From 851a7d0d3465fc0c4b78683280ac8837ac10d95b Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Sat, 25 Dec 2021 16:58:22 -0800 Subject: [PATCH] Add --default-target-type flag --- controllers/ingress/group_controller.go | 3 +- controllers/service/service_controller.go | 3 +- docs/deploy/configurations.md | 1 + pkg/config/controller_config.go | 19 ++ pkg/ingress/model_builder.go | 6 +- pkg/ingress/model_builder_test.go | 228 ++++++++++++++++++- pkg/service/model_build_target_group_test.go | 23 +- pkg/service/model_builder.go | 10 +- pkg/service/model_builder_test.go | 168 +++++++++++++- pkg/service/service_utils_test.go | 2 +- 10 files changed, 451 insertions(+), 12 deletions(-) diff --git a/controllers/ingress/group_controller.go b/controllers/ingress/group_controller.go index 704474e26..671518e09 100644 --- a/controllers/ingress/group_controller.go +++ b/controllers/ingress/group_controller.go @@ -57,7 +57,8 @@ func NewGroupReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorder annotationParser, subnetsResolver, authConfigBuilder, enhancedBackendBuilder, trackingProvider, elbv2TaggingManager, controllerConfig.FeatureGates, cloud.VpcID(), controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags, - controllerConfig.DefaultSSLPolicy, backendSGProvider, controllerConfig.EnableBackendSecurityGroup, controllerConfig.DisableRestrictedSGRules, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), logger) + controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, backendSGProvider, + controllerConfig.EnableBackendSecurityGroup, controllerConfig.DisableRestrictedSGRules, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), logger) stackMarshaller := deploy.NewDefaultStackMarshaller() stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler, controllerConfig, ingressTagPrefix, logger) diff --git a/controllers/service/service_controller.go b/controllers/service/service_controller.go index a9fb7ed37..eb70226ed 100644 --- a/controllers/service/service_controller.go +++ b/controllers/service/service_controller.go @@ -3,6 +3,7 @@ package service import ( "context" "fmt" + "github.com/go-logr/logr" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" @@ -43,7 +44,7 @@ func NewServiceReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorde elbv2TaggingManager := elbv2.NewDefaultTaggingManager(cloud.ELBV2(), cloud.VpcID(), controllerConfig.FeatureGates, logger) serviceUtils := service.NewServiceUtils(annotationParser, serviceFinalizer, controllerConfig.ServiceConfig.LoadBalancerClass, controllerConfig.FeatureGates) modelBuilder := service.NewDefaultModelBuilder(annotationParser, subnetsResolver, vpcInfoProvider, cloud.VpcID(), trackingProvider, - elbv2TaggingManager, controllerConfig.FeatureGates, controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags, controllerConfig.DefaultSSLPolicy, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), serviceUtils) + elbv2TaggingManager, controllerConfig.FeatureGates, controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags, controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), serviceUtils) stackMarshaller := deploy.NewDefaultStackMarshaller() stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler, controllerConfig, serviceTagPrefix, logger) return &serviceReconciler{ diff --git a/docs/deploy/configurations.md b/docs/deploy/configurations.md index 7f39751f4..8294c308d 100644 --- a/docs/deploy/configurations.md +++ b/docs/deploy/configurations.md @@ -75,6 +75,7 @@ Currently, you can set only 1 namespace to watch in this flag. See [this Kuberne |cluster-name | string | | Kubernetes cluster name| |default-ssl-policy | string | ELBSecurityPolicy-2016-08 | Default SSL Policy that will be applied to all Ingresses or Services that do not have the SSL Policy annotation | |default-tags | stringMap | | AWS Tags that will be applied to