From f197e87c1f9aab131a6f2713002f27d38e786a3b Mon Sep 17 00:00:00 2001 From: Kris Childress Date: Tue, 18 Oct 2016 19:36:44 -0600 Subject: [PATCH 1/5] Initial commit for #428 - Publishing documentation to grow with the PR - Defining command line flags --- cmd/kops/create_cluster.go | 11 ++++++++++- docs/private-networking.md | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 docs/private-networking.md diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index b1cd03a956e71..52eaf38e61f92 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -58,7 +58,11 @@ type CreateClusterOptions struct { AssociatePublicIP bool // Channel is the location of the api.Channel to use for our defaults - Channel string + Channel string + + //Subnet configuration + MastersPrivateSubnet bool + NodesPrivateSubnet bool } func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command { @@ -111,6 +115,11 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command { cmd.Flags().StringVar(&options.Channel, "channel", api.DefaultChannel, "Channel for default versions and configuration to use") + + cmd.Flags().BoolVar(&options.MastersPrivateSubnet, "masters-private-subnet", false, "Flag to control the masters' subnet visabilty. Default 'false' to use a public subnet") + cmd.Flags().BoolVar(&options.NodesPrivateSubnet, "nodes-private-subnet", false, "Flag to control the nodes' subnet visabilty. Default 'false' to use a public subnet") + + return cmd } diff --git a/docs/private-networking.md b/docs/private-networking.md new file mode 100644 index 0000000000000..5ffb2965ccdcb --- /dev/null +++ b/docs/private-networking.md @@ -0,0 +1,24 @@ +# Private Networking in AWS + +AWS offers a few different VPC subnet modes. Below are examples of different subnets that kops supports. + +Kops will default to **public** subnets. In order to override this behavior use the following flags to change subnet type for instance groups. + +##### Subnet modes + +### All Private + +All masters and minions running in a private subnet in a VPC + +``` + kops create cluster ... --masters-private-subnet --nodes-private-subnet +``` + +### Private Masters, Public Nodes + +All masters running in a private subnet with all nodes in a public subnet in a VPC + +``` + kops create cluster ... --masters-private-subnet +``` + From b6c93e7fbc344c7562692004cdb1fa964985ee4c Mon Sep 17 00:00:00 2001 From: Kris Childress Date: Wed, 19 Oct 2016 06:02:29 -0600 Subject: [PATCH 2/5] Reformatting in create command --- cmd/kops/create_cluster.go | 42 +++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index 52eaf38e61f92..f82612d388986 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -36,29 +36,29 @@ import ( ) type CreateClusterOptions struct { - Yes bool - Target string - Models string - Cloud string - Zones string - MasterZones string - NodeSize string - MasterSize string - NodeCount int - Project string - KubernetesVersion string - OutDir string - Image string - SSHPublicKey string - VPCID string - NetworkCIDR string - DNSZone string - AdminAccess string - Networking string - AssociatePublicIP bool + Yes bool + Target string + Models string + Cloud string + Zones string + MasterZones string + NodeSize string + MasterSize string + NodeCount int + Project string + KubernetesVersion string + OutDir string + Image string + SSHPublicKey string + VPCID string + NetworkCIDR string + DNSZone string + AdminAccess string + Networking string + AssociatePublicIP bool // Channel is the location of the api.Channel to use for our defaults - Channel string + Channel string //Subnet configuration MastersPrivateSubnet bool From 1c8b5667dbbc20e0d9991f739434e3d5476471cc Mon Sep 17 00:00:00 