Skip to content

Commit 108127e

Browse files
AndiDogAndiDog
committed
Support adding custom secondary VPC CIDR blocks in AWSCluster 
1 parent 1313226 commit 108127e

36 files changed

+516
-94
lines changed

api/v1beta1/awscluster_conversion.go

+1
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,7 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
104104
dst.Spec.NetworkSpec.VPC.EmptyRoutesDefaultVPCSecurityGroup = restored.Spec.NetworkSpec.VPC.EmptyRoutesDefaultVPCSecurityGroup
105105
dst.Spec.NetworkSpec.VPC.PrivateDNSHostnameTypeOnLaunch = restored.Spec.NetworkSpec.VPC.PrivateDNSHostnameTypeOnLaunch
106106
dst.Spec.NetworkSpec.VPC.CarrierGatewayID = restored.Spec.NetworkSpec.VPC.CarrierGatewayID
107+
dst.Spec.NetworkSpec.VPC.SecondaryCidrBlocks = restored.Spec.NetworkSpec.VPC.SecondaryCidrBlocks
107108

108109
if restored.Spec.NetworkSpec.VPC.ElasticIPPool != nil {
109110
if dst.Spec.NetworkSpec.VPC.ElasticIPPool == nil {

api/v1beta1/zz_generated.conversion.go

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/v1beta2/awscluster_webhook.go

+8
Original file line numberDiff line numberDiff line change
@@ -283,6 +283,14 @@ func (r *AWSCluster) validateNetwork() field.ErrorList {
283283
}
284284
}
285285

286+
secondaryCidrBlocks := r.Spec.NetworkSpec.VPC.SecondaryCidrBlocks
287+
secondaryCidrBlocksField := field.NewPath("spec", "network", "vpc", "secondaryCidrBlocks")
288+
for _, cidrBlock := range secondaryCidrBlocks {
289+
if r.Spec.NetworkSpec.VPC.CidrBlock != "" && r.Spec.NetworkSpec.VPC.CidrBlock == cidrBlock.IPv4CidrBlock {
290+
allErrs = append(allErrs, field.Invalid(secondaryCidrBlocksField, secondaryCidrBlocks, fmt.Sprintf("AWSCluster.spec.network.vpc.secondaryCidrBlocks must not contain the primary AWSCluster.spec.network.vpc.cidrBlock %v", r.Spec.NetworkSpec.VPC.CidrBlock)))
291+
}
292+
}
293+
286294
return allErrs
287295
}
288296

api/v1beta2/network_types.go

+13
Original file line numberDiff line numberDiff line change
@@ -388,6 +388,13 @@ type IPAMPool struct {
388388
NetmaskLength int64 `json:"netmaskLength,omitempty"`
389389
}
390390

391+
// VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported.
392+
type VpcCidrBlock struct {
393+
// IPv4CidrBlock is the IPv4 CIDR block to associate with the managed VPC.
394+
// +kubebuilder:validation:MinLength=1
395+
IPv4CidrBlock string `json:"ipv4CidrBlock"`
396+
}
397+
391398
// VPCSpec configures an AWS VPC.
392399
type VPCSpec struct {
393400
// ID is the vpc-id of the VPC this provider should use to create resources.
@@ -398,6 +405,12 @@ type VPCSpec struct {
398405
// Mutually exclusive with IPAMPool.
399406
CidrBlock string `json:"cidrBlock,omitempty"`
400407

408+
// SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC.
409+
// Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use
410+
// a separate IP range for pods (e.g. Cilium ENI mode).
411+
// +optional
412+
SecondaryCidrBlocks []VpcCidrBlock `json:"secondaryCidrBlocks,omitempty"`
413+
401414
// IPAMPool defines the IPAMv4 pool to be used for VPC.
402415
// Mutually exclusive with CidrBlock.
403416
IPAMPool *IPAMPool `json:"ipamPool,omitempty"`

api/v1beta2/zz_generated.deepcopy.go

+20
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go

+2
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
9090
"ec2:AssignPrivateIpAddresses",
9191
"ec2:UnassignPrivateIpAddresses",
9292
"ec2:AssociateRouteTable",
93+
"ec2:AssociateVpcCidrBlock",
9394
"ec2:AttachInternetGateway",
9495
"ec2:AuthorizeSecurityGroupIngress",
9596
"ec2:CreateCarrierGateway",
@@ -104,6 +105,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
104105
"ec2:CreateTags",
105106
"ec2:CreateVpc",
106107
"ec2:CreateVpcEndpoint",
108+
"ec2:DisassociateVpcCidrBlock",
107109
"ec2:ModifyVpcAttribute",
108110
"ec2:ModifyVpcEndpoint",
109111
"ec2:DeleteCarrierGateway",

