Skip to content

Vpc nat validation #4313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

Vpc nat validation #4313

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b0d7c2b
Check if managed addons are set when ipv6 is enabled
Skarlso Oct 5, 2021
f3e3d1a
Add OIDC check for ipv6 cluster
Skarlso Oct 5, 2021
4666869
Add version check if ipv6 is defined
Skarlso Oct 5, 2021
ebe72a7
Setting vpc.NAT is not allowed with ipv6
Skarlso Oct 6, 2021
1a18a0e
Merge branch 'ipv6' into vpc_nat_validation
Skarlso Oct 11, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkg/apis/eksctl.io/v1alpha5/validation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,9 @@ func (c *ClusterConfig) ValidateVPCConfig() error {
} else if err == nil && version == -1 {
return fmt.Errorf("cluster version must be >= %s", Version1_21)
}
if c.VPC.NAT != nil {
return fmt.Errorf("setting NAT is not supported with IPv6")
}
}
}

Expand Down
21 changes: 21 additions & 0 deletions pkg/apis/eksctl.io/v1alpha5/validation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -545,6 +545,7 @@ var _ = Describe("ClusterConfig validation", func() {
When("ipFamily is set to IPv6", func() {
It("accepts that setting", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.NAT = nil
cfg.VPC.IPFamily = &ipv6
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
Expand All @@ -566,6 +567,7 @@ var _ = Describe("ClusterConfig validation", func() {
It("returns an error", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.IPFamily = &ipv6
cfg.VPC.NAT = nil
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
&api.Addon{Name: api.CoreDNSAddon},
Expand All @@ -585,6 +587,7 @@ var _ = Describe("ClusterConfig validation", func() {
When("ipFamily is set ot IPv6 but no managed addons are provided", func() {
It("it returns an error including which addons are missing", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.NAT = nil
cfg.VPC.IPFamily = &ipv6
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
Expand Down Expand Up @@ -631,6 +634,24 @@ var _ = Describe("ClusterConfig validation", func() {
Expect(err).To(MatchError(ContainSubstring("invalid value invalid for ipFamily; allowed are IPv4 and IPv6")))
})
})
When("ipFamily is set to IPv6 and vpc.NAT is defined", func() {
It("it returns an error", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.IPFamily = &ipv6
cfg.Metadata.Version = api.Version1_22
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
}
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
&api.Addon{Name: api.CoreDNSAddon},
&api.Addon{Name: api.VPCCNIAddon},
)
cfg.VPC.NAT = &api.ClusterNAT{}
err = cfg.ValidateVPCConfig()
Expect(err).To(MatchError(ContainSubstring("setting NAT is not supported with IPv6")))
})
})
})

Context("CIDRs", func() {
Expand Down
1 change: 1 addition & 0 deletions userdocs/src/usage/vpc-networking.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ This is an in config file setting only. When IPv6 is set, the following restrict
- OIDC is enabled
- managed addons are defined as shows above
- version must be => 1.21
- setting vpc.NAT is not allowed

The default value is `IPv4`.

Expand Down