2001 From: Kris Childress Date: Wed, 19 Oct 2016 14:13:38 -0600 Subject: [PATCH 3/5] More work along the way - A lot of these values are just stubbed out and I will flesh them out further once I start deploying clusters --- cmd/kops/create_cluster.go | 13 ++ pkg/apis/kops/cluster.go | 3 + pkg/apis/kops/subnets.go | 27 ++++ upup/pkg/fi/cloudup/apply_cluster.go | 7 +- upup/pkg/fi/cloudup/awstasks/natgateway.go | 151 ++++++++++++++++++ .../fi/cloudup/awstasks/natgateway_fitask.go | 59 +++++++ 6 files changed, 258 insertions(+), 2 deletions(-) create mode 100644 pkg/apis/kops/subnets.go create mode 100644 upup/pkg/fi/cloudup/awstasks/natgateway.go create mode 100644 upup/pkg/fi/cloudup/awstasks/natgateway_fitask.go diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index f82612d388986..1e9ccf0b45d87 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -366,6 +366,19 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io } } + + // Support for public/private subnets + mastersSubnet := &api.SubnetSpec{Visibility: api.SubnetVisibilityPublic} + nodesSubnet := &api.SubnetSpec{Visibility: api.SubnetVisibilityPublic} + if c.MastersPrivateSubnet { + mastersSubnet.Visibility = api.SubnetVisibilityPrivate + } + if c.NodesPrivateSubnet { + nodesSubnet.Visibility = api.SubnetVisibilityPrivate + } + cluster.Spec.MastersSubnet = mastersSubnet + cluster.Spec.NodesSubnet = nodesSubnet + sshPublicKeys := make(map[string][]byte) if c.SSHPublicKey != "" { c.SSHPublicKey = utils.ExpandPath(c.SSHPublicKey) diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index be77eeb4719b9..85409be182f6f 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -77,6 +77,9 @@ type ClusterSpec struct { // NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC) NetworkID string `json:"networkID,omitempty"` + MastersSubnet *SubnetSpec + NodesSubnet *SubnetSpec + // SecretStore is the VFS path to where secrets are stored SecretStore string `json:"secretStore,omitempty"` // KeyStore is the VFS path to where SSL keys and certificates are stored diff --git a/pkg/apis/kops/subnets.go b/pkg/apis/kops/subnets.go new file mode 100644 index 0000000000000..2a19c76bc3dd8 --- /dev/null +++ b/pkg/apis/kops/subnets.go @@ -0,0 +1,27 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kops + +const ( + SubnetVisibilityPublic = 0 + SubnetVisibilityPrivate = 1 +) + +type SubnetSpec struct { + Visibility int + InstanceGroup *InstanceGroup +} diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go index 631943e5abc64..6c3622bf2e05f 100644 --- a/upup/pkg/fi/cloudup/apply_cluster.go +++ b/upup/pkg/fi/cloudup/apply_cluster.go @@ -78,6 +78,7 @@ type ApplyClusterCmd struct { DryRun bool } + func (c *ApplyClusterCmd) Run() error { if c.InstanceGroups == nil { list, err := c.Clientset.InstanceGroups(c.Cluster.Name).List(k8sapi.ListOptions{}) @@ -287,8 +288,11 @@ func (c *ApplyClusterCmd) Run() error { "securityGroupRule": &awstasks.SecurityGroupRule{}, "subnet": &awstasks.Subnet{}, "vpc": &awstasks.VPC{}, + "natGateway": &awstasks.NATGateway{}, "vpcDHDCPOptionsAssociation": &awstasks.VPCDHCPOptionsAssociation{}, + + // ELB "loadBalancer": &awstasks.LoadBalancer{}, "loadBalancerAttachment": &awstasks.LoadBalancerAttachment{}, @@ -547,8 +551,7 @@ func (c *ApplyClusterCmd) Run() error { if err != nil { return fmt.Errorf("error running tasks: %v", err) } - - err = target.Finish(taskMap) + err = target.Finish(taskMap) //This will finish the apply, and print the changes if err != nil { return fmt.Errorf("error closing target: %v", err) } diff --git a/upup/pkg/fi/cloudup/awstasks/natgateway.go b/upup/pkg/fi/cloudup/awstasks/natgateway.go new file mode 100644 index 