Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Support BYO Public IPv4 Pool when provision infrastructure #4905

Merged
merged 1 commit into from
Jun 12, 2024

Conversation

mtulio
Copy link
Contributor

@mtulio mtulio commented Apr 3, 2024

What type of PR is this?

/kind feature
/kind api-change
/kind documentation

What this PR does / why we need it:

Introducing support of PublicIpv4Pool to provision base cluster infrastructure consuming public IPv4 (EIP) from a custom Public IPv4 pool brought to AWS.

A subset of changes of this PR is isolated into those PRs:

Which issue(s) this PR fixes

Fixes #4887

Special notes for your reviewer:

The changes proposes to create Elastic IPs for each resource and zone claiming public IP address when creating the core infrastructure components and Machines in public subnets. The components supported for core infrastructure are Nat Gateways and Network Load Balancer for API server.

Checklist:

  • squashed commits
  • includes documentation
  • includes emojis
  • adds unit tests
  • adds or updates e2e tests (NA)

Release note:

Introduce the support of provisioning public IPv4 address consuming from a custom Public IPv4 Pool that is brought to AWS. When the field `PublicIpv4Pool` is set with the pool ID, all the network resources which claims public IPv4, such as Network Load Balancers and NAT Gateways, will be created consuming from the custom pool.

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/documentation Categorizes issue or PR as related to documentation. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 3, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @mtulio. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 3, 2024
Copy link
Contributor Author

@mtulio mtulio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary changes to test locally as it has been addressed in #4892 . It will be removed once merged/rebased;

pkg/cloud/services/ec2/instances.go Outdated Show resolved Hide resolved
pkg/cloud/services/ec2/instances.go Outdated Show resolved Hide resolved
api/v1beta2/types.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 4, 2024
@mtulio mtulio force-pushed the SPLAT-1437-capa-byoip branch from dad9f3c to 994196a Compare April 29, 2024 22:08
@mtulio
Copy link
Contributor Author

mtulio commented Apr 29, 2024

prevent WIP notifications
/uncc Ankitasw dlipovetsky

@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 30, 2024
@mtulio mtulio force-pushed the SPLAT-1437-capa-byoip branch from 994196a to fa1f162 Compare April 30, 2024 05:36
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 30, 2024
@mtulio
Copy link
Contributor Author

mtulio commented Apr 30, 2024

/test pull-cluster-api-provider-aws-e2e

@k8s-ci-robot
Copy link
Contributor

@mtulio: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-cluster-api-provider-aws-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mtulio mtulio force-pushed the SPLAT-1437-capa-byoip branch from fa1f162 to 4c41955 Compare April 30, 2024 05:46
@mtulio
Copy link
Contributor Author

mtulio commented Apr 30, 2024

HI @damdo @nrb - can I have labels to test in this PR? Thanks

@damdo
Copy link
Member

damdo commented Apr 30, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 30, 2024
api/v1beta2/network_types.go Outdated Show resolved Hide resolved
api/v1beta2/network_types.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 3, 2024
Copy link

linux-foundation-easycla bot commented Jun 3, 2024

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: mtulio / name: Marco Braga (2f230b3)

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. and removed cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jun 3, 2024
@jcpowermac jcpowermac force-pushed the SPLAT-1437-capa-byoip branch from 4bba41a to 3648331 Compare June 3, 2024 19:46
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 4, 2024
@jcpowermac
Copy link

/test pull-cluster-api-provider-aws-test

@jcpowermac jcpowermac force-pushed the SPLAT-1437-capa-byoip branch from 3648331 to a62b90d Compare June 4, 2024 14:03
@damdo
Copy link
Member

damdo commented Jun 7, 2024

/test pull-cluster-api-provider-aws-e2e-eks
/test pull-cluster-api-provider-aws-e2e
/test pull-cluster-api-provider-aws-e2e-clusterclass
/test pull-cluster-api-provider-aws-e2e-conformance

Introducing support of BYO Public IPv4 Pool to allow CAPA allocate
IPv4 Elastic IPs from user-provided IPv4 pools that was brought to
AWS when provisioning base cluster infrastructure.

This change introduce the API fields:
- AWSCLuster NetworkSpec.ElasticIPPool: allowing
the controllers to consume from user-provided public pools when provisioning
core components from the infrastructure, like Nat Gateways and public
Network Load Balancer (API server only)
- AWSMachine ElasticIPPool: allowing the machine to consume from BYO
  Public IPv4 pool when the instance is deployed in the public subnets.

