Add support for creating IPv6 VPC and cluster

examples/29-vpc-with-ip-family.yaml

@@ -6,7 +6,7 @@ kind: ClusterConfig
 
 metadata:
   name: cluster-2
-  region: eu-north-1
+  region: us-west-2
   version: "1.21"
 
 vpc:

go.mod

@@ -295,7 +295,7 @@ require (
 	github.com/uudashr/gocognit v1.0.5 // indirect
 	github.com/vektra/mockery v1.1.2
 	github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect
-	github.com/weaveworks/goformation/v4 v4.10.2-0.20210609082249-532b27315cf1
+	github.com/weaveworks/goformation/v4 v4.10.2-0.20211018090247-36559b6b4f71
 	github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15
 	github.com/weaveworks/schemer v0.0.0-20210802122110-338b258ad2ca
 	github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0
@@ -304,6 +304,7 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v0.0.0-20181112162635-ac52e6811b56 // indirect
+	github.com/xgfone/netaddr v0.5.1
 	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
 	github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect
 	github.com/yeya24/promlinter v0.1.0 // indirect

go.sum

@@ -1669,8 +1669,10 @@ github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 h1:txplJASvd6b
 github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2/go.mod h1:DGCIhurYgnLz8J9ga1fMV/fbLDyUvTyrWXVWUIyJon4=
 github.com/weaveworks/aws-sdk-go v0.0.0-20211026093156-d6e6822f58db h1:K6lacvb3qzF/bHvx2RsPDw8cYA8VccOecn9e6xDEBY0=
 github.com/weaveworks/aws-sdk-go v0.0.0-20211026093156-d6e6822f58db/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
-github.com/weaveworks/goformation/v4 v4.10.2-0.20210609082249-532b27315cf1 h1:yX/flUgj/znRvfhEZ3mC8RdKV+GNwq/9j+FkWN7ve+o=
-github.com/weaveworks/goformation/v4 v4.10.2-0.20210609082249-532b27315cf1/go.mod h1:x92o12+Azh6DQ4yoXT5oEuE7dhQHR5V2vy/fmZ6pO7k=
+github.com/weaveworks/goformation/v4 v4.10.2-0.20211012141859-cd360fb1f843 h1:9v19OzMM+kFcm0r2yZeoMMAvT71H/apnNWeoMKMxUz0=
+github.com/weaveworks/goformation/v4 v4.10.2-0.20211012141859-cd360fb1f843/go.mod h1:x92o12+Azh6DQ4yoXT5oEuE7dhQHR5V2vy/fmZ6pO7k=
+github.com/weaveworks/goformation/v4 v4.10.2-0.20211018090247-36559b6b4f71 h1:r0uEFnXNXamKxelHxLL7quo7R70JznL2WMyENyUHAZw=
+github.com/weaveworks/goformation/v4 v4.10.2-0.20211018090247-36559b6b4f71/go.mod h1:x92o12+Azh6DQ4yoXT5oEuE7dhQHR5V2vy/fmZ6pO7k=
 github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15 h1:i/RhLevywqC6cuUWtGdoaNrsJd+/zWh3PXbkXZIyZsU=
 github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15/go.mod h1:w9Z1vnQmPobkEZ0F3oyiqRYP+62qDqTGnK6t5uhe1kg=
 github.com/weaveworks/mesh v0.0.0-20170419100114-1f158d31de55/go.mod h1:mcON9Ws1aW0crSErpXWp7U1ErCDEKliDX2OhVlbWRKk=
@@ -1695,6 +1697,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
 github.com/xeipuuv/gojsonschema v0.0.0-20180816142147-da425ebb7609/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xeipuuv/gojsonschema v0.0.0-20181112162635-ac52e6811b56 h1:yhqBHs09SmmUoNOHc9jgK4a60T3XFRtPAkYxVnqgY50=
 github.com/xeipuuv/gojsonschema v0.0.0-20181112162635-ac52e6811b56/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
+github.com/xgfone/netaddr v0.5.1 h1:87DhCyyR6XUr0p63JHTDT5juGDhH49Ak2ePZNBmSL5I=
+github.com/xgfone/netaddr v0.5.1/go.mod h1:QDEYI/4nQfAtNj7TB4RhYQY1B4U31Edj+SOoDEuIfsQ=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=

