[WIP] Add feature for CNI Custom Networking

pkg/apis/eksctl.io/v1alpha5/vpc.go

@@ -13,6 +13,8 @@ type (
 		// +optional
 		Network `json:",inline"` // global CIDR and VPC ID
 		// +optional
+		PodCIDRs []*ipnet.IPNet `json:"podCIDRs,omitempty"`
+		// +optional
 		SecurityGroup string `json:"securityGroup,omitempty"` // cluster SG
 		// subnets are either public or private for use with separate nodegroups
 		// these are keyed by AZ for convenience
@@ -21,6 +23,8 @@ type (
 		// for additional CIDR associations, e.g. to use with separate CIDR for
 		// private subnets or any ad-hoc subnets
 		// +optional
+		PodSubnets map[string]*CustomSubnets `json:"podSubnets,omitempty"`
+		// +optional
 		ExtraCIDRs []*ipnet.IPNet `json:"extraCIDRs,omitempty"`
 		// for pre-defined shared node SG
 		SharedNodeSecurityGroup string `json:"sharedNodeSecurityGroup,omitempty"`
@@ -39,6 +43,12 @@ type (
 		// +optional
 		CIDR *ipnet.IPNet `json:"cidr,omitempty"`
 	}
+
+	// PodSubnets holds the pod VPC CIDR and subnets
+	CustomSubnets struct {
+		CIDR    *ipnet.IPNet    `json:"cidr,omitempty"`
+		Subnets *ClusterSubnets `json:"subnets,omitempty"`
+	}
 )
 
 const (

pkg/cfn/builder/vpc.go

@@ -1,6 +1,7 @@
 package builder
 
 import (
+	"fmt"
 	"strings"
 
 	gfn "github.com/awslabs/goformation/cloudformation"
@@ -10,9 +11,9 @@ import (
 	"github.com/weaveworks/eksctl/pkg/vpc"
 )
 
-func (c *ClusterResourceSet) addSubnets(refRT *gfn.Value, topology api.SubnetTopology, subnets map[string]api.Network) {
+func (c *ClusterResourceSet) addSubnets(refRT *gfn.Value, topology api.SubnetTopology, subnets map[string]api.Network, kind string) {
 	for az, subnet := range subnets {
-		alias := string(topology) + strings.ToUpper(strings.Join(strings.Split(az, "-"), ""))
+		alias := string(kind) + string(topology) + strings.ToUpper(strings.Join(strings.Split(az, "-"), ""))
 		subnet := &gfn.AWSEC2Subnet{
 			AvailabilityZone: gfn.NewString(az),
 			CidrBlock:        gfn.NewString(subnet.CIDR.String()),
@@ -31,10 +32,21 @@ func (c *ClusterResourceSet) addSubnets(refRT *gfn.Value, topology api.SubnetTop
 			}}
 		}
 		refSubnet := c.newResource("Subnet"+alias, subnet)
-		c.newResource("RouteTableAssociation"+alias, &gfn.AWSEC2SubnetRouteTableAssociation{
-			SubnetId:     refSubnet,
-			RouteTableId: refRT,
-		})
+		if alias == "" {
+			c.newResource("RouteTableAssociation"+alias, &gfn.AWSEC2SubnetRouteTableAssociation{
+				SubnetId:     refSubnet,
+				RouteTableId: refRT,
+			})
+		} else {
+			c.newResource("RouteTableAssociation"+alias, &awsCloudFormationResource{
+				Type: "AWS::EC2::SubnetRouteTableAssociation",
+				Properties: map[string]interface{}{
+					"SubnetId":     refSubnet,
+					"RouteTableId": refRT,
+				},
+				DependsOn: []string{alias},
+			})
+		}
 		c.subnets[topology] = append(c.subnets[topology], refSubnet)
 	}
 }
@@ -49,6 +61,17 @@ func (c *ClusterResourceSet) addResourcesForVPC() {
 		EnableDnsHostnames: gfn.True(),
 	})
 
+	for i, podCIDR := range c.spec.VPC.PodCIDRs {
+		c.newResource(fmt.Sprintf("PodCIDR%d", i), &awsCloudFormationResource{
+			Type: "AWS::EC2::VPCCidrBlock",
+			Properties: map[string]interface{}{
+				"CidrBlock": podCIDR.String(),
+				"VpcId":     c.vpc,
+			},
+			DependsOn: []string{"VPC"},
+		})
+	}
+
 	c.subnets = make(map[api.SubnetTopology][]*gfn.Value)
 
 	refIG := c.newResource("InternetGateway", &gfn.AWSEC2InternetGateway{})
@@ -67,7 +90,7 @@ func (c *ClusterResourceSet) addResourcesForVPC() {
 		GatewayId:            refIG,
 	})
 
-	c.addSubnets(refPublicRT, api.SubnetTopologyPublic, c.spec.VPC.Subnets.Public)
+	c.addSubnets(refPublicRT, api.SubnetTopologyPublic, c.spec.VPC.Subnets.Public, "")
 
 	c.newResource("NATIP", &gfn.AWSEC2EIP{
 		Domain: gfn.NewString("vpc"),
@@ -89,7 +112,13 @@ func (c *ClusterResourceSet) addResourcesForVPC() {
 		NatGatewayId:         refNG,
 	})
 
