diff --git a/api/v1beta2/network_types.go b/api/v1beta2/network_types.go index ea5d627a61..ed4b947c72 100644 --- a/api/v1beta2/network_types.go +++ b/api/v1beta2/network_types.go @@ -510,6 +510,17 @@ func (s Subnets) FilterPrivate() (res Subnets) { return } +// FilterNonCni returns the subnets that are NOT intended for usage with the CNI pod network +// (i.e. do NOT have the `sigs.k8s.io/cluster-api-provider-aws/association=secondary` tag). +func (s Subnets) FilterNonCni() (res Subnets) { + for _, x := range s { + if x.Tags[NameAWSSubnetAssociation] != SecondarySubnetTagValue { + res = append(res, x) + } + } + return +} + // FilterPublic returns a slice containing all subnets marked as public. func (s Subnets) FilterPublic() (res Subnets) { for _, x := range s { diff --git a/pkg/cloud/scope/shared.go b/pkg/cloud/scope/shared.go index 865ebfaf52..ce7ed2fa00 100644 --- a/pkg/cloud/scope/shared.go +++ b/pkg/cloud/scope/shared.go @@ -122,6 +122,7 @@ func (p *defaultSubnetPlacementStrategy) getSubnetsForAZs(azs []string, controlP subnets = subnets.FilterPublic() case expinfrav1.AZSubnetTypePrivate: subnets = subnets.FilterPrivate() + subnets = subnets.FilterNonCni() } } if len(subnets) == 0 { diff --git a/pkg/cloud/scope/shared_test.go b/pkg/cloud/scope/shared_test.go index 34d124abf3..8afc051c6c 100644 --- a/pkg/cloud/scope/shared_test.go +++ b/pkg/cloud/scope/shared_test.go @@ -182,6 +182,14 @@ func TestSubnetPlacement(t *testing.T) { AvailabilityZone: "eu-west-1c", IsPublic: false, }, + infrav1.SubnetSpec{ + ID: "subnet-az6", + AvailabilityZone: "eu-west-1c", + IsPublic: false, + Tags: infrav1.Tags{ + infrav1.NameAWSSubnetAssociation: infrav1.SecondarySubnetTagValue, + }, + }, }, logger: logger.NewLogger(klog.Background()), expectedSubnetIDs: []string{"subnet-az3"},