integration/tests/ipv6/ipv6_test.go

@@ -0,0 +1,176 @@
+//go:build integration
+// +build integration
+
+package ipv6
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	cfn "github.com/aws/aws-sdk-go/service/cloudformation"
+	awsec2 "github.com/aws/aws-sdk-go/service/ec2"
+	. "github.com/weaveworks/eksctl/integration/matchers"
+	. "github.com/weaveworks/eksctl/integration/runner"
+	"github.com/weaveworks/eksctl/integration/tests"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+	"github.com/weaveworks/eksctl/pkg/cfn/builder"
+	"github.com/weaveworks/eksctl/pkg/eks"
+	"github.com/weaveworks/eksctl/pkg/testutils"
+	"github.com/xgfone/netaddr"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var params *tests.Params
+
+func init() {
+	// Call testing.Init() prior to tests.NewParams(), as otherwise -test.* will not be recognised. See also: https://golang.org/doc/go1.13#testing
+	testing.Init()
+	params = tests.NewParams("IPv6")
+}
+
+func TestIPv6(t *testing.T) {
+	testutils.RegisterAndRun(t)
+}
+
+var _ = Describe("(Integration) [EKS IPv6 test]", func() {
+	var (
+		clusterConfig *api.ClusterConfig
+	)
+
+	Context("Creating a cluster with IPv6", func() {
+		clusterName := params.NewClusterName("ipv6")
+
+		BeforeSuite(func() {
+			clusterConfig = api.NewClusterConfig()
+			clusterConfig.Metadata.Name = clusterName
+			clusterConfig.Metadata.Version = "1.21"
+			clusterConfig.Metadata.Region = params.Region
+			clusterConfig.VPC.IPFamily = aws.String("IPv6")
+			clusterConfig.VPC.NAT = nil
+			clusterConfig.IAM.WithOIDC = api.Enabled()
+			clusterConfig.Addons = []*api.Addon{
+				{
+					Name: api.VPCCNIAddon,
+				},
+				{
+					Name: api.KubeProxyAddon,
+				},
+				{
+					Name: api.CoreDNSAddon,
+				},
+			}
+
+			data, err := json.Marshal(clusterConfig)
+			Expect(err).ToNot(HaveOccurred())
+
+			cmd := params.EksctlCreateCmd.
+				WithArgs(
+					"cluster",
+					"--config-file", "-",
+					"--verbose", "4",
+				).
+				WithoutArg("--region", params.Region).
+				WithStdin(bytes.NewReader(data))
+			Expect(cmd).To(RunSuccessfully())
+		})
+
+		AfterSuite(func() {
+			cmd := params.EksctlDeleteCmd.WithArgs(
+				"cluster", clusterName,
+				"--verbose", "2",
+			)
+			Expect(cmd).To(RunSuccessfully())
+		})
+
+		It("should support ipv6", func() {
+			By("creating a VPC that has an IPv6 CIDR")
+			awsSession := NewSession(params.Region)
+			cfnSession := cfn.New(awsSession)
+
+			var describeStackOut *cfn.DescribeStacksOutput
+			describeStackOut, err := cfnSession.DescribeStacks(&cfn.DescribeStacksInput{
+				StackName: aws.String(fmt.Sprintf("eksctl-%s-cluster", clusterName)),
