Include cilium ENI CIDRs in NodePort ingress rules configuration (#1511)

Author: fiunchinho

CHANGELOG.md

@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - `node.cluster.x-k8s.io/uninitialized:NoSchedule`
   - `node.cilium.io/agent-not-ready:NoSchedule`
   - `ebs.csi.aws.com/agent-not-ready:NoExecute`
+- Include `cilium` ENI mode pod CIDRs in the NodePort Services security group ingress rules.
 
 ### Removed
 

helm/cluster-aws/ci/test-nodeport-cidrs-eni-values.yaml

@@ -0,0 +1,32 @@
+global:
+  release:
+    version: 29.1.0
+  metadata:
+    name: test-wc-multiple-vpc-cidrs
+    organization: test
+    servicePriority: lowest
+  connectivity:
+    baseDomain: example.com
+    cilium:
+      ipamMode: eni
+    network:
+      nodePortIngressRuleCidrBlocks:
+        - 10.4.0.0/16
+        - 10.5.0.0/16
+      pods:
+        cidrBlocks:
+          - 10.10.0.0/16
+      vpcCidrs:
+        - 10.1.0.0/16
+        - 10.2.0.0/16
+        - 10.3.0.0/16
+        - 10.4.0.0/16
+  providerSpecific:
+    region: "eu-west-1"
+  managementCluster: test
+
+cluster:
+  internal:
+    ephemeralConfiguration:
+      offlineTesting:
+        renderWithoutReleaseResource: true

helm/cluster-aws/templates/_aws_cluster.tpl

@@ -162,7 +162,10 @@ spec:
           {{- end }}
         {{ end }}
       {{- end }}
-    {{- $allCidrs := concat $vpcCidrs ($.Values.global.connectivity.network.nodePortIngressRuleCidrBlocks | default list) }}
+    {{- $allCidrs := concat $vpcCidrs ($.Values.global.connectivity.network.nodePortIngressRuleCidrBlocks | default (list)) }}
+    {{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+    {{- $allCidrs = concat $allCidrs ($.Values.global.connectivity.network.pods.cidrBlocks | default (list)) }}
+    {{- end }}
     {{- $seen := dict }}
     nodePortIngressRuleCidrBlocks:
     {{- range $cidr := $allCidrs }}