Skip to content

Commit

Permalink
Merge pull request #4444 from MaxFedotov/vpc-ipam-manager
Browse files Browse the repository at this point in the history
feat: support IPAM Manager for VPC creation
k8s-ci-robot authored Sep 15, 2023
2 parents 1f688e3 + 5f272fb commit 60437fb
Showing 29 changed files with 490 additions and 42 deletions.
24 changes: 24 additions & 0 deletions api/v1beta1/awscluster_conversion.go
Original file line number Diff line number Diff line change
@@ -55,6 +55,22 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
}
dst.Status.Network.NatGatewaysIPs = restored.Status.Network.NatGatewaysIPs

if restored.Spec.NetworkSpec.VPC.IPAMPool != nil {
if dst.Spec.NetworkSpec.VPC.IPAMPool == nil {
dst.Spec.NetworkSpec.VPC.IPAMPool = &infrav2.IPAMPool{}
}

restoreIPAMPool(restored.Spec.NetworkSpec.VPC.IPAMPool, dst.Spec.NetworkSpec.VPC.IPAMPool)
}

if restored.Spec.NetworkSpec.VPC.IsIPv6Enabled() && restored.Spec.NetworkSpec.VPC.IPv6.IPAMPool != nil {
if dst.Spec.NetworkSpec.VPC.IPv6.IPAMPool == nil {
dst.Spec.NetworkSpec.VPC.IPv6.IPAMPool = &infrav2.IPAMPool{}
}

restoreIPAMPool(restored.Spec.NetworkSpec.VPC.IPv6.IPAMPool, dst.Spec.NetworkSpec.VPC.IPv6.IPAMPool)
}

return nil
}

@@ -67,6 +83,14 @@ func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav2.LoadBalancer)
dst.ELBListeners = restored.ELBListeners
}

// restoreIPAMPool manually restores the ipam pool data.
// Assumes restored and dst are non-nil.
func restoreIPAMPool(restored, dst *infrav2.IPAMPool) {
dst.ID = restored.ID
dst.Name = restored.Name
dst.NetmaskLength = restored.NetmaskLength
}

// restoreControlPlaneLoadBalancer manually restores the control plane loadbalancer data.
// Assumes restored and dst are non-nil.
func restoreControlPlaneLoadBalancer(restored, dst *infrav2.AWSLoadBalancerSpec) {
8 changes: 8 additions & 0 deletions api/v1beta1/conversion.go
Original file line number Diff line number Diff line change
@@ -82,3 +82,11 @@ func Convert_v1beta2_LoadBalancer_To_v1beta1_ClassicELB(in *v1beta2.LoadBalancer
func Convert_v1beta2_IngressRule_To_v1beta1_IngressRule(in *v1beta2.IngressRule, out *IngressRule, s conversion.Scope) error {
return autoConvert_v1beta2_IngressRule_To_v1beta1_IngressRule(in, out, s)
}

func Convert_v1beta2_VPCSpec_To_v1beta1_VPCSpec(in *v1beta2.VPCSpec, out *VPCSpec, s conversion.Scope) error {
return autoConvert_v1beta2_VPCSpec_To_v1beta1_VPCSpec(in, out, s)
}

func Convert_v1beta2_IPv6_To_v1beta1_IPv6(in *v1beta2.IPv6, out *IPv6, s conversion.Scope) error {
return autoConvert_v1beta2_IPv6_To_v1beta1_IPv6(in, out, s)
}
52 changes: 30 additions & 22 deletions api/v1beta1/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions api/v1beta2/awscluster_webhook.go
Original file line number Diff line number Diff line change
@@ -228,6 +228,15 @@ func (r *AWSCluster) validateNetwork() field.ErrorList {
allErrs = append(allErrs, field.Invalid(field.NewPath("subnets"), r.Spec.NetworkSpec.Subnets, "IPv6 cannot be used with unmanaged clusters at this time."))
}
}

if r.Spec.NetworkSpec.VPC.CidrBlock != "" && r.Spec.NetworkSpec.VPC.IPAMPool != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("cidrBlock"), r.Spec.NetworkSpec.VPC.CidrBlock, "cidrBlock and ipamPool cannot be used together"))
}

