Add support for IPv6 VPC and k8s clusters #4571
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Check if managed addons are set when ipv6 is enabled * Update userdocs/src/usage/vpc-networking.md Co-authored-by: Jake Klein <jakelarsj@gmail.com> Co-authored-by: Jake Klein <jakelarsj@gmail.com>
* Check if managed addons are set when ipv6 is enabled * Add OIDC check for ipv6 cluster
* Check if managed addons are set when ipv6 is enabled * Add OIDC check for ipv6 cluster * Add version check if ipv6 is defined
* Check if managed addons are set when ipv6 is enabled * Add OIDC check for ipv6 cluster * Add version check if ipv6 is defined * Setting vpc.NAT is not allowed with ipv6 * serviceIPv4CIDR is not supported with ipv6
* Check if managed addons are set when ipv6 is enabled * Add OIDC check for ipv6 cluster * Add version check if ipv6 is defined * Setting vpc.NAT is not allowed with ipv6 * serviceIPv4CIDR is not supported with ipv6 * AutoAllocateIPv6 is not supported together with ipv6
* Check if managed addons are set when ipv6 is enabled * Add OIDC check for ipv6 cluster * Add version check if ipv6 is defined * Setting vpc.NAT is not allowed with ipv6 * serviceIPv4CIDR is not supported with ipv6 * AutoAllocateIPv6 is not supported together with ipv6 * Unmanaged nodegroups are not supported * Added a check to the nodegroup task as well
* Check if managed addons are set when ipv6 is enabled * Add OIDC check for ipv6 cluster * Add version check if ipv6 is defined * Setting vpc.NAT is not allowed with ipv6 * serviceIPv4CIDR is not supported with ipv6 * AutoAllocateIPv6 is not supported together with ipv6 * Unmanaged nodegroups are not supported * Nodegroup creation is not supported with unowned ipv6 clusters * First iteration of modifying the interface for ownership determination * Changed but kept the check in nodegroup builder * Shifted the logic into the task building and removed the extra parameter from the builder * Update pkg/cfn/manager/tasks_test.go Co-authored-by: Jake Klein <jakelarsj@gmail.com> Co-authored-by: Jake Klein <jakelarsj@gmail.com>
- Add integration test for ipv6 - Renamed VPC files to IPv4 file, and added IPv6 VPC files. - Created new resource set for IPv6 - Added all of the resources to create IPv6 VPC to CF template - Resources being created: VPC, IPv4 CIDR, IPv6 CIDR, EOIGW, NAT GW, IGW, route tables, routes, private and public subnets, route table associations - Added outputs to CF template for VPC and public/private subnets - Added integration and unit tests Co-authored-by: Jake Klein <aclevername@users.noreply.github.com> Refactoring VPC template creation - Making addResources and addOutputs private - Creating new CreateTemplate function for both IPv4 and IPv6
* Adding integration test set AssignIpv6AddressOnCreation to true for public subnets after the rest of the template.
- Revert me!
… CF bug - AssignIpv6AddressOnCreation also needs to be set on public subnets, but due to a current bug in CF, this cannot be set alongside MapPublicIpOnLaunch at create time. This means we need to add it "manually" by hitting the VPC API to update each public subnet after launch. - Added extra validation that NAT is nil
This reverts commit dc2c50a.
- Also pass unit tests and remove commented code
Update integration/tests/ipv6/ipv6_test.go Co-authored-by: Chetan Patwal <cPu1@users.noreply.github.com> set example ipv6 region to us-west-2
Co-authored-by: Niki <18622989+nikimanoledaki@users.noreply.github.com>
* refactor out cidr block checker and re-use across ipv4/6 * add support for configuring vpc.ipv6cidr and vpc.ipv6cidrpool * remove unit test flake - maps aren't ordered * add validation logic * add test to check custom ipv4 cidr works * rename ipv6cidrpool to ipv6pool and add docs * Update pkg/apis/eksctl.io/v1alpha5/validation.go Co-authored-by: Niki <18622989+nikimanoledaki@users.noreply.github.com> * implent pr feedback Co-authored-by: Niki <18622989+nikimanoledaki@users.noreply.github.com>
* Private IPv6 VPC * Fixed private network topography to actually work. * Fix the refactored code segment
Add integration test as well for general existing-vpc support, not ipv6 specific.
