Adding AssignIpv6AddressOnCreation task after cluster creation due to CF bug

- AssignIpv6AddressOnCreation also needs to be set on public subnets, but due to a current bug in CF, this cannot be set alongside MapPublicIpOnLaunch at create time. This means we need to add it "manually" by hitting the VPC API to update each public subnet after launch.
- Added extra validation that NAT is nil

Author: nikimanoledaki

integration/tests/ipv6/ipv6_test.go

@@ -47,9 +47,10 @@ var _ = Describe("(Integration) [EKS IPv6 test]", func() {
 		BeforeSuite(func() {
 			clusterConfig = api.NewClusterConfig()
 			clusterConfig.Metadata.Name = clusterName
-			clusterConfig.Metadata.Version = "latest"
+			clusterConfig.Metadata.Version = "1.21"
 			clusterConfig.Metadata.Region = params.Region
 			clusterConfig.VPC.IPFamily = aws.String("IPv6")
+			clusterConfig.VPC.NAT = nil
 			clusterConfig.IAM.WithOIDC = api.Enabled()
 			clusterConfig.Addons = []*api.Addon{
 				{

pkg/cfn/manager/create_tasks.go

@@ -33,6 +33,15 @@ func (c *StackCollection) NewTasksToCreateClusterWithNodeGroups(nodeGroups []*ap
 		},
 	)
 
+	if c.spec.VPC.IPFamily != nil && *c.spec.VPC.IPFamily == string(api.IPV6Family) {
+		taskTree.Append(
+			&AssignIpv6AddressOnCreationTask{
+				ClusterConfig: c.spec,
+				EC2API:        c.ec2API,
+			},
+		)
+	}
+
 	appendNodeGroupTasksTo := func(taskTree *tasks.TaskTree) {
 		vpcImporter := vpc.NewStackConfigImporter(c.MakeClusterStackName())
 		nodeGroupTasks := c.NewUnmanagedNodeGroupTask(nodeGroups, false, vpcImporter)

pkg/cfn/manager/create_tasks_test.go

@@ -0,0 +1,90 @@
+package manager_test
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/mock"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+	"github.com/weaveworks/eksctl/pkg/cfn/manager"
+	"github.com/weaveworks/eksctl/pkg/testutils/mockprovider"
+)
+
+var _ = Describe("CreateTasks", func() {
+	var subnetIDs = []string{"123", "456"}
+	var clusterConfig *api.ClusterConfig
+	Context("AssignIpv6AddressOnCreationTask", func() {
+		BeforeEach(func() {
+			clusterConfig = api.NewClusterConfig()
+			clusterConfig.VPC.Subnets = &api.ClusterSubnets{}
+			clusterConfig.VPC.Subnets.Public = map[string]api.AZSubnetSpec{
+				"0": {ID: subnetIDs[0]},
+				"1": {ID: subnetIDs[1]},
+			}
+		})
+
+		It("sets AssignIpv6AddressOnCreation to true for all public subnets", func() {
+			modifySubnetAttributeCallCount := 0
+			p := mockprovider.NewMockProvider()
+			mockCall1 := p.MockEC2().On("ModifySubnetAttribute", &ec2.ModifySubnetAttributeInput{
+				AssignIpv6AddressOnCreation: &ec2.AttributeBooleanValue{
+					Value: aws.Bool(true),
+				},
+				SubnetId: aws.String(subnetIDs[0]),
+			}).Return(&ec2.ModifySubnetAttributeOutput{}, nil)
+
+			mockCall1.RunFn = func(_ mock.Arguments) {
+				modifySubnetAttributeCallCount++
+			}
+
+			mockCall2 := p.MockEC2().On("ModifySubnetAttribute", &ec2.ModifySubnetAttributeInput{
+				AssignIpv6AddressOnCreation: &ec2.AttributeBooleanValue{
+					Value: aws.Bool(true),
+				},
+				SubnetId: aws.String(subnetIDs[1]),
+			}).Return(&ec2.ModifySubnetAttributeOutput{}, nil)
+
+			mockCall2.RunFn = func(_ mock.Arguments) {
+				modifySubnetAttributeCallCount++
+			}
+
+			task := manager.AssignIpv6AddressOnCreationTask{
+				EC2API:        p.EC2(),
+				ClusterConfig: clusterConfig,
+			}
+			errorCh := make(chan error)
+			err := task.Do(errorCh)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(modifySubnetAttributeCallCount).To(Equal(2))
+
+			By("closing the error channel")
+			Eventually(errorCh).Should(BeClosed())
+		})
+
+		When("the API call errors", func() {
+			It("errors", func() {
+				p := mockprovider.NewMockProvider()
+				p.MockEC2().On("ModifySubnetAttribute", &ec2.ModifySubnetAttributeInput{
+					AssignIpv6AddressOnCreation: &ec2.AttributeBooleanValue{
+						Value: aws.Bool(true),
+					},
+					SubnetId: aws.String(subnetIDs[0]),
+				}).Return(&ec2.ModifySubnetAttributeOutput{}, fmt.Errorf("foo"))
+
+				task := manager.AssignIpv6AddressOnCreationTask{
+					EC2API:        p.EC2(),
+					ClusterConfig: clusterConfig,
+				}
+				errorCh := make(chan error)
+				err := task.Do(errorCh)
+				Expect(err).To(MatchError("failed to update subnet \"123\": foo"))
+
+				By("closing the error channel")
+				Eventually(errorCh).Should(BeClosed())
+			})
+		})
+	})
+})

