[gw api] Implement ALB target of NLB #4430
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: zac-nixon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
size/XXL
| ) | ||
|
|
||
| // +kubebuilder:validation:Enum=http;https;tcp | ||
| // +kubebuilder:validation:Enum=HTTP;HTTPS;TCP |
There was a problem hiding this comment.
This enum validation was incorrect, which made the field unusable as the casing should be all upper case.
| } | ||
|
|
||
| // TODO - We should probably use an indexer here, we have a task to do this. | ||
| if tgconfig.Spec.TargetReference.Kind != nil && *tgconfig.Spec.TargetReference.Kind == "Gateway" && h.tcpRouteEventChan != nil { |
There was a problem hiding this comment.
This is required to support TG config updates that impact ALB typed target groups. We need to find out all TCP Routes that reference the Gateway which the config references it. See the added tests.
| if string(beRef.Name) == tgconfig.Spec.TargetReference.Name { | ||
|
|
||
| // The route backend ns | ||
| var routeNs string |
There was a problem hiding this comment.
This is to support optional namespace, which mandates that when the backend ns is omitted we should use the route namespace.
| queue.Add(reconcile.Request{NamespacedName: gw}) | ||
| } | ||
|
|
||
| gateways, err = gatewayutils.GetImpactedGatewaysFromBackendRefs(ctx, h.k8sClient, route.Spec.Rules, route.Namespace, constants.NLBGatewayController) |
There was a problem hiding this comment.
This implements updates for any Gateways that are attached to by a TCP route.
| var secrets []types.NamespacedName | ||
| var backendSGRequired bool | ||
| var err error | ||
| var frontendNlbTargetGroupDesiredState *core.FrontendNlbTargetGroupDesiredState |
There was a problem hiding this comment.
I refactored the FE NLB synthesizer to read the FE NLB state from the stack. This means that I don't have to pass a bunch of state around. Instead, the synthesizer just looks within the stack.
|
|
||
| if controllerName == ingressController { | ||
| if d.enableFrontendNLB { | ||
| var desiredFENLBState []*elbv2model.FrontendNlbTargetGroupDesiredState |
There was a problem hiding this comment.
This reads the FE NLB state from the stack, I found it easier than passing the state around the Gateway controller.
There was a problem hiding this comment.
I like the change you made. Making it a resource and read it from stack is better. : )
| psa.AddToStack(stack, lb.LoadBalancerARN()) | ||
| } | ||
|
|
||
| _ = elbv2model.NewFrontendNlbTargetGroupDesiredState(stack, tgBuilder.getLocalFrontendNlbData()) |
There was a problem hiding this comment.
This adds the FE NLB state into the stack.
| "sigs.k8s.io/aws-load-balancer-controller/pkg/gateway" | ||
| "sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/routeutils" | ||
| "sigs.k8s.io/aws-load-balancer-controller/pkg/k8s" | ||
| "sigs.k8s.io/aws-load-balancer-controller/pkg/model/core" |
There was a problem hiding this comment.
I refactored this tg builder to support building target groups from either a gateway or service. the goal was to abstract backend data retrieval so we can use the same tg builder code for service and gateway based targets.
This required moving some functionality to the backend target group configurator I added into the route utils package.
zac-nixon
force-pushed
the
znixon/gw-api-alb-nlb-try2
branch
from
e85f2d2 to
fd65071
Compare
zac-nixon
force-pushed
the
znixon/gw-api-alb-nlb-try2
branch
from
fd65071 to
2f550be
Compare
| var desiredFENLBState []*elbv2model.FrontendNlbTargetGroupDesiredState | ||
| stack.ListResources(&desiredFENLBState) | ||
| var frontendNLBState *elbv2model.FrontendNlbTargetGroupDesiredState | ||
| if len(desiredFENLBState) == 1 { |
There was a problem hiding this comment.
if len(desiredFENLBState) be 0, looks like we are passing nil frontendNLBState. We need make some updates to handle it in NewFrontendNlbTargetSynthesizer
There was a problem hiding this comment.
good point, ill add a check to be safe. based off my current read of the code it's not possible but we should be defensive.
|
|
||
| func NewFrontendNlbTargetGroupDesiredState(stack core.Stack, stateConfig map[string]*FrontendNlbTargetGroupState) *FrontendNlbTargetGroupDesiredState { | ||
| desiredState := &FrontendNlbTargetGroupDesiredState{ | ||
| ResourceMeta: core.NewResourceMeta(stack, FrontNLBResourceId, FrontNLBResourceId), |
There was a problem hiding this comment.
Should the resource type be AWS::ElasticLoadBalancingV2::TargetGroup
There was a problem hiding this comment.
I chose a different resource type because it's not a target group.
TargetGroups map[string]*FrontendNlbTargetGroupState
type FrontendNlbTargetGroupState struct {
Name string
ARN core.StringToken
// Port -> NLB Listener Port
Port int32
TargetARN core.StringToken
// TargetPort -> ALB Listener Port
TargetPort int32
}
It's the struct that you created, to map tg name to the frontend nlb.
|
I think all your changes made to ingress look good to me. I am still reviewing gateway changes. |
| }) | ||
|
|
||
| if err != nil { | ||
| s.logger.Error(err, "Got this error!") |
There was a problem hiding this comment.
Can we log debug error for troubleshooting to know the exact error?
There was a problem hiding this comment.
I removed this because it's an expected error message (when the ALB is still being provisioned)
| Name: svc.Name, | ||
| Port: networking.ServiceBackendPort{ | ||
| Number: 80, | ||
| /* |
There was a problem hiding this comment.
Leftover comments. Please uncomment this.
| } | ||
| } | ||
|
|
||
| if arn == "" { |
There was a problem hiding this comment.
I was wondering what if GetALBARN() fails. We handled when arn is not ready here. Nice
| } | ||
| } | ||
| var err error | ||
| if resultSet.Len() > 0 { |
There was a problem hiding this comment.
should this be errorSet > 0 ?
There was a problem hiding this comment.
yes 💯 let me add a unit test here to validate this path.
There was a problem hiding this comment.
actually, while writing the unit tests and your comment below. I realized that this function doesn't do anything. This was detecting changes to the TCP route and trying to enqueue ALB Gateways. ALB Gateways don't need to care about changes to the NLB
| queue.Add(reconcile.Request{NamespacedName: gw}) | ||
| } | ||
|
|
||
| gateways, err = gatewayutils.GetImpactedGatewaysFromBackendRefs(ctx, h.k8sClient, route.Spec.Rules, route.Namespace, constants.NLBGatewayController) |
There was a problem hiding this comment.
Should this be constants.ALBGatewayController ?
There was a problem hiding this comment.
NLB is correct here because TCP routes attach to the NLB. It's a little confusing because the TCP route ends up pointing to the ALB.
|
/lgtm |
k8s-ci-robot
added
the
lgtm
4 participants
Description
This is a huge PR, I'd recommend to review the individual commits for clarity. I'll also comment through out the PR. This PR adds the ability to connect an ALB Gateway to an NLB Gateway via ALB target of NLB.
Checklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