Merge pull request #458 from vpnachev/rel-1.0/provider-gcp/expose-clo…

…ud-nat-minimal-ports

[release-1.0] Expose CloudNAT Minimal Ports per VM

controllers/provider-gcp/charts/internal/gcp-infra/templates/main.tf

@@ -54,6 +54,7 @@ resource "google_compute_router_nat" "nat" {
     name                    =  "${google_compute_subnetwork.subnetwork-nodes.self_link}"
     source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
   }
+  min_ports_per_vm = "{{ required "networks.cloudNAT.minPortsPerVM is required" .Values.networks.cloudNAT.minPortsPerVM }}"
 
   log_config {
     enable = true

controllers/provider-gcp/charts/internal/gcp-infra/values.yaml

@@ -14,6 +14,8 @@ vpc:
 clusterName: test-namespace
 
 networks:
+  cloudNAT:
+    minPortsPerVM: 2048
   services: 100.64.0.0/13
   pods: 100.96.0.0/11
   worker: 10.250.0.0/19
@@ -25,4 +27,4 @@ outputKeys:
   cloudRouter: cloud_router
   subnetNodes: subnet_nodes
   serviceAccountEmail: service_account_email
-  subnetInternal: subnet_internal
+  subnetInternal: subnet_internal

controllers/provider-gcp/docs/usage-as-end-user.md

@@ -38,6 +38,8 @@ networks:
 #     name: my-cloudrouter
   worker: 10.250.0.0/16
 # internal: 10.251.0.0/16
+# cloudNAT:
+#   minPortsPerVM: 2048
 ```
 
 The `networks.vpc` section describes whether you want to create the shoot cluster in an already existing VPC or whether to create a new one:
@@ -55,6 +57,8 @@ The `networks.workers` section describes the CIDR for a subnet that is used for
 
 The `networks.internal` section is optional and can describe a CIDR for a subnet that is used for [internal load balancers](https://cloud.google.com/load-balancing/docs/internal/),
 
+The `networks.cloudNAT.minPortsPerVM` is optional and is used to define the [minimum number of ports allocated to a VM for the CloudNAT](https://cloud.google.com/nat/docs/overview#number_of_nat_ports_and_connections)
+
 The specified CIDR ranges must be contained in the VPC CIDR specified above, or the VPC CIDR of your already existing VPC.
 You can freely choose these CIDRs and it is your responsibility to properly design the network layout to suit your needs.
 

controllers/provider-gcp/example/30-infrastructure.yaml

@@ -57,4 +57,5 @@ spec:
     #     name: my-cloudrouter
       worker: 10.242.0.0/19
     # internal: 10.243.0.0/19
-
+    # cloudNAT:
+    #   minPortsPerVM: 2048

controllers/provider-gcp/hack/api-reference/api.md

@@ -196,6 +196,38 @@ map[string]bool
 </tr>
 </tbody>
 </table>
+<h3 id="gcp.provider.extensions.gardener.cloud/v1alpha1.CloudNAT">CloudNAT
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gcp.provider.extensions.gardener.cloud/v1alpha1.NetworkConfig">NetworkConfig</a>)
+</p>
+<p>
+<p>CloudNAT contains information about the the CloudNAT configuration</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>minPortsPerVM</code></br>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>MinPortsPerVM is the minimum number of ports allocated to a VM in the NAT config.
+The default value is 2048 ports.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="gcp.provider.extensions.gardener.cloud/v1alpha1.CloudRouter">CloudRouter
 </h3>
 <p>
@@ -434,6 +466,20 @@ VPC
 </tr>
 <tr>
 <td>
+<code>cloudNAT</code></br>
+<em>
+<a href="#gcp.provider.extensions.gardener.cloud/v1alpha1.CloudNAT">
+CloudNAT
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>CloudNAT contains configation about the the CloudNAT configuration</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>internal</code></br>
 <em>
 string

controllers/provider-gcp/pkg/apis/gcp/types_infrastructure.go

@@ -33,6 +33,8 @@ type InfrastructureConfig struct {