The ElasticIPPool structure defines a custom IPv4 Pool (previously
created in the AWS Account) to teach controllers to set the pool when
creating public ip addresses (Elastic IPs) for components which requires
it, such as Nat Gateways and NLBs.
@mtulio mtulio force-pushed the SPLAT-1437-capa-byoip branch from d1c6604 to 2f230b3 Compare June 7, 2024 20:38
@mtulio
Copy link
Contributor Author

mtulio commented Jun 7, 2024

Thanks @jcpowermac and @rvanderp3 for taking care of this PR addressing the review while I was out.

/test pull-cluster-api-provider-aws-e2e-eks
/test pull-cluster-api-provider-aws-e2e
/test pull-cluster-api-provider-aws-e2e-clusterclass
/test pull-cluster-api-provider-aws-e2e-conformance

Hey @damdo - apologies I killed the jobs while addressing this comment. Let me trigger again:

/test pull-cluster-api-provider-aws-e2e-eks
/test pull-cluster-api-provider-aws-e2e
/test pull-cluster-api-provider-aws-e2e-clusterclass
/test pull-cluster-api-provider-aws-e2e-conformance

@mtulio
Copy link
Contributor Author

mtulio commented Jun 7, 2024

/test pull-cluster-api-provider-aws-e2e-eks

@mtulio
Copy link
Contributor Author

mtulio commented Jun 8, 2024

/test pull-cluster-api-provider-aws-e2e-eks

Unrelated issue:

STEP: Event details for AWSIAMUserBootstrapper : Resource: AWS::IAM::User, Status: CREATE_FAILED, Reason: Resource handler returned message: "Resource of type 'AWS::IAM::User' with identifier 'bootstrapper.cluster-api-provider-aws.sigs.k8s.io' already exists." (RequestToken: fb13356d-5ac6-1c5f-1b83-6ea7aad87fb4, HandlerErrorCode: AlreadyExists) @ 06/07/24 23:02:31.865

STEP: Event details for cluster-api-provider-aws-sigs-k8s-io : Resource: AWS::CloudFormation::Stack, Status: ROLLBACK_IN_PROGRESS, Reason: The following resource(s) failed to create: [AWSIAMManagedPolicyControllers, AWSIAMInstanceProfileControllers, AWSIAMInstanceProfileNodes, AWSIAMInstanceProfileControlPlane, AWSIAMManagedPolicyControllersEKS, AWSIAMUserBootstrapper]. Rollback requested by user. @ 06/07/24 23:02:31.865

Looking the IAM resource name "Resource of type 'AWS::IAM::User' with identifier 'bootstrapper.cluster-api-provider-aws.sigs.k8s.io' already exists it seems not to be specific for this job run, it makes me wonder if that job supports parallel executions. cc @damdo @nrb

I will trigger again with a, hopefully, low traffic period (Friday night =] ).

/test pull-cluster-api-provider-aws-e2e-eks

@nrb nrb added this to the v2.6.0 milestone Jun 11, 2024
@nrb
Copy link
Contributor

nrb commented Jun 12, 2024

Thanks for your diligence and patience with this @mtulio!

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nrb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 12, 2024
Copy link
Member

@damdo damdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the great work here @mtulio & others!
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 12, 2024
@k8s-ci-robot k8s-ci-robot merged commit be020fd into kubernetes-sigs:main Jun 12, 2024
23 checks passed
@mtulio mtulio deleted the SPLAT-1437-capa-byoip branch June 12, 2024 13:11
mtulio added a commit to mtulio/installer that referenced this pull request Jun 13, 2024
Create support on installer to setup BYO Public Ipv4 pool feature from
CAPA while provisioning the cluster when the config platform.aws.publicIpv4Pool
is set. kubernetes-sigs/cluster-api-provider-aws#4905

The feature will tell the provisioner, CAPA, to claim EIPs from a custom
Public IPv4 pool which the user provisioned and advertised to AWS, when
creating infrastructure resources in public subnets, such as NAT
Gateways, API's NLB, and bootstrap.

This is a feature parity added on Terraform in 4.16:
openshift#7983
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/installer that referenced this pull request Jun 14, 2024
Create support on installer to setup BYO Public Ipv4 pool feature from
CAPA while provisioning the cluster when the config platform.aws.publicIpv4Pool
is set. kubernetes-sigs/cluster-api-provider-aws#4905

The feature will tell the provisioner, CAPA, to claim EIPs from a custom
Public IPv4 pool which the user provisioned and advertised to AWS, when
creating infrastructure resources in public subnets, such as NAT
Gateways, API's NLB, and bootstrap.

This is a feature parity added on Terraform in 4.16:
openshift#7983
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support Public IPv4 Pool for resources created with EIP