From f24f4bc2f6e02edd8a1642b93fb4e4849ad59eb3 Mon Sep 17 00:00:00 2001 From: Quirin Vetterl <140174674+qrnvttrl@users.noreply.github.com> Date: Thu, 26 Sep 2024 13:33:22 +0200 Subject: [PATCH] Add `--high-availability` flag for cluster create and update (#319) --- cmd/cluster.go | 29 +++++++++++++++++++++++++++++ cmd/output/shootprinter.go | 3 +++ go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 35 insertions(+), 3 deletions(-) diff --git a/cmd/cluster.go b/cmd/cluster.go index c4f8059..0565793 100644 --- a/cmd/cluster.go +++ b/cmd/cluster.go @@ -246,6 +246,7 @@ func newClusterCmd(c *config) *cobra.Command { clusterCreateCmd.Flags().StringSlice("kube-apiserver-acl-allowed-cidrs", []string{}, "comma-separated list of external CIDRs allowed to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") clusterCreateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-allowed-cidrs [optional].") clusterCreateCmd.Flags().String("network-isolation", "", "defines restrictions to external network communication for the cluster, can be one of baseline|restricted|isolated. baseline sets no special restrictions to external networks, restricted by default only allows external traffic to explicitly allowed destinations, forbidden disallows communication with external networks except for a limited set of networks. Please consult the documentation for detailed descriptions of the individual modes as these cannot be altered anymore after creation. [optional]") + clusterCreateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again") genericcli.Must(clusterCreateCmd.MarkFlagRequired("name")) genericcli.Must(clusterCreateCmd.MarkFlagRequired("project")) @@ -336,6 +337,7 @@ func newClusterCmd(c *config) *cobra.Command { clusterUpdateCmd.Flags().StringSlice("kube-apiserver-acl-add-to-allowed-cidrs", []string{}, "comma-separated list of external CIDRs to add to the allowed CIDRs to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") clusterUpdateCmd.Flags().StringSlice("kube-apiserver-acl-remove-from-allowed-cidrs", []string{}, "comma-separated list of external CIDRs to be removed from the allowed CIDRs to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") clusterUpdateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-* [optional].") + clusterUpdateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again") genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("version", c.comp.VersionListCompletion)) genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("workerversion", c.comp.VersionListCompletion)) @@ -447,6 +449,7 @@ func (c *config) clusterCreate() error { encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes")) enableNodeLocalDNS := viper.GetBool("enable-node-local-dns") disableForwardToUpstreamDNS := viper.GetBool("disable-forwarding-to-upstream-dns") + highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane")) var cni string if viper.IsSet("cni") { @@ -673,6 +676,19 @@ WARNING: You are going to create a cluster that has no default internet access w } } + if viper.IsSet("high-availability-control-plane") { + scr.ClusterFeatures.HighAvailability = &highAvailability + if ha, _ := strconv.ParseBool(highAvailability); ha { + if err := genericcli.PromptCustom(&genericcli.PromptConfig{ + Message: "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.", + ShowAnswers: true, + Out: c.out, + }); err != nil { + return err + } + } + } + egressRules := makeEgressRules(egress) if len(egressRules) > 0 { scr.EgressRules = egressRules @@ -908,6 +924,7 @@ func (c *config) updateCluster(args []string) error { disableDefaultStorageClass := viper.GetBool("disable-custom-default-storage-class") encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes")) + highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane")) workerlabels, err := helper.LabelsToMap(workerlabelslice) if err != nil { @@ -965,6 +982,18 @@ func (c *config) updateCluster(args []string) error { if viper.IsSet("logacceptedconns") { clusterFeatures.LogAcceptedConnections = &logAcceptedConnections } + if viper.IsSet("high-availability-control-plane") { + clusterFeatures.HighAvailability = &highAvailability + if v, _ := strconv.ParseBool(highAvailability); v { + if err := genericcli.PromptCustom(&genericcli.PromptConfig{ + Message: "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.", + ShowAnswers: true, + Out: c.out, + }); err != nil { + return err + } + } + } workergroupKubernetesVersion := viper.GetString("workerversion") diff --git a/cmd/output/shootprinter.go b/cmd/output/shootprinter.go index b8374e6..c1fc579 100644 --- a/cmd/output/shootprinter.go +++ b/cmd/output/shootprinter.go @@ -151,6 +151,9 @@ func shootData(shoot *models.V1ClusterResponse, withIssues bool) ([]string, []st if shoot.KubeAPIServerACL != nil && !*shoot.KubeAPIServerACL.Disabled { shootStats.apiServer += "🔒" } + if shoot.ClusterFeatures != nil && shoot.ClusterFeatures.HighAvailability != nil && *shoot.ClusterFeatures.HighAvailability == "true" { + shootStats.apiServer += "🌐" + } name := *shoot.Name if shoot.NetworkAccessType != nil { if *shoot.NetworkAccessType == models.V1ClusterCreateRequestNetworkAccessTypeForbidden { diff --git a/go.mod b/go.mod index 9aafd3a..2f2a232 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/dustin/go-humanize v1.0.1 github.com/fatih/color v1.17.0 github.com/fi-ts/accounting-go v0.10.0 - github.com/fi-ts/cloud-go v0.28.0 + github.com/fi-ts/cloud-go v0.28.2 github.com/gardener/gardener v1.91.0 github.com/gardener/machine-controller-manager v0.53.1 github.com/go-openapi/runtime v0.28.0 diff --git a/go.sum b/go.sum index 1aaa184..15ea927 100644 --- a/go.sum +++ b/go.sum @@ -90,8 +90,8 @@ github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fi-ts/accounting-go v0.10.0 h1:vbPgTWq1iicyBWFRajX0bawZ1ADbhKGuJyNEtXjpr08= github.com/fi-ts/accounting-go v0.10.0/go.mod h1:ARKouuFYUV44xUKytAlczpzoti/S+o+PnXCN5BQA6nQ= -github.com/fi-ts/cloud-go v0.28.0 h1:MAg5Vsac9XYxCCL73USnceLtry1pvJovcNjwvqrv0lU= -github.com/fi-ts/cloud-go v0.28.0/go.mod h1:R7JMkC92eGvxkkMO1oP6lEevBH86DFiO9H9mo7YD5Sw= +github.com/fi-ts/cloud-go v0.28.2 h1:t+HTHxx7J0d46hbI1E3rL1DKcAO4b4knC6JITEB2n6k= +github.com/fi-ts/cloud-go v0.28.2/go.mod h1:R7JMkC92eGvxkkMO1oP6lEevBH86DFiO9H9mo7YD5Sw= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=