Co-authored-by: Niki <18622989+nikimanoledaki@users.noreply.github.com>
…on version is provided
* pend failing test (#4293) * Parse task log to be more human readable (#4290) * Parse task log to be more human readable * Added new line breaks * pend failing test (#4320) * Add release notes for 0.70 (#4324) * wait for addons to be healthy only if there are nodegroups (#4332) * Prepare for next development iteration (#4326) * refactor: move from io/ioutil to io and os package (#4333) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. * Add flag to delete VPC resource controller * Enable Windows IPAM when creating a Windows nodegroup * Handle plan mode, deprecate command * Remove deprecated flag from integration test * Update docs and example * Add tests for IPAM, improve error messages * Revert "Enable Windows IPAM when creating a Windows nodegroup, deprecate `install-vpc-controllers`" (#4340) * Remove redundant func * Move package * Validate support for GPU instances * Add test for GPU instance support * Fix integration test * Bump go releaser (#4348) * bump goreleaser to 0.182.1 * bump build image * Bump mkdocs from 1.1 to 1.2.3 in /userdocs (#4349) Bumps [mkdocs](https://github.com/mkdocs/mkdocs) from 1.1 to 1.2.3. - [Release notes](https://github.com/mkdocs/mkdocs/releases) - [Commits](mkdocs/mkdocs@1.1...1.2.3) --- updated-dependencies: - dependency-name: mkdocs dependency-type: direct:production ... * Update aws-node * Add iamidentitymapping delete and get commands (#4346) * Add accounts to delete and get * Simplified and unified the display by extending the interface in an ugly way * Update pkg/authconfigmap/authconfigmap.go * Addressed comments * Fix integration test timeout (#4361) * Add release notes for 0.71 (#4362) * Adding release notes for 0.71.0 * Update docs/release_notes/0.71.0.md * Add breaking change * Prepare for next development iteration (#4365) * Use go:embed instead of go-bindata (#4370) * use go embed in authconfigmap * use go:embed in nodebootstrap * use go:embed in addons * use go:embed for schema * remove bindata from makefile & tools * update build image * fix linter/failing test * Add ARM support and fix AMI resolution for Ubuntu (#4367) * Add bootstrapper for native Bottlerocket * Pass new AMI type to MNG API * Add test for native Bottlerocket support * Add integration tests for native Bottlerocket support * Add test for AMI types * Improve integration tests for Bottlerocket * Update AWS SDK, generate mocks * Add release notes for 0.72 * Prepare for next development iteration * Clean up generation of aws-node manifest * update aws-node (#4391) * reduce API calls in upgrade cluster (#4366) * reduce API calls in upgrade cluster * Update pkg/eks/eks.go * clarify up-to-date nodegroup message (#4393) * make 1.21 default (#4394) * Add support for Windows Server 20H2 * Update schema * Update doc * Bump vpc-resource-controller/webhook dep to v0.2.7 (#4335) * Scale managed ng with --name flag * remove aws-cleanup and integration workflows (#4247) * remove aws-cleanup and integration workflows * remove integration check from release candidate workflow * remove unused slack action2 * Support CloudWatch log retention * Add integration test for CloudWatch log retention * Add test for validation * Generate mocks * Move package * Improve integration test * Improve validation tests * Add example for setting logRetentionInDays * Fix Windows integration test * fix panic in cloudwatch validation (#4409) * bump gjson (#4410) * Fix wait for managed nodegroups #3889 (#4401) * Fix wait for managed nodegroups #3889 * Refactored the long parameter list * Unpin and fix containerd integration test (#4411) * Update aws-node (#4408) * pend failing windows test (#4413) * Update to kops v1.21.2 (#4380) * Add notes for 0.73.0 * Prepare for next development iteration * Fix validation for GPU instance types when AMIFamily is not set (#4403) * Use NotTo instead of ToNot in tests (#4425) * Avoid writing temp ClusterConfig file (#4397) This changelist passes the ClusterConfig file via stdin using an io.Reader, instead of writing a temp file to disk and cleaning it up later. * Bump GoReleaser to 0.184.0 (#4422) * bump goreleaser to 0.184.0 * bump goreleaser to 0.184.0 * bump goreleaser to 0.184.0 * bump goreleaser to 0.184.0 * update build image (#4435) * Set