pkg/cfn/manager/tasks.go

@@ -6,6 +6,9 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
 	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
 	iamoidc "github.com/weaveworks/eksctl/pkg/iam/oidc"
 	kubewrapper "github.com/weaveworks/eksctl/pkg/kubernetes"
@@ -131,3 +134,28 @@ func (t *kubernetesTask) Do(errs chan error) error {
 	close(errs)
 	return err
 }
+
+type AssignIpv6AddressOnCreationTask struct {
+	EC2API        ec2iface.EC2API
+	ClusterConfig *api.ClusterConfig
+}
+
+func (t *AssignIpv6AddressOnCreationTask) Describe() string {
+	return "set AssignIpv6AddressOnCreation to true for public subnets"
+}
+
+func (t *AssignIpv6AddressOnCreationTask) Do(errs chan error) error {
+	defer close(errs)
+	for _, subnet := range t.ClusterConfig.VPC.Subnets.Public.WithIDs() {
+		_, err := t.EC2API.ModifySubnetAttribute(&ec2.ModifySubnetAttributeInput{
+			AssignIpv6AddressOnCreation: &ec2.AttributeBooleanValue{
+				Value: aws.Bool(true),
+			},
+			SubnetId: aws.String(subnet),
+		})
+		if err != nil {
+			return fmt.Errorf("failed to update subnet %q: %v", subnet, err)
+		}
+	}
+	return nil
+}

pkg/cfn/manager/tasks_test.go

@@ -3,6 +3,7 @@ package manager
 import (
 	"fmt"
 
+	"github.com/aws/aws-sdk-go/aws"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/pkg/errors"
@@ -59,83 +60,67 @@ var _ = Describe("StackCollection Tasks", func() {
 	}
 
 	Describe("TaskTree", func() {
-		Context("With real tasks", func() {
-
-			BeforeEach(func() {
-
-				p = mockprovider.NewMockProvider()
+		BeforeEach(func() {
+			p = mockprovider.NewMockProvider()
+			cfg = newClusterConfig("test-cluster")
+			stackManager = NewStackCollection(p, cfg)
+		})
 
