tests/kubeschedulerconfig/completed-cluster.yaml
+++ b/pkg/model/components/kubescheduler/tests/kubeschedulerconfig/completed-cluster.yaml
@ -9,7 +9,6 @@ spec:
  cloudProvider: {}
  kubernetesVersion: v1.24.0
  topology:
-    dns:
-      type: Public
-    masters: public
+    controlPlane: public
+    dns: Public
    nodes: public
--- a/pkg/model/components/kubescheduler/tests/minimal/completed-cluster.yaml
+++ b/pkg/model/components/kubescheduler/tests/minimal/completed-cluster.yaml
@ -9,7 +9,6 @@ spec:
  cloudProvider: {}
  kubernetesVersion: v1.21.0
  topology:
-    dns:
-      type: Public
-    masters: public
+    controlPlane: public
+    dns: Public
    nodes: public
--- a/pkg/model/components/kubescheduler/tests/mixing/completed-cluster.yaml
+++ b/pkg/model/components/kubescheduler/tests/mixing/completed-cluster.yaml
@ -11,7 +11,6 @@ spec:
    maxPersistentVolumes: 20
  kubernetesVersion: v1.24.0
  topology:
-    dns:
-      type: Public
-    masters: public
+    controlPlane: public
+    dns: Public
    nodes: public
--- a/pkg/model/gcemodel/autoscalinggroup.go
+++ b/pkg/model/gcemodel/autoscalinggroup.go
@ -92,7 +92,7 @@ func (b *AutoscalingGroupModelBuilder) buildInstanceTemplate(c *fi.ModelBuilderC
 				Preemptible:          fi.Bool(fi.StringValue(ig.Spec.GCPProvisioningModel) == "SPOT"),
 				GCPProvisioningModel: ig.Spec.GCPProvisioningModel,

-				HasExternalIP: fi.Bool(b.Cluster.Spec.Topology.Masters == kops.TopologyPublic),
+				HasExternalIP: fi.Bool(b.Cluster.Spec.Topology.ControlPlane == kops.TopologyPublic),

 				Scopes: []string{
 					"compute-rw",
--- a/pkg/model/openstackmodel/servergroup.go
+++ b/pkg/model/openstackmodel/servergroup.go
@ -206,7 +206,7 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.ModelBuilderContext, sg *
 				instanceTask.FloatingIP = t
 			case kops.InstanceGroupRoleMaster:

-				if b.Cluster.Spec.Topology == nil || b.Cluster.Spec.Topology.Masters != kops.TopologyPrivate {
+				if b.Cluster.Spec.Topology == nil || b.Cluster.Spec.Topology.ControlPlane != kops.TopologyPrivate {
 					t := &openstacktasks.FloatingIP{
 						Name:      fi.String(fmt.Sprintf("%s-%s", "fip", *instanceTask.Name)),
 						Lifecycle: b.Lifecycle,
--- a/pkg/model/openstackmodel/servergroup_test.go
+++ b/pkg/model/openstackmodel/servergroup_test.go
@ -386,7 +386,7 @@ func getServerGroupModelBuilderTestInput() []serverGroupModelBuilderTestInput {
 						},
 					},
 					Topology: &kops.TopologySpec{
-						Masters: kops.TopologyPrivate,
+						ControlPlane: kops.TopologyPrivate,
 					},
 					KubernetesVersion: "1.24.0",
 					Subnets: []kops.ClusterSubnetSpec{
--- a/pkg/testutils/cluster.go
+++ b/pkg/testutils/cluster.go
@ -43,11 +43,9 @@ func BuildMinimalCluster(clusterName string) *kops.Cluster {

