gardener · kon-angelo · May 8, 2024 · May 3, 2024 · May 3, 2024 · May 3, 2024
@@ -55,6 +55,9 @@ func patchProviderStatusAndState(
 	patch := client.MergeFrom(infra.DeepCopy())
 	if status != nil {
 		infra.Status.ProviderStatus = &runtime.RawExtension{Object: status}
+		for _, natIP := range status.Networks.NatIPs {
+			infra.Status.EgressCIDRs = append(infra.Status.EgressCIDRs, fmt.Sprintf("%s/32", natIP.IP))
+		}
 	}
 	if state != nil {
 		infra.Status.State = state

@@ -244,18 +244,18 @@ func (fctx *FlowContext) ensureAddresses(ctx context.Context) error {
 		return nil
 	}
 
-	var addresses []string
+	var addresses []*compute.Address
 	for _, name := range fctx.config.Networks.CloudNAT.NatIPNames {
 		ip, err := fctx.computeClient.GetAddress(ctx, fctx.infra.Spec.Region, name.Name)
 		if err != nil {
 			log.Error(err, "failed to locate user-managed IP address")
 			return err
 		}
-		addresses = append(addresses, ip.SelfLink)
+		addresses = append(addresses, ip)
 	}
 
 	if len(addresses) > 0 {
-		fctx.whiteboard.SetObject(ObjectKeyIPAddress, addresses)
+		fctx.whiteboard.SetObject(ObjectKeyIPAddresses, addresses)
 	}
 	return nil
 }
@@ -278,11 +278,11 @@ func (fctx *FlowContext) ensureCloudNAT(ctx context.Context) error {
 	natName := fctx.cloudNatNameFromConfig()
 	var (
 		nat       *compute.RouterNat
-		addresses []string
+		addresses []*compute.Address
 	)
 
-	if a := fctx.whiteboard.GetObject(ObjectKeyIPAddress); a != nil {
-		addresses = a.([]string)
+	if a := fctx.whiteboard.GetObject(ObjectKeyIPAddresses); a != nil {
+		addresses = a.([]*compute.Address)
 	}
 
 	targetNat := targetNATState(natName, subnet.SelfLink, fctx.config.Networks.CloudNAT, addresses)

@@ -135,7 +135,7 @@ func targetRouterState(name, description, vpcName string) *compute.Router {
 	}
 }
 
-func targetNATState(name, subnetURL string, natConfig *gcp.CloudNAT, natIpUrls []string) *compute.RouterNat {
+func targetNATState(name, subnetURL string, natConfig *gcp.CloudNAT, natIps []*compute.Address) *compute.RouterNat {
 	nat := &compute.RouterNat{
 		DrainNatIps:                      nil,
 		EnableDynamicPortAllocation:      false,
@@ -202,9 +202,11 @@ func targetNATState(name, subnetURL string, natConfig *gcp.CloudNAT, natIpUrls [
 		}
 	}
 
-	if len(natIpUrls) > 0 {
+	if len(natIps) > 0 {
 		nat.NatIpAllocateOption = "MANUAL_ONLY"
-		nat.NatIps = append(nat.NatIps, natIpUrls...)
+		for _, natIp := range natIps {
+			nat.NatIps = append(nat.NatIps, natIp.SelfLink)
+		}
 	}
 	return nat
 }

@@ -3,7 +3,6 @@ package infraflow
 import (
 	"context"
 	"strings"
-	"time"
 
 	"github.com/gardener/gardener/extensions/pkg/controller"
 	extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
@@ -45,10 +44,8 @@ const (
 	ObjectKeyRouter = "router"
 	// ObjectKeyNAT is the key for the .CloudNAT object.
 	ObjectKeyNAT = "nat"
-	// ObjectKeyIPAddress is the key for the IP Address slice.
-	ObjectKeyIPAddress = "addresses/ip"
-
-	defaultWaiterPeriod time.Duration = 5 * time.Second
+	// ObjectKeyIPAddresses is the key for the IP Address slice.
+	ObjectKeyIPAddresses = "addresses/ip"
 )
 
 var (
@@ -194,6 +191,14 @@ func (fctx *FlowContext) getStatus() *v1alpha1.InfrastructureStatus {
 		}
 	}
 
+	if ipAddresses := fctx.whiteboard.GetObject(ObjectKeyIPAddresses); ipAddresses != nil {
+		for _, ip := range ipAddresses.([]*compute.Address) {
+			status.Networks.NatIPs = append(status.Networks.NatIPs, v1alpha1.NatIP{
+				IP: ip.Address,
+			})
+		}
+	}
+
 	status.ServiceAccountEmail = ptr.Deref(fctx.whiteboard.GetChild(ChildKeyIDs).Get(KeyServiceAccountEmail), "")
 	return status
 }

@@ -773,6 +773,9 @@ func verifyCreation(
 			address, err := computeService.Addresses.Get(project, *region, natIPName.Name).Context(ctx).Do()
 			Expect(err).NotTo(HaveOccurred())
 			ipAddresses[address.SelfLink] = true
+			// egress cidr
+			ipCIDR := fmt.Sprintf("%s/32", address.Address)
+			Expect(infra.Status.EgressCIDRs).Should(ContainElement(ipCIDR))
 		}
 		for _, natIP := range routerNAT.NatIps {
 			Expect(ipAddresses).Should(HaveKey(natIP))