Skip to content

Commit

Permalink
feat: support IPAM Manager for VPC creation
Browse files Browse the repository at this point in the history
  • Loading branch information
@MaxFedotov
MaxFedotov committed Aug 10, 2023
1 parent 2891a57 commit f43a36b
Show file tree
Hide file tree
Showing 27 changed files with 262 additions and 14 deletions.
16 changes: 16 additions & 0 deletions api/v1beta1/awscluster_conversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,14 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
dst.Status.Network.SecurityGroups[role] = sg
}

if restored.Spec.NetworkSpec.VPC.IPAMPool != nil {
if dst.Spec.NetworkSpec.VPC.IPAMPool == nil {
dst.Spec.NetworkSpec.VPC.IPAMPool = &infrav2.IPAMPool{}
}

restoreIPAMPool(restored.Spec.NetworkSpec.VPC.IPAMPool, dst.Spec.NetworkSpec.VPC.IPAMPool)
}

return nil
}

Expand All @@ -66,6 +74,14 @@ func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav2.LoadBalancer)
dst.ELBListeners = restored.ELBListeners
}

// restoreIPAMPool manually restores the ipam pool data.
// Assumes restored and dst are non-nil.
func restoreIPAMPool(restored, dst *infrav2.IPAMPool) {
dst.ID = restored.ID
dst.Name = restored.Name
dst.NetmaskLength = restored.NetmaskLength
}

// restoreControlPlaneLoadBalancer manually restores the control plane loadbalancer data.
// Assumes restored and dst are non-nil.
func restoreControlPlaneLoadBalancer(restored, dst *infrav2.AWSLoadBalancerSpec) {
Expand Down
4 changes: 4 additions & 0 deletions api/v1beta1/conversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,3 +82,7 @@ func Convert_v1beta2_LoadBalancer_To_v1beta1_ClassicELB(in *v1beta2.LoadBalancer
func Convert_v1beta2_IngressRule_To_v1beta1_IngressRule(in *v1beta2.IngressRule, out *IngressRule, s conversion.Scope) error {
return autoConvert_v1beta2_IngressRule_To_v1beta1_IngressRule(in, out, s)
}

func Convert_v1beta2_VPCSpec_To_v1beta1_VPCSpec(in *v1beta2.VPCSpec, out *VPCSpec, s conversion.Scope) error {
return autoConvert_v1beta2_VPCSpec_To_v1beta1_VPCSpec(in, out, s)
}
16 changes: 6 additions & 10 deletions api/v1beta1/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions api/v1beta2/awscluster_webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,15 @@ func (r *AWSCluster) validateNetwork() field.ErrorList {
allErrs = append(allErrs, field.Invalid(field.NewPath("subnets"), r.Spec.NetworkSpec.Subnets, "IPv6 cannot be used with unmanaged clusters at this time."))
}
}

if r.Spec.NetworkSpec.VPC.CidrBlock != "" && r.Spec.NetworkSpec.VPC.IPAMPool != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("cidrBlock"), r.Spec.NetworkSpec.VPC.CidrBlock, "cidrBlock and ipamPool cannot be used together"))
}

if r.Spec.NetworkSpec.VPC.IPAMPool != nil && r.Spec.NetworkSpec.VPC.IPAMPool.ID == "" && r.Spec.NetworkSpec.VPC.IPAMPool.Name == "" {
allErrs = append(allErrs, field.Invalid(field.NewPath("ipamPool"), r.Spec.NetworkSpec.VPC.IPAMPool, "ipamPool must have either id or name"))
}

return allErrs
}

Expand Down
27 changes: 27 additions & 0 deletions api/v1beta2/awscluster_webhook_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,33 @@ func TestAWSClusterValidateCreate(t *testing.T) {
},
wantErr: false,
},
{
name: "rejects cidrBlock and ipamPool if set together",
cluster: &AWSCluster{
Spec: AWSClusterSpec{
NetworkSpec: NetworkSpec{
VPC: VPCSpec{
CidrBlock: "10.0.0.0/16",
IPAMPool: &IPAMPool{},
},
},
},
},
wantErr: true,
},
{
name: "rejects ipamPool if id or name not set",
cluster: &AWSCluster{
Spec: AWSClusterSpec{
NetworkSpec: NetworkSpec{
VPC: VPCSpec{
IPAMPool: &IPAMPool{},
},
},
},
},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down
15 changes: 15 additions & 0 deletions api/v1beta2/network_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,18 @@ type IPv6 struct {
EgressOnlyInternetGatewayID *string `json:"egressOnlyInternetGatewayId,omitempty"`
}

