Enable users to specify CIDR for cluster VPC (#1388)

vishalbollu · web-flow · commit 8032cb71bf91 · 2020-09-28T11:47:41.000-04:00
diff --git a/cli/cmd/lib_cluster_config.go b/cli/cmd/lib_cluster_config.go
@@ -360,6 +360,11 @@ func setConfigFieldsFromCached(userClusterConfig *clusterconfig.Config, cachedCl
 
 	userClusterConfig.SpotConfig = cachedClusterConfig.SpotConfig
 
+	if s.Obj(cachedClusterConfig.VPCCIDR) != s.Obj(userClusterConfig.VPCCIDR) {
+		return clusterconfig.ErrorConfigCannotBeChangedOnUpdate(clusterconfig.VPCCIDRKey, cachedClusterConfig.VPCCIDR)
+	}
+	userClusterConfig.VPCCIDR = cachedClusterConfig.VPCCIDR
+
 	return nil
 }
 
@@ -513,9 +518,9 @@ func clusterConfigConfirmationStr(clusterConfig clusterconfig.Config, awsCreds A
 	items.Add(clusterconfig.InstanceTypeUserKey, *clusterConfig.InstanceType)
 	items.Add(clusterconfig.MinInstancesUserKey, *clusterConfig.MinInstances)
 	items.Add(clusterconfig.MaxInstancesUserKey, *clusterConfig.MaxInstances)
-	items.Add(clusterconfig.TagsKey, s.ObjFlatNoQuotes(clusterConfig.Tags))
+	items.Add(clusterconfig.TagsUserKey, s.ObjFlatNoQuotes(clusterConfig.Tags))
 	if clusterConfig.SSLCertificateARN != nil {
-		items.Add(clusterconfig.SSLCertificateARNKey, *clusterConfig.SSLCertificateARN)
+		items.Add(clusterconfig.SSLCertificateARNUserKey, *clusterConfig.SSLCertificateARN)
 	}
 
 	if clusterConfig.InstanceVolumeSize != defaultConfig.InstanceVolumeSize {
@@ -577,6 +582,10 @@ func clusterConfigConfirmationStr(clusterConfig clusterconfig.Config, awsCreds A
 		}
 	}
 
+	if clusterConfig.VPCCIDR != nil {
+		items.Add(clusterconfig.VPCCIDRUserKey, clusterConfig.VPCCIDR)
+	}
+
 	if clusterConfig.Telemetry != defaultConfig.Telemetry {
 		items.Add(clusterconfig.TelemetryUserKey, clusterConfig.Telemetry)
 	}
diff --git a/docs/cluster-management/config.md b/docs/cluster-management/config.md
@@ -75,6 +75,9 @@ spot: false
 