-	c.addSubnets(refPrivateRT, api.SubnetTopologyPrivate, c.spec.VPC.Subnets.Private)
+	c.addSubnets(refPrivateRT, api.SubnetTopologyPrivate, c.spec.VPC.Subnets.Private, "")
+
+	// TODO add specific name for pod subnets
+	for i := range c.spec.VPC.PodCIDRs {
+
+		c.addSubnets(refPrivateRT, api.SubnetTopologyPrivate, c.spec.VPC.PodSubnets[fmt.Sprintf("eksctlGroup%d", i)].Subnets.Private, fmt.Sprintf("PodCIDR%d", i))
+	}
 }
 
 func (c *ClusterResourceSet) importResourcesForVPC() {

pkg/utils/ipnet/ipnet.go

@@ -7,7 +7,9 @@ package ipnet
 // TODO: this is not ideal, we should move this out or do something else about it.
 
 import (
+	"encoding/binary"
 	"encoding/json"
+	"fmt"
 	"net"
 	"reflect"
 
@@ -114,3 +116,29 @@ func MustParseCIDR(s string) *IPNet {
 	}
 	return cidr
 }
+
+// SplitIntoN splits the parent IPNet into n subnets
+func SplitIntoN(parent *net.IPNet, n int) ([]*net.IPNet, error) {
+	networkLength, _ := parent.Mask.Size()
+	networkLength += 3
+
+	var subnets []*net.IPNet
+	for i := 0; i < n; i++ {
+		ip4 := parent.IP.To4()
+		if ip4 != nil {
+			n := binary.BigEndian.Uint32(ip4)
+			n += uint32(i) << uint(32-networkLength)
+			subnetIP := make(net.IP, len(ip4))
+			binary.BigEndian.PutUint32(subnetIP, n)
+
+			subnets = append(subnets, &net.IPNet{
+				IP:   subnetIP,
+				Mask: net.CIDRMask(networkLength, 32),
+			})
+		} else {
+			return nil, fmt.Errorf("Unexpected IP address type: %s", parent)
+		}
+	}
+
+	return subnets, nil
+}

pkg/vpc/vpc.go

@@ -23,6 +23,7 @@ func SetSubnets(spec *api.ClusterConfig) error {
 	var err error
 
 	vpc := spec.VPC
+	vpc.PodSubnets = make(map[string]*api.CustomSubnets)
 	vpc.Subnets = &api.ClusterSubnets{
 		Private: map[string]api.Network{},
 		Public:  map[string]api.Network{},
@@ -31,10 +32,16 @@ func SetSubnets(spec *api.ClusterConfig) error {
 		cidr := api.DefaultCIDR()
 		vpc.CIDR = &cidr
 	}
-	prefix, _ := spec.VPC.CIDR.Mask.Size()
-	if (prefix < 16) || (prefix > 24) {
-		return fmt.Errorf("VPC CIDR prefix must be betwee /16 and /24")
+
+	cidrs := append(spec.VPC.PodCIDRs, vpc.CIDR)
+	for _, cidr := range cidrs {
+		prefix, _ := cidr.Mask.Size()
+		if (prefix < 16) || (prefix > 28) {
+			return fmt.Errorf("VPC CIDR (%v) prefix must be between /16 and /28", cidr)
+		}
 	}
+
+	// Create subnets for VPC CIDR
 	zoneCIDRs, err := subnet.SplitInto8(&spec.VPC.CIDR.IPNet)
 	if err != nil {
 		return err
@@ -59,6 +66,34 @@ func SetSubnets(spec *api.ClusterConfig) error {
 		logger.Info("subnets for %s - public:%s private:%s", zone, public.String(), private.String())
 	}
 
+	// Create subnets for pod CIDRs
+	for c, podCIDR := range spec.VPC.PodCIDRs {
+		logger.Info("pod CIDR %s", podCIDR.String()) // TODO delete
+		zoneCIDRs, err := ipnet.SplitIntoN(&podCIDR.IPNet, 4)
+		if err != nil {
+			return err
+		}
+
+		if zonesTotal > len(zoneCIDRs) {
+			return fmt.Errorf("insufficient number of subnets (have %d, but need %d) for %d availability zones", len(zoneCIDRs), 2*zonesTotal, zonesTotal)
+		}
+
+		podSubnets := &api.CustomSubnets{
+			Subnets: &api.ClusterSubnets{
+				Private: make(map[string]api.Network),
+			},
+		}
+		vpc.PodSubnets[fmt.Sprintf("eksctlGroup%d", c)] = podSubnets
+
+		for i, zone := range spec.AvailabilityZones {
+			private := zoneCIDRs[i]
+			vpc.PodSubnets[fmt.Sprintf("eksctlGroup%d", c)].Subnets.Private[zone] = api.Network{
+				CIDR: &ipnet.IPNet{IPNet: *private},
+			}
+			logger.Info("pod subnet for %s - private:%s", zone, private.String())
+		}
+	}
+
 	return nil
 }
 
@@ -73,11 +108,11 @@ func describeSubnets(provider api.ClusterProvider, subnetIDs ...string) ([]*ec2.
 	return output.Subnets, nil
 }
 
-func describe(povider api.ClusterProvider, vpcID string) (*ec2.Vpc, error) {
+func describe(provider api.ClusterProvider, vpcID string) (*ec2.Vpc, error) {
 	input := &ec2.DescribeVpcsInput{
 		VpcIds: []*string{aws.String(vpcID)},
 	}
-	output, err := povider.EC2().DescribeVpcs(input)
+	output, err := provider.EC2().DescribeVpcs(input)
 	if err != nil {
 		return nil, err
 	}