We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension. These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
* Add ILBs, broadly following the AWS model. The following new
capabilities are added for clusters in GCP:
* Cluster's spec.api.loadBalancer can be set to 'type: internal' on
GCP.
* Therefore, GCP can now create:
* regional backend services
* regional (non-legacy) healthchecks
* firewall rules with "internal" load-balancing scheme
* firewall rules with dot-notation-specified IP addresses
* Cluster's spec.api.loadBalancer's 'subnets' field functions
as in the AWS model.
A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.
* Cluster's spec.networkID field can be prefixed by project to use
GCP's common cross-project networking model.
* The presumption is that all specified subnets belong to this
network and therefore this project.
* Add missing operation wait on forwarding rule creation.
* Some Terraform output improvements:
* Permit no-ACL files in GCS buckets in Terraform output.
* Enable marginally better cross-resource reference in Terraform outputs
* Add project to network + subnetwork literals in Terraform output.
* Add terraform output to backend services and health checks.
Testing:
* Add mocks for backend services and health checks.
* Add minimal integration test - copied from gce_private and ilb added.
* Add update cluster goldens.
Co-authored-by: Travis Reid <travis_reid@apple.com>
We need to open up the ipip protocol, which wasn't previously enabled.
Future work could construct the firewall rules in a common library,
and then adapt them to the various clouds.
Supporting IPv6 values where they can be set by the user, and ensuring
that IPv4 and IPv6 firewall rules are split because on GCP they cannot
be in the same rule.
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog. That
will happen when we update to k8s 1.13.
We move everything to the models. We feature-flag it, because we
probably want to change the names etc, and we aren't going to be able to
offer smooth upgrades until that is done.
upodroid
justinsb
Kubernetes Prow Robot
Ciprian Hacman
John Gardiner Myers
Nat Henderson
Peter Rifel
mikesplain
Justin Santa Barbara