Skip to content

[Bug] Creating IPv6 Cluster on 2 or 4 AZs fails because of inconsistent CIDR partitioning #7835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TiberiuGC opened this issue Jun 14, 2024 · 1 comment
Open

[Bug] Creating IPv6 Cluster on 2 or 4 AZs fails because of inconsistent CIDR partitioning #7835

TiberiuGC opened this issue Jun 14, 2024 · 1 comment
Assignees
@TiberiuGC
Labels
area/aws-vpc area/ipv6 kind/bug priority/important-soon Ideally to be resolved in time for the next release

Comments

@TiberiuGC
Copy link
Contributor

TiberiuGC commented Jun 14, 2024
edited
Loading

How to reproduce the issue?

By running eksctl create cluster with the following config file:

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: mismatched-subnet-cidr-issue
  region: us-west-2
  version: "1.30"

availabilityZones:
- us-west-2a
- us-west-2b
- us-west-2c
- us-west-2d

kubernetesNetworkConfig:
  ipFamily: IPv6

vpc:
  cidr: 10.34.0.0/16

What's the error?

2024-06-13 15:48:39 [✖]  getting stack "xxxx-cluster" outputs: could not import subnet subnet-xxxx: mismatch found between local and remote VPC config: subnet CIDR "10.33.224.0/19", found in config file, is not the same as subnet CIDR "10.33.112.0/20", found in remote VPC config

What's the cause?

There's two code sections that handle IPv4 CIDR partitioning that are inconsistent. First section splits the range in the fashion below. The obtained CIDR are then used as-is for IPv4 clusters.

eksctl/pkg/vpc/vpc.go

Lines 131 to 146 in 4b62d1a

func getSubnetNetworkSize(vpcCIDR net.IPNet, subnetsTotal int) (subnetSize, networkLength int, err error) {
switch maskSize, _ := vpcCIDR.Mask.Size(); {
case subnetsTotal == 2:
subnetSize = 2
networkLength = maskSize + 3
case subnetsTotal <= 8:
subnetSize = 8
networkLength = maskSize + 3
case subnetsTotal <= 16:
subnetSize = 16
networkLength = maskSize + 4
default:
return 0, 0, fmt.Errorf("cannot create more than 16 subnets, %d requested", subnetsTotal)
}
return subnetSize, networkLength, nil
}

However, IPv6 logic splits the CIDR in a different fashion, and does not re-use the split obtained previously. Afterwards, eksctl tries to validate that the obtained ranges are consistent, which they aren't. Hence the problem above.

eksctl/pkg/cfn/builder/vpc_ipv6.go

Line 55 in 4b62d1a

cidrPartitions := (len(v.clusterConfig.AvailabilityZones) * 2) + 2

@TiberiuGC TiberiuGC self-assigned this Jun 15, 2024
@TiberiuGC TiberiuGC mentioned this issue Jun 17, 2024
Closed
7 tasks
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Jul 16, 2024
@TiberiuGC TiberiuGC removed the stale label Jul 18, 2024
@TiberiuGC TiberiuGC added the priority/important-soon Ideally to be resolved in time for the next release label Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TiberiuGC TiberiuGC

Labels
area/aws-vpc area/ipv6 kind/bug priority/important-soon Ideally to be resolved in time for the next release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Split CIDR consistently across different settings TiberiuGC/eksctl
1 participant
@TiberiuGC