Discovery subnets by available ip addresses (kubernetes-sigs#2146)

* discovery subnet by the count of available ip address

* update unit test for subnet_resolver

* filter subnets before iterating subnetsByAZ

* decouple buildLoadBalancerSubnets from buildLoadBalancerSubnetMappings

Author: oliviassss

pkg/ingress/model_build_load_balancer.go

@@ -25,6 +25,7 @@ import (
 
 const (
 	resourceIDLoadBalancer = "LoadBalancer"
+	minimalAvailableIPAddressCount = int64(8)
 )
 
 func (t *defaultModelBuildTask) buildLoadBalancer(ctx context.Context, listenPortConfigByPort map[int64]listenPortConfig) (*elbv2model.LoadBalancer, error) {
@@ -218,6 +219,7 @@ func (t *defaultModelBuildTask) buildLoadBalancerSubnetMappings(ctx context.Cont
 		chosenSubnets, err := t.subnetsResolver.ResolveViaDiscovery(ctx,
 			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
 			networking.WithSubnetsResolveLBScheme(scheme),
+			networking.WithSubnetsResolveAvailableIPAddressCount(minimalAvailableIPAddressCount),
 		)
 		if err != nil {
 			return nil, errors.Wrap(err, "couldn't auto-discover subnets")

pkg/networking/subnet_resolver.go

@@ -42,6 +42,8 @@ type SubnetsResolveOptions struct {
 	// The Load Balancer Scheme.
 	// By default, it's internet-facing.
 	LBScheme elbv2model.LoadBalancerScheme
+	// count of available ip addresses
+	AvailableIPAddressCount int64
 }
 
 // ApplyOptions applies slice of SubnetsResolveOption.
@@ -75,6 +77,13 @@ func WithSubnetsResolveLBScheme(lbScheme elbv2model.LoadBalancerScheme) SubnetsR
 	}
 }
 
+// WithSubnetsResolveAvailableIPAddressCount generates a option that configures AvailableIPAddressCount.
+func WithSubnetsResolveAvailableIPAddressCount(AvailableIPAddressCount int64) SubnetsResolveOption {
+	return func(opts *SubnetsResolveOptions) {
+		opts.AvailableIPAddressCount = AvailableIPAddressCount
+	}
+}
+
 // SubnetsResolver is responsible for resolve EC2 Subnets for Load Balancers.
 type SubnetsResolver interface {
 	// ResolveViaDiscovery resolve subnets by auto discover matching subnets.
@@ -143,7 +152,8 @@ func (r *defaultSubnetsResolver) ResolveViaDiscovery(ctx context.Context, opts .
 			subnets = append(subnets, subnet)
 		}
 	}
-	subnetsByAZ := mapSDKSubnetsByAZ(subnets)
+	filteredSubnets := r.filterSubnetsByAvailableIPAddress(subnets, resolveOpts.AvailableIPAddressCount)
+	subnetsByAZ := mapSDKSubnetsByAZ(filteredSubnets)
 	chosenSubnets := make([]*ec2sdk.Subnet, 0, len(subnetsByAZ))
 	for az, subnets := range subnetsByAZ {
 		if len(subnets) == 1 {
@@ -370,3 +380,14 @@ func sortSubnetsByID(subnets []*ec2sdk.Subnet) {
 		return awssdk.StringValue(subnets[i].SubnetId) < awssdk.StringValue(subnets[j].SubnetId)
 	})
 }
+
+func (r *defaultSubnetsResolver) filterSubnetsByAvailableIPAddress(subnets []*ec2sdk.Subnet, availableIPAddressCount int64) []*ec2sdk.Subnet {
+	filteredSubnets := make([]*ec2sdk.Subnet, 0, len(subnets))
+	for _, subnet := range subnets {
+		if awssdk.Int64Value(subnet.AvailableIpAddressCount) >= availableIPAddressCount {
+			filteredSubnets = append(filteredSubnets, subnet)
+		}
+	}
+	r.logger.V(4).Info("Subnets filtered by Available IP Address: ", filteredSubnets)
+	return filteredSubnets
+}

pkg/networking/subnet_resolver_test.go

@@ -35,6 +35,9 @@ func Test_defaultSubnetsResolver_ResolveViaDiscovery(t *testing.T) {
 	type args struct {
 		opts []SubnetsResolveOption
 	}
+	const (
+		minimalAvailableIPAddressCount = int64(8)
+	)
 	tests := []struct {
 		name    string
 		fields  fields
@@ -886,6 +889,109 @@ func Test_defaultSubnetsResolver_ResolveViaDiscovery(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "subnets with insufficient available ip addresses get ignored",
+			fields: fields{
+				vpcID:       "vpc-1",
+				clusterName: "kube-cluster",
+				describeSubnetsAsListCalls: []describeSubnetsAsListCall{
+					{
+						input: &ec2sdk.DescribeSubnetsInput{
+							Filters: []*ec2sdk.Filter{
+								{
+									Name:   awssdk.String("tag:kubernetes.io/role/elb"),
+									Values: awssdk.StringSlice([]string{"", "1"}),
+								},
+								{
+									Name:   awssdk.String("vpc-id"),
+									Values: awssdk.StringSlice([]string{"vpc-1"}),
+								},
+							},
+						},
+						output: []*ec2sdk.Subnet{
+							{
+								SubnetId:           awssdk.String("subnet-1"),
+								AvailabilityZone:   awssdk.String("us-west-2a"),
+								AvailabilityZoneId: awssdk.String("usw2-az1"),
+								VpcId:              awssdk.String("vpc-1"),
+								AvailableIpAddressCount: awssdk.Int64(0),
+							},
+							{
+								SubnetId:           awssdk.String("subnet-3"),
+								AvailabilityZone:   awssdk.String("us-west-2a"),
+								AvailabilityZoneId: awssdk.String("usw2-az1"),
+								VpcId:              awssdk.String("vpc-1"),
+								AvailableIpAddressCount: awssdk.Int64(8),
+							},
+							{
+								SubnetId:           awssdk.String("subnet-4"),
+								AvailabilityZone:   awssdk.String("us-west-2b"),
+								AvailabilityZoneId: awssdk.String("usw2-az2"),
+								VpcId:              awssdk.String("vpc-1"),
+								AvailableIpAddressCount: awssdk.Int64(25),
+							},
+							{
+								SubnetId:           awssdk.String("subnet-2"),
+								AvailabilityZone:   awssdk.String("us-west-2a"),
+								AvailabilityZoneId: awssdk.String("usw2-az1"),
+								VpcId:              awssdk.String("vpc-1"),
+								AvailableIpAddressCount: awssdk.Int64(2),
+							},
+							{
+								SubnetId:           awssdk.String("subnet-5"),
+								AvailabilityZone:   awssdk.String("us-west-2b"),
+								AvailabilityZoneId: awssdk.String("usw2-az2"),
+								VpcId:              awssdk.String("vpc-1"),
+								AvailableIpAddressCount: awssdk.Int64(10),
+							},
+						},
+					},
+				},
+				fetchAZInfosCalls: []fetchAZInfosCall{
+					{
+						availabilityZoneIDs: []string{"usw2-az1"},
+						azInfoByAZID: map[string]ec2sdk.AvailabilityZone{
+							"usw2-az1": {
+								ZoneId:   awssdk.String("usw2-az1"),
+								ZoneType: awssdk.String("availability-zone"),
+							},
+						},
+					},
+					{
+						availabilityZoneIDs: []string{"usw2-az2"},
+						azInfoByAZID: map[string]ec2sdk.AvailabilityZone{
+							"usw2-az2": {
+								ZoneId:   awssdk.String("usw2-az2"),
+								ZoneType: awssdk.String("availability-zone"),
+							},
+						},
+					},
+				},
+			},
+			args: args{
+				opts: []SubnetsResolveOption{
+					WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeNetwork),
+					WithSubnetsResolveLBScheme(elbv2model.LoadBalancerSchemeInternetFacing),
+					WithSubnetsResolveAvailableIPAddressCount(minimalAvailableIPAddressCount),
+				},
+			},
+			want: []*ec2sdk.Subnet{
+				{
+					SubnetId:           awssdk.String("subnet-3"),
+					AvailabilityZone:   awssdk.String("us-west-2a"),
+					AvailabilityZoneId: awssdk.String("usw2-az1"),
+					VpcId:              awssdk.String("vpc-1"),
+					AvailableIpAddressCount: awssdk.Int64(8),
+				},
+				{
+					SubnetId:           awssdk.String("subnet-4"),
+					AvailabilityZone:   awssdk.String("us-west-2b"),
+					AvailabilityZoneId: awssdk.String("usw2-az2"),
+					VpcId:              awssdk.String("vpc-1"),
+					AvailableIpAddressCount: awssdk.Int64(25),
+				},
+			},
+		},
 	}
 
 	for _, tt := range tests {

pkg/service/model_build_load_balancer.go

@@ -27,6 +27,7 @@ const (
 	lbAttrsAccessLogsS3Prefix            = "access_logs.s3.prefix"
 	lbAttrsLoadBalancingCrossZoneEnabled = "load_balancing.cross_zone.enabled"
 	resourceIDLoadBalancer               = "LoadBalancer"
+	minimalAvailableIPAddressCount 		 = int64(8)
 )
 
 func (t *defaultModelBuildTask) buildLoadBalancer(ctx context.Context, scheme elbv2model.LoadBalancerScheme) error {
@@ -267,6 +268,18 @@ func (t *defaultModelBuildTask) buildLoadBalancerSubnets(ctx context.Context, sc
 		)
 	}
 
+	// for internet-facing Load Balancers, the subnets mush have at least 8 available IP addresses;
+	// for internal Load Balancers, this is only required if private ip address is not assigned
+	var privateIpv4Addresses []string
+	ipv4Configured := t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixPrivateIpv4Addresses, &privateIpv4Addresses, t.service.Annotations)
+	if (scheme == elbv2model.LoadBalancerSchemeInternetFacing) ||
+		((scheme == elbv2model.LoadBalancerSchemeInternal) && !ipv4Configured) {
+		return t.subnetsResolver.ResolveViaDiscovery(ctx,
+			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeNetwork),
+			networking.WithSubnetsResolveLBScheme(scheme),
+			networking.WithSubnetsResolveAvailableIPAddressCount(minimalAvailableIPAddressCount),
+		)
+	}
 	return t.subnetsResolver.ResolveViaDiscovery(ctx,
 		networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeNetwork),
 		networking.WithSubnetsResolveLBScheme(scheme),