nutanix-cloud-native
diff --git a/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awscluster_types.go
Lines changed: 34 additions & 2 deletions b/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awscluster_types.go
Lines changed: 34 additions & 2 deletions
diff --git a/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go
Lines changed: 1 addition & 1 deletion b/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/conditions_consts.go
Lines changed: 8 additions & 0 deletions b/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/conditions_consts.go
Lines changed: 8 additions & 0 deletions
diff --git a/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go
Lines changed: 59 additions & 9 deletions b/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go
Lines changed: 59 additions & 9 deletions
diff --git a/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/types.go
Lines changed: 23 additions & 0 deletions b/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/types.go
Lines changed: 23 additions & 0 deletions
diff --git a/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/zz_generated.deepcopy.go
Lines changed: 53 additions & 2 deletions b/‎common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/zz_generated.deepcopy.go
Lines changed: 53 additions & 2 deletions
@@ -208,6 +208,13 @@ type AWSLoadBalancerSpec struct {
 	// +optional
 	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
 
+	// AdditionalListeners sets the additional listeners for the control plane load balancer.
+	// This is only applicable to Network Load Balancer (NLB) types for the time being.
+	// +listType=map
+	// +listMapKey=port
+	// +optional
+	AdditionalListeners []AdditionalListenerSpec `json:"additionalListeners,omitempty"`
+
 	// IngressRules sets the ingress rules for the control plane load balancer.
 	// +optional
 	IngressRules []IngressRule `json:"ingressRules,omitempty"`
@@ -226,6 +233,20 @@ type AWSLoadBalancerSpec struct {
 	PreserveClientIP bool `json:"preserveClientIP,omitempty"`
 }
 
+// AdditionalListenerSpec defines the desired state of an
+// additional listener on an AWS load balancer.
+type AdditionalListenerSpec struct {
+	// Port sets the port for the additional listener.
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=65535
+	Port int64 `json:"port"`
+	// Protocol sets the protocol for the additional listener.
+	// Currently only TCP is supported.
+	// +kubebuilder:validation:Enum=TCP
+	// +kubebuilder:default=TCP
+	Protocol ELBProtocol `json:"protocol,omitempty"`
+}
+
 // AWSClusterStatus defines the observed state of AWSCluster.
 type AWSClusterStatus struct {
 	// +kubebuilder:default=false
@@ -239,11 +260,22 @@ type AWSClusterStatus struct {
 type S3Bucket struct {
 	// ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed
 	// to read control-plane node bootstrap data from S3 Bucket.
-	ControlPlaneIAMInstanceProfile string `json:"controlPlaneIAMInstanceProfile"`
+	// +optional
+	ControlPlaneIAMInstanceProfile string `json:"controlPlaneIAMInstanceProfile,omitempty"`
 
 	// NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read
 	// worker nodes bootstrap data from S3 Bucket.
-	NodesIAMInstanceProfiles []string `json:"nodesIAMInstanceProfiles"`
+	// +optional
+	NodesIAMInstanceProfiles []string `json:"nodesIAMInstanceProfiles,omitempty"`
+
+	// PresignedURLDuration defines the duration for which presigned URLs are valid.
+	//
+	// This is used to generate presigned URLs for S3 Bucket objects, which are used by
+	// control-plane and worker nodes to fetch bootstrap data.
+	//
+	// When enabled, the IAM instance profiles specified are not used.
+	// +optional
+	PresignedURLDuration *metav1.Duration `json:"presignedURLDuration,omitempty"`
 
 	// Name defines name of S3 Bucket to be created.
 	// +kubebuilder:validation:MinLength:=3
 
@@ -195,7 +195,7 @@ type Ignition struct {
 	//
 	// +optional
 	// +kubebuilder:default="2.3"
-	// +kubebuilder:validation:Enum="2.3"
+	// +kubebuilder:validation:Enum="2.3";"3.0";"3.1";"3.2";"3.3";"3.4"
 	Version string `json:"version,omitempty"`
 }
 
 
@@ -87,6 +87,14 @@ const (
 	RouteTableReconciliationFailedReason = "RouteTableReconciliationFailed"
 )
 
+const (
+	// VpcEndpointsReadyCondition reports successful reconciliation of vpc endpoints.
+	// Only applicable to managed clusters.
+	VpcEndpointsReadyCondition clusterv1.ConditionType = "VpcEndpointsReadyCondition"
+	// VpcEndpointsReconciliationFailedReason used when any errors occur during reconciliation of vpc endpoints.
+	VpcEndpointsReconciliationFailedReason = "VpcEndpointsReconciliationFailed"
+)
+
 const (
 	// SecondaryCidrsReadyCondition reports successful reconciliation of secondary CIDR blocks.
 	// Only applicable to managed clusters.
 