volume size in data volume for Bottlerocket The volume size was being set for the OS volume, instead of the data volume for Bottlerocket nodegroups. * Add test for standard Bottlerocket nodegroup * Fix unit tests for ami.Use * Unpend and fix Windows integration tests The workload being deployed is not compatible with WindowsServer20H2CoreContainer and that was preventing the pod from starting. * Add support for Windows IPAM * Add release notes for 0.74 * Prepare for next development iteration * Document logs:PutRetentionPolicy in IAM policies doc * Fix update logic in iam service account (#4460) * Add option to skip endpoint creation completely (#4457) * Add config-file option to get nodegroup (#4465) * set default csi driver policies when creating the addon * Improve kube-proxy updating to always get the latest version&build #4344 (#4440) query EKS API to discover latest kube-proxy version * refactor set/get recommended policies * Add --config-flag to get labels (#4469) * Bump goreleaser * Update build image tag * Fixed the config naming check error (#4470) * remove flux1 & profiles support * update docs * add 0.75 release notes (#4472) * add 0.75 release notes * Update docs/release_notes/0.75.0.md * Update docs/release_notes/0.75.0.md * Update docs/release_notes/0.75.0.md * Prepare for next development iteration * Support scaling all nodegroups in config file * Rename consts and nodegroups for consistency * Also implement review feedback * Add unit tests for scaling ng * Update cluster-upgrade.md Add missing '=' * Add AttachPolicy to NodeGroupIAM configuration (#4331) * Add AttachPolicy to NodeGroupIAM configuration * Add NodeGroup AttachPolicy tests * fix * Add nodegroup IAM attachPolicy field to userdocs * Add assertion for attachPolicy policy document * Compare JSON encoded policy due to interface differences * Add config-file option to get cluster (#4468) * removed support for eks 1.17 * update docs for eks supported version * Fix panic in node affinity adder (#4491) * Add release notes for 0.76.0 * Prepare for next development iteration * Add integration test for `utils schema` (#4497) * Add integration test for `describe-stacks` (#4492) * Add integration test for describe-stacks * Update integration/tests/crud/creategetdelete_test.go * Deprecate golint and apply some changes from revive (#4489) * Separate VPC Networking into meaningful sections (#4490) * Separate VPC Networking into meaningful sections * Apply suggestions from code review * Renamed the file * Add `--config-file` to `set labels` (#4502) * Add config-file to set-labels * Updated to only update new labels, never to delete or update them * Added integration test * Proper schema. * Updated the tests and updated the wait time with a comment on why * pend failing integration test * Do not use GetLabels all the time (#4520) * added missing --region flags * New release 0.77.0 (#4535) * New release 0.77.0 * Update docs/release_notes/0.77.0.md * Prepare for next development iteration (#4537) * Add integration test for `associate identityprovider` * Add integration test for `get identityprovider` * Add integration test for `disassociate identityprovider` * Rename import alias and function * Increase timeout * Split Cognito setup func * Fix ignoring partitions on EBS controller (#4547) * Increase delete wait time (#4548) * Fix linter complaining about pkg name * Update dry-run integ test with IP family field
* Move ipFamily config file field to KubernetesNetworkConfig * Update pkg/apis/eksctl.io/v1alpha5/validation.go Co-authored-by: Chetan Patwal <cPu1@users.noreply.github.com> Co-authored-by: Chetan Patwal <cPu1@users.noreply.github.com>
* pend failing test (#4293) * Parse task log to be more human readable (#4290) * Parse task log to be more human readable * Added new line breaks * pend failing test (#4320) * Add release notes for 0.70 (#4324) * wait for addons to be healthy only if there are nodegroups (#4332) * Prepare for next development iteration (#4326) * refactor: move from io/ioutil to io and os package (#4333) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. * Add flag to delete VPC resource controller * Enable Windows IPAM when creating a Windows nodegroup * Handle plan mode, deprecate command * Remove deprecated flag from integration test * Update docs and example * Add tests