-				cfg = newClusterConfig("test-cluster")
+		It("should have nice description", func() {
+			fakeVPCImporter := new(vpcfakes.FakeImporter)
+			// TODO use DescribeTable
+
+			// The supportsManagedNodes argument has no effect on the Describe call, so the values are alternated
+			// in these tests
+			{
+				tasks := stackManager.NewUnmanagedNodeGroupTask(makeNodeGroups("bar", "foo"), false, fakeVPCImporter)
+				Expect(tasks.Describe()).To(Equal(`2 parallel tasks: { create nodegroup "bar", create nodegroup "foo" }`))
+			}
+			{
+				tasks := stackManager.NewUnmanagedNodeGroupTask(makeNodeGroups("bar"), false, fakeVPCImporter)
+				Expect(tasks.Describe()).To(Equal(`1 task: { create nodegroup "bar" }`))
+			}
+			{
+				tasks := stackManager.NewUnmanagedNodeGroupTask(makeNodeGroups("foo"), false, fakeVPCImporter)
+				Expect(tasks.Describe()).To(Equal(`1 task: { create nodegroup "foo" }`))
+			}
+			{
+				tasks := stackManager.NewUnmanagedNodeGroupTask(nil, false, fakeVPCImporter)
+				Expect(tasks.Describe()).To(Equal(`no tasks`))
+			}
+			{
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar", "foo"), nil, true)
+				Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 2 parallel sub-tasks: { create nodegroup "bar", create nodegroup "foo" } }`))
+			}
+			{
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar"), nil, false)
+				Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", create nodegroup "bar" }`))
+			}
+			{
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(nil, nil, true)
+				Expect(tasks.Describe()).To(Equal(`1 task: { create cluster control plane "test-cluster" }`))
+			}
+			{
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar", "foo"), makeManagedNodeGroups("m1", "m2"), false)
+				Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 4 parallel sub-tasks: { create nodegroup "bar", create nodegroup "foo", create managed nodegroup "m1", create managed nodegroup "m2" } }`))
+			}
+			{
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("foo"), makeManagedNodeGroups("m1"), true)
+				Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 2 parallel sub-tasks: { create nodegroup "foo", create managed nodegroup "m1" } }`))
+			}
+			{
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar"), nil, false, &task{id: 1})
+				Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 2 sequential sub-tasks: { task 1, create nodegroup "bar" } }`))
+			}
+		})
 
-				stackManager = NewStackCollection(p, cfg)
+		When("IPFamily is set to ipv6", func() {
+			BeforeEach(func() {
+				cfg.VPC.IPFamily = aws.String(string(api.IPV6Family))
 			})
-
-			It("should have nice description", func() {
-				makeNodeGroups := func(names ...string) []*api.NodeGroup {
-					var nodeGroups []*api.NodeGroup
-					for _, name := range names {
-						ng := api.NewNodeGroup()
-						ng.Name = name
-						nodeGroups = append(nodeGroups, ng)
-					}
-					return nodeGroups
-				}
-
-				makeManagedNodeGroups := func(names ...string) []*api.ManagedNodeGroup {
-					var managedNodeGroups []*api.ManagedNodeGroup
-					for _, name := range names {
-						ng := api.NewManagedNodeGroup()
-						ng.Name = name
-						managedNodeGroups = append(managedNodeGroups, ng)
-					}
-					return managedNodeGroups
-				}
-
-				fakeVPCImporter := new(vpcfakes.FakeImporter)
-				// TODO use DescribeTable
-
-				// The supportsManagedNodes argument has no effect on the Describe call, so the values are alternated
-				// in these tests
-				{
-					tasks := stackManager.NewUnmanagedNodeGroupTask(makeNodeGroups("bar", "foo"), false, fakeVPCImporter)
-					Expect(tasks.Describe()).To(Equal(`2 parallel tasks: { create nodegroup "bar", create nodegroup "foo" }`))
-				}
-				{
-					tasks := stackManager.NewUnmanagedNodeGroupTask(makeNodeGroups("bar"), false, fakeVPCImporter)
-					Expect(tasks.Describe()).To(Equal(`1 task: { create nodegroup "bar" }`))
-				}
-				{
-					tasks := stackManager.NewUnmanagedNodeGroupTask(makeNodeGroups("foo"), false, fakeVPCImporter)
-					Expect(tasks.Describe()).To(Equal(`1 task: { create nodegroup "foo" }`))
-				}
-				{
-					tasks := stackManager.NewUnmanagedNodeGroupTask(nil, false, fakeVPCImporter)
-					Expect(tasks.Describe()).To(Equal(`no tasks`))
-				}
-				{
-					tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar", "foo"), nil, true)
-					Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 2 parallel sub-tasks: { create nodegroup "bar", create nodegroup "foo" } }`))
-				}
-				{
-					tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar"), nil, false)
-					Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", create nodegroup "bar" }`))
-				}
-				{
-					tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(nil, nil, true)
-					Expect(tasks.Describe()).To(Equal(`1 task: { create cluster control plane "test-cluster" }`))
-				}
-				{
-					tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar", "foo"), makeManagedNodeGroups("m1", "m2"), false)
-					Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 4 parallel sub-tasks: { create nodegroup "bar", create nodegroup "foo", create managed nodegroup "m1", create managed nodegroup "m2" } }`))
-				}
-				{
-					tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("foo"), makeManagedNodeGroups("m1"), true)
-					Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 2 parallel sub-tasks: { create nodegroup "foo", create managed nodegroup "m1" } }`))
-				}
-				{
-					tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar"), nil, false, &task{id: 1})
-					Expect(tasks.Describe()).To(Equal(`2 sequential tasks: { create cluster control plane "test-cluster", 2 sequential sub-tasks: { task 1, create nodegroup "bar" } }`))
-				}
+			It("appends the AssignIpv6AddressOnCreation task to occur after the cluster creation", func() {
+				tasks := stackManager.NewTasksToCreateClusterWithNodeGroups(makeNodeGroups("bar", "foo"), nil, true)
+				Expect(tasks.Describe()).To(Equal(`3 sequential tasks: { create cluster control plane "test-cluster", set AssignIpv6AddressOnCreation to true for public subnets, 2 parallel sub-tasks: { create nodegroup "bar", create nodegroup "foo" } }`))
 			})
 		})
 	})
@@ -175,3 +160,23 @@ var _ = Describe("StackCollection Tasks", func() {
 		})
 	})
 })
+
+func makeNodeGroups(names ...string) []*api.NodeGroup {
+	var nodeGroups []*api.NodeGroup
+	for _, name := range names {
+		ng := api.NewNodeGroup()
+		ng.Name = name
+		nodeGroups = append(nodeGroups, ng)
+	}
+	return nodeGroups
+}
+
+func makeManagedNodeGroups(names ...string) []*api.ManagedNodeGroup {
+	var managedNodeGroups []*api.ManagedNodeGroup
+	for _, name := range names {
+		ng := api.NewManagedNodeGroup()
+		ng.Name = name
+		managedNodeGroups = append(managedNodeGroups, ng)
+	}
+	return managedNodeGroups
+}

