Enable users to specify CIDR for cluster VPC (#1388)

Author: vishalbollu

cli/cmd/lib_cluster_config.go

@@ -360,6 +360,11 @@ func setConfigFieldsFromCached(userClusterConfig *clusterconfig.Config, cachedCl
 
 	userClusterConfig.SpotConfig = cachedClusterConfig.SpotConfig
 
+	if s.Obj(cachedClusterConfig.VPCCIDR) != s.Obj(userClusterConfig.VPCCIDR) {
+		return clusterconfig.ErrorConfigCannotBeChangedOnUpdate(clusterconfig.VPCCIDRKey, cachedClusterConfig.VPCCIDR)
+	}
+	userClusterConfig.VPCCIDR = cachedClusterConfig.VPCCIDR
+
 	return nil
 }
 
@@ -513,9 +518,9 @@ func clusterConfigConfirmationStr(clusterConfig clusterconfig.Config, awsCreds A
 	items.Add(clusterconfig.InstanceTypeUserKey, *clusterConfig.InstanceType)
 	items.Add(clusterconfig.MinInstancesUserKey, *clusterConfig.MinInstances)
 	items.Add(clusterconfig.MaxInstancesUserKey, *clusterConfig.MaxInstances)
-	items.Add(clusterconfig.TagsKey, s.ObjFlatNoQuotes(clusterConfig.Tags))
+	items.Add(clusterconfig.TagsUserKey, s.ObjFlatNoQuotes(clusterConfig.Tags))
 	if clusterConfig.SSLCertificateARN != nil {
-		items.Add(clusterconfig.SSLCertificateARNKey, *clusterConfig.SSLCertificateARN)
+		items.Add(clusterconfig.SSLCertificateARNUserKey, *clusterConfig.SSLCertificateARN)
 	}
 
 	if clusterConfig.InstanceVolumeSize != defaultConfig.InstanceVolumeSize {
@@ -577,6 +582,10 @@ func clusterConfigConfirmationStr(clusterConfig clusterconfig.Config, awsCreds A
 		}
 	}
 
+	if clusterConfig.VPCCIDR != nil {
+		items.Add(clusterconfig.VPCCIDRUserKey, clusterConfig.VPCCIDR)
+	}
+
 	if clusterConfig.Telemetry != defaultConfig.Telemetry {
 		items.Add(clusterconfig.TelemetryUserKey, clusterConfig.Telemetry)
 	}

docs/cluster-management/config.md

@@ -75,6 +75,9 @@ spot: false
 
 # see https://docs.cortex.dev/v/master/guides/custom-domain for instructions on how to set up a custom domain
 ssl_certificate_arn:
+
+# primary CIDR block for the cluster's VPC (default: 192.168.0.0/16)
+# vpc_cidr: 192.168.0.0/16
 ```
 
 The default docker images used for your Predictors are listed in the instructions for [system packages](../deployments/system-packages.md), and can be overridden in your [Realtime API configuration](../deployments/realtime-api/api-configuration.md) and in your [Batch API configuration](../deployments/batch-api/api-configuration.md).

manager/generate_eks.py

@@ -202,6 +202,9 @@ def generate_eks(cluster_config_path):
         "nodeGroups": [operator_nodegroup, worker_nodegroup],
     }
 
+    if cluster_config.get("vpc_cidr", "") != "":
+        eks["vpc"]["cidr"] = cluster_config["vpc_cidr"]
+
     if cluster_config.get("spot_config") is not None and cluster_config["spot_config"].get(
         "on_demand_backup", False
     ):

pkg/types/clusterconfig/clusterconfig.go

@@ -19,6 +19,7 @@ package clusterconfig
 import (
 	"fmt"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"regexp"
 	"strings"
@@ -73,6 +74,7 @@ type Config struct {
 	APILoadBalancerScheme      LoadBalancerScheme `json:"api_load_balancer_scheme" yaml:"api_load_balancer_scheme"`
 	OperatorLoadBalancerScheme LoadBalancerScheme `json:"operator_load_balancer_scheme" yaml:"operator_load_balancer_scheme"`
 	APIGatewaySetting          APIGatewaySetting  `json:"api_gateway" yaml:"api_gateway"`
+	VPCCIDR                    *string            `json:"vpc_cidr,omitempty" yaml:"vpc_cidr,omitempty"`
 	Telemetry                  bool               `json:"telemetry" yaml:"telemetry"`
 	ImageOperator              string             `json:"image_operator" yaml:"image_operator"`
 	ImageManager               string             `json:"image_manager" yaml:"image_manager"`
@@ -351,6 +353,12 @@ var UserValidation = &cr.StructValidation{
 				return APIGatewaySettingFromString(str), nil
 			},
 		},
+		{
+			StructField: "VPCCIDR",
+			StringPtrValidation: &cr.StringPtrValidation{
+				Validator: validateVPCCIDR,
+			},
+		},
 		{
 			StructField: "ImageOperator",
 			StringValidation: &cr.StringValidation{
@@ -1018,6 +1026,15 @@ func validateBucketName(bucket string) (string, error) {
 	return bucket, nil
 }
 
+func validateVPCCIDR(cidr string) (string, error) {
+	_, _, err := net.ParseCIDR(cidr)
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	return cidr, nil
+}
+
 func validateInstanceType(instanceType string) (string, error) {
 	var foundInstance *aws.InstanceMetadata
 	for _, instanceMap := range aws.InstanceMetadatas {
@@ -1127,6 +1144,9 @@ func (cc *Config) UserTable() table.KeyValuePairs {
 	items.Add(APILoadBalancerSchemeUserKey, cc.APILoadBalancerScheme)
 	items.Add(OperatorLoadBalancerSchemeUserKey, cc.OperatorLoadBalancerScheme)
 	items.Add(APIGatewaySettingUserKey, cc.APIGatewaySetting)
+	if cc.VPCCIDR != nil {
+		items.Add(VPCCIDRKey, *cc.VPCCIDR)
+	}
 	items.Add(TelemetryUserKey, cc.Telemetry)
 	items.Add(ImageOperatorUserKey, cc.ImageOperator)
 	items.Add(ImageManagerUserKey, cc.ImageManager)

pkg/types/clusterconfig/config_key.go

@@ -43,6 +43,7 @@ const (
 	APILoadBalancerSchemeKey               = "api_load_balancer_scheme"
 	OperatorLoadBalancerSchemeKey          = "operator_load_balancer_scheme"
 	APIGatewaySettingKey                   = "api_gateway"
+	VPCCIDRKey                             = "vpc_cidr"
 	TelemetryKey                           = "telemetry"
 	ImageOperatorKey                       = "image_operator"
 	ImageManagerKey                        = "image_manager"
@@ -87,6 +88,7 @@ const (
 	APILoadBalancerSchemeUserKey               = "api load balancer scheme"
 	OperatorLoadBalancerSchemeUserKey          = "operator load balancer scheme"
 	APIGatewaySettingUserKey                   = "api gateway"
+	VPCCIDRUserKey                             = "vpc cidr"
 	TelemetryUserKey                           = "telemetry"
 	ImageOperatorUserKey                       = "operator image"
 	ImageManagerUserKey                        = "manager image"