all AWS resources managed by this controller. Specified Tags takes highest priority | +|default-target-type | string | instance | Default target type for Ingresses and Services - ip, instance | |[disable-ingress-class-annotation](#disable-ingress-class-annotation) | boolean | false | Disable new usage of the `kubernetes.io/ingress.class` annotation | |[disable-ingress-group-name-annotation](#disable-ingress-group-name-annotation) | boolean | false | Disallow new use of the `alb.ingress.kubernetes.io/group.name` annotation | |disable-restricted-sg-rules | boolean | false | Disable the usage of restricted security group rules | diff --git a/pkg/config/controller_config.go b/pkg/config/controller_config.go index 9af3a7221..4228014b6 100644 --- a/pkg/config/controller_config.go +++ b/pkg/config/controller_config.go @@ -9,12 +9,14 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "sigs.k8s.io/aws-load-balancer-controller/pkg/aws" "sigs.k8s.io/aws-load-balancer-controller/pkg/inject" + "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2" ) const ( flagLogLevel = "log-level" flagK8sClusterName = "cluster-name" flagDefaultTags = "default-tags" + flagDefaultTargetType = "default-target-type" flagExternalManagedTags = "external-managed-tags" flagServiceMaxConcurrentReconciles = "service-max-concurrent-reconciles" flagTargetGroupBindingMaxConcurrentReconciles = "targetgroupbinding-max-concurrent-reconciles" @@ -66,6 +68,9 @@ type ControllerConfig struct { // Default AWS Tags that will be applied to all AWS resources managed by this controller. DefaultTags map[string]string + // Default target type for Ingress and Service objects + DefaultTargetType string + // List of Tag keys on AWS resources that will be managed externally. ExternalManagedTags []string @@ -103,6 +108,8 @@ func (cfg *ControllerConfig) BindFlags(fs *pflag.FlagSet) { fs.StringVar(&cfg.ClusterName, flagK8sClusterName, "", "Kubernetes cluster name") fs.StringToStringVar(&cfg.DefaultTags, flagDefaultTags, nil, "Default AWS Tags that will be applied to all AWS resources managed by this controller") + fs.StringVar(&cfg.DefaultTargetType, flagDefaultTargetType, string(elbv2.TargetTypeInstance), + "Default target type for Ingresses and Services - ip, instance") fs.StringSliceVar(&cfg.ExternalManagedTags, flagExternalManagedTags, nil, "List of Tag keys on AWS resources that will be managed externally") fs.IntVar(&cfg.ServiceMaxConcurrentReconciles, flagServiceMaxConcurrentReconciles, defaultMaxConcurrentReconciles, @@ -147,6 +154,9 @@ func (cfg *ControllerConfig) Validate() error { if err := cfg.validateExternalManagedTagsCollisionWithDefaultTags(); err != nil { return err } + if err := cfg.validateDefaultTargetType(); err != nil { + return err + } if err := cfg.validateBackendSecurityGroupConfiguration(); err != nil { return err } @@ -181,6 +191,15 @@ func (cfg *ControllerConfig) validateExternalManagedTagsCollisionWithDefaultTags return nil } +func (cfg *ControllerConfig) validateDefaultTargetType() error { + switch cfg.DefaultTargetType { + case string(elbv2.TargetTypeInstance), string(elbv2.TargetTypeIP): + return nil + default: + return errors.Errorf("invalid value %v for default target type", cfg.DefaultTargetType) + } +} + func (cfg *ControllerConfig) validateBackendSecurityGroupConfiguration() error { if len(cfg.BackendSecurityGroup) == 0 { return nil diff --git a/pkg/ingress/model_builder.go b/pkg/ingress/model_builder.go index 3afc895d3..36400252c 100644 --- a/pkg/ingress/model_builder.go +++ b/pkg/ingress/model_builder.go @@ -40,7 +40,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR annotationParser annotations.Parser, subnetsResolver networkingpkg.SubnetsResolver, authConfigBuilder AuthConfigBuilder, enhancedBackendBuilder EnhancedBackendBuilder, trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager, featureGates