 	// Default to public topology
 	c.Spec.Topology = &kops.TopologySpec{
-		Masters: kops.TopologyPublic,
-		Nodes:   kops.TopologyPublic,
-		DNS: &kops.DNSSpec{
-			Type: kops.DNSTypePublic,
-		},
+		ControlPlane: kops.TopologyPublic,
+		Nodes:        kops.TopologyPublic,
+		DNS:          kops.DNSTypePublic,
 	}

 	c.Spec.Networking = &kops.NetworkingSpec{}
--- a/tests/integration/conversion/aws/v1alpha2.yaml
+++ b/tests/integration/conversion/aws/v1alpha2.yaml
@ -57,9 +57,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/aws/v1alpha3.yaml
+++ b/tests/integration/conversion/aws/v1alpha3.yaml
@ -56,10 +56,9 @@ spec:
    zone: us-test-1a
  tagSubnets: false
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/azure/v1alpha2.yaml
+++ b/tests/integration/conversion/azure/v1alpha2.yaml
@ -54,9 +54,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/azure/v1alpha3.yaml
+++ b/tests/integration/conversion/azure/v1alpha3.yaml
@ -52,10 +52,9 @@ spec:
    zone: us-test-1a
  tagSubnets: false
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/canal/v1alpha2.yaml
+++ b/tests/integration/conversion/canal/v1alpha2.yaml
@ -49,9 +49,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/canal/v1alpha3.yaml
+++ b/tests/integration/conversion/canal/v1alpha3.yaml
@ -48,10 +48,9 @@ spec:
    type: Public
    zone: us-test-1a
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/cilium/v1alpha2.yaml
+++ b/tests/integration/conversion/cilium/v1alpha2.yaml
@ -50,9 +50,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/cilium/v1alpha3.yaml
+++ b/tests/integration/conversion/cilium/v1alpha3.yaml
@ -49,10 +49,9 @@ spec:
    type: Public
    zone: us-test-1a
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/do/v1alpha2.yaml
+++ b/tests/integration/conversion/do/v1alpha2.yaml
@ -47,9 +47,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/do/v1alpha3.yaml
+++ b/tests/integration/conversion/do/v1alpha3.yaml
@ -46,10 +46,9 @@ spec:
    zone: us-test-1a
  tagSubnets: false
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/gce/v1alpha2.yaml
+++ b/tests/integration/conversion/gce/v1alpha2.yaml
@ -48,9 +48,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/gce/v1alpha3.yaml
+++ b/tests/integration/conversion/gce/v1alpha3.yaml
@ -47,10 +47,9 @@ spec:
    zone: us-test-1a
  tagSubnets: false
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/minimal/legacy-v1alpha2.yaml
+++ b/tests/integration/conversion/minimal/legacy-v1alpha2.yaml
@ -48,9 +48,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/minimal/v1alpha2.yaml
+++ b/tests/integration/conversion/minimal/v1alpha2.yaml
@ -48,9 +48,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/minimal/v1alpha3.yaml
+++ b/tests/integration/conversion/minimal/v1alpha3.yaml
@ -47,10 +47,9 @@ spec:
    type: Public
    zone: us-test-1a
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/tests/integration/conversion/openstack/v1alpha2.yaml
+++ b/tests/integration/conversion/openstack/v1alpha2.yaml
@ -63,9 +63,9 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
-    nodes: public
+    nodes: private

 ---

--- a/tests/integration/conversion/openstack/v1alpha3.yaml
+++ b/tests/integration/conversion/openstack/v1alpha3.yaml
@ -61,10 +61,9 @@ spec:
    zone: us-test-1a
  tagSubnets: false
  topology:
-    dns:
-      type: Public
-    masters: public
-    nodes: public
+    controlPlane: public
+    dns: None
+    nodes: private