for IPAM, improve error messages * Revert "Enable Windows IPAM when creating a Windows nodegroup, deprecate `install-vpc-controllers`" (#4340) * Remove redundant func * Move package * Validate support for GPU instances * Add test for GPU instance support * Fix integration test * Bump go releaser (#4348) * bump goreleaser to 0.182.1 * bump build image * Bump mkdocs from 1.1 to 1.2.3 in /userdocs (#4349) Bumps [mkdocs](https://github.com/mkdocs/mkdocs) from 1.1 to 1.2.3. - [Release notes](https://github.com/mkdocs/mkdocs/releases) - [Commits](mkdocs/mkdocs@1.1...1.2.3) --- updated-dependencies: - dependency-name: mkdocs dependency-type: direct:production ... * Update aws-node * Add iamidentitymapping delete and get commands (#4346) * Add accounts to delete and get * Simplified and unified the display by extending the interface in an ugly way * Update pkg/authconfigmap/authconfigmap.go * Addressed comments * Fix integration test timeout (#4361) * Add release notes for 0.71 (#4362) * Adding release notes for 0.71.0 * Update docs/release_notes/0.71.0.md * Add breaking change * Prepare for next development iteration (#4365) * Use go:embed instead of go-bindata (#4370) * use go embed in authconfigmap * use go:embed in nodebootstrap * use go:embed in addons * use go:embed for schema * remove bindata from makefile & tools * update build image * fix linter/failing test * Add ARM support and fix AMI resolution for Ubuntu (#4367) * Add bootstrapper for native Bottlerocket * Pass new AMI type to MNG API * Add test for native Bottlerocket support * Add integration tests for native Bottlerocket support * Add test for AMI types * Improve integration tests for Bottlerocket * Update AWS SDK, generate mocks * Add release notes for 0.72 * Prepare for next development iteration * Clean up generation of aws-node manifest * update aws-node (#4391) * reduce API calls in upgrade cluster (#4366) * reduce API calls in upgrade cluster * Update pkg/eks/eks.go * clarify up-to-date nodegroup message (#4393) * make 1.21 default (#4394) * Add support for Windows Server 20H2 * Update schema * Update doc * Bump vpc-resource-controller/webhook dep to v0.2.7 (#4335) * Scale managed ng with --name flag * remove aws-cleanup and integration workflows (#4247) * remove aws-cleanup and integration workflows * remove integration check from release candidate workflow * remove unused slack action2 * Support CloudWatch log retention * Add integration test for CloudWatch log retention * Add test for validation * Generate mocks * Move package * Improve integration test * Improve validation tests * Add example for setting logRetentionInDays * Fix Windows integration test * fix panic in cloudwatch validation (#4409) * bump gjson (#4410) * Fix wait for managed nodegroups #3889 (#4401) * Fix wait for managed nodegroups #3889 * Refactored the long parameter list * Unpin and fix containerd integration test (#4411) * Update aws-node (#4408) * pend failing windows test (#4413) * Update to kops v1.21.2 (#4380) * Add notes for 0.73.0 * Prepare for next development iteration * Fix validation for GPU instance types when AMIFamily is not set (#4403) * Use NotTo instead of ToNot in tests (#4425) * Avoid writing temp ClusterConfig file (#4397) This changelist passes the ClusterConfig file via stdin using an io.Reader, instead of writing a temp file to disk and cleaning it up later. * Bump GoReleaser to 0.184.0 (#4422) * bump goreleaser to 0.184.0 * bump goreleaser to 0.184.0 * bump goreleaser to 0.184.0 * bump goreleaser to 0.184.0 * update build image (#4435) * Set volume size in data volume for Bottlerocket The volume size was being set for the OS volume, instead of the data volume for Bottlerocket nodegroups. * Add test for standard Bottlerocket nodegroup * Fix unit tests for ami.Use * Unpend and fix Windows integration tests The workload being deployed is not compatible with WindowsServer20H2CoreContainer and that was preventing the pod from starting. * Add support for Windows IPAM * Add release notes for 0.74 * Prepare for next development iteration * Document logs:PutRetentionPolicy in IAM policies doc * Fix update logic in iam service account (#4460) * Add option to skip endpoint creation completely (#4457) * Add config-file option to get nodegroup (#4465) * set default csi driver policies when creating the