config.FeatureGates, - vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string, + vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string, backendSGProvider networkingpkg.BackendSGProvider, enableBackendSG bool, disableRestrictedSGRules bool, enableIPTargetType bool, logger logr.Logger) *defaultModelBuilder { certDiscovery := NewACMCertDiscovery(acmClient, logger) ruleOptimizer := NewDefaultRuleOptimizer(logger) @@ -63,6 +63,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR defaultTags: defaultTags, externalManagedTags: sets.NewString(externalManagedTags...), defaultSSLPolicy: defaultSSLPolicy, + defaultTargetType: elbv2model.TargetType(defaultTargetType), enableBackendSG: enableBackendSG, disableRestrictedSGRules: disableRestrictedSGRules, enableIPTargetType: enableIPTargetType, @@ -94,6 +95,7 @@ type defaultModelBuilder struct { defaultTags map[string]string externalManagedTags sets.String defaultSSLPolicy string + defaultTargetType elbv2model.TargetType enableBackendSG bool disableRestrictedSGRules bool enableIPTargetType bool @@ -133,7 +135,7 @@ func (b *defaultModelBuilder) Build(ctx context.Context, ingGroup Group) (core.S defaultIPAddressType: elbv2model.IPAddressTypeIPV4, defaultScheme: elbv2model.LoadBalancerSchemeInternal, defaultSSLPolicy: b.defaultSSLPolicy, - defaultTargetType: elbv2model.TargetTypeInstance, + defaultTargetType: b.defaultTargetType, defaultBackendProtocol: elbv2model.ProtocolHTTP, defaultBackendProtocolVersion: elbv2model.ProtocolVersionHTTP1, defaultHealthCheckPathHTTP: "/", diff --git a/pkg/ingress/model_builder_test.go b/pkg/ingress/model_builder_test.go index 52fa331a5..a0565687b 100644 --- a/pkg/ingress/model_builder_test.go +++ b/pkg/ingress/model_builder_test.go @@ -197,6 +197,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) { tests := []struct { name string env env + defaultTargetType string enableIPTargetType *bool args args fields fields @@ -3886,6 +3887,226 @@ func Test_defaultModelBuilder_Build(t *testing.T) { } } } +}`, + }, + { + name: "default target type IP with named target port", + env: env{ + svcs: []*corev1.Service{svcWithNamedTargetPort}, + }, + fields: fields{ + resolveViaDiscoveryCalls: []resolveViaDiscoveryCall{resolveViaDiscoveryCallForInternalLB}, + listLoadBalancersCalls: []listLoadBalancersCall{listLoadBalancerCallForEmptyLB}, + enableBackendSG: true, + }, + args: args{ + ingGroup: Group{ + ID: GroupID{Namespace: "ns-1", Name: "ing-1"}, + Members: []ClassifiedIngress{ + { + Ing: &networking.Ingress{ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns-1", + Name: "ing-1", + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{ + { + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + Path: "/", + Backend: networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: svcWithNamedTargetPort.Name, + Port: networking.ServiceBackendPort{ + Name: "https", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + defaultTargetType: "ip", + wantStackJSON: ` +{ + "id":"ns-1/ing-1", + "resources":{ + "AWS::EC2::SecurityGroup":{ + "ManagedLBSecurityGroup":{ + "spec":{ + "groupName":"k8s-ns1-ing1-bd83176788", + "description":"[k8s] Managed SecurityGroup for LoadBalancer", + "ingress":[ + { + "ipProtocol":"tcp", + "fromPort":80, + "toPort":80, + "ipRanges":[ + { + "cidrIP":"0.0.0.0/0" + } + ] + } + ] + } + } + }, + "AWS::ElasticLoadBalancingV2::Listener":{ + "80":{ + "spec":{ + "loadBalancerARN":{ + "$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN" + }, + "port":80, + "protocol":"HTTP", + "defaultActions":[ + { + "type":"fixed-response", + "fixedResponseConfig":{ + "contentType":"text/plain", + "statusCode":"404" + } + } + ] + } + } + }, + "AWS::ElasticLoadBalancingV2::ListenerRule":{ + "80:1":{ + "spec":{ + "listenerARN":{ + "$ref":"#/resources/AWS::ElasticLoadBalancingV2::Listener/80/status/listenerARN" + }, + "priority":1, + "actions":[ + { + "type":"forward", + "forwardConfig":{ + "targetGroups":[ + { + "targetGroupARN":{ + "$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-named-targetport:https/status/targetGroupARN" + } + } + ] + } + } + ], + "conditions":[ + { + "field":"path-pattern", + "pathPatternConfig":{ + "values":[ + "/" + ] + } + } + ] + } + } + }, + "AWS::ElasticLoadBalancingV2::LoadBalancer":{ + "LoadBalancer":{ + "spec":{ + "name":"k8s-ns1-ing1-b7e914000d", + "type":"application", + "scheme":"internal", + "ipAddressType":"ipv4", + "subnetMapping":[ + { + "subnetID":"subnet-a" + }, + { + "subnetID":"subnet-b" + } + ], + "securityGroups":[ + { + "$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID" + }, + "sg-auto" + ] + } + } + }, + "AWS::ElasticLoadBalancingV2::TargetGroup":{ + "ns-1/ing-1-svc-named-targetport:https":{ + "spec":{ + "name":"k8s-ns1-svcnamed-3430e53ee8", + "targetType":"ip", + "ipAddressType":"ipv4", + "port":1, + "protocol":"HTTP", + "protocolVersion":"HTTP1", + "healthCheckConfig":{ + "port":"traffic-port", + "protocol":"HTTP", + "path":"/", + "matcher":{ + "httpCode":"200" + }, + "intervalSeconds":15, + "timeoutSeconds":5, + "healthyThresholdCount":2, + "unhealthyThresholdCount":2 + } + } + } + }, + "K8S::ElasticLoadBalancingV2::TargetGroupBinding":{ + "ns-1/ing-1-svc-named-targetport:https":{ + "spec":{ + "template":{ + "metadata":{ + "name":"k8s-ns1-svcnamed-3430e53ee8", + "namespace":"ns-1", + "creationTimestamp":null + }, + "spec":{ + "targetGroupARN":{ + "$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-named-targetport:https/status/targetGroupARN" + }, + "targetType":"ip", + "ipAddressType":"ipv4", + "serviceRef":{ + "name":"svc-named-targetport", + "port":"https" + }, + "networking":{ + "ingress":[ + { + "from":[ + { + "securityGroup":{ + "groupID": "sg-auto" + } + } + ], + "ports":[ + { + "port": "target-port", + "protocol":"TCP" + } + ] + } + ] + } + } + } + } + } + } + } }`, }, } @@ -3933,6 +4154,10 @@ func Test_defaultModelBuilder_Build(t *testing.T) { } backendSGProvider.EXPECT().Release(gomock.Any()).Return(nil).AnyTimes() } + defaultTargetType := tt.defaultTargetType + if defaultTargetType == "" { + defaultTargetType = "instance" + } b := &defaultModelBuilder{ k8sClient: k8sClient, @@ -3953,7 +4178,8 @@ func Test_defaultModelBuilder_Build(t *testing.T) { featureGates: config.NewFeatureGates(), logger: &log.NullLogger{}, - defaultSSLPolicy: "ELBSecurityPolicy-2016-08", + defaultSSLPolicy: "ELBSecurityPolicy-2016-08", + defaultTargetType: elbv2model.TargetType(defaultTargetType), } if tt.enableIPTargetType == nil { diff --git a/pkg/service/model_build_target_group_test.go b/pkg/service/model_build_target_group_test.go index aedf94dc5..5c99cde11 100644 --- a/pkg/service/model_build_target_group_test.go +++ b/pkg/service/model_build_target_group_test.go @@ -1182,6 +1182,7 @@ func Test_defaultModelBuilder_buildTargetType(t *testing.T) { tests := []struct { testName string svc *corev1.Service + defaultTargetType string want elbv2.TargetType enableIPTargetType *bool wantErr error @@ -1202,6 +1203,23 @@ func Test_defaultModelBuilder_buildTargetType(t *testing.T) { }, want: elbv2.TargetTypeInstance, }, + { + testName: "default type ip", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "http", + Port: 80, + TargetPort: intstr.FromInt(80), + Protocol: corev1.ProtocolTCP, + }, + }, + }, + }, + defaultTargetType: "ip", + want: elbv2.TargetTypeIP, + }, { testName: "lb type nlb-ip", svc: &corev1.Service{ @@ -1378,7 +1396,10 @@ func Test_defaultModelBuilder_buildTargetType(t *testing.T) { builder := &defaultModelBuildTask{ annotationParser: parser, service: tt.svc, - defaultTargetType: LoadBalancerTargetTypeInstance, + defaultTargetType: elbv2.TargetType(tt.defaultTargetType), + } + if tt.defaultTargetType == "" { + builder.defaultTargetType = elbv2.TargetTypeInstance } if