 type NetworkConfig struct {
 	// VPC indicates whether to use an existing VPC or create a new one.
 	VPC *VPC
+	// CloudNAT contains configation about the the CloudNAT resource
+	CloudNAT *CloudNAT
 	// Internal is a private subnet (used for internal load balancers).
 	Internal *string
 	// Workers is the worker subnet range to create (used for the VMs).
@@ -92,3 +94,10 @@ type CloudRouter struct {
 	// Name is the CloudRouter name.
 	Name string
 }
+
+// CloudNAT contains information about the the CloudNAT configuration
+type CloudNAT struct {
+	// MinPortsPerVM is the minimum number of ports allocated to a VM in the NAT config.
+	// The default value is 2048 ports.
+	MinPortsPerVM *int32
+}

controllers/provider-gcp/pkg/apis/gcp/v1alpha1/types_infrastructure.go

@@ -34,6 +34,9 @@ type NetworkConfig struct {
 	// VPC indicates whether to use an existing VPC or create a new one.
 	// +optional
 	VPC *VPC `json:"vpc,omitempty"`
+	// CloudNAT contains configation about the the CloudNAT configuration
+	// +optional
+	CloudNAT *CloudNAT `json:"cloudNAT,omitempty"`
 	// Internal is a private subnet (used for internal load balancers).
 	// +optional
 	Internal *string `json:"internal,omitempty"`
@@ -95,3 +98,11 @@ type CloudRouter struct {
 	// Name is the CloudRouter name.
 	Name string `json:"name,omitempty"`
 }
+
+// CloudNAT contains information about the the CloudNAT configuration
+type CloudNAT struct {
+	// MinPortsPerVM is the minimum number of ports allocated to a VM in the NAT config.
+	// The default value is 2048 ports.
+	// +optional
+	MinPortsPerVM *int32 `json:"minPortsPerVM,omitempty"`
+}

controllers/provider-gcp/pkg/internal/infrastructure/terraform.go

@@ -69,6 +69,7 @@ func ComputeTerraformerChartValues(
 		createVPC         = true
 		createCloudRouter = true
 		cloudRouterName   string
+		minPortsPerVM     = int32(2048)
 	)
 
 	if config.Networks.VPC != nil {
@@ -81,6 +82,12 @@ func ComputeTerraformerChartValues(
 		}
 	}
 
+	if config.Networks.CloudNAT != nil {
+		if config.Networks.CloudNAT.MinPortsPerVM != nil {
+			minPortsPerVM = *config.Networks.CloudNAT.MinPortsPerVM
+		}
+	}
+
 	vpc := map[string]interface{}{
 		"name": vpcName,
 	}
@@ -107,6 +114,9 @@ func ComputeTerraformerChartValues(
 			"services": extensionscontroller.GetServiceNetwork(cluster),
 			"worker":   config.Networks.Worker,
 			"internal": config.Networks.Internal,
+			"cloudNAT": map[string]interface{}{
+				"minPortsPerVM": minPortsPerVM,
+			},
 		},
 		"outputKeys": map[string]interface{}{
 			"vpcName":             TerraformerOutputKeyVPCName,

controllers/provider-gcp/pkg/internal/infrastructure/terraform_test.go

@@ -42,6 +42,8 @@ var _ = Describe("Terraform", func() {
 		serviceAccountData []byte
 		serviceAccount     *internal.ServiceAccount
 
+		minPortsPerVM = int32(2048)
+
 		podsCIDR     = "11.0.0.0/16"
 		servicesCIDR = "12.0.0.0/16"
 
@@ -218,6 +220,9 @@ var _ = Describe("Terraform", func() {
 					"services": servicesCIDR,
 					"worker":   config.Networks.Worker,
 					"internal": config.Networks.Internal,
+					"cloudNAT": map[string]interface{}{
+						"minPortsPerVM": minPortsPerVM,
+					},
 				},
 				"outputKeys": map[string]interface{}{
 					"vpcName":             TerraformerOutputKeyVPCName,
@@ -252,6 +257,9 @@ var _ = Describe("Terraform", func() {
 					"services": servicesCIDR,
 					"worker":   config.Networks.Worker,
 					"internal": config.Networks.Internal,
+					"cloudNAT": map[string]interface{}{
+						"minPortsPerVM": minPortsPerVM,
+					},
 				},
 				"outputKeys": map[string]interface{}{
 					"vpcName":             TerraformerOutputKeyVPCName,