This modifies the templates to appropriately create resources for
different access CIDRs specified in the cluster configuration.
On AWS this leads to the creation of multiple security group rules which
will not currently be cleaned up if a CIDR is removed.
This issue is tracked in kubernetes/kops#145
Changes:
* change AdminCIDR() to return slice of configured CIDRs
* aws: change templates to create security group rule per CIDR
* gce: set 'sourceRanges' for firewall rule to configured CIDRs
This is a breaking change for people using the API (sorry), but is
hopefully a simple search and replace:
"k8s.io/kops/upup/pkg/api"
-> api "k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/upup/pkg/api/registry"
-> "k8s.io/kops/pkg/apis/kops/registry"
This is the "correct" place for it in the k8s API infrastructure - we
are working towards a versioned API here.
We separate out the `create cluster` operation from the `update cluster`
operation. Now create cluster only creates the spec (unless you pass
--yes), and is only for new clusters.
`update cluster` works on new or existing clusters, and should be called
to apply changes.
`update` is not the best name, because it means something different in
kubectl, but I think it's a good start.
Kris Childress