Create IP detection utils and use in AWS security group creation

api/holodeck/v1alpha1/types.go

@@ -65,7 +65,7 @@ type Instance struct {
 	Region string `json:"region"`
 
 	// +optional
-	IngresIpRanges []string `json:"ingressIpRanges"`
+	IngressIpRanges []string `json:"ingressIpRanges"`
 	// +optional
 	HostUrl string `json:"hostUrl"`
 }

docs/README.md

@@ -15,6 +15,8 @@ get started, use, and contribute to Holodeck.
     including coding standards and PR process.
 - [Examples](examples/README.md): Example configuration files and usage scenarios.
 - [Guides](guides/README.md): In-depth guides and tutorials for advanced usage.
+- [IP Detection Guide](guides/ip-detection.md): Learn about automatic IP
+    detection for AWS environments.
 - [Latest Release](https://github.com/NVIDIA/holodeck/releases/latest)
 
 ---

docs/commands/create.md

@@ -56,6 +56,56 @@ spec:
     version: v1.28.5
 ```
 
+## Automated IP Detection
+
+Holodeck now automatically detects your public IP address when creating AWS
+environments. This eliminates the need to manually specify your IP address in
+the configuration file.
+
+### How It Works
+
+- **Automatic Detection**: Your public IP is automatically detected using
+  reliable HTTP services
+- **Fallback Services**: Multiple IP detection services ensure reliability
+  (ipify.org, ifconfig.me, icanhazip.com, ident.me)
+- **Proper CIDR Format**: IP addresses are automatically formatted with
+  `/32` suffix for AWS compatibility
+- **Timeout Protection**: 15-second overall timeout with 5-second
+  per-service timeout
+
+### Configuration
+
+The `ingressIpRanges` field in your configuration is now optional for AWS environments:
+
+```yaml
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: us-west-2
+    # ingressIpRanges is now optional - your IP is detected automatically
+    # ingressIpRanges:
+    #   - "192.168.1.1/32"  # Only needed for additional IP ranges
+```
+
+### Manual IP Override
+
+If you need to specify additional IP ranges or override the automatic
+detection, you can still use the `ingressIpRanges` field:
+
+```yaml
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: us-west-2
+    ingressIpRanges:
+      - "10.0.0.0/8"      # Corporate network
+      - "172.16.0.0/12"   # Additional network
+```
+
+Your detected public IP will be automatically added to the security group rules.
+
 ## Sample Output
 
 ```text
@@ -68,6 +118,8 @@ Created instance 123e4567-e89b-12d3-a456-426614174000
   invalid.
 - `failed to provision: ...` — Provisioning failed due to a configuration or
   provider error.
+- `error getting IP address: ...` — IP detection failed (check network
+  connectivity to IP detection services).
 - `Created instance <instance-id>` — Success log after creation.
 
 ## Supported NVIDIA Driver Versions

docs/examples/README.md

@@ -51,6 +51,44 @@ A sample kind cluster configuration for use with the kind installer.
 
 ---
 
+## Updated AWS Examples
+
+The example configurations now show that `ingressIpRanges` is optional:
+
+**File:** [`examples/aws_kubeadm.yaml`](../../examples/aws_kubeadm.yaml)
+
+```yaml
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: us-west-2
+    # ingressIpRanges is now optional - your IP is detected automatically
+    image:
+      architecture: amd64
+```
+
+**File:** [`examples/aws_kind.yaml`](../../examples/aws_kind.yaml)
+
+```yaml
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: eu-north-1
+    # ingressIpRanges is now optional - your IP is detected automatically
+    image:
+      architecture: amd64
+```
+
+### Benefits of Automated IP Detection
+
+- **Simplified Configuration**: No need to manually find and specify your
+  public IP
+- **Dynamic IP Support**: Works with changing IP addresses (DHCP, mobile networks)
+- **Reduced Errors**: Eliminates "CIDR block malformed" errors
+- **Better Security**: Ensures only your current public IP has access
+
 ## How to Use These Examples
 
 1. Copy the desired YAML file to your working directory (optional).

docs/guides/README.md

@@ -2,9 +2,12 @@
 
 This section is for in-depth guides and tutorials related to Holodeck.
 
-- If you are looking for step-by-step instructions or advanced usage, guides
-    will be listed here as they are added.
-- To contribute a guide, simply add a new Markdown file to this folder and
-    update this README with a link.
+## Available Guides
 
-*No guides are available yet. Stay tuned!*
+- [IP Detection Guide](ip-detection.md): Learn about automatic IP detection for
+    AWS environments, including configuration, troubleshooting, and best practices.
+
+## Contributing
+
+To contribute a guide, simply add a new Markdown file to this folder and
+update this README with a link.

docs/guides/ip-detection.md

@@ -0,0 +1,126 @@
+# IP Detection Guide
+
+## Overview
+
+Holodeck automatically detects your public IP address when creating AWS
+environments, eliminating the need to manually configure security group rules.
+
+## How It Works
+
+### Detection Process
+
+1. **Service Priority**: Tries multiple IP detection services in order
+1. **Fallback Strategy**: If one service fails, automatically tries the next
+1. **Validation**: Ensures detected IP is a valid public IPv4 address
+1. **CIDR Formatting**: Automatically adds `/32` suffix for AWS compatibility
+
+### Supported Services
+
+- `https://api.ipify.org?format=text` (Primary)
+- `https://ifconfig.me/ip` (Fallback 1)
+- `https://icanhazip.com` (Fallback 2)
+- `https://ident.me` (Fallback 3)
+
+### Timeout Configuration
+
+- **Overall Timeout**: 15 seconds
+- **Per-Service Timeout**: 5 seconds
+- **Context Support**: Proper cancellation and timeout handling
+
+## Configuration Examples
+
+### Basic Usage (Recommended)
+
+```yaml
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: my-environment
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: us-west-2
+    # No ingressIpRanges needed - IP detected automatically
+```
+
+### With Additional IP Ranges
+
+```yaml
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: my-environment
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: us-west-2
+    ingressIpRanges:
+      - "10.0.0.0/8"      # Corporate network
+      - "172.16.0.0/12"   # Additional network
+    # Your detected IP will be automatically added
+```
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Network Connectivity**: Ensure outbound internet access to IP detection services
+1. **Firewall Rules**: Corporate firewalls may block IP detection services
+1. **Proxy Configuration**: Proxy settings may affect IP detection
+
+### Manual Override
+
+If automatic detection fails, you can manually specify your IP:
+
+```yaml
+spec:
+  provider: aws
+  instance:
+    type: g4dn.xlarge
+    region: us-west-2
+    ingressIpRanges:
+      - "YOUR_PUBLIC_IP/32"  # Replace with your actual public IP
+```
+
+### Debugging
+
+To debug IP detection issues:
+
+```bash
+# Test IP detection manually
+curl https://api.ipify.org?format=text
+curl https://ifconfig.me/ip
+curl https://icanhazip.com
+curl https://ident.me
+```
+
+## Security Considerations
+
+### IP Validation
+
+The system validates that detected IPs are:
+
+- Valid IPv4 addresses
+- Public (not private, loopback, or link-local)
+- Properly formatted for AWS security groups
+
+### Network Security
+
+- Only your current public IP is granted access
+- Additional IP ranges can be specified manually
+- Security group rules are automatically configured
+
+## Best Practices
+
+1. **Use Automatic Detection**: Let Holodeck handle IP detection automatically
+1. **Specify Additional Ranges**: Use `ingressIpRanges` only for additional networks
+1. **Test Connectivity**: Verify access to IP detection services in your environment
+1. **Monitor Changes**: Be aware that your public IP may change (DHCP, mobile networks)
+
+## Related Documentation
+
+- [Create Command](../commands/create.md#automated-ip-detection)
+- [Prerequisites](../prerequisites.md#network-requirements)
+- [Examples](../../examples/README.md#updated-aws-examples)

docs/prerequisites.md

@@ -73,9 +73,11 @@ spec:
 
 ## Network Requirements
 
-- Outbound internet access for package downloads
-- Appropriate security group rules for your use case
-- VPC configuration if using AWS provider
+- **Outbound Internet Access**: Required for package downloads and IP detection
+- **IP Detection Services**: Access to public IP detection services
+  (ipify.org, ifconfig.me, icanhazip.com, ident.me)
+- **Security Group Rules**: Automatically configured for your detected public IP
+- **VPC Configuration**: Automatically configured if using AWS provider
 
 ## GPU & Driver Requirements
 

examples/aws_kind.yaml

@@ -11,8 +11,9 @@ spec:
   instance:
     type: g4dn.xlarge
     region: eu-north-1
-    ingressIpRanges:
-      - <MyIP>/<Range>
+    # ingressIpRanges is now optional - your IP is detected automatically
+    # ingressIpRanges:
+    #   - "YOUR_IP/32"  # Only needed for additional IP ranges
     image:
       architecture: amd64
   kubernetes:

examples/aws_kubeadm.yaml

@@ -11,8 +11,9 @@ spec:
   instance:
     type: g4dn.xlarge
     region: us-west-1
-    ingressIpRanges:
-    - <youip/32>
+    # ingressIpRanges is now optional - your IP is detected automatically
+    # ingressIpRanges:
+    #   - "YOUR_IP/32"  # Only needed for additional IP ranges
     image:
       architecture: amd64
   nvidiaDriver:

examples/v1alpha1_environment.yaml

@@ -11,8 +11,9 @@ spec:
   instance:
     type: g4dn.xlarge
     region: eu-north-1
-    ingressIpRanges:
-      - <MyIp>/<Range>
+    # ingressIpRanges is now optional - your IP is detected automatically
+    # ingressIpRanges:
+    #   - "YOUR_IP/32"  # Only needed for additional IP ranges
     image:
       architecture: X86_64
   containerRuntime:

pkg/provider/aws/create.go

@@ -21,6 +21,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/NVIDIA/holodeck/pkg/utils"
+
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/aws/aws-sdk-go/aws"
@@ -248,7 +250,18 @@ func (p *Provider) createSecurityGroup(cache *AWS) error {
 
 	// Enter the Ingress rules for the security group
 	ipRanges := []types.IpRange{}
-	for _, ip := range p.Spec.IngresIpRanges {
+	// First lookup for the IP address of the user
+	ip, err := utils.GetIPAddress()
+	if err != nil {
+		p.fail()
+		return fmt.Errorf("error getting IP address: %v", err)
+	}
+	ipRanges = append(ipRanges, types.IpRange{
+		CidrIp: &ip,
+	})
+
+	// Then add the IP ranges from the spec
+	for _, ip := range p.Spec.IngressIpRanges {
 		ipRanges = append(ipRanges, types.IpRange{
 			CidrIp: &ip,
 		})