cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

✨ Support adding custom secondary VPC CIDR blocks in `AWSCluster`

Open AndiDog opened this issue 10 months ago • 13 comments

What type of PR is this?

/kind feature

What this PR does / why we need it:

For Cilium in AWS ENI mode, or other CNIs that can use a separate CIDR block e.g. for pod IPs, we need to support creating those CIDRs like we do for EKS.

I kept IPv6 out for now since most users won't be able to use it, but kept the structure field naming flexible to accommodate for it later.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

n/a

Checklist:

  • [x] squashed commits
  • [ ] includes documentation
  • [x] includes emojis
  • [x] adds unit tests
  • [ ] adds or updates e2e tests

Release note:

Support adding custom secondary VPC CIDR blocks in `AWSCluster`

AndiDog avatar Mar 27 '24 12:03 AndiDog

/test pull-cluster-api-provider-aws-e2e /test pull-cluster-api-provider-aws-e2e-eks

AndiDog avatar Mar 27 '24 16:03 AndiDog

/test pull-cluster-api-provider-aws-e2e

nrb avatar Apr 03 '24 15:04 nrb

Marking as draft again since there seem to be some implications and assumptions regarding subnets that CAPA has. I'll first dig into that and update the PR.

AndiDog avatar Apr 09 '24 15:04 AndiDog

Working now. I included and extended the fix https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/4800/files since CAPA isn't supposed to choose any secondary CIDR subnet for creating nodes.

AndiDog avatar Apr 15 '24 13:04 AndiDog

/lgtm

The verify job just needs a make generate run, and the API diff doesn't look concerning.

nrb avatar Apr 23 '24 18:04 nrb

I ran make generate and my commit is up to date with that. But it seems the YAML output is slightly different on my machine compared to CI. I'll check the tool versions and update here.

AndiDog avatar Apr 25 '24 09:04 AndiDog

@nrb Looks fine now after I rebased onto main

AndiDog avatar Apr 30 '24 11:04 AndiDog

/lgtm

nrb avatar Apr 30 '24 15:04 nrb

I added the two permissions

ec2:AssociateVpcCidrBlock
ec2:DisassociateVpcCidrBlock

to func (t Template) ControllersPolicy() *iamv1.PolicyDocument because they were only listed for EKS until now.

AndiDog avatar May 02 '24 07:05 AndiDog

make test works for me locally, let's try again

/test pull-cluster-api-provider-aws-test

AndiDog avatar May 03 '24 09:05 AndiDog

Rebased. @cnmcavoy can you take a look again (was already LGTM)? And @Ankitasw @richardcase I need an approval as well.

AndiDog avatar Jul 01 '24 08:07 AndiDog

/lgtm

cnmcavoy avatar Jul 01 '24 15:07 cnmcavoy

I had to rebase this once again due to the new field SubnetSchema which gave easily resolvable merge conflicts.

@richardcase @Ankitasw do you have time to look into this PR? It was already reviewed, but not approved.

AndiDog avatar Jul 26 '24 12:07 AndiDog

/lgtm /approve

nrb avatar Jul 30 '24 15:07 nrb

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nrb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Jul 30 '24 15:07 k8s-ci-robot