 ---

--- a/upup/pkg/fi/cloudup/defaults.go
+++ b/upup/pkg/fi/cloudup/defaults.go
@ -46,7 +46,7 @@ func PerformAssignments(c *kops.Cluster, cloud fi.Cloud) error {
 	// Topology support
 	// TODO Kris: Unsure if this needs to be here, or if the API conversion code will handle it
 	if c.Spec.Topology == nil {
-		c.Spec.Topology = &kops.TopologySpec{Masters: kops.TopologyPublic, Nodes: kops.TopologyPublic}
+		c.Spec.Topology = &kops.TopologySpec{ControlPlane: kops.TopologyPublic, Nodes: kops.TopologyPublic}
 	}

 	if cloud == nil {
--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@ -1123,8 +1123,8 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 	switch opt.Topology {
 	case api.TopologyPublic, "":
 		cluster.Spec.Topology = &api.TopologySpec{
-			Masters: api.TopologyPublic,
-			Nodes:   api.TopologyPublic,
+			ControlPlane: api.TopologyPublic,
+			Nodes:        api.TopologyPublic,
 			// Bastion: &api.BastionSpec{Enable: c.Bastion},
 		}

@ -1141,8 +1141,8 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 			return nil, fmt.Errorf("invalid networking option %s. Kubenet does not support private topology", opt.Networking)
 		}
 		cluster.Spec.Topology = &api.TopologySpec{
-			Masters: api.TopologyPrivate,
-			Nodes:   api.TopologyPrivate,
+			ControlPlane: api.TopologyPrivate,
+			Nodes:        api.TopologyPrivate,
 		}

 		for i := range cluster.Spec.Subnets {
@ -1266,22 +1266,21 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 		}
 	}

-	cluster.Spec.Topology.DNS = &api.DNSSpec{}
 	switch strings.ToLower(opt.DNSType) {
 	case "":
 		if cluster.IsGossip() {
-			cluster.Spec.Topology.DNS.Type = api.DNSTypePrivate
+			cluster.Spec.Topology.DNS = api.DNSTypePrivate
 		} else if cluster.Spec.GetCloudProvider() == api.CloudProviderHetzner {
-			cluster.Spec.Topology.DNS.Type = api.DNSTypeNone
+			cluster.Spec.Topology.DNS = api.DNSTypeNone
 		} else {
-			cluster.Spec.Topology.DNS.Type = api.DNSTypePublic
+			cluster.Spec.Topology.DNS = api.DNSTypePublic
 		}
 	case "public":
-		cluster.Spec.Topology.DNS.Type = api.DNSTypePublic
+		cluster.Spec.Topology.DNS = api.DNSTypePublic
 	case "private":
-		cluster.Spec.Topology.DNS.Type = api.DNSTypePrivate
+		cluster.Spec.Topology.DNS = api.DNSTypePrivate
 	case "none":
-		cluster.Spec.Topology.DNS.Type = api.DNSTypeNone
+		cluster.Spec.Topology.DNS = api.DNSTypeNone
 	default:
 		return nil, fmt.Errorf("unknown DNSType: %q", opt.DNSType)
 	}
@ -1304,7 +1303,7 @@ func setupAPI(opt *NewClusterOptions, cluster *api.Cluster) error {
 	} else if opt.APILoadBalancerType != "" || opt.APISSLCertificate != "" {
 		cluster.Spec.API.LoadBalancer = &api.LoadBalancerAccessSpec{}
 	} else {
-		switch cluster.Spec.Topology.Masters {
+		switch cluster.Spec.Topology.ControlPlane {
 		case api.TopologyPublic:
 			if cluster.IsGossip() || cluster.UsesNoneDNS() {
 				// gossip DNS names don't work outside the cluster, so we use a LoadBalancer instead
@ -1317,7 +1316,7 @@ func setupAPI(opt *NewClusterOptions, cluster *api.Cluster) error {
 			cluster.Spec.API.LoadBalancer = &api.LoadBalancerAccessSpec{}

 		default:
-			return fmt.Errorf("unknown master topology type: %q", cluster.Spec.Topology.Masters)
+			return fmt.Errorf("unknown master topology type: %q", cluster.Spec.Topology.ControlPlane)
 		}
 	}