0000000000000..b632c6a1e9350 --- /dev/null +++ b/upup/pkg/fi/cloudup/awstasks/natgateway.go @@ -0,0 +1,151 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package awstasks + +import ( + "fmt" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/golang/glog" + "k8s.io/kops/upup/pkg/fi" + "k8s.io/kops/upup/pkg/fi/cloudup/awsup" + "k8s.io/kops/upup/pkg/fi/cloudup/terraform" +) + +//go:generate fitask -type=natgateway +type NATGateway struct { + ID *string // AWS ID for the object + AllocationID *string // Pointer to an elastic IP + SubnetID *string // Pointer to a subnet in the VPC + VPCID *string // Unique identifier of the VPC for this NAT gateway +} + +var _ fi.CompareWithID = &NATGateway{} // Validate the IDs + +func (e *NATGateway) CompareWithID() *string { + return e.ID +} + +func (e *NATGateway) Find(c *fi.Context) (*NATGateway, error) { + cloud := c.Cloud.(awsup.AWSCloud) + + request := &ec2.DescribeNatGatewaysInput{} + + if fi.StringValue(e.ID) != "" { + request.NatGatewayIds = []*string{e.ID} + } else { + request.Filter = cloud.BuildFilters(e.SubnetID) + } + + response, err := cloud.EC2().DescribeNatGateways(request) + if err != nil { + return nil, fmt.Errorf("error listing NAT Gateways: %v", err) + } + if response == nil || len(response.NatGateways) == 0 { + return nil, nil + } + + if len(response.NatGateways) != 1 { + return nil, fmt.Errorf("found multiple NAT Gateways matching tags") + } + ngw := response.NatGateways[0] + actual := &NATGateway{ + ID: ngw.NatGatewayId, + VPCID: ngw.VpcId, + SubnetID: ngw.SubnetId, + } + + glog.V(4).Infof("found matching NAT gateway %v", actual) + + // Allocation ID + if actual.ID != nil { + request := &ec2.DescribeAddressesInput{} + request.Filters = cloud.BuildFilters(e.VPCID) + response, err := cloud.EC2().DescribeAddresses(request) + if err != nil || len(response.Addresses) != 1 { + return nil, fmt.Errorf("error querying for elastic ip support: %v", err) + } + actual.AllocationID = response.Addresses[0].AllocationId + } + + if e.ID == nil { + e.ID = actual.ID + } + + return actual, nil +} + +func (s *NATGateway) CheckChanges(a, e, changes *NATGateway) error { + if a == nil { + if e.AllocationID == nil { + return fi.RequiredField("AllocationID") + } + if e.SubnetID == nil { + return fi.RequiredField("SubnetID") + } + } + if a != nil { + if changes.AllocationID != nil { + // TODO: Do we want to destroy & recreate the VPC? + return fi.CannotChangeField("AllocationID") + } + } + return nil +} + +func (e *NATGateway) Run(c *fi.Context) error { + return fi.DefaultDeltaRunMethod(e, c) +} + +func (_ *NATGateway) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *NATGateway) error { + if a == nil { + glog.V(2).Infof("Creating NGW with Allocation ID: %q", *e.AllocationID) + + request := &ec2.CreateNatGatewayInput{ + AllocationId: e.AllocationID, + SubnetId: e.SubnetID, + } + + response, err := t.Cloud.EC2().CreateNatGateway(request) + if err != nil { + return fmt.Errorf("error creating Nat gateway: %v", err) + } + + e.ID = response.NatGateway.NatGatewayId + } + + return nil +} + +type terraformNatGateway struct { + AllocationId *string `json:"AllocationID,omitempty"` + SubnetID *bool `json:"SubnetID,omitempty"` +} + +func (_ *NATGateway) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *NATGateway) error { +// cloud := t.Cloud.