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ Resources:
155155
- ec2:AssignPrivateIpAddresses
156156
- ec2:UnassignPrivateIpAddresses
157157
- ec2:AssociateRouteTable
158+
- ec2:AssociateVpcCidrBlock
158159
- ec2:AttachInternetGateway
159160
- ec2:AuthorizeSecurityGroupIngress
160161
- ec2:CreateCarrierGateway
@@ -169,6 +170,7 @@ Resources:
169170
- ec2:CreateTags
170171
- ec2:CreateVpc
171172
- ec2:CreateVpcEndpoint
173+
- ec2:DisassociateVpcCidrBlock
172174
- ec2:ModifyVpcAttribute
173175
- ec2:ModifyVpcEndpoint
174176
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ Resources:
155155
- ec2:AssignPrivateIpAddresses
156156
- ec2:UnassignPrivateIpAddresses
157157
- ec2:AssociateRouteTable
158+
- ec2:AssociateVpcCidrBlock
158159
- ec2:AttachInternetGateway
159160
- ec2:AuthorizeSecurityGroupIngress
160161
- ec2:CreateCarrierGateway
@@ -169,6 +170,7 @@ Resources:
169170
- ec2:CreateTags
170171
- ec2:CreateVpc
171172
- ec2:CreateVpcEndpoint
173+
- ec2:DisassociateVpcCidrBlock
172174
- ec2:ModifyVpcAttribute
173175
- ec2:ModifyVpcEndpoint
174176
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ Resources:
155155
- ec2:AssignPrivateIpAddresses
156156
- ec2:UnassignPrivateIpAddresses
157157
- ec2:AssociateRouteTable
158+
- ec2:AssociateVpcCidrBlock
158159
- ec2:AttachInternetGateway
159160
- ec2:AuthorizeSecurityGroupIngress
160161
- ec2:CreateCarrierGateway
@@ -169,6 +170,7 @@ Resources:
169170
- ec2:CreateTags
170171
- ec2:CreateVpc
171172
- ec2:CreateVpcEndpoint
173+
- ec2:DisassociateVpcCidrBlock
172174
- ec2:ModifyVpcAttribute
173175
- ec2:ModifyVpcEndpoint
174176
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ Resources:
155155
- ec2:AssignPrivateIpAddresses
156156
- ec2:UnassignPrivateIpAddresses
157157
- ec2:AssociateRouteTable
158+
- ec2:AssociateVpcCidrBlock
158159
- ec2:AttachInternetGateway
159160
- ec2:AuthorizeSecurityGroupIngress
160161
- ec2:CreateCarrierGateway
@@ -169,6 +170,7 @@ Resources:
169170
- ec2:CreateTags
170171
- ec2:CreateVpc
171172
- ec2:CreateVpcEndpoint
173+
- ec2:DisassociateVpcCidrBlock
172174
- ec2:ModifyVpcAttribute
173175
- ec2:ModifyVpcEndpoint
174176
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ Resources:
149149
- ec2:AssignPrivateIpAddresses
150150
- ec2:UnassignPrivateIpAddresses
151151
- ec2:AssociateRouteTable
152+
- ec2:AssociateVpcCidrBlock
152153
- ec2:AttachInternetGateway
153154
- ec2:AuthorizeSecurityGroupIngress
154155
- ec2:CreateCarrierGateway
@@ -163,6 +164,7 @@ Resources:
163164
- ec2:CreateTags
164165
- ec2:CreateVpc
165166
- ec2:CreateVpcEndpoint
167+
- ec2:DisassociateVpcCidrBlock
166168
- ec2:ModifyVpcAttribute
167169
- ec2:ModifyVpcEndpoint
168170
- ec2:DeleteCarrierGateway

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml

+38
Original file line numberDiff line numberDiff line change
@@ -759,6 +759,25 @@ spec:
759759
- ip-name
760760
- resource-name
761761
type: string
762+
secondaryCidrBlocks:
763+
description: |-
764+
SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC.
765+
Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use
766+
a separate IP range for pods (e.g. Cilium ENI mode).
767+
items:
768+
description: VpcCidrBlock defines the CIDR block and settings
769+
to associate with the managed VPC. Currently, only IPv4
770+
is supported.
771+
properties:
772+
ipv4CidrBlock:
773+
description: IPv4CidrBlock is the IPv4 CIDR block to
774+
associate with the managed VPC.
775+
minLength: 1
776+
type: string
777+
required:
778+
- ipv4CidrBlock
779+
type: object
780+
type: array
762781
tags:
763782
additionalProperties:
764783
type: string
@@ -2750,6 +2769,25 @@ spec:
27502769
- ip-name
27512770
- resource-name
27522771
type: string
2772+
secondaryCidrBlocks:
2773+
description: |-
2774+
SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC.
2775+
Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use
2776+
a separate IP range for pods (e.g. Cilium ENI mode).
2777+
items:
2778+
description: VpcCidrBlock defines the CIDR block and settings
2779+
to associate with the managed VPC. Currently, only IPv4
2780+
is supported.
2781+
properties:
2782+
ipv4CidrBlock:
2783+
description: IPv4CidrBlock is the IPv4 CIDR block to
2784+
associate with the managed VPC.
2785+
minLength: 1
2786+
type: string
2787+
required:
2788+
- ipv4CidrBlock
2789+
type: object
2790+
type: array
27532791
tags:
27542792
additionalProperties:
27552793
type: string

0 commit comments

Comments
 (0)