legacy-1-15: check for machine deployment subnets when collection reserved subnets

helm/aws-operator/templates/rbac.yaml

@@ -81,6 +81,21 @@ rules:
       - releases
     verbs:
       - get
+  # The aws-operator needs read and write access to all AWS specific
+  # infrastructure CRs we manage for Tenant Clusters.
+  - apiGroups:
+      - infrastructure.giantswarm.io
+    resources:
+      - awsclusters
+      - awsclusters/status
+      - awscontrolplanes
+      - awscontrolplanes/status
+      - awsmachinedeployments
+      - awsmachinedeployments/status
+      - g8scontrolplanes
+      - g8scontrolplanes/status
+    verbs:
+      - "*"
   # TODO drop create and delete permissions for namespaces when
   # legacy bundles are gone and clusterapi bundle v29 is the latest version.
   #

pkg/apis/infrastructure/v1alpha2/aws_cluster_funcs.go

@@ -0,0 +1,9 @@
+package v1alpha2
+
+func (c *AWSCluster) GetCommonClusterStatus() CommonClusterStatus {
+	return c.Status.Cluster
+}
+
+func (c *AWSCluster) SetCommonClusterStatus(s CommonClusterStatus) {
+	c.Status.Cluster = s
+}

pkg/apis/infrastructure/v1alpha2/aws_cluster_types.go

@@ -0,0 +1,170 @@
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	kindAWSCluster              = "AWSCluster"
+	awsClusterDocumentationLink = "https://docs.giantswarm.io/reference/cp-k8s-api/awsclusters.infrastructure.giantswarm.io/"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=aws;cluster-api;giantswarm
+// +k8s:openapi-gen=true
+
+// AWSCluster is the infrastructure provider referenced in upstream CAPI Cluster
+// CRs.
+type AWSCluster struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              AWSClusterSpec `json:"spec"`
+	// +kubebuilder:validation:Optional
+	// Spec part of the AWSCluster resource.
+	Status AWSClusterStatus `json:"status,omitempty"`
+}
+
+// AWSClusterSpec is the spec part for the AWSCluster resource.
+// +k8s:openapi-gen=true
+type AWSClusterSpec struct {
+	// Cluster specification details.
+	Cluster AWSClusterSpecCluster `json:"cluster"`
+	// Provider-specific configuration details.
+	Provider AWSClusterSpecProvider `json:"provider"`
+}
+
+// AWSClusterSpecCluster provides cluster specification details.
+// +k8s:openapi-gen=true
+type AWSClusterSpecCluster struct {
+	// User-friendly description that should explain the purpose of the
+	// cluster to humans.
+	Description string `json:"description"`
+	// DNS configuration details.
+	DNS AWSClusterSpecClusterDNS `json:"dns"`
+	// +kubebuilder:validation:Optional
+	// Flags passed to kube-proxy on each node.
+	KubeProxy AWSClusterSpecClusterKubeProxy `json:"kubeProxy,omitempty"`
+	// Configuration for OpenID Connect (OIDC) authentication.
+	OIDC AWSClusterSpecClusterOIDC `json:"oidc,omitempty"`
+}
+
+// AWSClusterSpecClusterDNS holds DNS configuration details.
+// +k8s:openapi-gen=true
+type AWSClusterSpecClusterDNS struct {
+	Domain string `json:"domain"`
+}
+
+// AWSClusterSpecClusterOIDC holds configuration for OpenID Connect (OIDC) authentication.
+// +k8s:openapi-gen=true
+type AWSClusterSpecClusterOIDC struct {
+	Claims    AWSClusterSpecClusterOIDCClaims `json:"claims,omitempty"`
+	ClientID  string                          `json:"clientID,omitempty"`
+	IssuerURL string                          `json:"issuerURL,omitempty"`
+}
+
+// AWSClusterSpecClusterOIDCClaims defines OIDC claims.
+// +k8s:openapi-gen=true
+type AWSClusterSpecClusterOIDCClaims struct {
+	Username string `json:"username,omitempty"`
+	Groups   string `json:"groups,omitempty"`
+}
+
+// AWSClusterSpecClusterKubeProxy describes values passed to the kube-proxy running in a tenant cluster.
+// +k8s:openapi-gen=true
+type AWSClusterSpecClusterKubeProxy struct {
+	// Maximum number of NAT connections to track per CPU core (0 for default).
+	// Passed to kube-proxy as --conntrack-max-per-core.
+	ConntrackMaxPerCore int `json:"conntrackMaxPerCore,omitempty"`
+}
+
+// AWSClusterSpecProvider holds some AWS details.
+// +k8s:openapi-gen=true
+type AWSClusterSpecProvider struct {
+	// Location of a secret providing the ARN of AWS IAM identity
+	// to use with this cluster.
+	CredentialSecret AWSClusterSpecProviderCredentialSecret `json:"credentialSecret"`
+	// +kubebuilder:validation:Optional
+	// Master holds master node configuration details.
+	// Note that this attribute is being deprecated. The master node specification can now be found in the AWSControlPlane resource.
+	Master AWSClusterSpecProviderMaster `json:"master,omitempty"`
+	// +kubebuilder:validation:Optional
+	// Pod network configuration.
+	Pods AWSClusterSpecProviderPods `json:"pods,omitempty"`
+	// AWS region the cluster is to be running in.
+	Region string `json:"region"`
+}
+
+// AWSClusterSpecProviderCredentialSecret details how to chose the AWS IAM identity ARN
+// to use with this cluster.
+// +k8s:openapi-gen=true
+type AWSClusterSpecProviderCredentialSecret struct {
+	// Name of the provider credential resoure.
+	Name string `json:"name"`
+	// Kubernetes namespace holding the provider credential.
+	Namespace string `json:"namespace"`
+}
+
+// AWSClusterSpecProviderMaster holds master node configuration details.
+// +k8s:openapi-gen=true
+type AWSClusterSpecProviderMaster struct {
+	// +kubebuilder:validation:Optional
+	// AWS availability zone to place the master node in.
+	AvailabilityZone string `json:"availabilityZone"`
+	// +kubebuilder:validation:Optional
+	// AWS EC2 instance type to use for the master node.
+	InstanceType string `json:"instanceType"`
+}
+
+// AWSClusterSpecProviderPods Pod network configuration.
+// +k8s:openapi-gen=true
+type AWSClusterSpecProviderPods struct {
+	// +kubebuilder:validation:Optional
+	// IPv4 address block used for pods, in CIDR notation.
+	CIDRBlock string `json:"cidrBlock,omitempty"`
+	// +kubebuilder:validation:Optional
+	// When set to false, pod connections outside the VPC where the pod is located will be NATed through the node primary IP. When set to true, all connections will use the pod IP.
+	ExternalSNAT *bool `json:"externalSNAT,omitempty"`
+}
+
+// AWSClusterStatus holds status information about the cluster, populated once the
+// cluster is in creation or created.
+// +k8s:openapi-gen=true
+type AWSClusterStatus struct {
+	// +kubebuilder:validation:Optional
+	// Cluster-specific status details, including conditions and versions.
+	Cluster CommonClusterStatus `json:"cluster,omitempty"`
+	// +kubebuilder:validation:Optional
+	// Provider-specific status details.
+	Provider AWSClusterStatusProvider `json:"provider,omitempty"`
+}
+
+// AWSClusterStatusProvider holds provider-specific status details.
+// +k8s:openapi-gen=true
+type AWSClusterStatusProvider struct {
+	// +kubebuilder:validation:Optional
+	// Network-specific configuration details
+	Network AWSClusterStatusProviderNetwork `json:"network,omitempty"`
+}
+
+// AWSClusterStatusProviderNetwork holds network details.
+// +k8s:openapi-gen=true
+type AWSClusterStatusProviderNetwork struct {
+	// +kubebuilder:validation:Optional
+	// IPv4 address block used by the tenant cluster nodes, in CIDR notation.
+	CIDR string `json:"cidr,omitempty"`
+	// +kubebuilder:validation:Optional
+	// Identifier of the AWS Virtual Private Cloud (VPC) of the tenant cluster, e.g. `vpc-1234567890abcdef0`.
+	VPCID string `json:"vpcID,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// AWSClusterList is the type returned when listing AWSCLuster resources.
+type AWSClusterList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []AWSCluster `json:"items"`
+}