(awsup.AWSCloud) + + tf := &terraformNatGateway{ + AllocationId: e.AllocationID, + //SubnetID: e.SubnetID, + } + + return t.RenderResource("aws_natgateway", *e.AllocationID, tf) +} + +func (e *NATGateway) TerraformLink() *terraform.Literal { + return terraform.LiteralProperty("aws_natgateway", *e.AllocationID, "id") +} diff --git a/upup/pkg/fi/cloudup/awstasks/natgateway_fitask.go b/upup/pkg/fi/cloudup/awstasks/natgateway_fitask.go new file mode 100644 index 0000000000000..f72b6ad91f5a6 --- /dev/null +++ b/upup/pkg/fi/cloudup/awstasks/natgateway_fitask.go @@ -0,0 +1,59 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ""fitask" -type=natgateway"; DO NOT EDIT + +package awstasks + +import ( + "encoding/json" + + "k8s.io/kops/upup/pkg/fi" +) + +// VPC + +// JSON marshalling boilerplate +type realNatGateway NATGateway + +func (o *NATGateway) UnmarshalJSON(data []byte) error { + var jsonName string + if err := json.Unmarshal(data, &jsonName); err == nil { + o.AllocationID = &jsonName + return nil + } + + var r realNatGateway + if err := json.Unmarshal(data, &r); err != nil { + return err + } + *o = NATGateway(r) + return nil +} + +var _ fi.HasName = &NATGateway{} + +func (e *NATGateway) GetName() *string { + return e.AllocationID +} + +func (e *NATGateway) SetName(name string) { + e.AllocationID = &name +} + +func (e *NATGateway) String() string { + return fi.TaskAsString(e) +} From f843f87c25ba412e8484101a467635d64ecf7975 Mon Sep 17 00:00:00 2001 From: Kris Childress Date: Fri, 21 Oct 2016 23:19:09 -0600 Subject: [PATCH 4/5] Another private network commit, finishing putting pieces together for the night. NOT WORKING.. But this is a good stopping place --- cmd/kops/create_cluster.go | 34 ++--- docs/private-networking.md | 24 --- docs/topology.md | 21 +++ pkg/apis/kops/cluster.go | 4 +- pkg/apis/kops/{subnets.go => topology.go} | 10 +- upup/models/cloudup/_aws/network.yaml | 51 ------- upup/models/cloudup/_aws/topology.yaml | 173 ++++++++++++++++++++++ 7 files changed, 217 insertions(+), 100 deletions(-) delete mode 100644 docs/private-networking.md create mode 100644 docs/topology.md rename pkg/apis/kops/{subnets.go => topology.go} (81%) delete mode 100644 upup/models/cloudup/_aws/network.yaml create mode 100644 upup/models/cloudup/_aws/topology.yaml diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index 1e9ccf0b45d87..4bde1d7897c62 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -60,9 +60,9 @@ type CreateClusterOptions struct { // Channel is the location of the api.Channel to use for our defaults Channel string - //Subnet configuration - MastersPrivateSubnet bool - NodesPrivateSubnet bool + // The network topology to use + Topology string + } func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command { @@ -115,10 +115,8 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command { cmd.Flags().StringVar(&options.Channel, "channel", api.DefaultChannel, "Channel for default versions and configuration to use") - - cmd.Flags().BoolVar(&options.MastersPrivateSubnet, "masters-private-subnet", false, "Flag to control the masters' subnet visabilty. Default 'false' to use a public subnet") - cmd.Flags().BoolVar(&options.NodesPrivateSubnet, "nodes-private-subnet", false, "Flag to control the nodes' subnet visabilty. Default 'false' to use a public subnet") - + // Network topology + cmd.Flags().StringVarP(&options.Topology, "topology", "t", "public", "Controls network topology for the cluster. public|private|hybrid1. Default is 'public'.") return cmd } @@ -366,18 +364,18 @@ func RunCreateCluster(f *util.Factory, cmd *cobra.Command, args []string, out io } } - - // Support for public/private subnets - mastersSubnet := &api.SubnetSpec{Visibility: api.SubnetVisibilityPublic} - nodesSubnet := &api.SubnetSpec{Visibility: api.SubnetVisibilityPublic} - if c.MastersPrivateSubnet { - mastersSubnet.Visibility = api.SubnetVisibilityPrivate - } - if c.NodesPrivateSubnet { - nodesSubnet.Visibility = api.SubnetVisibilityPrivate + // Network Topology + switch c.Topology { + case api.TopologyPublic: + cluster.Spec.Topology = &api.TopologySpec{Type: api.TopologyPublic} + case api.TopologyPrivate: + cluster.Spec.Topology = &api.TopologySpec{Type: api.TopologyPrivate} + case api.TopologyHybrid1: + cluster.Spec.Topology = &api.TopologySpec{Type: api.TopologyHybrid1} + default: + glog.Warningf("Unable to detect topology. Defaulting to public topology.") + cluster.Spec.Topology = &api.TopologySpec{Type: api.TopologyPublic} } - cluster.Spec.MastersSubnet = mastersSubnet - cluster.Spec.NodesSubnet = nodesSubnet sshPublicKeys := make(map[string][]byte) if c.SSHPublicKey != "" { diff --git a/docs/private-networking.md b/docs/private-networking.md deleted file mode 100644 index 5ffb2965ccdcb..0000000000000 --- a/docs/private-networking.md +++ /dev/null @@ -1,24 +0,0 @@ -# Private Networking in AWS - -AWS offers a few different VPC subnet modes. Below are examples of different subnets that kops supports. - -Kops will default to **public** subnets. In order to override this behavior use the following flags to change subnet type for instance groups. - -##### Subnet modes - -### All Private - -All masters and minions running in a private subnet in a VPC - -``` - kops create cluster ... --masters-private-subnet --nodes-private-subnet -``` - -### Private Masters, Public Nodes - -All masters running in a private subnet with all nodes in a public subnet in a VPC - -``` - kops create cluster ... --masters-private-subnet -``` - diff --git a/docs/topology.md b/docs/topology.md new file mode 100644 index 0000000000000..a3a9c43ea2663 --- /dev/null +++ b/docs/topology.md @@ -0,0 +1,21 @@ +# Network Topologies in Kops + +Kops supports a number of pre defined network topologies. They are separated into commonly used scenarios, or topologies. + +Each of the supported topologies are listed below, with an example on how to deploy them. + +## AWS + +Kops supports the following topologies on AWS + +| Topology | Flag Value | Description | +| ----------------- |----------- | --------------------------------------------------------------------------------------------- | +| Public Cluster | public | All masters/nodes will be launched in a public VPC| +| Private Cluster | private | All masters/nodes will be launched in a public VPC| +| Hybrid (1) | hybrid1 | All masters will be launched into a private VPC, All nodes will be launched into a public VPC | + +To specify a topology use the `--topology` or `-t` flag as in : + +``` +kops create cluster ... --topology private +``` diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index 85409be182f6f..4d33cfcdf18a7 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -77,8 +77,8 @@ type ClusterSpec struct { // NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC) NetworkID string `json:"networkID,omitempty"` - MastersSubnet *SubnetSpec - NodesSubnet *SubnetSpec + // Topology defines the type of network topology to use on the cluster - default public + Topology *TopologySpec // SecretStore is the VFS path to where secrets are stored SecretStore string `json:"secretStore,omitempty"` diff --git a/pkg/apis/kops/subnets.go b/pkg/apis/kops/topology.go similarity index 81% rename from pkg/apis/kops/subnets.go rename to pkg/apis/kops/topology.go index 2a19c76bc3dd8..a025ea943583a 100644 --- a/pkg/apis/kops/subnets.go +++ b/pkg/apis/kops/topology.go @@ -17,11 +17,11 @@ limitations under the License. package kops const ( - SubnetVisibilityPublic = 0 - SubnetVisibilityPrivate = 1 + TopologyPublic = 0 + TopologyPrivate = 1 + TopologyHybrid1 = 2 ) -type SubnetSpec struct { - Visibility int - InstanceGroup *InstanceGroup +type TopologySpec struct { + Type int } diff --git