if r.Spec.NetworkSpec.VPC.IPAMPool != nil && r.Spec.NetworkSpec.VPC.IPAMPool.ID == "" && r.Spec.NetworkSpec.VPC.IPAMPool.Name == "" {
allErrs = append(allErrs, field.Invalid(field.NewPath("ipamPool"), r.Spec.NetworkSpec.VPC.IPAMPool, "ipamPool must have either id or name"))
}

return allErrs
}

27 changes: 27 additions & 0 deletions api/v1beta2/awscluster_webhook_test.go
Original file line number Diff line number Diff line change
@@ -335,6 +335,33 @@ func TestAWSClusterValidateCreate(t *testing.T) {
},
wantErr: false,
},
{
name: "rejects cidrBlock and ipamPool if set together",
cluster: &AWSCluster{
Spec: AWSClusterSpec{
NetworkSpec: NetworkSpec{
VPC: VPCSpec{
CidrBlock: "10.0.0.0/16",
IPAMPool: &IPAMPool{},
},
},
},
},
wantErr: true,
},
{
name: "rejects ipamPool if id or name not set",
cluster: &AWSCluster{
Spec: AWSClusterSpec{
NetworkSpec: NetworkSpec{
VPC: VPCSpec{
IPAMPool: &IPAMPool{},
},
},
},
},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
25 changes: 25 additions & 0 deletions api/v1beta2/network_types.go
Original file line number Diff line number Diff line change
@@ -245,16 +245,36 @@ type NetworkSpec struct {
// IPv6 contains ipv6 specific settings for the network.
type IPv6 struct {
// CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6.
// Mutually exclusive with IPAMPool.
// +optional
CidrBlock string `json:"cidrBlock,omitempty"`

// PoolID is the IP pool which must be defined in case of BYO IP is defined.
// Must be specified if CidrBlock is set.
// Mutually exclusive with IPAMPool.
// +optional
PoolID string `json:"poolId,omitempty"`

// EgressOnlyInternetGatewayID is the id of the egress only internet gateway associated with an IPv6 enabled VPC.
// +optional
EgressOnlyInternetGatewayID *string `json:"egressOnlyInternetGatewayId,omitempty"`

// IPAMPool defines the IPAMv6 pool to be used for VPC.
// Mutually exclusive with CidrBlock.
// +optional
IPAMPool *IPAMPool `json:"ipamPool,omitempty"`
}

// IPAMPool defines the IPAM pool to be used for VPC.
type IPAMPool struct {
// ID is the ID of the IPAM pool this provider should use to create VPC.
ID string `json:"id,omitempty"`
// Name is the name of the IPAM pool this provider should use to create VPC.
Name string `json:"name,omitempty"`
// The netmask length of the IPv4 CIDR you want to allocate to VPC from
// an Amazon VPC IP Address Manager (IPAM) pool.
// Defaults to /16 for IPv4 if not specified.
NetmaskLength int64 `json:"netmaskLength,omitempty"`
}

// VPCSpec configures an AWS VPC.
@@ -264,8 +284,13 @@ type VPCSpec struct {

// CidrBlock is the CIDR block to be used when the provider creates a managed VPC.
// Defaults to 10.0.0.0/16.
// Mutually exclusive with IPAMPool.
CidrBlock string `json:"cidrBlock,omitempty"`

// IPAMPool defines the IPAMv4 pool to be used for VPC.
// Mutually exclusive with CidrBlock.
IPAMPool *IPAMPool `json:"ipamPool,omitempty"`

// IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters.
// This field cannot be set on AWSCluster object.
// +optional
25 changes: 25 additions & 0 deletions api/v1beta2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -81,6 +81,8 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
Effect: iamv1.EffectAllow,
Resource: iamv1.Resources{iamv1.Any},
Action: iamv1.Actions{
"ec2:DescribeIpamPools",
"ec2:AllocateIpamPoolCidr",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:AllocateAddress",
Original file line number Diff line number Diff line change
@@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Original file line number Diff line number Diff line change
@@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Loading

0 comments on commit 60437fb

Please sign in to comment.