pkg/apis/infrastructure/v1alpha2/aws_control_plane_types.go

@@ -0,0 +1,47 @@
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	kindAWSControlPlane              = "AWSControlPlane"
+	awsControlPlaneDocumentationLink = "https://docs.giantswarm.io/reference/cp-k8s-api/awscontrolplanes.infrastructure.giantswarm.io/"
+)
+
+// +genclient
+// +genclient:noStatus
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=aws;giantswarm
+// +kubebuilder:storageversion
+// +k8s:openapi-gen=true
+
+// AWSControlPlane is the infrastructure provider referenced in ControlPlane
+// CRs. Represents the master nodes (also called Control Plane) of a tenant
+// cluster on AWS. Reconciled by aws-operator.
+type AWSControlPlane struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	// Specification part of the resource.
+	Spec AWSControlPlaneSpec `json:"spec"`
+}
+
+// +k8s:openapi-gen=true
+type AWSControlPlaneSpec struct {
+	// +kubebuilder:validation:Optional
+	// Configures which AWS availability zones to use by master nodes, as a list
+	// of availability zone names like e. g. `eu-central-1c`. We support either
+	// 1 or 3 availability zones.
+	AvailabilityZones []string `json:"availabilityZones,omitempty"`
+	// +kubebuilder:validation:Optional
+	// EC2 instance type identifier to use for the master node(s).
+	InstanceType string `json:"instanceType,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type AWSControlPlaneList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []AWSControlPlane `json:"items"`
+}

pkg/apis/infrastructure/v1alpha2/aws_machine_deployment_funcs.go

@@ -0,0 +1,5 @@
+package v1alpha2
+
+const (
+	kindAWSMachineDeployment = "AWSMachineDeployment"
+)