a/upup/models/cloudup/_aws/network.yaml b/upup/models/cloudup/_aws/network.yaml deleted file mode 100644 index b745a4a3a395a..0000000000000 --- a/upup/models/cloudup/_aws/network.yaml +++ /dev/null @@ -1,51 +0,0 @@ -vpc/{{ ClusterName }}: - id: {{ .NetworkID }} - shared: {{ SharedVPC }} - cidr: {{ .NetworkCIDR }} - enableDnsSupport: true - enableDnsHostnames: true - -{{ if not SharedVPC }} -# TODO: would be good to create these as shared, to verify them -dhcpOptions/{{ ClusterName }}: - domainNameServers: AmazonProvidedDNS -{{ if eq Region "us-east-1" }} - domainName: ec2.internal -{{ else }} - domainName: {{ Region }}.compute.internal -{{ end }} - -vpcDHDCPOptionsAssociation/{{ ClusterName }}: - vpc: vpc/{{ ClusterName }} - dhcpOptions: dhcpOptions/{{ ClusterName }} -{{ end }} - -internetGateway/{{ ClusterName }}: - shared: {{ SharedVPC }} - vpc: vpc/{{ ClusterName }} - -routeTable/{{ ClusterName }}: - vpc: vpc/{{ ClusterName }} - -route/0.0.0.0/0: - routeTable: routeTable/{{ ClusterName }} - cidr: 0.0.0.0/0 - internetGateway: internetGateway/{{ ClusterName }} - vpc: vpc/{{ ClusterName }} - -{{ range $zone := .Zones }} - -subnet/{{ $zone.Name }}.{{ ClusterName }}: - vpc: vpc/{{ ClusterName }} - availabilityZone: {{ $zone.Name }} - cidr: {{ $zone.CIDR }} - id: {{ $zone.ProviderID }} - shared: {{ SharedZone $zone }} - -{{ if not (SharedZone $zone) }} -routeTableAssociation/{{ $zone.Name }}.{{ ClusterName }}: - routeTable: routeTable/{{ ClusterName }} - subnet: subnet/{{ $zone.Name }}.{{ ClusterName }} -{{ end}} - -{{ end }} diff --git a/upup/models/cloudup/_aws/topology.yaml b/upup/models/cloudup/_aws/topology.yaml new file mode 100644 index 0000000000000..8b5b867bb7031 --- /dev/null +++ b/upup/models/cloudup/_aws/topology.yaml @@ -0,0 +1,173 @@ +#------------------------------------------------------------------------------ +# PUBLIC +# +{{ if .Topology.Type == 0 }} + vpc/{{ ClusterName }}: + id: {{ .NetworkID }} + shared: {{ SharedVPC }} + cidr: {{ .NetworkCIDR }} + enableDnsSupport: true + enableDnsHostnames: true + + + {{ if not SharedVPC }} + # TODO: would be good to create these as shared, to verify them + dhcpOptions/{{ ClusterName }}: + domainNameServers: AmazonProvidedDNS + {{ if eq Region "us-east-1" }} + domainName: ec2.internal + {{ else }} + domainName: {{ Region }}.compute.internal + {{ end }} + + vpcDHDCPOptionsAssociation/{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + dhcpOptions: dhcpOptions/{{ ClusterName }} + {{ end }} + + internetGateway/{{ ClusterName }}: + shared: {{ SharedVPC }} + vpc: vpc/{{ ClusterName }} + + routeTable/{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + + route/0.0.0.0/0: + routeTable: routeTable/{{ ClusterName }} + cidr: 0.0.0.0/0 + internetGateway: internetGateway/{{ ClusterName }} + vpc: vpc/{{ ClusterName }} + + {{ range $zone := .Zones }} + + subnet/{{ $zone.Name }}.{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + availabilityZone: {{ $zone.Name }} + cidr: {{ $zone.CIDR }} + id: {{ $zone.ProviderID }} + shared: {{ SharedZone $zone }} + + {{ if not (SharedZone $zone) }} + routeTableAssociation/{{ $zone.Name }}.{{ ClusterName }}: + routeTable: routeTable/{{ ClusterName }} + subnet: subnet/{{ $zone.Name }}.