addon * Improve kube-proxy updating to always get the latest version&build #4344 (#4440) query EKS API to discover latest kube-proxy version * refactor set/get recommended policies * Add --config-flag to get labels (#4469) * Bump goreleaser * Update build image tag * Fixed the config naming check error (#4470) * remove flux1 & profiles support * update docs * add 0.75 release notes (#4472) * add 0.75 release notes * Update docs/release_notes/0.75.0.md * Update docs/release_notes/0.75.0.md * Update docs/release_notes/0.75.0.md * Prepare for next development iteration * Support scaling all nodegroups in config file * Rename consts and nodegroups for consistency * Also implement review feedback * Add unit tests for scaling ng * Update cluster-upgrade.md Add missing '=' * Add AttachPolicy to NodeGroupIAM configuration (#4331) * Add AttachPolicy to NodeGroupIAM configuration * Add NodeGroup AttachPolicy tests * fix * Add nodegroup IAM attachPolicy field to userdocs * Add assertion for attachPolicy policy document * Compare JSON encoded policy due to interface differences * Add config-file option to get cluster (#4468) * removed support for eks 1.17 * update docs for eks supported version * Fix panic in node affinity adder (#4491) * Add release notes for 0.76.0 * Prepare for next development iteration * Add integration test for `utils schema` (#4497) * Add integration test for `describe-stacks` (#4492) * Add integration test for describe-stacks * Update integration/tests/crud/creategetdelete_test.go * Deprecate golint and apply some changes from revive (#4489) * Separate VPC Networking into meaningful sections (#4490) * Separate VPC Networking into meaningful sections * Apply suggestions from code review Co-authored-by: Himangini <its_himangini@yahoo.com> * Renamed the file Co-authored-by: Himangini <its_himangini@yahoo.com> * Add `--config-file` to `set labels` (#4502) * Add config-file to set-labels * Updated to only update new labels, never to delete or update them * Added integration test * Proper schema. * Updated the tests and updated the wait time with a comment on why * pend failing integration test * Do not use GetLabels all the time (#4520) * added missing --region flags * New release 0.77.0 (#4535) * New release 0.77.0 * Update docs/release_notes/0.77.0.md Co-authored-by: Niki <niki.manoledaki@gmail.com> Co-authored-by: Niki <niki.manoledaki@gmail.com> * Prepare for next development iteration (#4537) * Add integration test for `associate identityprovider` * Add integration test for `get identityprovider` * Add integration test for `disassociate identityprovider` * Rename import alias and function * Increase timeout * Split Cognito setup func * Fix ignoring partitions on EBS controller (#4547) * Increase delete wait time (#4548) * Generate EC2 mocks * Add release notes for 0.78.0 * Prepare for next development iteration * Add g5 instance to list of GPU instance types (#4550) * Add g5 instance to list of GPU instance types * Add test cases for g5 instance * Check InstanceRoleARN exists before deleting authconfigmap reference for nodegroup (#4558) Co-authored-by: Chetan Patwal <cPu1@users.noreply.github.com> * Fix outdated link in docs
7 tasks
nikimanoledaki
commented
Jan 5, 2022
Comment on lines
+402
to
+403
| // TODO: once aws-sdk-go is updated with ipv6 code remove the below line | ||
| github.com/aws/aws-sdk-go => github.com/weaveworks/aws-sdk-go v0.0.0-20211208164730-c076f913e1de |
There was a problem hiding this comment.
leftover TODO needs to be removed once IPv6 code is in aws sdk, prior to running the integration tests :) (check here https://github.com/aws/aws-sdk-go/releases)
nikimanoledaki
changed the title
Himangini
approved these changes
Jan 5, 2022
Add extra validation for `kubernetesNetworkConfig.IPFamily` to avoid panic
Skarlso
approved these changes
Jan 6, 2022
|
🎉 🎉 🎉 🎉 |
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
closes #4255 !!! 🎉
This PR adds IPv6 support for EKS clusters and creates the necessary VPC components.
An example config file can be found at
examples/29-vpc-with-ip-family.yaml. More info can be found in the eksctl docs here (as soon as the release candidate is graduated)Checklist
README.md, or theuserdocsdirectory)area/nodegroup) and kind (e.g.kind/improvement)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