 # see https://docs.cortex.dev/v/master/guides/custom-domain for instructions on how to set up a custom domain
 ssl_certificate_arn:
+
+# primary CIDR block for the cluster's VPC (default: 192.168.0.0/16)
+# vpc_cidr: 192.168.0.0/16
 ```
 
 The default docker images used for your Predictors are listed in the instructions for [system packages](../deployments/system-packages.md), and can be overridden in your [Realtime API configuration](../deployments/realtime-api/api-configuration.md) and in your [Batch API configuration](../deployments/batch-api/api-configuration.md).
diff --git a/manager/generate_eks.py b/manager/generate_eks.py
@@ -202,6 +202,9 @@ def generate_eks(cluster_config_path):
         "nodeGroups": [operator_nodegroup, worker_nodegroup],
     }
 
+    if cluster_config.get("vpc_cidr", "") != "":
+        eks["vpc"]["cidr"] = cluster_config["vpc_cidr"]
+
     if cluster_config.get("spot_config") is not None and cluster_config["spot_config"].get(
         "on_demand_backup", False
     ):
diff --git a/pkg/types/clusterconfig/clusterconfig.go b/pkg/types/clusterconfig/clusterconfig.go
@@ -19,6 +19,7 @@ package clusterconfig
 import (
 	"fmt"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"regexp"
 	"strings"
@@ -73,6 +74,7 @@ type Config struct {
 	APILoadBalancerScheme      LoadBalancerScheme `json:"api_load_balancer_scheme" yaml:"api_load_balancer_scheme"`
 	OperatorLoadBalancerScheme LoadBalancerScheme `json:"operator_load_balancer_scheme" yaml:"operator_load_balancer_scheme"`
 	APIGatewaySetting          APIGatewaySetting  `json:"api_gateway" yaml:"api_gateway"`
+	VPCCIDR                    *string            `json:"vpc_cidr,omitempty" yaml:"vpc_cidr,omitempty"`
 	Telemetry                  bool               `json:"telemetry" yaml:"telemetry"`
 	ImageOperator              string             `json:"image_operator" yaml:"image_operator"`
 	ImageManager               string             `json:"image_manager" yaml:"image_manager"`
@@ -351,6 +353,12 @@ var UserValidation = &cr.StructValidation{
 				return APIGatewaySettingFromString(str), nil
 			},
 		},
+		{
+			StructField: "VPCCIDR",
+			StringPtrValidation: &cr.StringPtrValidation{
+				Validator: validateVPCCIDR,
+			},
+		},
 		{
 			StructField: "ImageOperator",
 			StringValidation: &cr.StringValidation{
@@ -1018,6 +1026,15 @@ func validateBucketName(bucket string) (string, error) {
 	return bucket, nil
 }
 
+func validateVPCCIDR(cidr string) (string, error) {
+	_, _, err := net.ParseCIDR(cidr)
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	return cidr, nil
+}
+
 func validateInstanceType(instanceType string) (string, error) {
 	var foundInstance *aws.InstanceMetadata
 	for _, instanceMap := range aws.InstanceMetadatas {
@@ -1127,6 +1144,9 @@ func (cc *Config) UserTable() table.KeyValuePairs {
 	items.Add(APILoadBalancerSchemeUserKey, cc.APILoadBalancerScheme)
 	items.Add(OperatorLoadBalancerSchemeUserKey, cc.OperatorLoadBalancerScheme)
 	items.Add(APIGatewaySettingUserKey, cc.APIGatewaySetting)
+	if cc.VPCCIDR != nil {
+		items.Add(VPCCIDRKey, *cc.VPCCIDR)
+	}
 	items.Add(TelemetryUserKey, cc.Telemetry)
 	items.Add(ImageOperatorUserKey, cc.ImageOperator)
 	items.Add(ImageManagerUserKey, cc.ImageManager)
diff --git a/pkg/types/clusterconfig/config_key.go b/pkg/types/clusterconfig/config_key.go
@@ -43,6 +43,7 @@ const (
 	APILoadBalancerSchemeKey               = "api_load_balancer_scheme"
 	OperatorLoadBalancerSchemeKey          = "operator_load_balancer_scheme"
 	APIGatewaySettingKey                   = "api_gateway"
+	VPCCIDRKey                             = "vpc_cidr"
 	TelemetryKey                           = "telemetry"
 	ImageOperatorKey                       = "image_operator"
 	ImageManagerKey                        = "image_manager"
@@ -87,6 +88,7 @@ const (
 	APILoadBalancerSchemeUserKey               = "api load balancer scheme"
 	OperatorLoadBalancerSchemeUserKey          = "operator load balancer scheme"
 	APIGatewaySettingUserKey                   = "api gateway"
+	VPCCIDRUserKey                             = "vpc cidr"
 	TelemetryUserKey                           = "telemetry"
 	ImageOperatorUserKey                       = "operator image"
 	ImageManagerUserKey                        = "manager image"

Original file line number	Diff line number	Diff line change
`@@ -360,6 +360,11 @@ func setConfigFieldsFromCached(userClusterConfig *clusterconfig.Config, cachedCl`
`360`	`360`
`361`	`361`	`userClusterConfig.SpotConfig = cachedClusterConfig.SpotConfig`
`362`	`362`
	`363`	`+ if s.Obj(cachedClusterConfig.VPCCIDR) != s.Obj(userClusterConfig.VPCCIDR) {`
	`364`	`+ return clusterconfig.ErrorConfigCannotBeChangedOnUpdate(clusterconfig.VPCCIDRKey, cachedClusterConfig.VPCCIDR)`
	`365`	`+ }`
	`366`	`+ userClusterConfig.VPCCIDR = cachedClusterConfig.VPCCIDR`
	`367`	`+`
`363`	`368`	`return nil`
`364`	`369`	`}`
`365`	`370`
`@@ -513,9 +518,9 @@ func clusterConfigConfirmationStr(clusterConfig clusterconfig.Config, awsCreds A`
`513`	`518`	`items.Add(clusterconfig.InstanceTypeUserKey, *clusterConfig.InstanceType)`
`514`	`519`	`items.Add(clusterconfig.MinInstancesUserKey, *clusterConfig.MinInstances)`
`515`	`520`	`items.Add(clusterconfig.MaxInstancesUserKey, *clusterConfig.MaxInstances)`
`516`		`- items.Add(clusterconfig.TagsKey, s.ObjFlatNoQuotes(clusterConfig.Tags))`
	`521`	`+ items.Add(clusterconfig.TagsUserKey, s.ObjFlatNoQuotes(clusterConfig.Tags))`
`517`	`522`	`if clusterConfig.SSLCertificateARN != nil {`
`518`		`- items.Add(clusterconfig.SSLCertificateARNKey, *clusterConfig.SSLCertificateARN)`
	`523`	`+ items.Add(clusterconfig.SSLCertificateARNUserKey, *clusterConfig.SSLCertificateARN)`
`519`	`524`	`}`
`520`	`525`
`521`	`526`	`if clusterConfig.InstanceVolumeSize != defaultConfig.InstanceVolumeSize {`
`@@ -577,6 +582,10 @@ func clusterConfigConfirmationStr(clusterConfig clusterconfig.Config, awsCreds A`
`577`	`582`	`}`
`578`	`583`	`}`
`579`	`584`
	`585`	`+ if clusterConfig.VPCCIDR != nil {`
	`586`	`+ items.Add(clusterconfig.VPCCIDRUserKey, clusterConfig.VPCCIDR)`
	`587`	`+ }`
	`588`	`+`
`580`	`589`	`if clusterConfig.Telemetry != defaultConfig.Telemetry {`
`581`	`590`	`items.Add(clusterconfig.TelemetryUserKey, clusterConfig.Telemetry)`
`582`	`591`	`}`
Original file line number	Diff line number	Diff line change
`@@ -202,6 +202,9 @@ def generate_eks(cluster_config_path):`
`202`	`202`	`"nodeGroups": [operator_nodegroup, worker_nodegroup],`
`203`	`203`	`}`
`204`	`204`
	`205`	`+ if cluster_config.get("vpc_cidr", "") != "":`
	`206`	`+ eks["vpc"]["cidr"] = cluster_config["vpc_cidr"]`
	`207`	`+`
`205`	`208`	`if cluster_config.get("spot_config") is not None and cluster_config["spot_config"].get(`
`206`	`209`	`"on_demand_backup", False`
`207`	`210`	`):`