cluster-api-provider-aws
cluster-api-provider-aws copied to clipboard
kubernetes-sigs
Allow for Self-Managed VPC with a Secondary Subnet for Pods
What type of PR is this? /kind bug
What this PR does / why we need it: This is quite the logic puzzle so apologies in advance and try and bear with me. I found a situation when trying to configure the VPC/CNI you are unable to generate ENIConfigs for secondary subnets for the pods. CAPA is making the assumption that if you want a secondary subnet you are using SecondaryCIDRBlock.
This is the core logic
- ENIConfig creation is gated behind a not nil SecondaryCIDRBlock
- ENIConfig creation only creates ENIConfigs for subnets tagged
sigs.k8s.io/cluster-api-provider-aws/association=secondary - subnet creation is gated behind a VPC ID being not present
The only scenario you can get ENIConfigs for an unmanaged VPC is by setting the VPC ID, setting SecondaryCIDRBlock (which is ignored) to one of the two allowed ranges and tagging your subnets.
To fix I propose we only make ENIConfigs if we have secondary subnets. This will leave the managed VPCs with the same logic around SecondaryCIDRBlock while allowing unmanaged VPC users to tag and choose which subnets CAPA will create ENIConfigs.
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #
Special notes for your reviewer: This PR contains a cherry-pick of https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/3681 because it has the updated networking docs so only look at 946c0b90dfdf69732209bf3af2e245f9d95f8e05. It also seems I wrote wrote the cidr parser test for a /16 instead of a /10
Checklist:
- [ ] squashed commits
- [ ] includes documentation
- [ ] adds unit tests
- [ ] adds or updates e2e tests
Hi @luthermonson. Thanks for your PR.
I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign enxebre for approval by writing /assign @enxebre in a comment. For more information see:The Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
@richardcase: The following commands are available to trigger required jobs:
/test pull-cluster-api-provider-aws-build/test pull-cluster-api-provider-aws-test/test pull-cluster-api-provider-aws-verify
The following commands are available to trigger optional jobs:
/test pull-cluster-api-provider-aws-apidiff-main/test pull-cluster-api-provider-aws-e2e/test pull-cluster-api-provider-aws-e2e-blocking/test pull-cluster-api-provider-aws-e2e-clusterclass/test pull-cluster-api-provider-aws-e2e-conformance/test pull-cluster-api-provider-aws-e2e-conformance-with-ci-artifacts/test pull-cluster-api-provider-aws-e2e-eks
Use /test all to run the following jobs that were automatically triggered:
pull-cluster-api-provider-aws-apidiff-mainpull-cluster-api-provider-aws-buildpull-cluster-api-provider-aws-testpull-cluster-api-provider-aws-verify
In response to this:
/test ?
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
/test pull-cluster-api-provider-aws-e2e /test pull-cluster-api-provider-aws-e2e-eks
@luthermonson: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-cluster-api-provider-aws-test | d06413f9821baea56d998cf5fd4d1d73ccfc3b78 | link | true | /test pull-cluster-api-provider-aws-test |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
@luthermonson could you please fix unit tests TestReconcileCniVpcCniValues ?
@luthermonson: PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
The committers listed above are authorized under a signed CLA.
- :white_check_mark: login: luthermonson / name: Luther Monson (4013e3dad6c3a593e3adb8c6cacc1d79fde8b02d)
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: Ankitasw
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [Ankitasw]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment