Skip to content

Add support for Instance Alias IP Ranges #1314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add support for Instance Alias IP Ranges #1314

wants to merge 3 commits into from
+520 −0

Conversation

jwmay2012
Copy link
Contributor

@jwmay2012 jwmay2012 commented Sep 18, 2024
edited
Loading

What type of PR is this?
/kind feature

What this PR does / why we need it:
Allows instances to be created with a Secondary Alias IP/CIDR Range configured.
https://cloud.google.com/vpc/docs/alias-ip

This enables things like Cilium to use Google Cloud's networks for Native Routing.
By giving each pod/service an IP from the Alias IP Range.

TODOs:

  • squashed commits
  • includes documentation
  • adds unit tests

Release note:

Add support for Instance Alias IP Ranges. `GCPMachine.Spec.AliasIPRanges` This allows for [Native Routing](https://docs.cilium.io/en/stable/network/concepts/routing/#google-cloud).

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Sep 18, 2024
@k8s-ci-robot k8s-ci-robot requested review from damdo and dims September 18, 2024 20:17
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 18, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @jwmay2012. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@netlify Netlify
Copy link

netlify bot commented Sep 18, 2024
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-gcp ready!

Name Link
🔨 Latest commit cdab713
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-cluster-api-gcp/deploys/68d2ed12b84efc0008a41282
😎 Deploy Preview https://deploy-preview-1314--kubernetes-sigs-cluster-api-gcp.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 18, 2024
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 24, 2024
@damdo
Copy link
Member

damdo commented Sep 30, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 30, 2024
@jwmay2012 jwmay2012 force-pushed the alias-ip-ranges branch 4 times, most recently from 9e02c2d to 7436d66 Compare October 4, 2024 15:04
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 15, 2024
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 15, 2024
@jwmay2012
Copy link
Contributor Author

Rebased.
We're running this code and it's helping us enable Native Routing for our Pods in GCP.
Let me know if there's anything else to be done before merge :)

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 20, 2025
@jwmay2012
Copy link
Contributor Author

Having the ability to utilize Native Networking in GCP for pods and services from CAPI && CAPG is pretty neat and enabled by being able to configure these Alias IP Ranges.
We're still using this for our clusters but would love to get it upstreamed and stop using our custom build :)
A pretty standard GCPMachine spec addition and conversion to the existing GCP SDK structs.

Is there something I could do to help move this ticket forward? Thanks :)

damdo
damdo reviewed Feb 11, 2025
View reviewed changes
@damdo
Copy link
Member

damdo commented Feb 11, 2025

I think this would be a good addition.
Any thoughts @cpanato @salasberryfin @richardcase ?

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sl1pm4t
Copy link

sl1pm4t commented Jul 8, 2025

/reopen

@k8s-ci-robot
Copy link
Contributor

@sl1pm4t: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@jwmay2012
Copy link
Contributor Author

/reopen

@k8s-ci-robot
Copy link
Contributor

@jwmay2012: Reopened this PR.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot reopened this Jul 8, 2025
@jwmay2012
Copy link
Contributor Author

jwmay2012 commented Jul 9, 2025
edited
Loading

Merged main but this test seems broken.(wont run. other builds have same problem) This should still be good to merge.

@damdo
Copy link
Member

damdo commented Jul 18, 2025

@barbacbd are you happy with this?

@barbacbd
Copy link
Contributor

barbacbd commented Aug 5, 2025

@damdo this is LGTM

@damdo damdo mentioned this pull request Aug 11, 2025
Closed
3 tasks
@kylewuolle kylewuolle mentioned this pull request Aug 12, 2025
Closed
damdo
damdo reviewed Aug 29, 2025
View reviewed changes
Copy link
Member

@damdo damdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this broadly LGTM

Do other maintainers have any thoughts ?

/assign @justinsb @cpanato @salasberryfin @theobarberbany

cpanato
cpanato reviewed Aug 30, 2025
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we have at least unit tests for this? Of we can make an e2e test will be nice as well

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jwmay2012
Once this PR has been reviewed and has the lgtm label, please ask for approval from cpanato. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 23, 2025
@jwmay2012
Add unit and validation tests for alias IP ranges
98134b9 
- Add unit tests for InstanceNetworkInterfaceAliasIPRangesSpec function
- Add CRD validation tests using envtest to verify regex patterns
- Tests cover valid formats (CIDR, IP only, netmask only) and invalid cases
@jwmay2012
Add documentation for alias IP ranges feature
cdab713
@jwmay2012
Copy link
Contributor Author

@jwmay2012 You might be interested in this change I made in our fork, in relation to this PR: getditto@50effa6

It adds a firewall rule allowing traffic from the secondary IP ranges. Necessary if using native routing mode from pods.

@sl1pm4t
We use a SharedVPC and manage our own Subnets and firewalls via terraform. (firewall rule generation is disabled when using a SharedVPC in CAPG)
So I won't be able to make or test any firewall rule changes in this PR, unfortunately.

@jwmay2012
Copy link
Contributor Author

@cpanato @damdo I've added some unit tests and tests that use the API server to validate the CRD regex validation for the fields. Also added some documentation.

Let me know what ya think and if there's anything else needed to get this merged.
I'm uncertain what would be required to do a full e2e test, but my changes end where the "google.golang.org/api/compute/v1" SDK begins.

I can say, with this field, GCP Machines are created with Alias IP ranges option on the Network interfaces section with the correct value and function. Our environment uses a SharedVPC subnet created outside CAPG.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato left review comments

@damdo damdo damdo left review comments

@dims dims Awaiting requested review from dims

+1 more reviewer

@barbacbd barbacbd barbacbd left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@justinsb justinsb

@cpanato cpanato

@theobarberbany theobarberbany

@salasberryfin salasberryfin

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@jwmay2012 @k8s-ci-robot @damdo @k8s-triage-robot @sl1pm4t @barbacbd @cpanato @justinsb @theobarberbany @salasberryfin