Add support for setting Service CIDR range (#2546)

go.mod

@@ -50,7 +50,7 @@ require (
 	github.com/vektra/mockery v0.0.0-20181123154057-e78b021dcbb5
 	github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect
 	// Fork from errordeveloper/goformation, rebased on awslabs/goformation/v4
-	github.com/weaveworks/goformation/v4 v4.10.2-0.20200921152539-d988cd847e74
+	github.com/weaveworks/goformation/v4 v4.10.2-0.20200921152539-943d7e97b454
 	github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15
 	github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0
 	golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770

go.sum

@@ -960,8 +960,8 @@ github.com/vmware/govmomi v0.20.1 h1:7b/SeTUB3tER8ZLGLLLH3xcnB2xeuLULXmfPFqPSRZA
 github.com/vmware/govmomi v0.20.1/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 h1:txplJASvd6b/hrE0s/Ixfpp2cuwH9IO9oZBAN9iYa4A=
 github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2/go.mod h1:DGCIhurYgnLz8J9ga1fMV/fbLDyUvTyrWXVWUIyJon4=
-github.com/weaveworks/goformation/v4 v4.10.2-0.20200921152539-d988cd847e74 h1:sG07hBbJf/fJ3JPjMJrIpTXX6ig/8TPjufejsWkrYcY=
-github.com/weaveworks/goformation/v4 v4.10.2-0.20200921152539-d988cd847e74/go.mod h1:v5eVVfemt/w9XiVfD/Zmwic31dGfwIsVEHp5XhJ0qFU=
+github.com/weaveworks/goformation/v4 v4.10.2-0.20200921152539-943d7e97b454 h1:j2jd8rDnsbw9XBP+fF2yb+9we1ZSOaNeJC8RKyw2LJQ=
+github.com/weaveworks/goformation/v4 v4.10.2-0.20200921152539-943d7e97b454/go.mod h1:v5eVVfemt/w9XiVfD/Zmwic31dGfwIsVEHp5XhJ0qFU=
 github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15 h1:i/RhLevywqC6cuUWtGdoaNrsJd+/zWh3PXbkXZIyZsU=
 github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15/go.mod h1:w9Z1vnQmPobkEZ0F3oyiqRYP+62qDqTGnK6t5uhe1kg=
 github.com/weaveworks/mesh v0.0.0-20170419100114-1f158d31de55/go.mod h1:mcON9Ws1aW0crSErpXWp7U1ErCDEKliDX2OhVlbWRKk=

pkg/apis/eksctl.io/v1alpha5/assets/schema.json

@@ -83,6 +83,9 @@
             "ClusterConfig"
           ]
         },
+        "kubernetesNetworkConfig": {
+          "$ref": "#/definitions/KubernetesNetworkConfig"
+        },
         "managedNodeGroups": {
           "items": {
             "$ref": "#/definitions/ManagedNodeGroup"
@@ -121,6 +124,7 @@
         "kind",
         "apiVersion",
         "metadata",
+        "kubernetesNetworkConfig",
         "iam",
         "vpc",
         "privateCluster",
@@ -604,6 +608,21 @@
       "x-intellij-html-description": "holds any arbitrary JSON/YAML documents, such as extra config parameters or IAM policies",
       "default": "{}"
     },
+    "KubernetesNetworkConfig": {
+      "properties": {
+        "serviceIPv4CIDR": {
+          "type": "string",
+          "description": "CIDR range from where `ClusterIP`s are assigned",
+          "x-intellij-html-description": "CIDR range from where <code>ClusterIP</code>s are assigned"
+        }
+      },
+      "preferredOrder": [
+        "serviceIPv4CIDR"
+      ],
+      "additionalProperties": false,
+      "description": "contains cluster networking options",
+      "x-intellij-html-description": "contains cluster networking options"
+    },
     "LaunchTemplate": {
       "required": [
         "id"

pkg/apis/eksctl.io/v1alpha5/types.go

@@ -459,6 +459,12 @@ type ClusterMeta struct {
 	Annotations map[string]string `json:"annotations,omitempty"`
 }
 
+// KubernetesNetworkConfig contains cluster networking options
+type KubernetesNetworkConfig struct {
+	// ServiceIPv4CIDR is the CIDR range from where `ClusterIP`s are assigned
+	ServiceIPv4CIDR string `json:"serviceIPv4CIDR,omitempty"`
+}
+
 // ClusterStatus hold read-only attributes of a cluster
 type ClusterStatus struct {
 	Endpoint                 string `json:"endpoint,omitempty"`
@@ -534,6 +540,9 @@ type ClusterConfig struct {
 	// +required
 	Metadata *ClusterMeta `json:"metadata"`
 
+	// +optional
+	KubernetesNetworkConfig *KubernetesNetworkConfig `json:"kubernetesNetworkConfig,omitempty"`
+
 	// +optional
 	IAM *ClusterIAM `json:"iam,omitempty"`
 

pkg/apis/eksctl.io/v1alpha5/validation.go

@@ -149,6 +149,17 @@ func (c *ClusterConfig) ValidatePrivateCluster() error {
 	return nil
 }
 
+// ValidateKubernetesNetworkConfig validates the network config
+func (c *ClusterConfig) ValidateKubernetesNetworkConfig() error {
+	if c.KubernetesNetworkConfig != nil {
+		serviceIP := c.KubernetesNetworkConfig.ServiceIPv4CIDR
+		if _, _, err := net.ParseCIDR(serviceIP); serviceIP != "" && err != nil {
+			return errors.Wrap(err, "invalid IPv4 CIDR for kubernetesNetworkConfig.serviceIPv4CIDR")
+		}
+	}
+	return nil
+}
+
 // NoAccess returns true if neither public are private cluster endpoint access is enabled and false otherwise
 func NoAccess(ces *ClusterEndpoints) bool {
 	return !(*ces.PublicAccess || *ces.PrivateAccess)

pkg/cfn/builder/cluster.go

@@ -148,13 +148,20 @@ func (c *ClusterResourceSet) addResourcesForControlPlane(subnetDetails *subnetDe
 		}
 	}
 
-	c.newResource("ControlPlane", &gfneks.Cluster{
+	cluster := gfneks.Cluster{
 		Name:               gfnt.NewString(c.spec.Metadata.Name),
 		RoleArn:            serviceRoleARN,
 		Version:            gfnt.NewString(c.spec.Metadata.Version),
 		ResourcesVpcConfig: clusterVPC,
 		EncryptionConfig:   encryptionConfigs,
-	})
+	}
+	if c.spec.KubernetesNetworkConfig != nil && c.spec.KubernetesNetworkConfig.ServiceIPv4CIDR != "" {
+		cluster.KubernetesNetworkConfig = &gfneks.Cluster_KubernetesNetworkConfig{
+			ServiceIpv4Cidr: gfnt.NewString(c.spec.KubernetesNetworkConfig.ServiceIPv4CIDR),
+		}
+	}
+
+	c.newResource("ControlPlane", &cluster)
 
 	if c.spec.Status == nil {
 		c.spec.Status = &api.ClusterStatus{}

pkg/ctl/create/cluster.go

@@ -123,6 +123,10 @@ func doCreateCluster(cmd *cmdutils.Cmd, ngFilter *filter.NodeGroupFilter, params
 		return err
 	}
 
+	if err := cfg.ValidateKubernetesNetworkConfig(); err != nil {
+		return err
+	}
+
 	if err := cfg.ValidateClusterEndpointConfig(); err != nil {
 		return err
 	}