@@ -351,6 +351,11 @@ type NetworkSpec struct {
351351 // AdditionalControlPlaneIngressRules is an optional set of ingress rules to add to the control plane
352352 // +optional
353353 AdditionalControlPlaneIngressRules []IngressRule `json:"additionalControlPlaneIngressRules,omitempty"`
354+
355+ // NodePortIngressRuleCidrBlocks is an optional set of CIDR blocks to allow traffic to nodes' NodePort services.
356+ // If none are specified here, all IPs are allowed to connect.
357+ // +optional
358+ NodePortIngressRuleCidrBlocks []string `json:"nodePortIngressRuleCidrBlocks,omitempty"`
354359}
355360
356361// IPv6 contains ipv6 specific settings for the network.
@@ -388,6 +393,13 @@ type IPAMPool struct {
388393 NetmaskLength int64 `json:"netmaskLength,omitempty"`
389394}
390395
396+ // VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported.
397+ type VpcCidrBlock struct {
398+ // IPv4CidrBlock is the IPv4 CIDR block to associate with the managed VPC.
399+ // +kubebuilder:validation:MinLength=1
400+ IPv4CidrBlock string `json:"ipv4CidrBlock"`
401+ }
402+
391403// VPCSpec configures an AWS VPC.
392404type VPCSpec struct {
393405 // ID is the vpc-id of the VPC this provider should use to create resources.
@@ -398,6 +410,12 @@ type VPCSpec struct {
398410 // Mutually exclusive with IPAMPool.
399411 CidrBlock string `json:"cidrBlock,omitempty"`
400412
413+ // SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC.
414+ // Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use
415+ // a separate IP range for pods (e.g. Cilium ENI mode).
416+ // +optional
417+ SecondaryCidrBlocks []VpcCidrBlock `json:"secondaryCidrBlocks,omitempty"`
418+
401419 // IPAMPool defines the IPAMv4 pool to be used for VPC.
402420 // Mutually exclusive with CidrBlock.
403421 IPAMPool * IPAMPool `json:"ipamPool,omitempty"`
0 commit comments