Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --default-target-type flag #2840

Merged
merged 1 commit into from
Jan 20, 2023
Merged

Add --default-target-type flag #2840

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion controllers/ingress/group_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ func NewGroupReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorder
annotationParser, subnetsResolver,
authConfigBuilder, enhancedBackendBuilder, trackingProvider, elbv2TaggingManager, controllerConfig.FeatureGates,
cloud.VpcID(), controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags,
controllerConfig.DefaultSSLPolicy, backendSGProvider, controllerConfig.EnableBackendSecurityGroup, controllerConfig.DisableRestrictedSGRules, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), logger)
controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, backendSGProvider,
controllerConfig.EnableBackendSecurityGroup, controllerConfig.DisableRestrictedSGRules, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), logger)
stackMarshaller := deploy.NewDefaultStackMarshaller()
stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler,
controllerConfig, ingressTagPrefix, logger)
Expand Down
3 changes: 2 additions & 1 deletion controllers/service/service_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package service
import (
"context"
"fmt"

"github.com/go-logr/logr"
"github.com/pkg/errors"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -43,7 +44,7 @@ func NewServiceReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorde
elbv2TaggingManager := elbv2.NewDefaultTaggingManager(cloud.ELBV2(), cloud.VpcID(), controllerConfig.FeatureGates, logger)
serviceUtils := service.NewServiceUtils(annotationParser, serviceFinalizer, controllerConfig.ServiceConfig.LoadBalancerClass, controllerConfig.FeatureGates)
modelBuilder := service.NewDefaultModelBuilder(annotationParser, subnetsResolver, vpcInfoProvider, cloud.VpcID(), trackingProvider,
elbv2TaggingManager, controllerConfig.FeatureGates, controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags, controllerConfig.DefaultSSLPolicy, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), serviceUtils)
elbv2TaggingManager, controllerConfig.FeatureGates, controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags, controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), serviceUtils)
stackMarshaller := deploy.NewDefaultStackMarshaller()
stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler, controllerConfig, serviceTagPrefix, logger)
return &serviceReconciler{
Expand Down
1 change: 1 addition & 0 deletions docs/deploy/configurations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ Currently, you can set only 1 namespace to watch in this flag. See [this Kuberne
|cluster-name | string | | Kubernetes cluster name|
|default-ssl-policy | string | ELBSecurityPolicy-2016-08 | Default SSL Policy that will be applied to all Ingresses or Services that do not have the SSL Policy annotation |
|default-tags | stringMap | | AWS Tags that will be applied to all AWS resources managed by this controller. Specified Tags takes highest priority |
|default-target-type | string | instance | Default target type for Ingresses and Services - ip, instance |
|[disable-ingress-class-annotation](#disable-ingress-class-annotation) | boolean | false | Disable new usage of the `kubernetes.io/ingress.class` annotation |
|[disable-ingress-group-name-annotation](#disable-ingress-group-name-annotation) | boolean | false | Disallow new use of the `alb.ingress.kubernetes.io/group.name` annotation |
|disable-restricted-sg-rules | boolean | false | Disable the usage of restricted security group rules |
Expand Down
19 changes: 19 additions & 0 deletions pkg/config/controller_config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,14 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
"sigs.k8s.io/aws-load-balancer-controller/pkg/aws"
"sigs.k8s.io/aws-load-balancer-controller/pkg/inject"
"sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
)

const (
flagLogLevel = "log-level"
flagK8sClusterName = "cluster-name"
flagDefaultTags = "default-tags"
flagDefaultTargetType = "default-target-type"
flagExternalManagedTags = "external-managed-tags"
flagServiceMaxConcurrentReconciles = "service-max-concurrent-reconciles"
flagTargetGroupBindingMaxConcurrentReconciles = "targetgroupbinding-max-concurrent-reconciles"
Expand Down Expand Up @@ -66,6 +68,9 @@ type ControllerConfig struct {
// Default AWS Tags that will be applied to all AWS resources managed by this controller.
DefaultTags map[string]string

// Default target type for Ingress and Service objects
DefaultTargetType string

// List of Tag keys on AWS resources that will be managed externally.
ExternalManagedTags []string

Expand Down Expand Up @@ -103,6 +108,8 @@ func (cfg *ControllerConfig) BindFlags(fs *pflag.FlagSet) {
fs.StringVar(&cfg.ClusterName, flagK8sClusterName, "", "Kubernetes cluster name")
fs.StringToStringVar(&cfg.DefaultTags, flagDefaultTags, nil,
"Default AWS Tags that will be applied to all AWS resources managed by this controller")
fs.StringVar(&cfg.DefaultTargetType, flagDefaultTargetType, string(elbv2.TargetTypeInstance),
"Default target type for Ingresses and Services - ip, instance")
fs.StringSliceVar(&cfg.ExternalManagedTags, flagExternalManagedTags, nil,
"List of Tag keys on AWS resources that will be managed externally")
fs.IntVar(&cfg.ServiceMaxConcurrentReconciles, flagServiceMaxConcurrentReconciles, defaultMaxConcurrentReconciles,
Expand Down Expand Up @@ -147,6 +154,9 @@ func (cfg *ControllerConfig) Validate() error {
if err := cfg.validateExternalManagedTagsCollisionWithDefaultTags(); err != nil {
return err
}
if err := cfg.validateDefaultTargetType(); err != nil {
return err
}
if err := cfg.validateBackendSecurityGroupConfiguration(); err != nil {
return err
}
Expand Down Expand Up @@ -181,6 +191,15 @@ func (cfg *ControllerConfig) validateExternalManagedTagsCollisionWithDefaultTags
return nil
}

func (cfg *ControllerConfig) validateDefaultTargetType() error {
switch cfg.DefaultTargetType {
case string(elbv2.TargetTypeInstance), string(elbv2.TargetTypeIP):
return nil
default:
return errors.Errorf("invalid value %v for default target type", cfg.DefaultTargetType)
}
}

