✨ Support of managing subnets on AWS Wavelength Zones#4901
✨ Support of managing subnets on AWS Wavelength Zones#4901k8s-ci-robot merged 5 commits intokubernetes-sigs:mainfrom
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
needs-priority
needs-ok-to-test
|
Hi @mtulio. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/XL
mtulio
force-pushed
the
CORS-3214-wavelength-zones
branch
2 times, most recently
from
d545d8d to
edeba21
Compare
k8s-ci-robot
added
size/XXL
mtulio
force-pushed
the
CORS-3214-wavelength-zones
branch
3 times, most recently
from
939ef72 to
73f5db7
Compare
|
/test pull-cluster-api-provider-aws-test |
mtulio
force-pushed
the
CORS-3214-wavelength-zones
branch
from
73f5db7 to
2b0fe5b
Compare
|
/test pull-cluster-api-provider-aws-build |
|
/test pull-cluster-api-provider-aws-test |
mtulio
force-pushed
the
CORS-3214-wavelength-zones
branch
from
0d6c364 to
a9ecbb4
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
/test pull-cluster-api-provider-aws-test |
|
@mtulio looks like units are breaking re: subnets. |
mtulio
force-pushed
the
CORS-3214-wavelength-zones
branch
from
a9ecbb4 to
1b9c633
Compare
|
/tide refresh |
Hey @richardcase and @damdo , this PR is ready for review. Triggering the e2e's. cc @nrb /test pull-cluster-api-provider-aws-e2e |
There was a problem hiding this comment.
FYI reviewers: The Carrier Gateway (CAGW) re-conciliator is very similar InternetGateway resource, adapting to CAGW's requirements.
|
@richardcase , feedback addressed. 👍🏽 |
|
e2e finished successfully in the first run after rebase. Triggering again after adding cloudformation permissions. /test pull-cluster-api-provider-aws-e2e /assign @richardcase |
|
e2e job 1782910662712758272 failed, looks like timeout. /test pull-cluster-api-provider-aws-e2e |
It passed on a re-run |
🎉 Perfect! Thanks! @richardcase Let me know if you are ok with the current changes. My plan to fully address the #4874, aligned w/ we discussed in last community meeting, is to create individual e2e tests for Local Zones and Wavelength Zones (or mixed to save infra/runtime) in follow up PRs. cc @damdo @nrb |
Create a dedicated document, "topic", with instructions to deploy network infrastructure (subnets, gateways and route tables) in "edge zones" - Local Zone and Wavelength Zone infrastructure.
This change introduce support of required network components to deploy
subnets on AWS Wavelength Zones infrastructure.
The NetworkSpec API handles the CarrierGatewayId on NetworkSpec with
the unique identifier of Carrier Gateway resource attached to the VPC.
Subnets in AWS Wavelength Zone is a classified as a type of
edge subnets, not used to create regular control plane resources, like
nodes, NAT Gateways or API Load Balancers.
The ZoneType is used to group the zones from regular and the edge zones.
Regular zones are with type 'availability-zone', and the edge zones are
types 'local-zone' and 'wavelength-zone'.
The following statements are valid for edge subnets:
- private subnets supports egress traffic only using NAT Gateway in the
region.
- public subnets in Wavelength must be attached to a route table with
valid Carrier Gateway as a default route.
- public subnets in Wavelength zones does not support map public ip on
launch flag, instead, the runInstance must set the network interface
flag to assign public ip from carrier gateway
- IPv6 subnets is not supported in edge zones
- subnet tags for load balancer are not set in edge subnets. Edge
subnets should not be elected by CCM to create service load balancers.
Use ALB ingress instead
✨ edge subnets/cagw: carrier gateway for public subnets in Wavelength Introduce Carrier Gateway resource reconciliator in the network service. Carrier Gateway is the gateway responsible to route ingress and egress traffic **in/out the Wavelength Zone**, located in the Carrier Infrastructure - communications service providers’ (CSP) 5G networks. Carrier Gateway is similar Internet Gatewat resource, responsible for the network border groups in the Region and Local Zones for public subnets. ✨ edge subnets/routes: supporting custom routes for Wavelength For private and public subnets in edge zones, the following changes is introduced according to each rule: General: - IPv6 subnets is not be supported in AWS Local Zones and Wavelength zone, consequently no ip6 routes will be created - nat gateways is not supported, default gateway's route for private subnets will use nat gateways from the zones in the Region (availability-zone's zone type) - one route table by zone's role by zone (standard flow) Private tables for Local Zones and Wavelength: - default route's gateways is assigned using nat gateway created in the region (availability-zones). Public tables for Wavelength zones: - default route's gateways is assigned using Carrier Gateway, resource introduced in the edge zone's feature. The changes in the standard flow (without edge subnets' support) was isolated in the PR kubernetes-sigs#4900
Add IAM policy on cloudformation templates for clusterawsadm to manipulate gateways in Wavelength zone: carrier gateway.
Hi @richardcase - let me share the e2e tests we are running on OpenShift using this version and a few details about how the e2e for edge zones is built to hear from you if it makes sense to use a similar approach on CAPA. e2e results on OpenShift using this PR/CAPA version: e2e details - the "edge subnets" CI workflow is built on openshift using the flow similar to this:
Note 0: the edge zone is randomly selected to increase coverage and dynamically test new zones while AWS is adding it. |
|
Thanks for the details on how OpenShift is testing this! It's good to know there's downstream testing of this feature, though of course we'd like to see similar tests added to this repo as well. /lgtm |
|
@mtulio - just to let you know that i updated the "release note" section to mark it as action required. |
|
/test pull-cluster-api-provider-aws-e2e-eks |
|
From my side: /approve When the e2e passes then we can unhold to merge. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: richardcase The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
6 participants
What type of PR is this?
/kind feature
/kind api-change
What this PR does / why we need it:
This PR implements support of managed subnets and carrier gateway for AWS Wavelength zones. Feature request #4874 .
There API is changed to introduce the following fields:
VPCSpec.CarrierGatewayID: representation of Carrier Gateway resource ("internet gateway" for AWS Wavelength Zones)SubnetSpec.ZoneType: representation of subnet's zone typeSubnetSpec.ParentZoneName: representation of subnet's parent zone name (an availability zone in the Region which the edge zone is tied)The subnets in AWS Local Zones and Wavelength Zones are not eligible to create core components for the cluster, like NAT Gateway, Control Plane nodes, and Network Load Balancers, keeping compatibility with existing flow when edge subnets are added.
To create subnets in edge zones, the subnet must be added for each zone you want to create the subnet in
NetworkSpec.Subnets. For example to create subnets in Wavelength Zoneus-east-1-wl1-nyc-wlz-1, set:This PR is a super set and includes it's dependencies, isolated on each PRs (and it is blocked by those):
Which issue(s) this PR fixes *
Ref #4874
Special notes for your reviewer:
Checklist:
Release note: