edgelesssys · 3u13r · Oct 23, 2023 · Oct 19, 2023 · Oct 19, 2023 · Oct 19, 2023
diff --git a/cli/internal/helm/loader_test.go b/cli/internal/helm/loader_test.go
@@ -70,9 +70,8 @@ func TestLoadReleases(t *testing.T) {
 		state.New().
 			SetInfrastructure(state.Infrastructure{
 				GCP: &state.GCP{
-					ProjectID:  "test-project-id",
-					IPCidrNode: "test-node-cidr",
-					IPCidrPod:  "test-pod-cidr",
+					ProjectID: "test-project-id",
+					IPCidrPod: "test-pod-cidr",
 				},
 			}).
 			SetClusterValues(state.ClusterValues{MeasurementSalt: []byte{0x41}}),

diff --git a/cli/internal/state/state.go b/cli/internal/state/state.go
@@ -106,6 +106,9 @@ type Infrastructure struct {
 	//   Name used in the cluster's named resources.
 	Name string `yaml:"name"`
 	// description: |
+	//   CIDR range of the cluster's nodes.
+	IPCidrNode string `yaml:"ipCidrNode"`
+	// description: |
 	//   Values specific to a Constellation cluster running on Azure.
 	Azure *Azure `yaml:"azure,omitempty"`
 	// description: |
@@ -119,9 +122,6 @@ type GCP struct {
 	//   Project ID of the GCP project the cluster is running in.
 	ProjectID string `yaml:"projectID"`
 	// description: |
-	//   CIDR range of the cluster's nodes.
-	IPCidrNode string `yaml:"ipCidrNode"`
-	// description: |
 	//   CIDR range of the cluster's pods.
 	IPCidrPod string `yaml:"ipCidrPod"`
 }

diff --git a/cli/internal/state/state_doc.go b/cli/internal/state/state_doc.go
diff --git a/cli/internal/state/state_test.go b/cli/internal/state/state_test.go
@@ -29,6 +29,7 @@ func defaultState() *State {
 				"api-server-cert-san-test",
 				"api-server-cert-san-test-2",
 			},
+			IPCidrNode: "test-cidr-node",
 			Azure: &Azure{
 				ResourceGroup:            "test-rg",
 				SubscriptionID:           "test-sub",
@@ -38,9 +39,8 @@ func defaultState() *State {
 				AttestationURL:           "test-maaUrl",
 			},
 			GCP: &GCP{
-				ProjectID:  "test-project",
-				IPCidrNode: "test-cidr-node",
-				IPCidrPod:  "test-cidr-pod",
+				ProjectID: "test-project",
+				IPCidrPod: "test-cidr-pod",
 			},
 		},
 		ClusterValues: ClusterValues{

@@ -239,13 +239,23 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		return state.Infrastructure{}, errors.New("invalid type in name output: not a string")
 	}
 
+	cidrNodesOutput, ok := tfState.Values.Outputs["ip_cidr_nodes"]
+	if !ok {
+		return state.Infrastructure{}, errors.New("no ip_cidr_nodes output found")
+	}
+	cidrNodes, ok := cidrNodesOutput.Value.(string)
+	if !ok {
+		return state.Infrastructure{}, errors.New("invalid type in ip_cidr_nodes output: not a string")
+	}
+
 	res := state.Infrastructure{
 		ClusterEndpoint:   outOfClusterEndpoint,
 		InClusterEndpoint: inClusterEndpoint,
 		APIServerCertSANs: apiServerCertSANs,
 		InitSecret:        []byte(secret),
 		UID:               uid,
 		Name:              name,
+		IPCidrNode:        cidrNodes,
 	}
 
 	switch provider {
@@ -259,15 +269,6 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 			return state.Infrastructure{}, errors.New("invalid type in project output: not a string")
 		}
 
-		cidrNodesOutput, ok := tfState.Values.Outputs["ip_cidr_nodes"]
-		if !ok {
-			return state.Infrastructure{}, errors.New("no ip_cidr_nodes output found")
-		}
-		cidrNodes, ok := cidrNodesOutput.Value.(string)
-		if !ok {
-			return state.Infrastructure{}, errors.New("invalid type in ip_cidr_nodes output: not a string")
-		}
-
 		cidrPodsOutput, ok := tfState.Values.Outputs["ip_cidr_pods"]
 		if !ok {
 			return state.Infrastructure{}, errors.New("no ip_cidr_pods output found")
@@ -278,9 +279,8 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		}
 
 		res.GCP = &state.GCP{
-			ProjectID:  gcpProject,
-			IPCidrNode: cidrNodes,
-			IPCidrPod:  cidrPods,
+			ProjectID: gcpProject,
+			IPCidrPod: cidrPods,
 		}
 	case cloudprovider.Azure:
 		attestationURLOutput, ok := tfState.Values.Outputs["attestationURL"]