func (cfg *ControllerConfig) validateBackendSecurityGroupConfiguration() error {
if len(cfg.BackendSecurityGroup) == 0 {
return nil
Expand Down
6 changes: 4 additions & 2 deletions pkg/ingress/model_builder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR
annotationParser annotations.Parser, subnetsResolver networkingpkg.SubnetsResolver,
authConfigBuilder AuthConfigBuilder, enhancedBackendBuilder EnhancedBackendBuilder,
trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager, featureGates config.FeatureGates,
vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string,
vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string,
backendSGProvider networkingpkg.BackendSGProvider, enableBackendSG bool, disableRestrictedSGRules bool, enableIPTargetType bool, logger logr.Logger) *defaultModelBuilder {
certDiscovery := NewACMCertDiscovery(acmClient, logger)
ruleOptimizer := NewDefaultRuleOptimizer(logger)
Expand All @@ -63,6 +63,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR
defaultTags: defaultTags,
externalManagedTags: sets.NewString(externalManagedTags...),
defaultSSLPolicy: defaultSSLPolicy,
defaultTargetType: elbv2model.TargetType(defaultTargetType),
enableBackendSG: enableBackendSG,
disableRestrictedSGRules: disableRestrictedSGRules,
enableIPTargetType: enableIPTargetType,
Expand Down Expand Up @@ -94,6 +95,7 @@ type defaultModelBuilder struct {
defaultTags map[string]string
externalManagedTags sets.String
defaultSSLPolicy string
defaultTargetType elbv2model.TargetType
enableBackendSG bool
disableRestrictedSGRules bool
enableIPTargetType bool
Expand Down Expand Up @@ -133,7 +135,7 @@ func (b *defaultModelBuilder) Build(ctx context.Context, ingGroup Group) (core.S
defaultIPAddressType: elbv2model.IPAddressTypeIPV4,
defaultScheme: elbv2model.LoadBalancerSchemeInternal,
defaultSSLPolicy: b.defaultSSLPolicy,
defaultTargetType: elbv2model.TargetTypeInstance,
defaultTargetType: b.defaultTargetType,
defaultBackendProtocol: elbv2model.ProtocolHTTP,
defaultBackendProtocolVersion: elbv2model.ProtocolVersionHTTP1,
defaultHealthCheckPathHTTP: "/",
Expand Down
228 changes: 227 additions & 1 deletion pkg/ingress/model_builder_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
tests := []struct {
name string
env env
defaultTargetType string
enableIPTargetType *bool
args args
fields fields
Expand Down Expand Up @@ -3886,6 +3887,226 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
}
}
}
}`,
},
{
name: "default target type IP with named target port",
env: env{
svcs: []*corev1.Service{svcWithNamedTargetPort},
},
fields: fields{
resolveViaDiscoveryCalls: []resolveViaDiscoveryCall{resolveViaDiscoveryCallForInternalLB},
listLoadBalancersCalls: []listLoadBalancersCall{listLoadBalancerCallForEmptyLB},
enableBackendSG: true,
},
args: args{
ingGroup: Group{
ID: GroupID{Namespace: "ns-1", Name: "ing-1"},
Members: []ClassifiedIngress{
{
Ing: &networking.Ingress{ObjectMeta: metav1.ObjectMeta{
Namespace: "ns-1",
Name: "ing-1",
},
Spec: networking.IngressSpec{
Rules: []networking.IngressRule{
{
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Path: "/",
Backend: networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: svcWithNamedTargetPort.Name,
Port: networking.ServiceBackendPort{
Name: "https",
},
},
},
},
},
},
},
},
},
},
},
},
},
},
},
defaultTargetType: "ip",
wantStackJSON: `
{
"id":"ns-1/ing-1",
"resources":{
"AWS::EC2::SecurityGroup":{
"ManagedLBSecurityGroup":{
"spec":{
"groupName":"k8s-ns1-ing1-bd83176788",
"description":"[k8s] Managed SecurityGroup for LoadBalancer",
"ingress":[
{
"ipProtocol":"tcp",
"fromPort":80,
"toPort":80,
"ipRanges":[
{
"cidrIP":"0.0.0.0/0"
}
]
}
]
}
}
},
"AWS::ElasticLoadBalancingV2::Listener":{
"80":{
"spec":{
"loadBalancerARN":{
"$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN"
},
"port":80,
"protocol":"HTTP",
"defaultActions":[
{
"type":"fixed-response",
"fixedResponseConfig":{
"contentType":"text/plain",
"statusCode":"404"
}
}
]
}
}
},
"AWS::ElasticLoadBalancingV2::ListenerRule":{
"80:1":{
"spec":{
"listenerARN":{
"$ref":"#/resources/AWS::ElasticLoadBalancingV2::Listener/80/status/listenerARN"
},
"priority":1,
"actions":[
{
"type":"forward",
"forwardConfig":{
"targetGroups":[
{
"targetGroupARN":{
"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-named-targetport:https/status/targetGroupARN"
}
}
]
}
}
],
"conditions":[
{
"field":"path-pattern",
"pathPatternConfig":{
"values":[
"/"
]
}
}
]
}
}
},
"AWS::ElasticLoadBalancingV2::LoadBalancer":{
"LoadBalancer":{
"spec":{
"name":"k8s-ns1-ing1-b7e914000d",
"type":"application",
"scheme":"internal",
"ipAddressType":"ipv4",
"subnetMapping":[
{
"subnetID":"subnet-a"
},
{
"subnetID":"subnet-b"
}
],
"securityGroups":[
{
"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"
},
"sg-auto"
]
}
}
},
"AWS::ElasticLoadBalancingV2::TargetGroup":{
"ns-1/ing-1-svc-named-targetport:https":{
"spec":{
"name":"k8s-ns1-svcnamed-3430e53ee8",
"targetType":"ip",
"ipAddressType":"ipv4",
"port":1,
"protocol":"HTTP",
"protocolVersion":"HTTP1",
"healthCheckConfig":{
"port":"traffic-port",
"protocol":"HTTP",
"path":"/",
"matcher":{
"httpCode":"200"
},
"intervalSeconds":15,
"timeoutSeconds":5,
"healthyThresholdCount":2,
"unhealthyThresholdCount":2
}
}
}
},
"K8S::ElasticLoadBalancingV2::TargetGroupBinding":{
"ns-1/ing-1-svc-named-targetport:https":{
"spec":{
"template":{
"metadata":{
"name":"k8s-ns1-svcnamed-3430e53ee8",
"namespace":"ns-1",
"creationTimestamp":null
},
"spec":{
"targetGroupARN":{
"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-named-targetport:https/status/targetGroupARN"
},
"targetType":"ip",
"ipAddressType":"ipv4",
"serviceRef":{
"name":"svc-named-targetport",
"port":"https"
},
"networking":{
"ingress":[
{
"from":[
{
"securityGroup":{
"groupID": "sg-auto"
}
}
],
"ports":[
{
"port": "target-port",
"protocol":"TCP"
}
]
}
]
}
}
}
}
}
}
}
}`,
},
}
Expand Down Expand Up @@ -3933,6 +4154,10 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
}
backendSGProvider.EXPECT().Release(gomock.Any()).Return(nil).AnyTimes()
}
defaultTargetType := tt.defaultTargetType
if defaultTargetType == "" {
defaultTargetType = "instance"
}

b := &defaultModelBuilder{
k8sClient: k8sClient,
Expand All @@ -3953,7 +4178,8 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
featureGates: config.NewFeatureGates(),
logger: &log.NullLogger{},

defaultSSLPolicy: "ELBSecurityPolicy-2016-08",
defaultSSLPolicy: "ELBSecurityPolicy-2016-08",
defaultTargetType: elbv2model.TargetType(defaultTargetType),
}

if tt.enableIPTargetType == nil {
Expand Down
Loading