pkg/apis/infrastructure/v1alpha2/aws_machine_deployment_types.go

@@ -0,0 +1,134 @@
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=aws;giantswarm;cluster-api
+// +k8s:openapi-gen=true
+
+// AWSMachineDeployment is the infrastructure provider referenced in Kubernetes Cluster API MachineDeployment resources.
+// It contains provider-specific specification and status for a node pool.
+// In use on AWS since Giant Swarm release v10.x.x and reconciled by aws-operator.
+type AWSMachineDeployment struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	// Contains the specification.
+	Spec AWSMachineDeploymentSpec `json:"spec"`
+	// +kubebuilder:validation:Optional
+	// Holds status information.
+	Status AWSMachineDeploymentStatus `json:"status,omitempty"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpec struct {
+	// Specifies details of node pool and the worker nodes it should contain.
+	NodePool AWSMachineDeploymentSpecNodePool `json:"nodePool"`
+	// Contains AWS specific details.
+	Provider AWSMachineDeploymentSpecProvider `json:"provider"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpecNodePool struct {
+	// User-friendly name or description of the purpose of the node pool.
+	Description string `json:"description"`
+	// Specification of the worker node machine.
+	Machine AWSMachineDeploymentSpecNodePoolMachine `json:"machine"`
+	// Scaling settings for the node pool, configuring the cluster-autoscaler
+	// determining the number of nodes to have in this node pool.
+	Scaling AWSMachineDeploymentSpecNodePoolScaling `json:"scaling"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpecNodePoolMachine struct {
+	// Size of the volume reserved for Docker images and overlay file systems of
+	// Docker containers. Unit: 1 GB = 1,000,000,000 Bytes.
+	DockerVolumeSizeGB int `json:"dockerVolumeSizeGB"`
+	// Size of the volume reserved for the kubelet, which can be used by Pods via
+	// volumes of type EmptyDir. Unit: 1 GB = 1,000,000,000 Bytes.
+	KubeletVolumeSizeGB int `json:"kubeletVolumeSizeGB"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpecNodePoolScaling struct {
+	// Maximum number of worker nodes in this node pool.
+	Max int `json:"max"`
+	// Minimum number of worker nodes in this node pool.
+	Min int `json:"min"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpecProvider struct {
+	// Name(s) of the availability zone(s) to use for worker nodes. Using multiple
+	// availability zones results in higher resilience but can also result in higher
+	// cost due to network traffic between availability zones.
+	AvailabilityZones []string `json:"availabilityZones"`
+	// +kubebuilder:validation:Optional
+	// Settings defining the distribution of on-demand and spot instances in the node pool.
+	InstanceDistribution AWSMachineDeploymentSpecInstanceDistribution `json:"instanceDistribution,omitempty"`
+	// Specification of worker nodes.
+	Worker AWSMachineDeploymentSpecProviderWorker `json:"worker"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpecInstanceDistribution struct {
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=0
+	// +kubebuilder:validation:Minimum=0
+	// Base capacity of on-demand instances to use for worker nodes in this pool. When this larger
+	// than 0, this value defines a number of worker nodes that will be created using on-demand
+	// EC2 instances, regardless of the value configured as `onDemandPercentageAboveBaseCapacity`.
+	OnDemandBaseCapacity int `json:"onDemandBaseCapacity"`
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Maximum=100
+	// +kubebuilder:validation:Minimum=0
+	// Percentage of on-demand EC2 instances to use for worker nodes, instead of spot instances,
+	// for instances exceeding `onDemandBaseCapacity`. For example, to have half of the worker nodes
+	// use spot instances and half use on-demand, set this value to 50.
+	OnDemandPercentageAboveBaseCapacity *int `json:"onDemandPercentageAboveBaseCapacity"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentSpecProviderWorker struct {
+	// AWS EC2 instance type name to use for the worker nodes in this node pool.
+	InstanceType string `json:"instanceType"`
+	// +kubebuilder:default=false
+	// If true, certain instance types with specs similar to instanceType will be used.
+	UseAlikeInstanceTypes bool `json:"useAlikeInstanceTypes"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentStatus struct {
+	// +kubebuilder:validation:Optional
+	// Status specific to AWS.
+	Provider AWSMachineDeploymentStatusProvider `json:"provider,omitempty"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentStatusProvider struct {
+	// +kubebuilder:validation:Optional
+	// Status of worker nodes.
+	Worker AWSMachineDeploymentStatusProviderWorker `json:"worker,omitempty"`
+}
+
+// +k8s:openapi-gen=true
+type AWSMachineDeploymentStatusProviderWorker struct {
+	// +kubebuilder:validation:Optional
+	// AWS EC2 instance types used for the worker nodes in this node pool.
+	InstanceTypes []string `json:"instanceTypes,omitempty"`
+	// +kubebuilder:validation:Optional
+	// Number of EC2 spot instances used in this node pool.
+	SpotInstances int `json:"spotInstances,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type AWSMachineDeploymentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []AWSMachineDeployment `json:"items"`
+}

pkg/apis/infrastructure/v1alpha2/cluster.go

@@ -0,0 +1,5 @@
+package v1alpha2
+
+const (
+	defaultMasterInstanceType = "m5.xlarge"
+)