add LoadBalancerClass fields into api

docs/cluster_spec.md

@@ -11,7 +11,7 @@ On this page, we will expand on the more important configuration keys.
 This object configures how we expose the API:
 
 * `dns` will allow direct access to master instances, and configure DNS to point directly to the master nodes.
-* `loadBalancer` will configure a load balancer (ELB) in front of the master nodes, and configure DNS to point to the ELB.
+* `loadBalancer` will configure a load balancer (ELB or NLB) in front of the master nodes, and configure DNS to point to the LB.
 
 DNS example:
 
@@ -22,7 +22,7 @@ spec:
 ```
 
 
-When configuring a LoadBalancer, you can also choose to have a public ELB or an internal (VPC only) ELB.  The `type`
+When configuring a LoadBalancer, you can also choose to have a public LoadBalancer or an internal (VPC only) LoadBalancer.  The `type`
 field should be `Public` or `Internal`.
 
 Also, you can add precreated additional security groups to the load balancer by setting `additionalSecurityGroups`.
@@ -37,7 +37,7 @@ spec:
       - sg-xxxxxxxx
 ```
 
-Additionally, you can increase idle timeout of the load balancer by setting its `idleTimeoutSeconds`. The default idle timeout is 5 minutes, with a maximum of 3600 seconds (60 minutes) being allowed by AWS.
+Additionally, you can increase idle timeout of the load balancer by setting its `idleTimeoutSeconds`. The default idle timeout is 5 minutes, with a maximum of 3600 seconds (60 minutes) being allowed by AWS.  Note this value is ignored for load balancer Class `Network`.
 For more information see [configuring idle timeouts](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html).
 
 ```yaml
@@ -80,6 +80,17 @@ spec:
       crossZoneLoadBalancing: true
 ```
 
+*AWS only*
+You can choose to have a Network Load Balancer instead of a Classsic Load Balancer.  The `class`
+field should be either `Network` or `Classic` (default). Note: Note: changing the class of load balancer in an existing
+cluster is a disruptive operation. Until the masters have gone through a rolling update, new connections to the apiserver will fail due to the old master's TLS certificates containing the old load balancer's IP address.
+```yaml
+spec:
+  api:
+    loadBalancer:
+      class : Network
+```
+
 ## etcdClusters
 
 ### The default etcd configuration

k8s/crds/kops.k8s.io_clusters.yaml

@@ -73,6 +73,10 @@ spec:
                         items:
                           type: string
                         type: array
+                      class:
+                        description: 'Class determines the type of API Loadbalancer.
+                          Valid values:   ''network'' use aws nlb or ''classic'' use aws elb (default)'
+                        type: string
                       crossZoneLoadBalancing:
                         description: CrossZoneLoadBalancing allows you to enable the cross zone load balancing
                         type: boolean

pkg/apis/kops/cluster.go

@@ -358,8 +358,23 @@ const (
 	LoadBalancerTypeInternal LoadBalancerType = "Internal"
 )
 
+// LoadBalancerClass string describes LoadBalancer classes (classic, network)
+type LoadBalancerClass string
+
+const (
+	LoadBalancerClassClassic LoadBalancerClass = "Classic"
+	LoadBalancerClassNetwork LoadBalancerClass = "Network"
+)
+
+var SupportedLoadBalancerClasses = []string{
+	string(LoadBalancerClassClassic),
+	string(LoadBalancerClassNetwork),
+}
+
 // LoadBalancerAccessSpec provides configuration details related to API LoadBalancer and its access
 type LoadBalancerAccessSpec struct {
+	// LoadBalancerClass specifies the class of load balancer to create: classic, network.
+	Class LoadBalancerClass `json:"class,omitempty"`
 	// Type of load balancer to create may Public or Internal.
 	Type LoadBalancerType `json:"type,omitempty"`
 	// IdleTimeoutSeconds sets the timeout of the api loadbalancer.

pkg/apis/kops/v1alpha2/cluster.go

@@ -360,8 +360,23 @@ const (
 	LoadBalancerTypeInternal LoadBalancerType = "Internal"
 )
 
+// LoadBalancerClass string describes LoadBalancer classes (classic, network)
+type LoadBalancerClass string
+
+const (
+	LoadBalancerClassClassic LoadBalancerClass = "Classic"
+	LoadBalancerClassNetwork LoadBalancerClass = "Network"
+)
+
+var SupportedLoadBalancerClasses = []string{
+	string(LoadBalancerClassClassic),
+	string(LoadBalancerClassNetwork),
+}
+
 // LoadBalancerAccessSpec provides configuration details related to API LoadBalancer and its access
 type LoadBalancerAccessSpec struct {
+	// LoadBalancerClass specifies the class of load balancer to create: classic, network
+	Class LoadBalancerClass `json:"class,omitempty"`
 	// Type of load balancer to create may Public or Internal.
 	Type LoadBalancerType `json:"type,omitempty"`
 	// IdleTimeoutSeconds sets the timeout of the api loadbalancer.

pkg/apis/kops/v1alpha2/defaults.go

@@ -70,6 +70,10 @@ func SetDefaults_ClusterSpec(obj *ClusterSpec) {
 
 	}
 
+	if obj.API.LoadBalancer != nil && obj.API.LoadBalancer.Class == "" {
+		obj.API.LoadBalancer.Class = LoadBalancerClassClassic
+	}
+
 	if obj.Authorization == nil {
 		obj.Authorization = &AuthorizationSpec{}
 	}

pkg/apis/kops/validation/validation.go

@@ -207,6 +207,11 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		allErrs = append(allErrs, validateRollingUpdate(spec.RollingUpdate, fieldPath.Child("rollingUpdate"), false)...)
 	}
 
+	if spec.API != nil && spec.API.LoadBalancer != nil {
+		value := string(spec.API.LoadBalancer.Class)
+		allErrs = append(allErrs, IsValidValue(fieldPath.Child("class"), &value, kops.SupportedLoadBalancerClasses)...)
+	}
+
 	return allErrs
 }