Add support for setting ClusterIP CIDR range

go.mod

@@ -49,7 +49,7 @@ require (
 	github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect
 	github.com/weaveworks/go-git-providers v0.1.2
 	// Fork from errordeveloper/goformation, rebased on awslabs/goformation/v4
-	github.com/weaveworks/goformation/v4 v4.0.0-20200713150029-ff3cf0bbf42c
+	github.com/weaveworks/goformation/v4 v4.0.0-20200817072722-e6fddad8209a
 	github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15
 	github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0
 	golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770

go.sum

@@ -948,8 +948,8 @@ github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 h1:txplJASvd6b
 github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2/go.mod h1:DGCIhurYgnLz8J9ga1fMV/fbLDyUvTyrWXVWUIyJon4=
 github.com/weaveworks/go-git-providers v0.1.2 h1:NaQMvKNB3LLlpfQCNt5v+AeiFMPy9Gs1VAOe9wAjmrw=
 github.com/weaveworks/go-git-providers v0.1.2/go.mod h1:M6Czz1nBpSmewHqSZQ2zy/9eGuYbDwq8bGCLSUbWDVs=
-github.com/weaveworks/goformation/v4 v4.0.0-20200713150029-ff3cf0bbf42c h1:QqVYCZ74N11g05e4zCi9JGQTE++XVKM+10VUgf23Ag8=
-github.com/weaveworks/goformation/v4 v4.0.0-20200713150029-ff3cf0bbf42c/go.mod h1:v5eVVfemt/w9XiVfD/Zmwic31dGfwIsVEHp5XhJ0qFU=
+github.com/weaveworks/goformation/v4 v4.0.0-20200817072722-e6fddad8209a h1:w5CAHkt8JUsc5/qc2S+XPBfQTW2T2jFni71kNKlMRaw=
+github.com/weaveworks/goformation/v4 v4.0.0-20200817072722-e6fddad8209a/go.mod h1:v5eVVfemt/w9XiVfD/Zmwic31dGfwIsVEHp5XhJ0qFU=
 github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15 h1:i/RhLevywqC6cuUWtGdoaNrsJd+/zWh3PXbkXZIyZsU=
 github.com/weaveworks/launcher v0.0.2-0.20200715141516-1ca323f1de15/go.mod h1:w9Z1vnQmPobkEZ0F3oyiqRYP+62qDqTGnK6t5uhe1kg=
 github.com/weaveworks/mesh v0.0.0-20170419100114-1f158d31de55/go.mod h1:mcON9Ws1aW0crSErpXWp7U1ErCDEKliDX2OhVlbWRKk=

pkg/apis/eksctl.io/v1alpha5/assets/schema.json

@@ -83,6 +83,9 @@
             "ClusterConfig"
           ]
         },
+        "kubernetesNetworkConfig": {
+          "$ref": "#/definitions/KubernetesNetworkConfig"
+        },
         "managedNodeGroups": {
           "items": {
             "$ref": "#/definitions/ManagedNodeGroup"
@@ -121,6 +124,7 @@
         "kind",
         "apiVersion",
         "metadata",
+        "kubernetesNetworkConfig",
         "iam",
         "vpc",
         "privateCluster",
@@ -581,6 +585,21 @@
       "x-intellij-html-description": "holds any arbitrary JSON/YAML documents, such as extra config parameters or IAM policies",
       "default": "{}"
     },
+    "KubernetesNetworkConfig": {
+      "properties": {
+        "serviceIPv4CIDR": {
+          "type": "string",
+          "description": "CIDR range from where `ClusterIP`s are assigned",
+          "x-intellij-html-description": "CIDR range from where <code>ClusterIP</code>s are assigned"
+        }
+      },
+      "preferredOrder": [
+        "serviceIPv4CIDR"
+      ],
+      "additionalProperties": false,
+      "description": "contains cluster networking options",
+      "x-intellij-html-description": "contains cluster networking options"
+    },
     "ManagedNodeGroup": {
       "required": [
         "name"

pkg/apis/eksctl.io/v1alpha5/types.go

@@ -427,6 +427,12 @@ type ClusterMeta struct {
 	Tags map[string]string `json:"tags,omitempty"`
 }
 
+// KubernetesNetworkConfig contains cluster networking options
+type KubernetesNetworkConfig struct {
+	// ServiceIPv4CIDR is the CIDR range from where `ClusterIP`s are assigned
+	ServiceIPv4CIDR string `json:"serviceIPv4CIDR,omitempty"`
+}
+
 // ClusterStatus hold read-only attributes of a cluster
 type ClusterStatus struct {
 	Endpoint                 string `json:"endpoint,omitempty"`
@@ -502,6 +508,9 @@ type ClusterConfig struct {
 	// +required
 	Metadata *ClusterMeta `json:"metadata"`
 
+	// +optional
+	KubernetesNetworkConfig *KubernetesNetworkConfig `json:"kubernetesNetworkConfig,omitempty"`
+
 	// +optional
 	IAM *ClusterIAM `json:"iam,omitempty"`
 

pkg/apis/eksctl.io/v1alpha5/validation.go

@@ -148,6 +148,17 @@ func (c *ClusterConfig) ValidatePrivateCluster() error {
 	return nil
 }
 
+// ValidateKubernetesNetworkConfig validates the network config
+func (c *ClusterConfig) ValidateKubernetesNetworkConfig() error {
+	if c.KubernetesNetworkConfig != nil {
+		serviceIP := c.KubernetesNetworkConfig.ServiceIPv4CIDR
+		if _, _, err := net.ParseCIDR(serviceIP); serviceIP != "" && err != nil {
+			return errors.Wrap(err, "invalid IPv4 CIDR for kubernetesNetworkConfig.serviceIPv4CIDR")
+		}
+	}
+	return nil
+}
+
 // NoAccess returns true if neither public are private cluster endpoint access is enabled and false otherwise
 func NoAccess(ces *ClusterEndpoints) bool {
 	return !(*ces.PublicAccess || *ces.PrivateAccess)

pkg/cfn/builder/cluster.go

@@ -148,13 +148,20 @@ func (c *ClusterResourceSet) addResourcesForControlPlane(subnetDetails *subnetDe
 		}
 	}
 
-	c.newResource("ControlPlane", &gfneks.Cluster{
+	cluster := gfneks.Cluster{
 		Name:               gfnt.NewString(c.spec.Metadata.Name),
 		RoleArn:            serviceRoleARN,
 		Version:            gfnt.NewString(c.spec.Metadata.Version),
 		ResourcesVpcConfig: clusterVPC,
 		EncryptionConfig:   encryptionConfigs,
-	})
+	}
+	if c.spec.KubernetesNetworkConfig != nil && c.spec.KubernetesNetworkConfig.ServiceIPv4CIDR != "" {
+		cluster.KubernetesNetworkConfig = &gfneks.Cluster_KubernetesNetworkConfig{
+			ServiceIpv4Cidr: gfnt.NewString(c.spec.KubernetesNetworkConfig.ServiceIPv4CIDR),
+		}
+	}
+
+	c.newResource("ControlPlane", &cluster)
 
 	if c.spec.Status == nil {
 		c.spec.Status = &api.ClusterStatus{}

pkg/ctl/create/cluster.go

@@ -123,6 +123,10 @@ func doCreateCluster(cmd *cmdutils.Cmd, ng *api.NodeGroup, params *cmdutils.Crea
 		return err
 	}
 
+	if err := cfg.ValidateKubernetesNetworkConfig(); err != nil {
+		return err
+	}
+
 	if err := cfg.ValidateClusterEndpointConfig(); err != nil {
 		return err
 	}