Wrong CIDR used when BYO VPC has multiple CIDRs

[r4f4]

trafficstars

/kind bug

What steps did you take and what happened:

Create a VPC with 3 CIDR blocks (A, B, and C), each containing 2 subnets, 1 private and 1 public. During cluster creation, specify the subnets in CIDR block B. Also set VPCSpec{ID: $vpcID, CidrBlock: $cidrBlock_B} in the cluster network spec. When CAPA creates the security groups, it uses the cidr block derived from the VPC [1][2] which is the first VPC in a list [3] (usually CIDR block A).

[1] https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/pkg/cloud/services/securitygroup/securitygroups.go#L660 [2] https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/pkg/cloud/services/network/vpc.go#L52-L57 [3] https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/pkg/cloud/services/network/vpc.go#L589-L593

What did you expect to happen:

CAPA to either respect the CIDRBlock specified in the VPCSpec or to check a VPC for multiple blocks and use the correct one.

Anything else you would like to add:

Environment:

• Cluster-api-provider-aws version:
• Kubernetes version: (use kubectl version):
• OS (e.g. from /etc/os-release):