--- a/upup/pkg/fi/cloudup/openstack/cloud.go
+++ b/upup/pkg/fi/cloudup/openstack/cloud.go
@ -734,7 +734,7 @@ func getIPIngressStatus(c OpenstackCloud, cluster *kops.Cluster) (ingresses []fi
 			if ok && val == cluster.Name && ok2 {
 				role, success := kops.ParseInstanceGroupRole(val2, false)
 				if success && role == kops.InstanceGroupRoleMaster {
-					if cluster.Spec.Topology != nil && cluster.Spec.Topology.Masters == kops.TopologyPrivate {
+					if cluster.Spec.Topology != nil && cluster.Spec.Topology.ControlPlane == kops.TopologyPrivate {
 						ifName := instance.Metadata[TagKopsNetwork]
 						address, err := GetServerFixedIP(&instance, ifName)
 						if err != nil {
--- a/upup/pkg/fi/cloudup/populate_cluster_spec.go
+++ b/upup/pkg/fi/cloudup/populate_cluster_spec.go
@ -226,8 +226,8 @@ func (c *populateClusterSpec) run(clientset simple.Clientset) error {
 		}
 		if dns != nil {
 			dnsType := kopsapi.DNSTypePublic
-			if cluster.Spec.Topology != nil && cluster.Spec.Topology.DNS != nil && cluster.Spec.Topology.DNS.Type != "" {
-				dnsType = cluster.Spec.Topology.DNS.Type
+			if cluster.Spec.Topology != nil && cluster.Spec.Topology.DNS != "" {
+				dnsType = cluster.Spec.Topology.DNS
 			}

 			dnsZone, err := FindDNSHostedZone(dns, cluster.ObjectMeta.Name, dnsType)
--- a/upup/pkg/fi/cloudup/populate_cluster_spec_test.go
+++ b/upup/pkg/fi/cloudup/populate_cluster_spec_test.go
@ -316,14 +316,14 @@ func TestPopulateCluster_CloudProvider_Required(t *testing.T) {

 func TestPopulateCluster_TopologyInvalidNil_Required(t *testing.T) {
 	cloud, c := buildMinimalCluster()
-	c.Spec.Topology.Masters = ""
+	c.Spec.Topology.ControlPlane = ""
 	c.Spec.Topology.Nodes = ""
 	expectErrorFromPopulateCluster(t, c, cloud, "topology")
 }

 func TestPopulateCluster_TopologyInvalidValue_Required(t *testing.T) {
 	cloud, c := buildMinimalCluster()
-	c.Spec.Topology.Masters = "123"
+	c.Spec.Topology.ControlPlane = "123"
 	c.Spec.Topology.Nodes = "abc"
 	expectErrorFromPopulateCluster(t, c, cloud, "topology")
 }
@ -331,7 +331,7 @@ func TestPopulateCluster_TopologyInvalidValue_Required(t *testing.T) {
 //func TestPopulateCluster_TopologyInvalidMatchingValues_Required(t *testing.T) {
 //	// We can't have a bastion with public masters / nodes
 //	c := buildMinimalCluster()
-//	c.Spec.Topology.Masters = api.TopologyPublic
+//	c.Spec.Topology.ControlPlane = api.TopologyPublic
 //	c.Spec.Topology.Nodes = api.TopologyPrivate
 //	expectErrorFromPopulateCluster(t, c, "Topology")
 //}
@ -339,7 +339,7 @@ func TestPopulateCluster_TopologyInvalidValue_Required(t *testing.T) {
 func TestPopulateCluster_BastionInvalidMatchingValues_Required(t *testing.T) {
 	// We can't have a bastion with public masters / nodes
 	cloud, c := buildMinimalCluster()
-	c.Spec.Topology.Masters = kopsapi.TopologyPublic
+	c.Spec.Topology.ControlPlane = kopsapi.TopologyPublic
 	c.Spec.Topology.Nodes = kopsapi.TopologyPublic
 	c.Spec.Topology.Bastion = &kopsapi.BastionSpec{}
 	expectErrorFromPopulateCluster(t, c, cloud, "bastion")