Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Support BYO Public IPv4 Pool when provision infrastructure #4905

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

✨ Support BYO Public IPv4 Pool when provision infrastructure #4905

wants to merge 2 commits into from

Conversation

mtulio
Copy link
Contributor

@mtulio mtulio commented Apr 3, 2024
edited

What type of PR is this?

/kind feature
/kind api-change
/kind documentation

What this PR does / why we need it:

Introducing support of PublicIpv4Pool to provision base cluster infrastructure consuming public IPv4 (EIP) from a custom Public IPv4 pool brought to AWS.

A subset of changes of this PR is isolated into those PRs:

Which issue(s) this PR fixes

Fixes #4887

Special notes for your reviewer:

The changes proposes to create Elastic IPs for each resource and zone claiming public IP address when creating the core infrastructure components and Machines in public subnets. The components supported for core infrastructure are Nat Gateways and Network Load Balancer for API server.

Checklist:

  • squashed commits
  • includes documentation
  • includes emojis
  • adds unit tests
  • adds or updates e2e tests (NA)

Release note:

Introduce the support of provisioning public IPv4 address consuming from a custom Public IPv4 Pool that is brought to AWS. When the field `PublicIpv4Pool` is set with the pool ID, all the network resources which claims public IPv4, such as Network Load Balancers and NAT Gateways, will be created consuming from the custom pool.

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/documentation Categorizes issue or PR as related to documentation. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 3, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @mtulio. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 3, 2024
@mtulio mtulio mentioned this pull request Apr 3, 2024
Draft
mtulio
mtulio commented Apr 3, 2024
View reviewed changes
Copy link
Contributor Author

@mtulio mtulio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary changes to test locally as it has been addressed in #4892 . It will be removed once merged/rebased;

pkg/cloud/services/ec2/instances.go Outdated Show resolved Hide resolved
pkg/cloud/services/ec2/instances.go Outdated Show resolved Hide resolved
api/v1beta2/types.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 4, 2024
@mtulio
Copy link
Contributor Author

mtulio commented Apr 29, 2024

prevent WIP notifications
/uncc Ankitasw dlipovetsky

@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 30, 2024
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 30, 2024
@mtulio
Copy link
Contributor Author

mtulio commented Apr 30, 2024

/test pull-cluster-api-provider-aws-e2e

@k8s-ci-robot
Copy link
Contributor

@mtulio: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-cluster-api-provider-aws-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mtulio
Copy link
Contributor Author

mtulio commented Apr 30, 2024
edited

HI @damdo @nrb - can I have labels to test in this PR? Thanks

@damdo
Copy link
Member

damdo commented Apr 30, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 30, 2024
@mtulio
Copy link
Contributor Author

mtulio commented May 15, 2024

Hey @mtulio thanks a lot for this PR! I've left some comments, mostly nitpicks, catching typos, and some questions, nothing really wrong with it! :)

Hello @damdo , thanks a lot for your review, good suggestions. All applied. I am leaving only two comments "unresolved" to further discussion. Let me know your thoughts.

@vr4manta
Copy link

/lgtm

@k8s-ci-robot
Copy link
Contributor

@vr4manta: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mtulio
Copy link
Contributor Author

mtulio commented May 16, 2024

Hi CAPA maintainers, I will be OoO in the next three weeks, please also ping @rvanderp3 to align/address items in your review in this PR. Thanks.

damdo
damdo reviewed May 23, 2024
View reviewed changes
Copy link
Member

@damdo damdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing feedback @mtulio
Changes
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 23, 2024
@damdo
Copy link
Member

damdo commented May 23, 2024

Let's get an approver review.
Could any of you PTAL
/assign @richardcase @Ankitasw @dlipovetsky @vincepri @nrb

Thanks!

nrb
nrb reviewed May 28, 2024
View reviewed changes
api/v1beta2/awsmachine_webhook.go
if !strings.HasPrefix(*eipp.PublicIpv4Pool, awsPublicIpv4PoolPrefix) {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec.elasticIpPool.publicIpv4Pool"), r.Spec.ElasticIPPool, fmt.Sprintf("publicIpv4Pool must start with %s.", awsPublicIpv4PoolPrefix)))
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need the eipp.PublicIpv4Pool == nil && eipp.PublicIpv4PoolFallBackOrder != nil case here?