pkg/ctl/cmdutils/configfile.go

@@ -238,10 +238,12 @@ func NewCreateClusterLoader(cmd *Cmd, ngFilter *filter.NodeGroupFilter, ng *api.
 		}
 
 		if clusterConfig.VPC.NAT == nil {
-			clusterConfig.VPC.NAT = api.DefaultClusterNAT()
+			if clusterConfig.VPC.IPFamily == nil || *clusterConfig.VPC.IPFamily != string(api.IPV6Family) {
+				clusterConfig.VPC.NAT = api.DefaultClusterNAT()
+			}
 		}
 
-		if !api.IsSetAndNonEmptyString(clusterConfig.VPC.NAT.Gateway) {
+		if clusterConfig.VPC.NAT != nil && !api.IsSetAndNonEmptyString(clusterConfig.VPC.NAT.Gateway) {
 			*clusterConfig.VPC.NAT.Gateway = api.ClusterSingleNAT
 		}
 

pkg/ctl/cmdutils/configfile_test.go

@@ -200,6 +200,22 @@ var _ = Describe("cmdutils configfile", func() {
 			}
 		})
 
+		When("using ipv6", func() {
+			It("should default VPC.NAT to nil", func() {
+				cmd := &Cmd{
+					CobraCommand:      newCmd(),
+					ClusterConfigFile: filepath.Join(examplesDir, "29-vpc-with-ip-family.yaml"),
+					ClusterConfig:     api.NewClusterConfig(),
+					ProviderConfig:    api.ProviderConfig{},
+				}
+				params := &CreateClusterCmdParams{WithoutNodeGroup: true, CreateManagedNGOptions: CreateManagedNGOptions{
+					Managed: false,
+				}}
+				Expect(NewCreateClusterLoader(cmd, filter.NewNodeGroupFilter(), nil, params).Load()).To(Succeed())
+				Expect(cmd.ClusterConfig.VPC.NAT).To(BeNil())
+			})
+		})
+
 		It("loader should handle named and unnamed nodegroups without config file", func() {
 			unnamedNG := api.NewNodeGroup()