Default set NATGatway for outbound traffic if cluster is not using IPv6 #3365
Conversation
k8s-ci-robot
added
release-note
|
Hi @xiujuanx. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
xiujuanx
force-pushed
the
default-set-natgateway
branch
from
37b3948 to
4e4db5a
Compare
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
api/v1beta1/azurecluster_default.go
Outdated
| @@ -128,6 +130,12 @@ func (c *AzureCluster) setSubnetDefaults() { | |||
| if subnet.NatGateway.NatGatewayIP.Name == "" { | |||
| subnet.NatGateway.NatGatewayIP.Name = generateNatGatewayIPName(c.ObjectMeta.Name, subnet.Name) | |||
| } | |||
| } else { | |||
| if !subnet.IsIPv6Enabled() { | |||
There was a problem hiding this comment.
Should this if statement be outside of the else block? Looking through the issue details, it looks like the intended behavior is to set NAT Gateway by default if not using IPv6, regardless of whether a name has been provided or not.
There was a problem hiding this comment.
Thanks @willie-yao for your review! I think put the statement be outside of the else block is ok.
For a subnet, if the NAT gateway name is provided, this means NAT gateway has beed enabled, we don't need to set it again. If the NAT gateway name doesn't be provided, then I will go to check if it's using IPv6, if not, then I will set NAT gateway by default, otherwise, I will keep the original subnet settings and do nothing.
There was a problem hiding this comment.
Ah that makes sense, thanks for the detailed explanation!
There was a problem hiding this comment.
instead of adding an else condition here with another nested if loop, have you considered directly modifying the conditions for which IsNatGatewayEnabled returns true? and setting the name in NAT gateway name in the block above when it's not already set. This would avoid duplicate code of setting the IP name and nested if/else statements.
There was a problem hiding this comment.
@CecileRobertMichon Thanks for your review! Indeed, there has a duplicate code for setting NAT gateway IP name. But if I modify the condition of IsNatGatewayEnabled and set the name of NAT gateway name if it's not set yet in this func, then I need to call generateNatGatewayName func in type.go file. This will cause an inconsistency from current CAPZ codes in main branch. Although this does not cause any logical problems, it just looks less elegant formally. So I prefer to judge if this is a IPv6 cluster first, then go to judge if IsNatGatewayEnabled or not. This will also avoid duplication. Does this make sense?
xiujuanx
force-pushed
the
default-set-natgateway
branch
2 times, most recently
from
6d78d72 to
950a4b1
Compare
xiujuanx
force-pushed
the
default-set-natgateway
branch
from
950a4b1 to
81f8811
Compare
|
/lgtm Apologies for the delay. Thanks for getting back to me about the tests! This looks great and thanks for the great work on this @xiujuanx |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 06fdafa7548ee8271626444a141eec984b95f517
|
|
@willie-yao Thanks for your kind review! Does this pr can be approved now? |
|
@xiujuanx Yes, pinging approvers for a review. @CecileRobertMichon @mboersma @jackfrancis |
k8s-ci-robot
added
cncf-cla: yes
xiujuanx
force-pushed
the
default-set-natgateway
branch
from
1cb71ab to
e60f052
Compare
k8s-ci-robot
added
size/XL
|
/test pull-cluster-api-provider-azure-capi-e2e |
1 similar comment
|
/test pull-cluster-api-provider-azure-capi-e2e |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 94d9a623e850934f5343b9da8f99f8c1f94570bf
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: CecileRobertMichon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Late to party on this PR. |
|
/hold to answer @sonasingh46's question above |
k8s-ci-robot
added
the
do-not-merge/hold
This is only changing the webhook default so it shouldn't affect existing clusters AFAIK |
|
@CecileRobertMichon -- Thanks. I am just thinking about the following scenario.
|
|
/lgtm |
|
@sonasingh46 I think the migration would be possible but the user would have to opt in (i.e. edit the resource and specify a NAT), have not tested this though. agree it's out of scope for this PR /hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
@sonasingh46 I think the migration would be possible but the user would have to opt in (i.e. edit the resource and specify a NAT), have not tested this though. agree it's out of scope for this PR /hold cancel |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR sets the default subnet to be NAT gateway if the cluster is not using IPv6. It both sets AzureCluster and AzureClusterTemplate.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #1532
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note: