Skip to content

Commit d5cc02c

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes-sigs#1063 from M00nF1sh/advanced_ip
enhance ip mode for non-ec2 nodes
2 parents b3de777 + 4d1f94c commit d5cc02c

File tree

15 files changed

+481
-238
lines changed

15 files changed

+481
-238
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
FROM golang:1.12.7-stretch as builder
15+
FROM golang:1.13.4-stretch as builder
1616
WORKDIR /go/src/github.com/kubernetes-sigs/aws-alb-ingress-controller/
1717
COPY . .
1818
RUN make server

go.mod

Lines changed: 12 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,15 @@ module github.com/kubernetes-sigs/aws-alb-ingress-controller
22

33
require (
44
github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30 // indirect
5-
github.com/aws/aws-k8s-tester/e2e/tester v0.0.0-20190907061006-260b0e114d90 // indirect
5+
github.com/aws/aws-k8s-tester/e2e/tester v0.0.0-20190907061006-260b0e114d90
66
github.com/aws/aws-sdk-go v1.23.21
77
github.com/blang/semver v3.5.1+incompatible
88
github.com/go-logr/glogr v0.1.0
99
github.com/go-logr/logr v0.1.0 // indirect
1010
github.com/go-logr/zapr v0.1.0 // indirect
11-
github.com/gogo/protobuf v1.2.0 // indirect
1211
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
13-
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
1412
github.com/golang/mock v1.2.0
15-
github.com/golangci/golangci-lint v1.14.0 // indirect
16-
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect
13+
github.com/golangci/golangci-lint v1.21.0 // indirect
1714
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
1815
github.com/googleapis/gnostic v0.2.0 // indirect
1916
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
@@ -24,33 +21,28 @@ require (
2421
github.com/mattn/goveralls v0.0.3-0.20190325144123-900af2b6e486 // indirect
2522
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
2623
github.com/modern-go/reflect2 v1.0.1 // indirect
27-
github.com/onsi/ginkgo v1.7.0
28-
github.com/onsi/gomega v1.4.3
24+
github.com/onsi/ginkgo v1.10.1
25+
github.com/onsi/gomega v1.7.0
2926
github.com/pborman/uuid v1.2.0 // indirect
3027
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
3128
github.com/pkg/errors v0.8.1
32-
github.com/prometheus/client_golang v0.9.2
33-
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910
34-
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275
35-
github.com/spf13/pflag v1.0.3
36-
github.com/stretchr/objx v0.1.1 // indirect
37-
github.com/stretchr/testify v1.2.2
29+
github.com/prometheus/client_golang v0.9.3
30+
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90
31+
github.com/prometheus/common v0.4.0
32+
github.com/spf13/pflag v1.0.5
33+
github.com/stretchr/testify v1.4.0
3834
github.com/ticketmaster/aws-sdk-go-cache v0.0.0-20180926195306-58922816129c
39-
go.uber.org/atomic v1.3.2 // indirect
40-
go.uber.org/multierr v1.1.0 // indirect
41-
go.uber.org/zap v1.9.1 // indirect
42-
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67 // indirect
4335
golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635 // indirect
44-
golang.org/x/sys v0.0.0-20190214214411-e77772198cdc // indirect
45-
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
4636
gopkg.in/inf.v0 v0.9.1 // indirect
4737
k8s.io/api v0.0.0-20181213150558-05914d821849
4838
k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93
4939
k8s.io/apiserver v0.0.0-20190214201149-f9f16382a346
50-
k8s.io/client-go v2.0.0-alpha.0.0.20181213151034-8d9ed539ba31+incompatible
40+
k8s.io/client-go v0.0.0-20181213151034-8d9ed539ba31
5141
k8s.io/klog v0.2.0
5242
k8s.io/kube-openapi v0.0.0-20190208205540-d7c86cdc46e3 // indirect
5343
sigs.k8s.io/controller-runtime v0.1.10
5444
sigs.k8s.io/structured-merge-diff v0.0.0-20190215000154-7666d3d49c8f // indirect
5545
sigs.k8s.io/yaml v1.1.0 // indirect
5646
)
47+
48+
go 1.13

go.sum

Lines changed: 303 additions & 59 deletions
Large diffs are not rendered by default.

internal/alb/sg/instance_attachment_v1.go

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -74,14 +74,14 @@ func (c *instanceAttachmentControllerV1) Reconcile(ctx context.Context, ingKey t
7474

7575
shouldAttachENIIDs := targetENIIDs.Difference(attachedENIIDs)
7676
for eniID := range shouldAttachENIIDs {
77-
if err := c.ensureSGAttachedToENI(ctx, instanceSGID, targetENIs[eniID]); err != nil {
77+
if err := c.ensureSGAttachedToENI(ctx, instanceSGID, eniID, targetENIs[eniID]); err != nil {
7878
return err
7979
}
8080
}
8181

8282
shouldDetachENIIDs := attachedENIIDs.Difference(targetENIIDs)
8383
for eniID := range shouldDetachENIIDs {
84-
if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, attachedENIs[eniID]); err != nil {
84+
if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, eniID, attachedENIs[eniID]); err != nil {
8585
return err
8686
}
8787
}
@@ -102,8 +102,8 @@ func (c *instanceAttachmentControllerV1) Delete(ctx context.Context, ingKey type
102102
if err != nil {
103103
return err
104104
}
105-
for _, eni := range attachedENIs {
106-
if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, eni); err != nil {
105+
for eniID, eniInfo := range attachedENIs {
106+
if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, eniID, eniInfo); err != nil {
107107
return err
108108
}
109109
}
@@ -141,7 +141,7 @@ func (c *instanceAttachmentControllerV1) ensureInstanceSG(ctx context.Context, i
141141
}
142142

143143
// findENIsAttachedWithInstanceSG finds all ENIs attached with instance SG.
144-
func (c *instanceAttachmentControllerV1) findENIsAttachedWithInstanceSG(ctx context.Context, instanceSGID string) (map[string]*ec2.NetworkInterface, error) {
144+
func (c *instanceAttachmentControllerV1) findENIsAttachedWithInstanceSG(ctx context.Context, instanceSGID string) (map[string]ENIInfo, error) {
145145
enis, err := c.cloud.DescribeNetworkInterfaces(ctx, &ec2.DescribeNetworkInterfacesInput{
146146
Filters: []*ec2.Filter{
147147
{
@@ -153,36 +153,34 @@ func (c *instanceAttachmentControllerV1) findENIsAttachedWithInstanceSG(ctx cont
153153
if err != nil {
154154
return nil, err
155155
}
156-
result := make(map[string]*ec2.NetworkInterface, len(enis))
156+
result := make(map[string]ENIInfo, len(enis))
157157
for _, eni := range enis {
158-
result[aws.StringValue(eni.NetworkInterfaceId)] = eni
158+
result[aws.StringValue(eni.NetworkInterfaceId)] = NewENIInfoViaENI(eni)
159159
}
160160
return result, nil
161161
}
162162

163-
func (c *instanceAttachmentControllerV1) ensureSGAttachedToENI(ctx context.Context, sgID string, eni *ec2.InstanceNetworkInterface) error {
163+
func (c *instanceAttachmentControllerV1) ensureSGAttachedToENI(ctx context.Context, sgID string, eniID string, eniInfo ENIInfo) error {
164164
desiredGroups := []string{sgID}
165-
for _, group := range eni.Groups {
166-
groupID := aws.StringValue(group.GroupId)
165+
for _, groupID := range eniInfo.SecurityGroups() {
167166
if groupID == sgID {
168167
return nil
169168
}
170169
desiredGroups = append(desiredGroups, groupID)
171170
}
172171

173-
albctx.GetLogger(ctx).Infof("attaching securityGroup %s to ENI %s", sgID, *eni.NetworkInterfaceId)
172+
albctx.GetLogger(ctx).Infof("attaching securityGroup %s to ENI %s", sgID, eniID)
174173
_, err := c.cloud.ModifyNetworkInterfaceAttributeWithContext(ctx, &ec2.ModifyNetworkInterfaceAttributeInput{
175-
NetworkInterfaceId: eni.NetworkInterfaceId,
174+
NetworkInterfaceId: aws.String(eniID),
176175
Groups: aws.StringSlice(desiredGroups),
177176
})
178177
return err
179178
}
180179

181-
func (c *instanceAttachmentControllerV1) ensureSGDetachedFromENI(ctx context.Context, sgID string, eni *ec2.NetworkInterface) error {
180+
func (c *instanceAttachmentControllerV1) ensureSGDetachedFromENI(ctx context.Context, sgID string, eniID string, eniInfo ENIInfo) error {
182181
sgAttached := false
183182
desiredGroups := []string{}
184-
for _, group := range eni.Groups {
185-
groupID := aws.StringValue(group.GroupId)
183+
for _, groupID := range eniInfo.SecurityGroups() {
186184
if groupID == sgID {
187185
sgAttached = true
188186
} else {
@@ -193,9 +191,9 @@ func (c *instanceAttachmentControllerV1) ensureSGDetachedFromENI(ctx context.Con
193191
return nil
194192
}
195193

196-
albctx.GetLogger(ctx).Infof("detaching securityGroup %s from ENI %s", sgID, *eni.NetworkInterfaceId)
194+
albctx.GetLogger(ctx).Infof("detaching securityGroup %s from ENI %s", sgID, eniID)
197195
_, err := c.cloud.ModifyNetworkInterfaceAttributeWithContext(ctx, &ec2.ModifyNetworkInterfaceAttributeInput{
198-
NetworkInterfaceId: eni.NetworkInterfaceId,
196+
NetworkInterfaceId: aws.String(eniID),
199197
Groups: aws.StringSlice(desiredGroups),
200198
})
201199
return err

internal/alb/sg/instance_attachment_v2.go

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -102,9 +102,7 @@ func (c *instanceAttachmentControllerV2) findInstanceSGsForTgGroup(ctx context.C
102102

103103
sgIDs := sets.NewString()
104104
for _, eni := range targetENIs {
105-
for _, group := range eni.Groups {
106-
sgIDs.Insert(aws.StringValue(group.GroupId))
107-
}
105+
sgIDs.Insert(eni.SecurityGroups()...)
108106
}
109107
if len(sgIDs) == 0 {
110108
return nil, nil
@@ -126,24 +124,25 @@ func (c *instanceAttachmentControllerV2) findInstanceSGsForTgGroup(ctx context.C
126124

127125
clusterTag := "kubernetes.io/cluster/" + c.cloud.GetClusterName()
128126
instanceSGIDs := sets.NewString()
129-
for _, eni := range targetENIs {
130-
if len(eni.Groups) == 1 {
131-
instanceSGIDs.Insert(aws.StringValue(eni.Groups[0].GroupId))
127+
for eniID, eni := range targetENIs {
128+
eniSGIDs := eni.SecurityGroups()
129+
if len(eniSGIDs) == 1 {
130+
instanceSGIDs.Insert(eniSGIDs[0])
132131
continue
133132
}
134133
var instanceSGIDsWithClusterTag []string
135-
for _, group := range eni.Groups {
136-
instanceSG := sgByID[aws.StringValue(group.GroupId)]
134+
for _, eniSGID := range eniSGIDs {
135+
instanceSG := sgByID[eniSGID]
137136
for _, tag := range instanceSG.Tags {
138137
if aws.StringValue(tag.Key) == clusterTag {
139-
instanceSGIDsWithClusterTag = append(instanceSGIDsWithClusterTag, aws.StringValue(group.GroupId))
138+
instanceSGIDsWithClusterTag = append(instanceSGIDsWithClusterTag, eniSGID)
140139
break
141140
}
142141
}
143142
}
144143
if len(instanceSGIDsWithClusterTag) != 1 {
145144
return nil, errors.Errorf("expect one securityGroup tagged with %v on eni %v, got %v",
146-
clusterTag, aws.StringValue(eni.NetworkInterfaceId), len(instanceSGIDsWithClusterTag),
145+
clusterTag, eniID, len(instanceSGIDsWithClusterTag),
147146
)
148147
}
149148
instanceSGIDs.Insert(instanceSGIDsWithClusterTag[0])

0 commit comments

Comments
 (0)