// IPAMPool defines the IPAM pool to be used for VPC.
type IPAMPool struct {
// ID is the ID of the IPAM pool this provider should use to create VPC.
ID string `json:"id,omitempty"`
// Name is the name of the IPAM pool this provider should use to create VPC.
Name string `json:"name,omitempty"`
// The netmask length of the IPv4 CIDR you want to allocate to VPC from
// an Amazon VPC IP Address Manager (IPAM) pool.
// Defaults to /16 for IPv4 if not specified.
NetmaskLength int64 `json:"netmaskLength,omitempty"`
}

// VPCSpec configures an AWS VPC.
type VPCSpec struct {
// ID is the vpc-id of the VPC this provider should use to create resources.
Expand All @@ -254,6 +266,9 @@ type VPCSpec struct {
// Defaults to 10.0.0.0/16.
CidrBlock string `json:"cidrBlock,omitempty"`

// IPAMPool defines the IPAM pool to be used for VPC.
IPAMPool *IPAMPool `json:"ipamPool,omitempty"`

// IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters.
// This field cannot be set on AWSCluster object.
// +optional
Expand Down
20 changes: 20 additions & 0 deletions api/v1beta2/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
Effect: iamv1.EffectAllow,
Resource: iamv1.Resources{iamv1.Any},
Action: iamv1.Actions{
"ec2:DescribeIpamPools",
"ec2:AllocateIpamPoolCidr",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:AllocateAddress",
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
2 changes: 2 additions & 0 deletions cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
PolicyDocument:
Statement:
- Action:
- ec2:DescribeIpamPools
- ec2:AllocateIpamPoolCidr
- ec2:AttachNetworkInterface
- ec2:DetachNetworkInterface
- ec2:AllocateAddress
Expand Down
38 changes: 38 additions & 0 deletions config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,25 @@ spec:
description: InternetGatewayID is the id of the internet gateway
associated with the VPC.
type: string
ipamPool:
description: IPAMPool defines the IPAM pool to be used for
VPC.
properties:
id:
description: ID is the ID of the IPAM pool this provider
should use to create VPC.
type: string
name:
description: Name is the name of the IPAM pool this provider
should use to create VPC.
type: string
netmaskLength:
description: The netmask length of the IPv4 CIDR you want
to allocate to VPC from an Amazon VPC IP Address Manager
(IPAM) pool. Defaults to /16 for IPv4 if not specified.
format: int64
type: integer
type: object
ipv6:
description: IPv6 contains ipv6 specific settings for the
network. Supported only in managed clusters. This field
Expand Down Expand Up @@ -1940,6 +1959,25 @@ spec:
description: InternetGatewayID is the id of the internet gateway
associated with the VPC.
type: string
ipamPool:
description: IPAMPool defines the IPAM pool to be used for
VPC.
properties:
id:
description: ID is the ID of the IPAM pool this provider
should use to create VPC.
type: string
name:
description: Name is the name of the IPAM pool this provider
should use to create VPC.
type: string
netmaskLength:
description: The netmask length of the IPv4 CIDR you want
to allocate to VPC from an Amazon VPC IP Address Manager
(IPAM) pool. Defaults to /16 for IPv4 if not specified.
format: int64
type: integer
type: object
ipv6:
description: IPv6 contains ipv6 specific settings for the
network. Supported only in managed clusters. This field
Expand Down
Loading

0 comments on commit f43a36b

Please sign in to comment.