Fill AWSCluster.spec.network.subnets[*].id field for managed subnet…

…s for compatibility with CAPA v2.3.0 (#439)

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Fill `AWSCluster.spec.network.subnets[*].id` field for managed subnets for compatibility with CAPA v2.3.0
+
 ## [0.50.0] - 2023-12-04
 
 <details>
@@ -56,7 +60,7 @@ yq eval --inplace 'with(select(.metadata != null);    .global.metadata = .metada
   with(select(.controlPlane != null);                 .global.controlPlane = .controlPlane) |
   with(select(.nodePools != null);                    .global.nodePools = .nodePools) |
   with(select(.managementCluster != null);            .global.managementCluster = .managementCluster ) |
- 
+
   with(select(.providerSpecific != null);                   .global.providerSpecific = .providerSpecific) |
 
   with(select(.baseDomain != null);                   .global.connectivity.baseDomain = .baseDomain) |

README.md

@@ -19,7 +19,8 @@ connectivity:
     vpcCidr: 10.0.0.0/16
   subnets:
   # Control plane nodes subnets
-  - cidrBlocks:
+  - id: control-plane-nodes
+    cidrBlocks:
     - cidr: 10.0.32.0/19
       availabilityZone: a
     - cidr: 10.0.64.0/19
@@ -30,7 +31,8 @@ connectivity:
     tags:
       subnet.giantswarm.io/role: control-plane
   # Worker nodes subnets
-  - cidrBlocks:
+  - id: worker-nodes
+    cidrBlocks:
     - cidr: 10.0.128.0/19
       availabilityZone: a
     - cidr: 10.0.160.0/19
@@ -41,7 +43,8 @@ connectivity:
     tags:
       subnet.giantswarm.io/role: workers
   # Bastion nodes subnets
-  - cidrBlocks:
+  - id: bastion-nodes
+    cidrBlocks:
     - cidr: 10.0.0.0/24
       availabilityZone: a
     - cidr: 10.0.1.0/24
@@ -52,7 +55,8 @@ connectivity:
     tags:
       subnet.giantswarm.io/role: bastion
   # Ingress load balancer subnets
-  - cidrBlocks:
+  - id: load-balancer
+    cidrBlocks:
     - cidr: 10.0.3.0/24
       availabilityZone: a
       tags:
@@ -73,19 +77,20 @@ connectivity:
 The desired subnet can then be targetted by using the `subnetTags` value to set the AWS tags to match on. For example:
 
 ```yaml
+global:
+  connectivity:
+    bastion:
+      subnetTags:
+        - subnet.giantswarm.io/role: bastion
 
-bastion:
-  subnetTags:
-    - subnet.giantswarm.io/role: bastion
-
-controlPlane:
-  subnetTags:
-    - subnet.giantswarm.io/role: control-plane
-
-machinePools:
-  def00:
+  controlPlane:
     subnetTags:
-      - subnet.giantswarm.io/role: workers
+      - subnet.giantswarm.io/role: control-plane
+
+  nodePools:
+    def00:
+      subnetTags:
+        - subnet.giantswarm.io/role: workers
 ```
 
 ### API-server ELB subnets
@@ -146,7 +151,7 @@ If the `subnet.giantswarm.io/tgw-attachments: "true"` tag isn't found on any sub
 
 ## Maintaining `values.schema.json` and `values.yaml`
 
-**tldr**:  
+**tldr**:
 We only maintain `values.schema.json` and automatically generate `values.yaml` from it.
 ```
 make normalize-schema
@@ -163,7 +168,7 @@ To succesfully do this, we have some requirements on the `values.schema.json`, w
 These requirements can be checked with [schemalint](https://github.com/giantswarm/schemalint).
 `schemalint` does a couple of things:
 
-- Normalize JSON schema (indentation, white space, sorting)  
+- Normalize JSON schema (indentation, white space, sorting)
 - Validate whether your schema is valid JSON schema
 - Validate whether the requirements for cluster app schemas are met
 - Check whether schema is normalized
@@ -178,7 +183,7 @@ make validate-schema
 ```
 
 The JSON schema in `values.schema.json` should contain defaults defined with the `default` keyword.
-These defaults should be same as those defined in `values.yaml`. 
+These defaults should be same as those defined in `values.yaml`.
 This allows us to generate `values.yaml` from `values.schema.json` with:
 
 ```

helm/cluster-aws/templates/_aws_cluster.tpl

@@ -72,19 +72,23 @@ spec:
       natGatewayId: {{ $subnet.natGatewayId }}
       {{- end }}
     {{- else }}
-    {{- range $i, $cidr := $subnet.cidrBlocks }}
-    - cidrBlock: "{{ $cidr.cidr }}"
+    {{- range $i, $cidr := $subnet.cidrBlocks -}}
+    {{/* CAPA v2.3.0 defaults to using the `id` field as subnet name unless it's an unmanaged one (`id` starts with `subnet-`), so use CAPA's previous standard subnet naming scheme */}}
+    - id: "{{ include "resource.default.name" $ }}-subnet-{{ $subnet.isPublic | default false | ternary "public" "private" }}-{{ if eq (len $cidr.availabilityZone) 1 }}{{ include "aws-region" $ }}{{ end }}{{ $cidr.availabilityZone }}"
+      cidrBlock: "{{ $cidr.cidr }}"
       {{- if eq (len $cidr.availabilityZone) 1 }}
       availabilityZone: "{{ include "aws-region" $ }}{{ $cidr.availabilityZone }}"
       {{- else }}
       availabilityZone: "{{ $cidr.availabilityZone }}"
       {{- end }}
       isPublic: {{ $subnet.isPublic | default false }}
+      {{- if or $subnet.tags $cidr.tags }}
       tags:
         {{- toYaml $subnet.tags | nindent 8 }}
         {{- if $cidr.tags }}
         {{- toYaml $cidr.tags | nindent 8 }}
         {{- end }}
+      {{- end }}
     {{- end }}
     {{- end }}
     {{- end }}

helm/cluster-aws/values.schema.json

@@ -444,6 +444,10 @@
                                         "title": "Network",
                                         "items": {
                                             "type": "object",
+                                            "required": [
+                                                "availabilityZone",
+                                                "cidr"
+                                            ],
                                             "properties": {
                                                 "availabilityZone": {
                                                     "type": "string",