From 08a0ec3f95ce419f9ec2e31577f7eed94e8c1dda Mon Sep 17 00:00:00 2001 From: Vladimir Nachev Date: Wed, 20 Nov 2019 22:51:48 +0200 Subject: [PATCH] Expose CloudNAT Minimal Ports per VM --- .../internal/gcp-infra/templates/main.tf | 1 + .../charts/internal/gcp-infra/values.yaml | 4 +- .../provider-gcp/docs/usage-as-end-user.md | 4 ++ .../example/30-infrastructure.yaml | 3 +- .../provider-gcp/hack/api-reference/api.md | 46 +++++++++++++++++++ .../pkg/apis/gcp/types_infrastructure.go | 9 ++++ .../apis/gcp/v1alpha1/types_infrastructure.go | 11 +++++ .../gcp/v1alpha1/zz_generated.conversion.go | 32 +++++++++++++ .../gcp/v1alpha1/zz_generated.deepcopy.go | 26 +++++++++++ .../pkg/apis/gcp/zz_generated.deepcopy.go | 26 +++++++++++ .../pkg/internal/infrastructure/terraform.go | 10 ++++ .../internal/infrastructure/terraform_test.go | 8 ++++ 12 files changed, 178 insertions(+), 2 deletions(-) diff --git a/controllers/provider-gcp/charts/internal/gcp-infra/templates/main.tf b/controllers/provider-gcp/charts/internal/gcp-infra/templates/main.tf index b95909101..139ac2064 100644 --- a/controllers/provider-gcp/charts/internal/gcp-infra/templates/main.tf +++ b/controllers/provider-gcp/charts/internal/gcp-infra/templates/main.tf @@ -54,6 +54,7 @@ resource "google_compute_router_nat" "nat" { name = "${google_compute_subnetwork.subnetwork-nodes.self_link}" source_ip_ranges_to_nat = ["ALL_IP_RANGES"] } + min_ports_per_vm = "{{ required "networks.cloudNAT.minPortsPerVM is required" .Values.networks.cloudNAT.minPortsPerVM }}" log_config { enable = true diff --git a/controllers/provider-gcp/charts/internal/gcp-infra/values.yaml b/controllers/provider-gcp/charts/internal/gcp-infra/values.yaml index 3610695b4..3d6037635 100644 --- a/controllers/provider-gcp/charts/internal/gcp-infra/values.yaml +++ b/controllers/provider-gcp/charts/internal/gcp-infra/values.yaml @@ -14,6 +14,8 @@ vpc: clusterName: test-namespace networks: + cloudNAT: + minPortsPerVM: 2048 services: 100.64.0.0/13 pods: 100.96.0.0/11 worker: 10.250.0.0/19 @@ -25,4 +27,4 @@ outputKeys: cloudRouter: cloud_router subnetNodes: subnet_nodes serviceAccountEmail: service_account_email - subnetInternal: subnet_internal \ No newline at end of file + subnetInternal: subnet_internal diff --git a/controllers/provider-gcp/docs/usage-as-end-user.md b/controllers/provider-gcp/docs/usage-as-end-user.md index 73729fe3e..2d6bd6ad5 100644 --- a/controllers/provider-gcp/docs/usage-as-end-user.md +++ b/controllers/provider-gcp/docs/usage-as-end-user.md @@ -38,6 +38,8 @@ networks: # name: my-cloudrouter worker: 10.250.0.0/16 # internal: 10.251.0.0/16 +# cloudNAT: +# minPortsPerVM: 2048 ``` The `networks.vpc` section describes whether you want to create the shoot cluster in an already existing VPC or whether to create a new one: @@ -55,6 +57,8 @@ The `networks.workers` section describes the CIDR for a subnet that is used for The `networks.internal` section is optional and can describe a CIDR for a subnet that is used for [internal load balancers](https://cloud.google.com/load-balancing/docs/internal/), +The `networks.cloudNAT.minPortsPerVM` is optional and is used to define the [minimum number of ports allocated to a VM for the CloudNAT](https://cloud.google.com/nat/docs/overview#number_of_nat_ports_and_connections) + The specified CIDR ranges must be contained in the VPC CIDR specified above, or the VPC CIDR of your already existing VPC. You can freely choose these CIDRs and it is your responsibility to properly design the network layout to suit your needs. diff --git a/controllers/provider-gcp/example/30-infrastructure.yaml b/controllers/provider-gcp/example/30-infrastructure.yaml index 7677aab04..a400ad62f 100644 --- a/controllers/provider-gcp/example/30-infrastructure.yaml +++ b/controllers/provider-gcp/example/30-infrastructure.yaml @@ -57,4 +57,5 @@ spec: # name: my-cloudrouter worker: 10.242.0.0/19 # internal: 10.243.0.0/19 - + # cloudNAT: + # minPortsPerVM: 2048 diff --git a/controllers/provider-gcp/hack/api-reference/api.md b/controllers/provider-gcp/hack/api-reference/api.md index 4bd1b3f19..d03c5be86 100644 --- a/controllers/provider-gcp/hack/api-reference/api.md +++ b/controllers/provider-gcp/hack/api-reference/api.md @@ -196,6 +196,38 @@ map[string]bool +

