diff --git a/apis/eks/v1beta1/types.go b/apis/eks/v1beta1/types.go index 50e62063c2..91824267da 100644 --- a/apis/eks/v1beta1/types.go +++ b/apis/eks/v1beta1/types.go @@ -62,6 +62,11 @@ type ClusterParameters struct { // +optional EncryptionConfig []EncryptionConfig `json:"encryptionConfig,omitempty"` + // The Kubernetes network configuration for the cluster. + // +immutable + // +optional + KubernetesNetworkConfig *KubernetesNetworkConfigRequest `json:"kubernetesNetworkConfig,omitempty"` + // Enable or disable exporting the Kubernetes control plane logs for your cluster // to CloudWatch Logs. By default, cluster control plane logs aren't exported // to CloudWatch Logs. For more information, see Amazon EKS Cluster Control @@ -151,6 +156,55 @@ type Provider struct { KeyArn string `json:"keyArn"` } +// IPFamily specifies the ip family +type IPFamily string + +const ( + // IPFamilyIpv4 means ipv4 + IPFamilyIpv4 IPFamily = "ipv4" + // IPFamilyIpv6 means ipv6 + IPFamilyIpv6 IPFamily = "ipv6" +) + +// KubernetesNetworkConfigRequest specifies the Kubernetes network configuration for the cluster. +type KubernetesNetworkConfigRequest struct { + // Specify which IP family is used to assign Kubernetes pod and service IP + // addresses. If you don't specify a value, ipv4 is used by default. You can only + // specify an IP family when you create a cluster and can't change this value once + // the cluster is created. If you specify ipv6, the VPC and subnets that you + // specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned + // to them. You can't specify ipv6 for clusters in China Regions. You can only + // specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the + // Amazon VPC CNI add-on. If you specify ipv6, then ensure that your VPC meets the + // requirements listed in the considerations listed in Assigning IPv6 addresses to + // pods and services + // (https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the Amazon + // EKS User Guide. Kubernetes assigns services IPv6 addresses from the unique local + // address range (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod + // addresses are assigned from the subnet's IPv6 CIDR. + IPFamily IPFamily `json:"ipFamily"` + + // Don't specify a value if you select ipv6 for ipFamily. The CIDR block to assign + // Kubernetes service IP addresses from. If you don't specify a block, Kubernetes + // assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We + // recommend that you specify a block that does not overlap with resources in other + // networks that are peered or connected to your VPC. The block must meet the + // following requirements: + // + // * Within one of the following private IP address + // blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. + // + // * Doesn't overlap with + // any CIDR block assigned to the VPC that you selected for VPC. + // + // * Between /24 and + // /12. + // + // You can only specify a custom CIDR block when you create a cluster and + // can't change this value once the cluster is created. + ServiceIpv4Cidr string `json:"serviceIpv4Cidr,omitempty"` +} + // Logging in the logging configuration for a cluster. type Logging struct { // The cluster control plane logging configuration for your cluster. @@ -277,6 +331,9 @@ type ClusterObservation struct { // Amazon Web Services cloud. OutpostConfig OutpostConfigResponse `json:"outpostConfig,omitempty"` + // The Kubernetes network configuration for the cluster. + KubernetesNetworkConfig KubernetesNetworkConfigResponse `json:"kubernetesNetworkConfig,omitempty"` + // The VPC configuration used by the cluster control plane. Amazon EKS VPC resources // have specific requirements to work properly with Kubernetes. For more information, // see Cluster VPC Considerations (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) @@ -351,6 +408,32 @@ type OutpostConfigResponse struct { // contains filtered or unexported fields } +// KubernetesNetworkConfigResponse specifies the Kubernetes network configuration for the cluster. +// The response contains a value for serviceIpv6Cidr or serviceIpv4Cidr, but not both. +type KubernetesNetworkConfigResponse struct { + // The IP family used to assign Kubernetes pod and service IP addresses. The IP + // family is always ipv4, unless you have a 1.21 or later cluster running version + // 1.10.1 or later of the Amazon VPC CNI add-on and specified ipv6 when you created + // the cluster. + IPFamily IPFamily `json:"ipFamily,omitempty"` + + // The CIDR block that Kubernetes pod and service IP addresses are assigned from. + // Kubernetes assigns addresses from an IPv4 CIDR block assigned to a subnet that + // the node is in. If you didn't specify a CIDR block when you created the cluster, + // then Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 + // CIDR blocks. If this was specified, then it was specified when the cluster was + // created and it can't be changed. + ServiceIpv4Cidr string `json:"serviceIpv4Cidr,omitempty"` + + // The CIDR block that Kubernetes pod and service IP addresses are assigned from if + // you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon + // VPC CNI add-on and specified ipv6 for ipFamily when you created the cluster. + // Kubernetes assigns service addresses from the unique local address range + // (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create + // the cluster. + ServiceIpv6Cidr string `json:"serviceIpv6Cidr,omitempty"` +} + // VpcConfigResponse is the observed VPC configuration for a cluster. type VpcConfigResponse struct { // The cluster security group that was created by Amazon EKS for the cluster. diff --git a/apis/eks/v1beta1/zz_generated.deepcopy.go b/apis/eks/v1beta1/zz_generated.deepcopy.go index b3b11e5a95..5b51195ec2 100644 --- a/apis/eks/v1beta1/zz_generated.deepcopy.go +++ b/apis/eks/v1beta1/zz_generated.deepcopy.go @@ -94,6 +94,7 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { } out.Identity = in.Identity in.OutpostConfig.DeepCopyInto(&out.OutpostConfig) + out.KubernetesNetworkConfig = in.KubernetesNetworkConfig out.ResourcesVpcConfig = in.ResourcesVpcConfig } @@ -122,6 +123,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.KubernetesNetworkConfig != nil { + in, out := &in.KubernetesNetworkConfig, &out.KubernetesNetworkConfig + *out = new(KubernetesNetworkConfigRequest) + **out = **in + } if in.Logging != nil { in, out := &in.Logging, &out.Logging *out = new(Logging) @@ -443,6 +449,36 @@ func (in *Identity) DeepCopy() *Identity { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesNetworkConfigRequest) DeepCopyInto(out *KubernetesNetworkConfigRequest) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesNetworkConfigRequest. +func (in *KubernetesNetworkConfigRequest) DeepCopy() *KubernetesNetworkConfigRequest { + if in == nil { + return nil + } + out := new(KubernetesNetworkConfigRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesNetworkConfigResponse) DeepCopyInto(out *KubernetesNetworkConfigResponse) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesNetworkConfigResponse. +func (in *KubernetesNetworkConfigResponse) DeepCopy() *KubernetesNetworkConfigResponse { + if in == nil { + return nil + } + out := new(KubernetesNetworkConfigResponse) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LogSetup) DeepCopyInto(out *LogSetup) { *out = *in diff --git a/package/crds/eks.aws.crossplane.io_clusters.yaml b/package/crds/eks.aws.crossplane.io_clusters.yaml index 96e5fbec9c..68395c8e25 100644 --- a/package/crds/eks.aws.crossplane.io_clusters.yaml +++ b/package/crds/eks.aws.crossplane.io_clusters.yaml @@ -97,6 +97,47 @@ spec: - resources type: object type: array + kubernetesNetworkConfig: + description: The Kubernetes network configuration for the cluster. + properties: + ipFamily: + description: Specify which IP family is used to assign Kubernetes + pod and service IP addresses. If you don't specify a value, + ipv4 is used by default. You can only specify an IP family + when you create a cluster and can't change this value once + the cluster is created. If you specify ipv6, the VPC and + subnets that you specify for cluster creation must have + both IPv4 and IPv6 CIDR blocks assigned to them. You can't + specify ipv6 for clusters in China Regions. You can only + specify ipv6 for 1.21 and later clusters that use version + 1.10.1 or later of the Amazon VPC CNI add-on. If you specify + ipv6, then ensure that your VPC meets the requirements listed + in the considerations listed in Assigning IPv6 addresses + to pods and services (https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) + in