Merge remote-tracking branch 'origin/master' into size-reservations

fi-ts · Sep 26, 2024 · c9a5748 · c9a5748
2 parents 669d9de + f24f4bc
commit c9a5748
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/cmd/cluster.go b/cmd/cluster.go
@@ -246,6 +246,7 @@ func newClusterCmd(c *config) *cobra.Command {
 	clusterCreateCmd.Flags().StringSlice("kube-apiserver-acl-allowed-cidrs", []string{}, "comma-separated list of external CIDRs allowed to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")")
 	clusterCreateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-allowed-cidrs [optional].")
 	clusterCreateCmd.Flags().String("network-isolation", "", "defines restrictions to external network communication for the cluster, can be one of baseline|restricted|isolated. baseline sets no special restrictions to external networks, restricted by default only allows external traffic to explicitly allowed destinations, forbidden disallows communication with external networks except for a limited set of networks. Please consult the documentation for detailed descriptions of the individual modes as these cannot be altered anymore after creation. [optional]")
+	clusterCreateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again")
 
 	genericcli.Must(clusterCreateCmd.MarkFlagRequired("name"))
 	genericcli.Must(clusterCreateCmd.MarkFlagRequired("project"))
@@ -336,6 +337,7 @@ func newClusterCmd(c *config) *cobra.Command {
 	clusterUpdateCmd.Flags().StringSlice("kube-apiserver-acl-add-to-allowed-cidrs", []string{}, "comma-separated list of external CIDRs to add to the allowed CIDRs to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")")
 	clusterUpdateCmd.Flags().StringSlice("kube-apiserver-acl-remove-from-allowed-cidrs", []string{}, "comma-separated list of external CIDRs to be removed from the allowed CIDRs to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")")
 	clusterUpdateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-* [optional].")
+	clusterUpdateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again")
 
 	genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("version", c.comp.VersionListCompletion))
 	genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("workerversion", c.comp.VersionListCompletion))
@@ -447,6 +449,7 @@ func (c *config) clusterCreate() error {
 	encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes"))
 	enableNodeLocalDNS := viper.GetBool("enable-node-local-dns")
 	disableForwardToUpstreamDNS := viper.GetBool("disable-forwarding-to-upstream-dns")
+	highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane"))
 
 	var cni string
 	if viper.IsSet("cni") {
@@ -673,6 +676,19 @@ WARNING: You are going to create a cluster that has no default internet access w
 		}
 	}
 
+	if viper.IsSet("high-availability-control-plane") {
+		scr.ClusterFeatures.HighAvailability = &highAvailability
+		if ha, _ := strconv.ParseBool(highAvailability); ha {
+			if err := genericcli.PromptCustom(&genericcli.PromptConfig{
+				Message:     "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.",
+				ShowAnswers: true,
+				Out:         c.out,
+			}); err != nil {
+				return err
+			}
+		}
+	}
+
 	egressRules := makeEgressRules(egress)
 	if len(egressRules) > 0 {
 		scr.EgressRules = egressRules
@@ -908,6 +924,7 @@ func (c *config) updateCluster(args []string) error {
 	disableDefaultStorageClass := viper.GetBool("disable-custom-default-storage-class")
 
 	encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes"))
+	highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane"))
 
 	workerlabels, err := helper.LabelsToMap(workerlabelslice)
 	if err != nil {
@@ -965,6 +982,18 @@ func (c *config) updateCluster(args []string) error {
 	if viper.IsSet("logacceptedconns") {
 		clusterFeatures.LogAcceptedConnections = &logAcceptedConnections
 	}
+	if viper.IsSet("high-availability-control-plane") {
+		clusterFeatures.HighAvailability = &highAvailability
+		if v, _ := strconv.ParseBool(highAvailability); v {
+			if err := genericcli.PromptCustom(&genericcli.PromptConfig{
+				Message:     "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.",
+				ShowAnswers: true,
+				Out:         c.out,
+			}); err != nil {
+				return err
+			}
+		}
+	}
 
 	workergroupKubernetesVersion := viper.GetString("workerversion")
 

diff --git a/cmd/output/shootprinter.go b/cmd/output/shootprinter.go
@@ -151,6 +151,9 @@ func shootData(shoot *models.V1ClusterResponse, withIssues bool) ([]string, []st
 	if shoot.KubeAPIServerACL != nil && !*shoot.KubeAPIServerACL.Disabled {
 		shootStats.apiServer += "🔒"
 	}
+	if shoot.ClusterFeatures != nil && shoot.ClusterFeatures.HighAvailability != nil && *shoot.ClusterFeatures.HighAvailability == "true" {
+		shootStats.apiServer += "🌐"
+	}
 	name := *shoot.Name
 	if shoot.NetworkAccessType != nil {
 		if *shoot.NetworkAccessType == models.V1ClusterCreateRequestNetworkAccessTypeForbidden {