tt.enableIPTargetType == nil { builder.enableIPTargetType = true diff --git a/pkg/service/model_builder.go b/pkg/service/model_builder.go index 32a918254..b6040adbc 100644 --- a/pkg/service/model_builder.go +++ b/pkg/service/model_builder.go @@ -2,13 +2,13 @@ package service import ( "context" - "github.com/pkg/errors" - "k8s.io/apimachinery/pkg/util/sets" "strconv" "sync" "github.com/aws/aws-sdk-go/service/ec2" + "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/sets" "sigs.k8s.io/aws-load-balancer-controller/pkg/annotations" "sigs.k8s.io/aws-load-balancer-controller/pkg/config" elbv2deploy "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/elbv2" @@ -37,7 +37,7 @@ type ModelBuilder interface { func NewDefaultModelBuilder(annotationParser annotations.Parser, subnetsResolver networking.SubnetsResolver, vpcInfoProvider networking.VPCInfoProvider, vpcID string, trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager, featureGates config.FeatureGates, clusterName string, defaultTags map[string]string, - externalManagedTags []string, defaultSSLPolicy string, enableIPTargetType bool, serviceUtils ServiceUtils) *defaultModelBuilder { + externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string, enableIPTargetType bool, serviceUtils ServiceUtils) *defaultModelBuilder { return &defaultModelBuilder{ annotationParser: annotationParser, subnetsResolver: subnetsResolver, @@ -51,6 +51,7 @@ func NewDefaultModelBuilder(annotationParser annotations.Parser, subnetsResolver defaultTags: defaultTags, externalManagedTags: sets.NewString(externalManagedTags...), defaultSSLPolicy: defaultSSLPolicy, + defaultTargetType: elbv2model.TargetType(defaultTargetType), enableIPTargetType: enableIPTargetType, } } @@ -71,6 +72,7 @@ type defaultModelBuilder struct { defaultTags map[string]string externalManagedTags sets.String defaultSSLPolicy string + defaultTargetType elbv2model.TargetType enableIPTargetType bool } @@ -101,7 +103,7 @@ func (b *defaultModelBuilder) Build(ctx context.Context, service *corev1.Service defaultIPAddressType: elbv2model.IPAddressTypeIPV4, defaultLoadBalancingCrossZoneEnabled: false, defaultProxyProtocolV2Enabled: false, - defaultTargetType: elbv2model.TargetTypeInstance, + defaultTargetType: b.defaultTargetType, defaultHealthCheckProtocol: elbv2model.ProtocolTCP, defaultHealthCheckPort: healthCheckPortTrafficPort, defaultHealthCheckPath: "/", diff --git a/pkg/service/model_builder_test.go b/pkg/service/model_builder_test.go index 93f555bb5..b36cdd46b 100644 --- a/pkg/service/model_builder_test.go +++ b/pkg/service/model_builder_test.go @@ -101,6 +101,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) { resolveViaNameOrIDSliceCalls []resolveViaNameOrIDSliceCall listLoadBalancerCalls []listLoadBalancerCall fetchVPCInfoCalls []fetchVPCInfoCall + defaultTargetType string enableIPTargetType *bool svc *corev1.Service wantError bool @@ -1989,6 +1990,167 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) { } } } +`, + }, + { + testName: "default ip target", + svc: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-ip-target", + Namespace: "default", + UID: "7ab4be33-11c2-4a7b-b622-7add8affab36", + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeLoadBalancer, + LoadBalancerClass: aws.String("service.k8s.aws/nlb"), + Selector: map[string]string{"app": "hello"}, + Ports: []corev1.ServicePort{ + { + Port: 80, + TargetPort: intstr.FromInt(80), + Protocol: corev1.ProtocolTCP, + }, + }, + }, + }, + defaultTargetType: "ip", + resolveViaDiscoveryCalls: []resolveViaDiscoveryCall{resolveViaDiscoveryCallForOneSubnet}, + fetchVPCInfoCalls: []fetchVPCInfoCall{ + { + wantVPCInfo: networking.VPCInfo{ + CidrBlockAssociationSet: []*ec2.VpcCidrBlockAssociation{ + { + CidrBlock: aws.String("192.160.0.0/16"), + CidrBlockState: &ec2.VpcCidrBlockState{ + State: &cidrBlockStateAssociated, + }, + }, + { + CidrBlock: aws.String("100.64.0.0/16"), + CidrBlockState: &ec2.VpcCidrBlockState{ + State: &cidrBlockStateAssociated, + }, + }, + }, + }, + }, + }, + listLoadBalancerCalls: []listLoadBalancerCall{listLoadBalancerCallForEmptyLB}, + wantNumResources: 4, + wantValue: ` +{ + "id": "default/default-ip-target", + "resources": { + "AWS::ElasticLoadBalancingV2::Listener": { + "80": { + "spec": { + "protocol": "TCP", + "defaultActions": [ + { + "forwardConfig": { + "targetGroups": [ + { + "targetGroupARN": { + "$ref": "#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/default/default-ip-target:80/status/targetGroupARN" + } + } + ] + }, + "type": "forward" + } + ], + "loadBalancerARN": { + "$ref": "#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN" + }, + "port": 80 + } + } + }, + "K8S::ElasticLoadBalancingV2::TargetGroupBinding": { + "default/default-ip-target:80": { + "spec": { + "template": { + "spec": { + "targetType": "ip", + "ipAddressType":"ipv4", + "targetGroupARN": { + "$ref": "#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/default/default-ip-target:80/status/targetGroupARN" + }, + "networking": { + "ingress": [ + { + "from":[ + { + "ipBlock":{ + "cidr":"192.168.0.0/19" + } + } + ], + "ports":[ + { + "protocol":"TCP", + "port":80 + } + ] + } + ] + }, + "serviceRef": { + "name": "default-ip-target", + "port": 80 + } + }, + "metadata": { + "creationTimestamp": null, + "namespace": "default", + "name": "k8s-default-defaulti-cc40ce9c73" + } + } + } + } + }, + "AWS::ElasticLoadBalancingV2::LoadBalancer": { + "LoadBalancer": { + "spec": { + "ipAddressType": "ipv4", + "name": "k8s-default-defaulti-b44ef5a42d", + "subnetMapping": [ + { + "subnetID": "subnet-1" + } + ], + "scheme": "internal", + "type": "network" + } + } + }, + "AWS::ElasticLoadBalancingV2::TargetGroup": { + "default/default-ip-target:80": { + "spec": { + "targetType": "ip", + "ipAddressType":"ipv4", + "protocol": "TCP", + "name": "k8s-default-defaulti-cc40ce9c73", + "healthCheckConfig": { + "healthyThresholdCount": 3, + "unhealthyThresholdCount": 3, + "protocol": "TCP", + "port": "traffic-port", + "intervalSeconds": 10, + "timeoutSeconds":10 + }, + "targetGroupAttributes": [ + { + "value": "false", + "key": "proxy_protocol_v2.enabled" + } + ], + "port": 80 + } + } + } + } +} `, }, { @@ -2798,6 +2960,10 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) { vpcInfoProvider.EXPECT().FetchVPCInfo(gomock.Any(), gomock.Any(), gomock.Any()).Return(call.wantVPCInfo, call.err).AnyTimes() } serviceUtils := NewServiceUtils(annotationParser, "service.k8s.aws/resources", "service.k8s.aws/nlb", featureGates) + defaultTargetType := tt.defaultTargetType + if defaultTargetType == "" { + defaultTargetType = "instance" + } var enableIPTargetType bool if tt.enableIPTargetType == nil { enableIPTargetType = true @@ -2805,7 +2971,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) { enableIPTargetType = *tt.enableIPTargetType } builder := NewDefaultModelBuilder(annotationParser, subnetsResolver, vpcInfoProvider, "vpc-xxx", trackingProvider, elbv2TaggingManager, featureGates, - "my-cluster", nil, nil, "ELBSecurityPolicy-2016-08", enableIPTargetType, serviceUtils) + "my-cluster", nil, nil, "ELBSecurityPolicy-2016-08", defaultTargetType, enableIPTargetType, serviceUtils) ctx := context.Background() stack, _, err := builder.Build(ctx, tt.svc) if tt.wantError { diff --git a/pkg/service/service_utils_test.go b/pkg/service/service_utils_test.go index b4a1c9f30..975271cb2 100644 --- a/pkg/service/service_utils_test.go +++ b/pkg/service/service_utils_test.go @@ -169,7 +169,7 @@ func Test_defaultServiceUtils_IsServiceSupported(t *testing.T) { }, }, { - name: "lb type ClusterIP, RestrictToLoadBanalcerOnly enabled", + name: "lb type ClusterIP, RestrictToLoadBalancerOnly enabled", svc: &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Name: "nlb-ip",