nrb
nrb reviewed May 28, 2024
View reviewed changes
api/v1beta2/network_types.go Outdated
@@ -477,6 +483,25 @@ func (v *VPCSpec) IsIPv6Enabled() bool {
return v.IPv6 != nil
}

// GetElasticIPPool returns the custom Elastic IP Pool configuration when present.
func (v *VPCSpec) GetElasticIPPool() *ElasticIPPool {
if v.ElasticIPPool == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we just return v.ElasticIPPool here, and eliminate the if statement?

nrb
nrb reviewed May 28, 2024
View reviewed changes
api/v1beta2/network_types.go Outdated
// resource ID starts with 'ipv4pool-ec2'.
//
// +kubebuilder:validation:MaxLength=30
// +kubebuilder:validation:XValidation:rule="self.startsWith('ipv4pool-ec2-')",message="publicIpv4Pool must start with 'ipv4pool-ec2-'"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation is present as an XValidation rule and in the webhook; do we need both?

nrb
nrb reviewed May 28, 2024
View reviewed changes
docs/book/src/topics/bring-your-own-aws-infrastructure.md Outdated
Bringing your own Public IPv4 Pool (BYOIPv4) can be used as an alternative to buying Public IPs from AWS, also considering the changes in charging for this since February 2024[2].

Supported resources to BYO Public IPv4 Pool (`BYO Public IPv4`):
- Nat Gateways
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Nat Gateways
- NAT Gateways

nrb
nrb reviewed May 28, 2024
View reviewed changes
pkg/cloud/services/ec2/instances_test.go
@@ -2141,7 +2141,7 @@ func TestCreateInstance(t *testing.T) {
AvailabilityZone: aws.String("us-east-1b"),
MapPublicIpOnLaunch: aws.Bool(true),
}},
}, nil)
}, nil).MaxTimes(2)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why set this max? To fail earlier?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the mock was failing due to it being called more than once. I believe the intent here was address that since it is supposed to be called twice.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 3, 2024
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Jun 3, 2024
edited

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: mtulio / name: Marco Braga (c27ddf6)
  • ✅ login: jcpowermac / name: Joseph Callen (a62b90d)

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. and removed cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jun 3, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from ankitasw. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

mtulio and others added 2 commits June 3, 2024 15:59
@mtulio @jcpowermac
✨ Support BYO Public IPv4 Pool for Elastic IPs
c27ddf6 
Introducing support of BYO Public IPv4 Pool to allow CAPA allocate
IPv4 Elastic IPs from user-provided IPv4 pools that was brought to
AWS when provisioning base cluster infrastructure.

This change introduce the API fields:
- AWSCLuster NetworkSpec.ElasticIPPool: allowing
the controllers to consume from user-provided public pools when provisioning
core components from the infrastructure, like Nat Gateways and public
Network Load Balancer (API server only)
- AWSMachine ElasticIPPool: allowing the machine to consume from BYO
  Public IPv4 pool when the instance is deployed in the public subnets.

The ElasticIPPool structure defines a custom IPv4 Pool (previously
created in the AWS Account) to teach controllers to set the pool when
creating public ip addresses (Elastic IPs) for components which requires
it, such as Nat Gateways and NLBs.
@jcpowermac
Resolve issues from comments
a62b90d
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 4, 2024
@jcpowermac
Copy link

/test pull-cluster-api-provider-aws-test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r4f4 r4f4 r4f4 left review comments

@nrb nrb nrb left review comments

@damdo damdo damdo left review comments

@jcpowermac jcpowermac jcpowermac left review comments

@rvanderp3 rvanderp3 rvanderp3 left review comments

@dlipovetsky dlipovetsky Awaiting requested review from dlipovetsky

@fiunchinho fiunchinho Awaiting requested review from fiunchinho

Assignees

@richardcase richardcase

@nrb nrb

@vincepri vincepri

@dlipovetsky dlipovetsky

@damdo damdo

@Ankitasw Ankitasw

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. needs-priority ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Public IPv4 Pool for resources created with EIP