CloudNAT +

+

+(Appears on: +NetworkConfig) +

+

+

CloudNAT contains information about the the CloudNAT configuration

+

+ + + + + + + + + + + + + +
FieldDescription
+minPortsPerVM
+ +int32 + +		 +(Optional) +

MinPortsPerVM is the minimum number of ports allocated to a VM in the NAT config. +The default value is 2048 ports.

+

CloudRouter

@@ -434,6 +466,20 @@ VPC +cloudNAT
+ + +CloudNAT + + + + +(Optional) +

CloudNAT contains configation about the the CloudNAT configuration

+ + + + internal
string diff --git a/controllers/provider-gcp/pkg/apis/gcp/types_infrastructure.go b/controllers/provider-gcp/pkg/apis/gcp/types_infrastructure.go index 8d0235f68..0217e3916 100644 --- a/controllers/provider-gcp/pkg/apis/gcp/types_infrastructure.go +++ b/controllers/provider-gcp/pkg/apis/gcp/types_infrastructure.go @@ -33,6 +33,8 @@ type InfrastructureConfig struct { type NetworkConfig struct { // VPC indicates whether to use an existing VPC or create a new one. VPC *VPC + // CloudNAT contains configation about the the CloudNAT resource + CloudNAT *CloudNAT // Internal is a private subnet (used for internal load balancers). Internal *string // Workers is the worker subnet range to create (used for the VMs). @@ -92,3 +94,10 @@ type CloudRouter struct { // Name is the CloudRouter name. Name string } + +// CloudNAT contains information about the the CloudNAT configuration +type CloudNAT struct { + // MinPortsPerVM is the minimum number of ports allocated to a VM in the NAT config. + // The default value is 2048 ports. + MinPortsPerVM *int32 +} diff --git a/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/types_infrastructure.go b/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/types_infrastructure.go index be5b04870..30812f40f 100644 --- a/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/types_infrastructure.go +++ b/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/types_infrastructure.go @@ -34,6 +34,9 @@ type NetworkConfig struct { // VPC indicates whether to use an existing VPC or create a new one. // +optional VPC *VPC `json:"vpc,omitempty"` + // CloudNAT contains configation about the the CloudNAT configuration + // +optional + CloudNAT *CloudNAT `json:"cloudNAT,omitempty"` // Internal is a private subnet (used for internal load balancers). // +optional Internal *string `json:"internal,omitempty"` @@ -95,3 +98,11 @@ type CloudRouter struct { // Name is the CloudRouter name. Name string `json:"name,omitempty"` } + +// CloudNAT contains information about the the CloudNAT configuration +type CloudNAT struct { + // MinPortsPerVM is the minimum number of ports allocated to a VM in the NAT config. + // The default value is 2048 ports. + // +optional + MinPortsPerVM *int32 `json:"minPortsPerVM,omitempty"` +} diff --git a/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.conversion.go b/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.conversion.go index f0fe16cc3..fe61c4563 100644 --- a/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.conversion.go +++ b/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.conversion.go @@ -45,6 +45,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*CloudNAT)(nil), (*gcp.CloudNAT)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_CloudNAT_To_gcp_CloudNAT(a.(*CloudNAT), b.(*gcp.CloudNAT), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*gcp.CloudNAT)(nil), (*CloudNAT)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_gcp_CloudNAT_To_v1alpha1_CloudNAT(a.(*gcp.CloudNAT), b.