@@ -17,10 +17,11 @@ provider "aws" {
 }
 
 locals {
-  uid              = random_id.uid.hex
-  name             = "${var.name}-${local.uid}"
-  initSecretHash   = random_password.initSecret.bcrypt_hash
-  ports_node_range = "30000-32767"
+  uid                   = random_id.uid.hex
+  name                  = "${var.name}-${local.uid}"
+  initSecretHash        = random_password.initSecret.bcrypt_hash
+  cidr_vpc_subnet_nodes = "192.168.176.0/20"
+  ports_node_range      = "30000-32767"
   load_balancer_ports = flatten([
     { name = "kubernetes", port = "6443", health_check = "HTTPS" },
     { name = "bootstrapper", port = "9000", health_check = "TCP" },
@@ -75,7 +76,7 @@ module "public_private_subnet" {
   source                   = "./modules/public_private_subnet"
   name                     = local.name
   vpc_id                   = aws_vpc.vpc.id
-  cidr_vpc_subnet_nodes    = "192.168.176.0/20"
+  cidr_vpc_subnet_nodes    = local.cidr_vpc_subnet_nodes
   cidr_vpc_subnet_internet = "192.168.0.0/20"
   zone                     = var.zone
   zones                    = local.zones

@@ -31,3 +31,7 @@ output "initSecret" {
 output "name" {
   value = local.name
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
@@ -28,7 +28,6 @@ locals {
   }
   ports_node_range      = "30000-32767"
   cidr_vpc_subnet_nodes = "192.168.178.0/24"
-  cidr_vpc_subnet_pods  = "10.10.0.0/16"
   ports = flatten([
     { name = "kubernetes", port = "6443", health_check_protocol = "Https", path = "/readyz", priority = 100 },
     { name = "bootstrapper", port = "9000", health_check_protocol = "Tcp", path = null, priority = 101 },

@@ -58,3 +58,7 @@ output "subscription_id" {
 output "name" {
   value = local.name
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
@@ -22,3 +22,7 @@ output "initSecret" {
 output "name" {
   value = local.name
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
@@ -19,6 +19,12 @@ provider "docker" {
   host = "unix:///var/run/docker.sock"
 }
 
+locals {
+  cidr_vpc_subnet_nodes          = "10.42.0.0/22"
+  cidr_vpc_subnet_control_planes = "10.42.1.0/24"
+  cidr_vpc_subnet_worker         = "10.42.2.0/24"
+}
+
 resource "random_password" "initSecret" {
   length           = 32
   special          = true
@@ -61,7 +67,7 @@ module "node_group" {
   vcpus            = each.value.vcpus
   memory           = each.value.memory
   machine          = var.machine
-  cidr             = each.value.role == "control-plane" ? "10.42.1.0/24" : "10.42.2.0/24"
+  cidr             = each.value.role == "control-plane" ? local.cidr_vpc_subnet_control_planes : local.cidr_vpc_subnet_worker
   network_id       = libvirt_network.constellation.id
   pool             = libvirt_pool.cluster.name
   boot_mode        = var.constellation_boot_mode

@@ -46,3 +46,7 @@ output "validate_constellation_cmdline" {
 output "name" {
   value = "${var.name}-qemu" // placeholder, as per "uid" output
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
@@ -230,6 +230,9 @@ func TestCreateCluster(t *testing.T) {
 					"name": {
 						Value: "constell-12345abc",
 					},
+					"ip_cidr_nodes": {
+						Value: "192.0.2.103/32",
+					},
 				},
 			},
 		}
@@ -275,6 +278,9 @@ func TestCreateCluster(t *testing.T) {
 					"name": {
 						Value: "constell-12345abc",
 					},
+					"ip_cidr_nodes": {
+						Value: "192.0.2.103/32",
+					},
 				},
 			},
 		}
@@ -487,6 +493,7 @@ func TestCreateCluster(t *testing.T) {
 			assert.Equal(state.HexBytes("initSecret"), infraState.InitSecret)
 			assert.Equal("12345abc", infraState.UID)
 			assert.Equal("192.0.2.101", infraState.InClusterEndpoint)
+			assert.Equal("192.0.2.103/32", infraState.IPCidrNode)
 			if tc.provider == cloudprovider.Azure {
 				assert.Equal(tc.expectedAttestationURL, infraState.Azure.AttestationURL)
 			}