{{ ClusterName }} + {{ end}} + + {{ end }} +{{ end }} + +#------------------------------------------------------------------------------ +# PRIVATE +# +{{ if .Topology.Type == 1 }} + vpc/{{ ClusterName }}: + id: {{ .NetworkID }} + shared: {{ SharedVPC }} + cidr: {{ .NetworkCIDR }} + enableDnsSupport: true + enableDnsHostnames: true + + + {{ if not SharedVPC }} + # TODO: would be good to create these as shared, to verify them + dhcpOptions/{{ ClusterName }}: + domainNameServers: AmazonProvidedDNS + {{ if eq Region "us-east-1" }} + domainName: ec2.internal + {{ else }} + domainName: {{ Region }}.compute.internal + {{ end }} + + vpcDHDCPOptionsAssociation/{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + dhcpOptions: dhcpOptions/{{ ClusterName }} + {{ end }} + + internetGateway/{{ ClusterName }}: + shared: {{ SharedVPC }} + vpc: vpc/{{ ClusterName }} + + routeTable/{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + + route/0.0.0.0/0: + routeTable: routeTable/{{ ClusterName }} + cidr: 0.0.0.0/0 + internetGateway: internetGateway/{{ ClusterName }} + vpc: vpc/{{ ClusterName }} + + {{ range $zone := .Zones }} + + subnet/{{ $zone.Name }}.{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + availabilityZone: {{ $zone.Name }} + cidr: {{ $zone.CIDR }} + id: {{ $zone.ProviderID }} + shared: {{ SharedZone $zone }} + + {{ if not (SharedZone $zone) }} + routeTableAssociation/{{ $zone.Name }}.{{ ClusterName }}: + routeTable: routeTable/{{ ClusterName }} + subnet: subnet/{{ $zone.Name }}.{{ ClusterName }} + {{ end}} + + {{ end }} +{{ end }} + +#------------------------------------------------------------------------------ +# Hybrid 1 +# +{{ if .Topology.Type == 2 }} + vpc/{{ ClusterName }}: + id: {{ .NetworkID }} + shared: {{ SharedVPC }} + cidr: {{ .NetworkCIDR }} + enableDnsSupport: true + enableDnsHostnames: true + + + {{ if not SharedVPC }} + # TODO: would be good to create these as shared, to verify them + dhcpOptions/{{ ClusterName }}: + domainNameServers: AmazonProvidedDNS + {{ if eq Region "us-east-1" }} + domainName: ec2.internal + {{ else }} + domainName: {{ Region }}.compute.internal + {{ end }} + + vpcDHDCPOptionsAssociation/{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + dhcpOptions: dhcpOptions/{{ ClusterName }} + {{ end }} + + internetGateway/{{ ClusterName }}: + shared: {{ SharedVPC }} + vpc: vpc/{{ ClusterName }} + + routeTable/{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + + route/0.0.0.0/0: + routeTable: routeTable/{{ ClusterName }} + cidr: 0.0.0.0/0 + internetGateway: internetGateway/{{ ClusterName }} + vpc: vpc/{{ ClusterName }} + + {{ range $zone := .Zones }} + + subnet/{{ $zone.Name }}.{{ ClusterName }}: + vpc: vpc/{{ ClusterName }} + availabilityZone: {{ $zone.Name }} + cidr: {{ $zone.CIDR }} + id: {{ $zone.ProviderID }} + shared: {{ SharedZone $zone }} + + {{ if not (SharedZone $zone) }} + routeTableAssociation/{{ $zone.Name }}.{{ ClusterName }}: + routeTable: routeTable/{{ ClusterName }} + subnet: subnet/{{ $zone.Name }}.{{ ClusterName }} + {{ end}} + + {{ end }} +{{ end }} \ No newline at end of file From 6689b25cfe320278e986d8a2e9acad5fdcbde844 Mon Sep 17 00:00:00 2001 From: Kris Childress Date: Fri, 21 Oct 2016 23:30:45 -0600 Subject: [PATCH 5/5] priv/pub in topo doc --- docs/topology.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topology.md b/docs/topology.md index a3a9c43ea2663..0bb5be7aef4b5 100644 --- a/docs/topology.md +++ b/docs/topology.md @@ -11,7 +11,7 @@ Kops supports the following topologies on AWS | Topology | Flag Value | Description | | ----------------- |----------- | --------------------------------------------------------------------------------------------- | | Public Cluster | public | All masters/nodes will be launched in a public VPC| -| Private Cluster | private | All masters/nodes will be launched in a public VPC| +| Private Cluster | private | All masters/nodes will be launched in a private VPC| | Hybrid (1) | hybrid1 | All masters will be launched into a private VPC, All nodes will be launched into a public VPC | To specify a topology use the `--topology` or `-t` flag as in :