+			})
+			Expect(err).NotTo(HaveOccurred())
+
+			var vpcID string
+			for _, output := range describeStackOut.Stacks[0].Outputs {
+				if *output.OutputKey == builder.VPCResourceKey {
+					vpcID = *output.OutputValue
+				}
+			}
+
+			ec2 := awsec2.New(awsSession)
+			vpcOutput, err := ec2.DescribeVpcs(&awsec2.DescribeVpcsInput{
+				VpcIds: aws.StringSlice([]string{vpcID}),
+			})
+			Expect(err).NotTo(HaveOccurred(), vpcOutput.GoString())
+			Expect(vpcOutput.Vpcs[0].Ipv6CidrBlockAssociationSet).To(HaveLen(1))
+
+			// TODO: get rid of this once CF bug is fixed https://github.com/weaveworks/eksctl/issues/4363
+			By("setting AssignIpv6AddressOnCreation to true for each public subnet")
+			var publicSubnets string
+			for _, output := range describeStackOut.Stacks[0].Outputs {
+				if *output.OutputKey == builder.PublicSubnetsOutputKey {
+					publicSubnets = *output.OutputValue
+				}
+			}
+
+			subnetsOutput, err := ec2.DescribeSubnets(&awsec2.DescribeSubnetsInput{
+				SubnetIds: aws.StringSlice(strings.Split(publicSubnets, ",")),
+			})
+			Expect(err).NotTo(HaveOccurred())
+			Expect(len(subnetsOutput.Subnets)).To(BeNumerically(">", 0))
+			for _, s := range subnetsOutput.Subnets {
+				Expect(*s.AssignIpv6AddressOnCreation).To(BeTrue())
+			}
+
+			By("ensuring the K8s cluster has IPv6 enabled")
+			var clientSet *kubernetes.Clientset
+			ctl, err := eks.New(&api.ProviderConfig{Region: params.Region}, clusterConfig)
+			Expect(err).NotTo(HaveOccurred())
+			err = ctl.RefreshClusterStatus(clusterConfig)
+			Expect(err).ShouldNot(HaveOccurred())
+			clientSet, err = ctl.NewStdClientSet(clusterConfig)
+			Expect(err).ShouldNot(HaveOccurred())
+
+			svcName := "ipv6-service"
+			_, err = clientSet.CoreV1().Services("default").Create(context.TODO(), &corev1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: svcName,
+				},
+				Spec: corev1.ServiceSpec{
+					IPFamilies: []corev1.IPFamily{corev1.IPv6Protocol},
+					Selector:   map[string]string{"app": "ipv6"},
+					Ports: []corev1.ServicePort{corev1.ServicePort{
+						Protocol: corev1.ProtocolTCP,
+						Port:     80,
+					}},
+				},
+			}, metav1.CreateOptions{})
+			Expect(err).ShouldNot(HaveOccurred())
+
+			Eventually(func() int {
+				svc, err := clientSet.CoreV1().Services("default").Get(context.TODO(), svcName, metav1.GetOptions{})
+				Expect(err).NotTo(HaveOccurred())
+
+				svcIP, err := netaddr.NewIPAddress(svc.Spec.ClusterIP)
+				if err != nil {
+					return 0
+				}
+				return svcIP.Version()
+			}, 5*time.Second, time.Minute).Should(Equal(6))
+		})
+	})
+})

