diff --git a/cmd/cluster.go b/cmd/cluster.go index c4f8059..0565793 100644 --- a/cmd/cluster.go +++ b/cmd/cluster.go @@ -246,6 +246,7 @@ func newClusterCmd(c *config) *cobra.Command { clusterCreateCmd.Flags().StringSlice("kube-apiserver-acl-allowed-cidrs", []string{}, "comma-separated list of external CIDRs allowed to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") clusterCreateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-allowed-cidrs [optional].") clusterCreateCmd.Flags().String("network-isolation", "", "defines restrictions to external network communication for the cluster, can be one of baseline|restricted|isolated. baseline sets no special restrictions to external networks, restricted by default only allows external traffic to explicitly allowed destinations, forbidden disallows communication with external networks except for a limited set of networks. Please consult the documentation for detailed descriptions of the individual modes as these cannot be altered anymore after creation. [optional]") + clusterCreateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again") genericcli.Must(clusterCreateCmd.MarkFlagRequired("name")) genericcli.Must(clusterCreateCmd.MarkFlagRequired("project")) @@ -336,6 +337,7 @@ func newClusterCmd(c *config) *cobra.Command { clusterUpdateCmd.Flags().StringSlice("kube-apiserver-acl-add-to-allowed-cidrs", []string{}, "comma-separated list of external CIDRs to add to the allowed CIDRs to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") clusterUpdateCmd.Flags().StringSlice("kube-apiserver-acl-remove-from-allowed-cidrs", []string{}, "comma-separated list of external CIDRs to be removed from the allowed CIDRs to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") clusterUpdateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-* [optional].") + clusterUpdateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again") genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("version", c.comp.VersionListCompletion)) genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("workerversion", c.comp.VersionListCompletion)) @@ -447,6 +449,7 @@ func (c *config) clusterCreate() error { encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes")) enableNodeLocalDNS := viper.GetBool("enable-node-local-dns") disableForwardToUpstreamDNS := viper.GetBool("disable-forwarding-to-upstream-dns") + highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane")) var cni string if viper.IsSet("cni") { @@ -673,6 +676,19 @@ WARNING: You are going to create a cluster that has no default internet access w } } + if viper.IsSet("high-availability-control-plane") { + scr.ClusterFeatures.HighAvailability = &highAvailability + if ha, _ := strconv.ParseBool(highAvailability); ha { + if err := genericcli.PromptCustom(&genericcli.PromptConfig{ + Message: "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.", + ShowAnswers: true, + Out: c.out, + }); err != nil { + return err + } + } + } + egressRules := makeEgressRules(egress) if len(egressRules) > 0 { scr.EgressRules = egressRules @@ -908,6 +924,7 @@ func (c *config) updateCluster(args []string) error { disableDefaultStorageClass := viper.GetBool("disable-custom-default-storage-class") encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes")) + highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane")) workerlabels, err := helper.LabelsToMap(workerlabelslice) if err != nil { @@ -965,6 +982,18 @@ func (c *config) updateCluster(args []string) error { if viper.IsSet("logacceptedconns") { clusterFeatures.LogAcceptedConnections = &logAcceptedConnections } + if viper.IsSet("high-availability-control-plane") { + clusterFeatures.HighAvailability = &highAvailability + if v, _ := strconv.ParseBool(highAvailability); v { + if err := genericcli.PromptCustom(&genericcli.PromptConfig{ + Message: "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.", + ShowAnswers: true, + Out: c.out, + }); err != nil { + return err + } + } + } workergroupKubernetesVersion := viper.GetString("workerversion") diff --git a/cmd/output/shootprinter.go b/cmd/output/shootprinter.go index b8374e6..c1fc579 100644 --- a/cmd/output/shootprinter.go +++ b/cmd/output/shootprinter.go @@ -151,6 +151,9 @@ func shootData(shoot *models.V1ClusterResponse, withIssues bool) ([]string, []st if shoot.KubeAPIServerACL != nil && !*shoot.KubeAPIServerACL.Disabled { shootStats.apiServer += "🔒" } + if shoot.ClusterFeatures != nil && shoot.ClusterFeatures.HighAvailability != nil && *shoot.ClusterFeatures.HighAvailability == "true" { + shootStats.apiServer += "🌐" + } name := *shoot.Name if shoot.NetworkAccessType != nil { if *shoot.NetworkAccessType == models.V1ClusterCreateRequestNetworkAccessTypeForbidden {