@@ -249,16 +249,36 @@ type NetworkSpec struct {
 // IPv6 contains ipv6 specific settings for the network.
 type IPv6 struct {
 	// CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6.
+	// Mutually exclusive with IPAMPool.
 	// +optional
 	CidrBlock string `json:"cidrBlock,omitempty"`
 
 	// PoolID is the IP pool which must be defined in case of BYO IP is defined.
+	// Must be specified if CidrBlock is set.
+	// Mutually exclusive with IPAMPool.
 	// +optional
 	PoolID string `json:"poolId,omitempty"`
 
 	// EgressOnlyInternetGatewayID is the id of the egress only internet gateway associated with an IPv6 enabled VPC.
 	// +optional
 	EgressOnlyInternetGatewayID *string `json:"egressOnlyInternetGatewayId,omitempty"`
+
+	// IPAMPool defines the IPAMv6 pool to be used for VPC.
+	// Mutually exclusive with CidrBlock.
+	// +optional
+	IPAMPool *IPAMPool `json:"ipamPool,omitempty"`
+}
+
+// IPAMPool defines the IPAM pool to be used for VPC.
+type IPAMPool struct {
+	// ID is the ID of the IPAM pool this provider should use to create VPC.
+	ID string `json:"id,omitempty"`
+	// Name is the name of the IPAM pool this provider should use to create VPC.
+	Name string `json:"name,omitempty"`
+	// The netmask length of the IPv4 CIDR you want to allocate to VPC from
+	// an Amazon VPC IP Address Manager (IPAM) pool.
+	// Defaults to /16 for IPv4 if not specified.
+	NetmaskLength int64 `json:"netmaskLength,omitempty"`
 }
 
 // VPCSpec configures an AWS VPC.
@@ -268,8 +288,13 @@ type VPCSpec struct {
 
 	// CidrBlock is the CIDR block to be used when the provider creates a managed VPC.
 	// Defaults to 10.0.0.0/16.
+	// Mutually exclusive with IPAMPool.
 	CidrBlock string `json:"cidrBlock,omitempty"`
 
+	// IPAMPool defines the IPAMv4 pool to be used for VPC.
+	// Mutually exclusive with CidrBlock.
+	IPAMPool *IPAMPool `json:"ipamPool,omitempty"`
+
 	// IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters.
 	// This field cannot be set on AWSCluster object.
 	// +optional
@@ -323,8 +348,20 @@ func (v *VPCSpec) IsIPv6Enabled() bool {
 // SubnetSpec configures an AWS Subnet.
 type SubnetSpec struct {
 	// ID defines a unique identifier to reference this resource.
+	// If you're bringing your subnet, set the AWS subnet-id here, it must start with `subnet-`.
+	//
+	// When the VPC is managed by CAPA, and you'd like the provider to create a subnet for you,
+	// the id can be set to any placeholder value that does not start with `subnet-`;
+	// upon creation, the subnet AWS identifier will be populated in the `ResourceID` field and
+	// the `id` field is going to be used as the subnet name. If you specify a tag
+	// called `Name`, it takes precedence.
 	ID string `json:"id"`
 
+	// ResourceID is the subnet identifier from AWS, READ ONLY.
+	// This field is populated when the provider manages the subnet.
+	// +optional
+	ResourceID string `json:"resourceID,omitempty"`
+
 	// CidrBlock is the CIDR block to be used when the provider creates a managed VPC.
 	CidrBlock string `json:"cidrBlock,omitempty"`
 
@@ -359,9 +396,18 @@ type SubnetSpec struct {
 	Tags Tags `json:"tags,omitempty"`
 }
 
+// GetResourceID returns the identifier for this subnet,
+// if the subnet was not created or reconciled, it returns the subnet ID.
+func (s *SubnetSpec) GetResourceID() string {
+	if s.ResourceID != "" {
+		return s.ResourceID
+	}
+	return s.ID
+}
+
 // String returns a string representation of the subnet.
 func (s *SubnetSpec) String() string {
-	return fmt.Sprintf("id=%s/az=%s/public=%v", s.ID, s.AvailabilityZone, s.IsPublic)
+	return fmt.Sprintf("id=%s/az=%s/public=%v", s.GetResourceID(), s.AvailabilityZone, s.IsPublic)
 }
 
 // Subnets is a slice of Subnet.
@@ -374,7 +420,7 @@ func (s Subnets) ToMap() map[string]*SubnetSpec {
 	res := make(map[string]*SubnetSpec)
 	for i := range s {
 		x := s[i]
-		res[x.ID] = &x
+		res[x.GetResourceID()] = &x
 	}
 	return res
 }
@@ -383,19 +429,18 @@ func (s Subnets) ToMap() map[string]*SubnetSpec {
 func (s Subnets) IDs() []string {
 	res := []string{}
 	for _, subnet := range s {
-		res = append(res, subnet.ID)
+		res = append(res, subnet.GetResourceID())
 	}
 	return res
 }
 
