add ipv4 ipam support for alb

Author: zac-nixon

apis/elbv2/v1beta1/ingressclassparams_types.go

@@ -107,6 +107,13 @@ type MinimumLoadBalancerCapacity struct {
 CapacityUnits int32 `json:"capacityUnits"`
 }
 
+// IPAMConfiguration defines the IPAM configuration for an Ingress.
+type IPAMConfiguration struct {
+// IPv4IPAMPoolId defines the IPAM pool ID used for IPv4 Addresses on the ALB.
+// +optional
+IPv4IPAMPoolId *string `json:"ipv4IPAMPoolId,omitempty"`
+}
+
 // IngressClassParamsSpec defines the desired state of IngressClassParams
 type IngressClassParamsSpec struct {
 // CertificateArn specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams.
@@ -156,6 +163,10 @@ type IngressClassParamsSpec struct {
 // MinimumLoadBalancerCapacity define the capacity reservation for LoadBalancers for all Ingress that belong to IngressClass with this IngressClassParams.
 // +optional
 MinimumLoadBalancerCapacity *MinimumLoadBalancerCapacity `json:"minimumLoadBalancerCapacity,omitempty"`
+
+// IPAMConfiguration defines the IPAM settings for a Load Balancer.
+// +optional
+IPAMConfiguration *IPAMConfiguration `json:"ipamConfiguration,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/elbv2/v1beta1/zz_generated.deepcopy.go

@@ -85,6 +85,15 @@ spec:
  - dualstack
  - dualstack-without-public-ipv4
  type: string
+ ipamConfiguration:
+ description: IPAMConfiguration defines the IPAM settings for a Load
+ Balancer.
+ properties:
+ ipv4IPAMPoolId:
+ description: IPv4IPAMPoolId defines the IPAM pool ID used for
+ IPv4 Addresses on the ALB.
+ type: string
+ type: object
  listeners:
  description: Listeners define a list of listeners with their protocol,
  port and attributes.

config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml

@@ -251,4 +251,10 @@ They may specify `capacityUnits`. If the field is specified, LBC will ignore the
 
 ##### spec.minimumLoadBalancerCapacity.capacityUnits
 
-If `capacityUnits` is specified, it must be to valid positive value greater than 0. If set to 0, the LBC will reset the capacity reservation for the load balancer.
+If `capacityUnits` is specified, it must be to valid positive value greater than 0. If set to 0, the LBC will reset the capacity reservation for the load balancer.
+
+#### spec.ipv4IPAMPoolId
+
+The IPAM pool you choose will be the preferred source of public IPv4 addresses.
+If the pool is depleted, IPv4 addresses will be assigned by AWS.
+To remove the IPAM pool from your ALB, remove `spec.ipv4IPAMPoolId` from the IngressClass definition.

docs/guide/ingress/annotations.md

@@ -30,6 +30,7 @@
  "ec2:GetCoipPoolUsage",
  "ec2:DescribeCoipPools",
  "ec2:GetSecurityGroupsForVpc",
+ "ec2:DescribeIpamPools",
  "elasticloadbalancing:DescribeLoadBalancers",
  "elasticloadbalancing:DescribeLoadBalancerAttributes",
  "elasticloadbalancing:DescribeListeners",
@@ -193,7 +194,8 @@
  "elasticloadbalancing:ModifyTargetGroupAttributes",
  "elasticloadbalancing:DeleteTargetGroup",
  "elasticloadbalancing:ModifyListenerAttributes",
- "elasticloadbalancing:ModifyCapacityReservation"
+ "elasticloadbalancing:ModifyCapacityReservation",
+ "elasticloadbalancing:ModifyIpPools"
  ],
  "Resource": "*",
  "Condition": {

docs/guide/ingress/ingress_class.md

@@ -30,6 +30,7 @@
  "ec2:GetCoipPoolUsage",
  "ec2:DescribeCoipPools",
  "ec2:GetSecurityGroupsForVpc",
+ "ec2:DescribeIpamPools",
  "elasticloadbalancing:DescribeLoadBalancers",
  "elasticloadbalancing:DescribeLoadBalancerAttributes",
  "elasticloadbalancing:DescribeListeners",
@@ -215,7 +216,8 @@
  "elasticloadbalancing:ModifyTargetGroupAttributes",
  "elasticloadbalancing:DeleteTargetGroup",
  "elasticloadbalancing:ModifyListenerAttributes",
- "elasticloadbalancing:ModifyCapacityReservation"
+ "elasticloadbalancing:ModifyCapacityReservation",
+ "elasticloadbalancing:ModifyIpPools"
  ],
  "Resource": "*",
  "Condition": {

docs/install/iam_policy.json

@@ -30,6 +30,7 @@
  "ec2:GetCoipPoolUsage",
  "ec2:DescribeCoipPools",
  "ec2:GetSecurityGroupsForVpc",
+ "ec2:DescribeIpamPools",
  "elasticloadbalancing:DescribeLoadBalancers",
  "elasticloadbalancing:DescribeLoadBalancerAttributes",
  "elasticloadbalancing:DescribeListeners",
@@ -210,7 +211,8 @@
  "elasticloadbalancing:DeleteLoadBalancer",
  "elasticloadbalancing:ModifyTargetGroup",
  "elasticloadbalancing:ModifyTargetGroupAttributes",
- "elasticloadbalancing:DeleteTargetGroup"
+ "elasticloadbalancing:DeleteTargetGroup",
+ "elasticloadbalancing:ModifyIpPools"
  ],
  "Resource": "*",
  "Condition": {

docs/install/iam_policy_cn.json

@@ -30,6 +30,7 @@
  "ec2:GetCoipPoolUsage",
  "ec2:DescribeCoipPools",
  "ec2:GetSecurityGroupsForVpc",
+ "ec2:DescribeIpamPools",
  "elasticloadbalancing:DescribeLoadBalancers",
  "elasticloadbalancing:DescribeLoadBalancerAttributes",
  "elasticloadbalancing:DescribeListeners",
@@ -210,7 +211,8 @@
  "elasticloadbalancing:DeleteLoadBalancer",
  "elasticloadbalancing:ModifyTargetGroup",
  "elasticloadbalancing:ModifyTargetGroupAttributes",
- "elasticloadbalancing:DeleteTargetGroup"
+ "elasticloadbalancing:DeleteTargetGroup",
+ "elasticloadbalancing:ModifyIpPools"
  ],
  "Resource": "*",
  "Condition": {

docs/install/iam_policy_iso.json

@@ -30,6 +30,7 @@
  "ec2:GetCoipPoolUsage",
  "ec2:DescribeCoipPools",
  "ec2:GetSecurityGroupsForVpc",
+ "ec2:DescribeIpamPools",
  "elasticloadbalancing:DescribeLoadBalancers",
  "elasticloadbalancing:DescribeLoadBalancerAttributes",
  "elasticloadbalancing:DescribeListeners",
@@ -210,7 +211,8 @@
  "elasticloadbalancing:DeleteLoadBalancer",
  "elasticloadbalancing:ModifyTargetGroup",
  "elasticloadbalancing:ModifyTargetGroupAttributes",
- "elasticloadbalancing:DeleteTargetGroup"
+ "elasticloadbalancing:DeleteTargetGroup",
+ "elasticloadbalancing:ModifyIpPools"
  ],
  "Resource": "*",
  "Condition": {