pkg/actions/addon/tasks.go

@@ -31,6 +31,7 @@ func CreateAddonTasks(cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvid
 			clusterProvider: clusterProvider,
 			forceAll:        forceAll,
 			timeout:         timeout,
+			wait:            false,
 		},
 	)
 
@@ -42,6 +43,7 @@ func CreateAddonTasks(cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvid
 			clusterProvider: clusterProvider,
 			forceAll:        forceAll,
 			timeout:         timeout,
+			wait:            len(cfg.NodeGroups) > 0 || len(cfg.ManagedNodeGroups) > 0,
 		},
 	)
 	return preTasks, postTasks
@@ -52,7 +54,7 @@ type createAddonTask struct {
 	cfg             *api.ClusterConfig
 	clusterProvider *eks.ClusterProvider
 	addons          []*api.Addon
-	forceAll        bool
+	forceAll, wait  bool
 	timeout         time.Duration
 }
 
@@ -89,7 +91,7 @@ func (t *createAddonTask) Do(errorCh chan error) error {
 		if t.forceAll {
 			a.Force = true
 		}
-		err := addonManager.Create(a, true)
+		err := addonManager.Create(a, t.wait)
 		if err != nil {
 			go func() {
 				errorCh <- err

pkg/apis/eksctl.io/v1alpha5/types.go

@@ -380,6 +380,9 @@ func IsDisabled(v *bool) bool { return v != nil && !*v }
 // IsSetAndNonEmptyString will only return true if s is not nil and not empty
 func IsSetAndNonEmptyString(s *string) bool { return s != nil && *s != "" }
 
+// IsSetAndNonEmptyString will only return true if s is not nil and not empty
+func IsEmpty(s *string) bool { return !IsSetAndNonEmptyString(s) }
+
 // SupportedRegions are the regions where EKS is available
 func SupportedRegions() []string {
 	return []string{

pkg/cfn/builder/builder_suite_test.go

@@ -17,16 +17,17 @@ func TestCfnBuilder(t *testing.T) {
 }
 
 var (
-	azA, azB                             = "us-west-2a", "us-west-2b"
-	privateSubnet1, privateSubnet2       = "subnet-0ade11bad78dced9f", "subnet-0f98135715dfcf55a"
-	publicSubnet1, publicSubnet2         = "subnet-0ade11bad78dced9e", "subnet-0f98135715dfcf55f"
-	privateSubnetRef1, privateSubnetRef2 = "SubnetPrivateUSWEST2A", "SubnetPrivateUSWEST2B"
-	publicSubnetRef1, publicSubnetRef2   = "SubnetPublicUSWEST2A", "SubnetPublicUSWEST2B"
-	vpcResourceKey, igwKey, gaKey        = "VPC", "InternetGateway", "VPCGatewayAttachment"
-	pubRouteTable, pubSubnetRoute        = "PublicRouteTable", "PublicSubnetRoute"
-	privRouteTableA, privRouteTableB     = "PrivateRouteTableUSWEST2A", "PrivateRouteTableUSWEST2B"
-	rtaPublicA, rtaPublicB               = "RouteTableAssociationPublicUSWEST2A", "RouteTableAssociationPublicUSWEST2B"
-	rtaPrivateA, rtaPrivateB             = "RouteTableAssociationPrivateUSWEST2A", "RouteTableAssociationPrivateUSWEST2B"
+	azA, azB, azC                            = "us-west-2a", "us-west-2b", "us-west-2c"
+	azAFormatted, azBFormatted, azCFormatted = "USWEST2A", "USWEST2B", "USWEST2C"
+	privateSubnet1, privateSubnet2           = "subnet-0ade11bad78dced9f", "subnet-0f98135715dfcf55a"
+	publicSubnet1, publicSubnet2             = "subnet-0ade11bad78dced9e", "subnet-0f98135715dfcf55f"
+	privateSubnetRef1, privateSubnetRef2     = "SubnetPrivateUSWEST2A", "SubnetPrivateUSWEST2B"
+	publicSubnetRef1, publicSubnetRef2       = "SubnetPublicUSWEST2A", "SubnetPublicUSWEST2B"
+	vpcResourceKey, igwKey, gaKey            = "VPC", "InternetGateway", "VPCGatewayAttachment"
+	pubRouteTable, pubSubnetRoute            = "PublicRouteTable", "PublicSubnetRoute"
+	privRouteTableA, privRouteTableB         = "PrivateRouteTableUSWEST2A", "PrivateRouteTableUSWEST2B"
+	rtaPublicA, rtaPublicB                   = "RouteTableAssociationPublicUSWEST2A", "RouteTableAssociationPublicUSWEST2B"
+	rtaPrivateA, rtaPrivateB                 = "RouteTableAssociationPrivateUSWEST2A", "RouteTableAssociationPrivateUSWEST2B"
 )
 
 func vpcConfig() *api.ClusterVPC {