(*CloudNAT), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*CloudProfileConfig)(nil), (*gcp.CloudProfileConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_CloudProfileConfig_To_gcp_CloudProfileConfig(a.(*CloudProfileConfig), b.(*gcp.CloudProfileConfig), scope) }); err != nil { @@ -198,6 +208,26 @@ func Convert_gcp_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManager return autoConvert_gcp_CloudControllerManagerConfig_To_v1alpha1_CloudControllerManagerConfig(in, out, s) } +func autoConvert_v1alpha1_CloudNAT_To_gcp_CloudNAT(in *CloudNAT, out *gcp.CloudNAT, s conversion.Scope) error { + out.MinPortsPerVM = (*int32)(unsafe.Pointer(in.MinPortsPerVM)) + return nil +} + +// Convert_v1alpha1_CloudNAT_To_gcp_CloudNAT is an autogenerated conversion function. +func Convert_v1alpha1_CloudNAT_To_gcp_CloudNAT(in *CloudNAT, out *gcp.CloudNAT, s conversion.Scope) error { + return autoConvert_v1alpha1_CloudNAT_To_gcp_CloudNAT(in, out, s) +} + +func autoConvert_gcp_CloudNAT_To_v1alpha1_CloudNAT(in *gcp.CloudNAT, out *CloudNAT, s conversion.Scope) error { + out.MinPortsPerVM = (*int32)(unsafe.Pointer(in.MinPortsPerVM)) + return nil +} + +// Convert_gcp_CloudNAT_To_v1alpha1_CloudNAT is an autogenerated conversion function. +func Convert_gcp_CloudNAT_To_v1alpha1_CloudNAT(in *gcp.CloudNAT, out *CloudNAT, s conversion.Scope) error { + return autoConvert_gcp_CloudNAT_To_v1alpha1_CloudNAT(in, out, s) +} + func autoConvert_v1alpha1_CloudProfileConfig_To_gcp_CloudProfileConfig(in *CloudProfileConfig, out *gcp.CloudProfileConfig, s conversion.Scope) error { out.MachineImages = *(*[]gcp.MachineImages)(unsafe.Pointer(&in.MachineImages)) return nil @@ -380,6 +410,7 @@ func Convert_gcp_MachineImages_To_v1alpha1_MachineImages(in *gcp.MachineImages, func autoConvert_v1alpha1_NetworkConfig_To_gcp_NetworkConfig(in *NetworkConfig, out *gcp.NetworkConfig, s conversion.Scope) error { out.VPC = (*gcp.VPC)(unsafe.Pointer(in.VPC)) + out.CloudNAT = (*gcp.CloudNAT)(unsafe.Pointer(in.CloudNAT)) out.Internal = (*string)(unsafe.Pointer(in.Internal)) out.Worker = in.Worker return nil @@ -392,6 +423,7 @@ func Convert_v1alpha1_NetworkConfig_To_gcp_NetworkConfig(in *NetworkConfig, out func autoConvert_gcp_NetworkConfig_To_v1alpha1_NetworkConfig(in *gcp.NetworkConfig, out *NetworkConfig, s conversion.Scope) error { out.VPC = (*VPC)(unsafe.Pointer(in.VPC)) + out.CloudNAT = (*CloudNAT)(unsafe.Pointer(in.CloudNAT)) out.Internal = (*string)(unsafe.Pointer(in.Internal)) out.Worker = in.Worker return nil diff --git a/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.deepcopy.go b/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.deepcopy.go index 379be66e8..4d1a2f6b6 100644 --- a/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.deepcopy.go +++ b/controllers/provider-gcp/pkg/apis/gcp/v1alpha1/zz_generated.deepcopy.go @@ -47,6 +47,27 @@ func (in *CloudControllerManagerConfig) DeepCopy() *CloudControllerManagerConfig return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudNAT) DeepCopyInto(out *CloudNAT) { + *out = *in + if in.MinPortsPerVM != nil { + in, out := &in.MinPortsPerVM, &out.MinPortsPerVM + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudNAT. +func (in *CloudNAT) DeepCopy() *CloudNAT { + if in == nil { + return nil + } + out := new(CloudNAT) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudProfileConfig) DeepCopyInto(out *CloudProfileConfig) { *out = *in @@ -238,6 +259,11 @@ func (in *NetworkConfig) DeepCopyInto(out *NetworkConfig) { *out = new(VPC) (*in).DeepCopyInto(*out) } + if in.CloudNAT != nil { + in, out := &in.CloudNAT, &out.CloudNAT + *out = new(CloudNAT) + (*in).DeepCopyInto(*out) + } if in.Internal != nil { in, out := &in.Internal, &out.Internal *out = new(string) diff --git a/controllers/provider-gcp/pkg/apis/gcp/zz_generated.deepcopy.go b/controllers/provider-gcp/pkg/apis/gcp/zz_generated.deepcopy.go index ea13e9419..36ac525be 100644 --- a/controllers/provider-gcp/pkg/apis/gcp/zz_generated.deepcopy.go +++ b/controllers/provider-gcp/pkg/apis/gcp/zz_generated.deepcopy.go @@ -47,6 +47,27 @@ func (in *CloudControllerManagerConfig) DeepCopy() *CloudControllerManagerConfig return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudNAT) DeepCopyInto(out *CloudNAT) { + *out = *in + if in.MinPortsPerVM != nil { + in, out := &in.MinPortsPerVM, &out.MinPortsPerVM + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudNAT. +func (in *CloudNAT) DeepCopy() *CloudNAT { + if in == nil { + return nil + } + out := new(CloudNAT) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudProfileConfig) DeepCopyInto(out *CloudProfileConfig) { *out = *in @@ -238,6 +259,11 @@ func (in *NetworkConfig) DeepCopyInto(out *NetworkConfig) { *out = new(VPC) (*in).DeepCopyInto(*out) } + if in.CloudNAT != nil { + in, out := &in.CloudNAT, &out.CloudNAT + *out = new(CloudNAT) + (*in).DeepCopyInto(*out) + } if in.Internal != nil { in, out := &in.Internal, &out.Internal *out = new(string) diff --git a/controllers/provider-gcp/pkg/internal/infrastructure/terraform.go b/controllers/provider-gcp/pkg/internal/infrastructure/terraform.go index 6170e5b00..3d714bc0a 100644 --- a/controllers/provider-gcp/pkg/internal/infrastructure/terraform.go +++ b/controllers/provider-gcp/pkg/internal/infrastructure/terraform.go @@ -69,6 +69,7 @@ func ComputeTerraformerChartValues( createVPC = true createCloudRouter = true cloudRouterName string + minPortsPerVM = int32(2048) ) if config.Networks.VPC != nil { @@ -81,6 +82,12 @@ func ComputeTerraformerChartValues( } } + if config.Networks.CloudNAT != nil { + if config.Networks.CloudNAT.MinPortsPerVM != nil { + minPortsPerVM = *config.Networks.CloudNAT.MinPortsPerVM + } + } + vpc := map[string]interface{}{ "name": vpcName, } @@ -107,6 +114,9 @@ func ComputeTerraformerChartValues( "services": extensionscontroller.GetServiceNetwork(cluster), "worker": config.Networks.Worker, "internal": config.Networks.Internal, + "cloudNAT": map[string]interface{}{ + "minPortsPerVM": minPortsPerVM, + }, }, "outputKeys": map[string]interface{}{ "vpcName": TerraformerOutputKeyVPCName, diff --git a/controllers/provider-gcp/pkg/internal/infrastructure/terraform_test.go b/controllers/provider-gcp/pkg/internal/infrastructure/terraform_test.go index 96c0a86d1..13d9f3c08 100644 --- a/controllers/provider-gcp/pkg/internal/infrastructure/terraform_test.go +++ b/controllers/provider-gcp/pkg/internal/infrastructure/terraform_test.go @@ -42,6 +42,8 @@ var _ = Describe("Terraform", func() { serviceAccountData []byte serviceAccount *internal.ServiceAccount + minPortsPerVM = int32(2048) + podsCIDR = "11.0.0.0/16" servicesCIDR = "12.0.0.0/16" @@ -218,6 +220,9 @@ var _ = Describe("Terraform", func() { "services": servicesCIDR, "worker": config.Networks.Worker, "internal": config.Networks.Internal, + "cloudNAT": map[string]interface{}{ + "minPortsPerVM": minPortsPerVM, + }, }, "outputKeys": map[string]interface{}{ "vpcName": TerraformerOutputKeyVPCName, @@ -252,6 +257,9 @@ var _ = Describe("Terraform", func() { "services": servicesCIDR, "worker": config.Networks.Worker, "internal": config.Networks.Internal, + "cloudNAT": map[string]interface{}{ + "minPortsPerVM": minPortsPerVM, + }, }, "outputKeys": map[string]interface{}{ "vpcName": TerraformerOutputKeyVPCName,