the Amazon EKS User Guide. Kubernetes assigns services + IPv6 addresses from the unique local address range (fc00::/7). + You can't specify a custom IPv6 CIDR block. Pod addresses + are assigned from the subnet's IPv6 CIDR. + type: string + serviceIpv4Cidr: + description: "Don't specify a value if you select ipv6 for + ipFamily. The CIDR block to assign Kubernetes service IP + addresses from. If you don't specify a block, Kubernetes + assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 + CIDR blocks. We recommend that you specify a block that + does not overlap with resources in other networks that are + peered or connected to your VPC. The block must meet the + following requirements: \n * Within one of the following + private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or + 192.168.0.0/16. \n * Doesn't overlap with any CIDR block + assigned to the VPC that you selected for VPC. \n * Between + /24 and /12. \n You can only specify a custom CIDR block + when you create a cluster and can't change this value once + the cluster is created." + type: string + required: + - ipFamily + type: object logging: description: "Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, @@ -697,6 +738,37 @@ spec: type: string type: object type: object + kubernetesNetworkConfig: + description: The Kubernetes network configuration for the cluster. + properties: + ipFamily: + description: The IP family used to assign Kubernetes pod and + service IP addresses. The IP family is always ipv4, unless + you have a 1.21 or later cluster running version 1.10.1 + or later of the Amazon VPC CNI add-on and specified ipv6 + when you created the cluster. + type: string + serviceIpv4Cidr: + description: The CIDR block that Kubernetes pod and service + IP addresses are assigned from. Kubernetes assigns addresses + from an IPv4 CIDR block assigned to a subnet that the node + is in. If you didn't specify a CIDR block when you created + the cluster, then Kubernetes assigns addresses from either + the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. If this + was specified, then it was specified when the cluster was + created and it can't be changed. + type: string + serviceIpv6Cidr: + description: The CIDR block that Kubernetes pod and service + IP addresses are assigned from if you created a 1.21 or + later cluster with version 1.10.1 or later of the Amazon + VPC CNI add-on and specified ipv6 for ipFamily when you + created the cluster. Kubernetes assigns service addresses + from the unique local address range (fc00::/7) because you + can't specify a custom IPv6 CIDR block when you create the + cluster. + type: string + type: object outpostConfig: description: An object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services Outpost. diff --git a/pkg/clients/eks/eks.go b/pkg/clients/eks/eks.go index fb17661f90..0051ee8f58 100644 --- a/pkg/clients/eks/eks.go +++ b/pkg/clients/eks/eks.go @@ -122,6 +122,15 @@ func GenerateCreateClusterInput(name string, p *v1beta1.ClusterParameters) *eks. c.EncryptionConfig = GenerateEncryptionConfig(p) } + if p.KubernetesNetworkConfig != nil { + c.KubernetesNetworkConfig = &ekstypes.KubernetesNetworkConfigRequest{ + IpFamily: ekstypes.IpFamily(p.KubernetesNetworkConfig.IPFamily), + } + if p.KubernetesNetworkConfig.ServiceIpv4Cidr != "" { + c.KubernetesNetworkConfig.ServiceIpv4Cidr = awsclients.String(p.KubernetesNetworkConfig.ServiceIpv4Cidr) + } + } + c.ResourcesVpcConfig = &ekstypes.VpcConfigRequest{ EndpointPrivateAccess: p.ResourcesVpcConfig.EndpointPrivateAccess, EndpointPublicAccess: p.ResourcesVpcConfig.EndpointPublicAccess, @@ -257,6 +266,14 @@ func GenerateObservation(cluster *ekstypes.Cluster) v1beta1.ClusterObservation { } } + if cluster.KubernetesNetworkConfig != nil { + o.KubernetesNetworkConfig = v1beta1.KubernetesNetworkConfigResponse{ + IPFamily: v1beta1.IPFamily(cluster.KubernetesNetworkConfig.IpFamily), + ServiceIpv4Cidr: awsclients.StringValue(cluster.KubernetesNetworkConfig.ServiceIpv4Cidr), + ServiceIpv6Cidr: awsclients.StringValue(cluster.KubernetesNetworkConfig.ServiceIpv6Cidr), + } + } + if cluster.ResourcesVpcConfig != nil { o.ResourcesVpcConfig = v1beta1.VpcConfigResponse{ ClusterSecurityGroupID: awsclients.StringValue(cluster.ResourcesVpcConfig.ClusterSecurityGroupId),