From 4433be4ee3fb76df725aefdfecc93d46eb759b09 Mon Sep 17 00:00:00 2001
From: Xiaoyu Zhong <topaz.zhong@gmail.com>
Date: Wed, 27 Nov 2019 15:28:11 +0800
Subject: [PATCH] Alicloud: only private subnets need SNAT rule

---
 pkg/model/alimodel/network.go | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/pkg/model/alimodel/network.go b/pkg/model/alimodel/network.go
index 87653c9d32e59..b118206081314 100644
--- a/pkg/model/alimodel/network.go
+++ b/pkg/model/alimodel/network.go
@@ -17,6 +17,7 @@ limitations under the License.
 package alimodel
 
 import (
+	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/alitasks"
 )
@@ -84,20 +85,21 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 
 		c.AddTask(vswitch)
 
-		vswitchSNAT := &alitasks.VSwitchSNAT{
-			Name:       s(b.GetNameForVSwitchSNAT(subnetSpec.Name)),
-			Lifecycle:  b.Lifecycle,
-			NatGateway: b.LinkToNatGateway(),
-			VSwitch:    b.LinkToVSwitch(subnetSpec.Name),
-			EIP:        b.LinkToEIP(),
-		}
+		if subnetSpec.Type == kops.SubnetTypePrivate {
+			vswitchSNAT := &alitasks.VSwitchSNAT{
+				Name:       s(b.GetNameForVSwitchSNAT(subnetSpec.Name)),
+				Lifecycle:  b.Lifecycle,
+				NatGateway: b.LinkToNatGateway(),
+				VSwitch:    b.LinkToVSwitch(subnetSpec.Name),
+				EIP:        b.LinkToEIP(),
+			}
 
-		if subnetSpec.ProviderID != "" {
-			vswitchSNAT.Shared = fi.Bool(true)
-		}
-
-		c.AddTask(vswitchSNAT)
+			if subnetSpec.ProviderID != "" {
+				vswitchSNAT.Shared = fi.Bool(true)
+			}
 
+			c.AddTask(vswitchSNAT)
+		}
 	}
 
 	return nil