doc update

Author: oliviassss

docs/deploy/configurations.md

@@ -147,3 +147,4 @@ They are a set of kye=value pairs that describe AWS load balance controller feat
 | EndpointsFailOpen | string | false | Enable or disable allowing endpoints with `ready:unknown` state in the target groups. |
 | EnableServiceController | string | true | Toggles support for `Service` type resources. |
 | EnableIPTargetType | string | true | Used to toggle support for target-type `ip` across `Ingress` and `Service` type resources. |
+| SubnetsClusterTagCheck | string | true | Enable or disable the check for `kubernetes.io/cluster/${cluster-name}` during subnet auto-discovery |

docs/deploy/subnet_discovery.md

@@ -31,4 +31,6 @@ In version v2.1.1 and older, both the public and private subnets must be tagged
 
  `${cluster-name}` is the name of the kubernetes cluster
 
- The cluster tag is not required in v2.1.2 and newer releases, unless a cluster tag for another cluster is present.
+The cluster tag is not required in versions from v2.1.2 to v2.4.1, unless a cluster tag for another cluster is present.
+
+Starting from v2.4.2 release, you can disable the cluster tag check completely by specifying the feature gate `SubnetsClusterTagCheck=false`

pkg/ingress/model_build_load_balancer.go

@@ -6,18 +6,17 @@ import (
 "encoding/hex"
 "fmt"
 "regexp"
-"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 "strings"
 
-"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
-
 awssdk "github.com/aws/aws-sdk-go/aws"
 ec2sdk "github.com/aws/aws-sdk-go/service/ec2"
 "github.com/google/go-cmp/cmp"
 "github.com/pkg/errors"
 "k8s.io/apimachinery/pkg/util/sets"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/algorithm"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
+"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/equality"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/model/core"

pkg/ingress/model_builder_test.go

@@ -2,7 +2,6 @@ package ingress
 
 import (
 "context"
-"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 "testing"
 "time"
 
@@ -21,6 +20,7 @@ import (
 "k8s.io/client-go/tools/record"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/elbv2"
 "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"

pkg/networking/subnet_resolver.go

@@ -65,28 +65,28 @@ func defaultSubnetsResolveOptions() SubnetsResolveOptions {
 
 type SubnetsResolveOption func(opts *SubnetsResolveOptions)
 
-// WithSubnetsResolveLBType generates a option that configures LBType.
+// WithSubnetsResolveLBType generates an option that configures LBType.
 func WithSubnetsResolveLBType(lbType elbv2model.LoadBalancerType) SubnetsResolveOption {
 return func(opts *SubnetsResolveOptions) {
 opts.LBType = lbType
 }
 }
 
-// WithSubnetsResolveLBScheme generates a option that configures LBScheme.
+// WithSubnetsResolveLBScheme generates an option that configures LBScheme.
 func WithSubnetsResolveLBScheme(lbScheme elbv2model.LoadBalancerScheme) SubnetsResolveOption {
 return func(opts *SubnetsResolveOptions) {
 opts.LBScheme = lbScheme
 }
 }
 
-// WithSubnetsResolveAvailableIPAddressCount generates a option that configures AvailableIPAddressCount.
+// WithSubnetsResolveAvailableIPAddressCount generates an option that configures AvailableIPAddressCount.
 func WithSubnetsResolveAvailableIPAddressCount(AvailableIPAddressCount int64) SubnetsResolveOption {
 return func(opts *SubnetsResolveOptions) {
 opts.AvailableIPAddressCount = AvailableIPAddressCount
 }
 }
 
-// WithSubnetsResolveAvailableIPAddressCount generates a option that configures AvailableIPAddressCount.
+// WithSubnetsClusterTagCheck generates an option that configures SubnetsClusterTagCheck.
 func WithSubnetsClusterTagCheck(SubnetsClusterTagCheck bool) SubnetsResolveOption {
 return func(opts *SubnetsResolveOptions) {
 opts.SubnetsClusterTagCheck = SubnetsClusterTagCheck
@@ -96,10 +96,12 @@ func WithSubnetsClusterTagCheck(SubnetsClusterTagCheck bool) SubnetsResolveOptio
 // SubnetsResolver is responsible for resolve EC2 Subnets for Load Balancers.
 type SubnetsResolver interface {
 // ResolveViaDiscovery resolve subnets by auto discover matching subnets.
-//  * if SubnetClusterTagCheck is enabled, the discovered subnets within clusterVPC must contain the "kubernetes.io/cluster/<cluster-name>" tag
+// Discovery candidate includes all subnets within the clusterVPC. Additionally,
 // * for internet-facing Load Balancer, "kubernetes.io/role/elb" tag must presents.
 // * for internal Load Balancer, "kubernetes.io/role/internal-elb" tag must presents.
-// * if multiple subnets are found for specific AZ, one subnet is chosen based on the lexical order of subnetID.
+// * if SubnetClusterTagCheck is enabled, subnets within the clusterVPC must contain no cluster tag at all
+// or contain the "kubernetes.io/cluster/<cluster_name>" tag for the current cluster
+// If multiple subnets are found for specific AZ, one subnet is chosen based on the lexical order of subnetID.
 ResolveViaDiscovery(ctx context.Context, opts ...SubnetsResolveOption) ([]*ec2sdk.Subnet, error)
 
 // ResolveViaNameOrIDSlice resolve subnets using subnet name or ID.
@@ -351,6 +353,7 @@ func (r *defaultSubnetsResolver) checkSubnetHasClusterTag(subnet *ec2sdk.Subnet)
 // checkSubnetIsNotTaggedForOtherClusters checks whether the subnet is tagged for the current cluster
 // or it doesn't contain the cluster tag at all. If the subnet contains a tag for other clusters, then
 // this check returns false so that the subnet does not used for the load balancer.
+// it returns true if the subnetsClusterTagCheck is disabled
 func (r *defaultSubnetsResolver) checkSubnetIsNotTaggedForOtherClusters(subnet *ec2sdk.Subnet, subnetsClusterTagCheck bool) bool {
 if !subnetsClusterTagCheck {
 return true