 // FindByID returns a single subnet matching the given id or nil.
 func (s Subnets) FindByID(id string) *SubnetSpec {
 	for _, x := range s {
-		if x.ID == id {
+		if x.GetResourceID() == id {
 			return &x
 		}
 	}
-
 	return nil
 }
 
@@ -404,7 +449,9 @@ func (s Subnets) FindByID(id string) *SubnetSpec {
 // or if they are in the same vpc and the cidr block is the same.
 func (s Subnets) FindEqual(spec *SubnetSpec) *SubnetSpec {
 	for _, x := range s {
-		if (spec.ID != "" && x.ID == spec.ID) || (spec.CidrBlock == x.CidrBlock) || (spec.IPv6CidrBlock != "" && spec.IPv6CidrBlock == x.IPv6CidrBlock) {
+		if (spec.GetResourceID() != "" && x.GetResourceID() == spec.GetResourceID()) ||
+			(spec.CidrBlock == x.CidrBlock) ||
+			(spec.IPv6CidrBlock != "" && spec.IPv6CidrBlock == x.IPv6CidrBlock) {
 			return &x
 		}
 	}
@@ -543,14 +590,17 @@ var (
 
 	// SecurityGroupProtocolICMPv6 represents the ICMPv6 protocol in ingress rules.
 	SecurityGroupProtocolICMPv6 = SecurityGroupProtocol("58")
+
+	// SecurityGroupProtocolESP represents the ESP protocol in ingress rules.
+	SecurityGroupProtocolESP = SecurityGroupProtocol("50")
 )
 
 // IngressRule defines an AWS ingress rule for security groups.
 type IngressRule struct {
 	// Description provides extended information about the ingress rule.
 	Description string `json:"description"`
-	// Protocol is the protocol for the ingress rule. Accepted values are "-1" (all), "4" (IP in IP),"tcp", "udp", "icmp", and "58" (ICMPv6).
-	// +kubebuilder:validation:Enum="-1";"4";tcp;udp;icmp;"58"
+	// Protocol is the protocol for the ingress rule. Accepted values are "-1" (all), "4" (IP in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" (ESP).
+	// +kubebuilder:validation:Enum="-1";"4";tcp;udp;icmp;"58";"50"
 	Protocol SecurityGroupProtocol `json:"protocol"`
 	// FromPort is the start of port range.
 	FromPort int64 `json:"fromPort"`
@@ -659,7 +709,7 @@ func (i *IngressRule) Equals(o *IngressRule) bool {
 		SecurityGroupProtocolICMP,
 		SecurityGroupProtocolICMPv6:
 		return i.FromPort == o.FromPort && i.ToPort == o.ToPort
-	case SecurityGroupProtocolAll, SecurityGroupProtocolIPinIP:
+	case SecurityGroupProtocolAll, SecurityGroupProtocolIPinIP, SecurityGroupProtocolESP:
 		// FromPort / ToPort are not applicable
 	}
 
 
@@ -70,6 +70,29 @@ const (
 	MachineCreated AWSMachineProviderConditionType = "MachineCreated"
 )
 
+const (
+	// ExternalResourceGCAnnotation is the name of an annotation that indicates if
+	// external resources should be garbage collected for the cluster.
+	ExternalResourceGCAnnotation = "aws.cluster.x-k8s.io/external-resource-gc"
+
+	// ExternalResourceGCTasksAnnotation is the name of an annotation that indicates what
+	// external resources tasks should be executed by garbage collector for the cluster.
+	ExternalResourceGCTasksAnnotation = "aws.cluster.x-k8s.io/external-resource-tasks-gc"
+)
+
+type GCTask string
+
+var (
+	// GCTaskLoadBalancer defines a task to cleaning up resources for AWS load balancers.
+	GCTaskLoadBalancer = GCTask("load-balancer")
+
+	// GCTaskTargetGroup defines a task to cleaning up resources for AWS target groups.
+	GCTaskTargetGroup = GCTask("target-group")
+
+	// GCTaskSecurityGroup defines a task to cleaning up resources for AWS security groups.
+	GCTaskSecurityGroup = GCTask("security-group")
+)
+
 // AZSelectionScheme defines the scheme of selecting AZs.
 type AZSelectionScheme string
Original file line number	Diff line number	Diff line change
`@@ -195,7 +195,7 @@ type Ignition struct {`
`195`	`195`	`//`
`196`	`196`	`// +optional`
`197`	`197`	`// +kubebuilder:default="2.3"`
`198`		`- // +kubebuilder:validation:Enum="2.3"`
	`198`	`+ // +kubebuilder:validation:Enum="2.3";"3.0";"3.1";"3.2";"3.3";"3.4"`
`199`	`199`	Version string `json:"version,omitempty"`
`200`	`200`	`}`
`201`	`201`