fix: health check timeout for services/NLB (#2899)

project0 · web-flow · commit 2e740a79b86c · 2022-12-01T17:43:54.000-08:00
* fix: health check timeout for services/NLB

The annotation for health check timeout was not consumed at all for
services

* add feature gate ServiceHealthCheckTimeout

allows people to set old behavior

* feat: rename featuregate
diff --git a/docs/deploy/configurations.md b/docs/deploy/configurations.md
@@ -3,9 +3,9 @@ This document covers configuration of the AWS Load Balancer controller
 
 !!!warning "limitation"
     The v2.0.0+ version of AWSLoadBalancerController currently only support one controller deployment(with one or multiple replicas) per cluster.
-    
+
     The AWSLoadBalancerController assumes it's the solo owner of worker node security group rules with `elbv2.k8s.aws/targetGroupBinding=shared` description, running multiple controller deployment will cause these controllers compete with each other updating worker node security group rules.
-    
+
     We will remove this limitation in future versions: [tracking issue](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/2185)
 
 ## AWS API Access
@@ -158,3 +158,4 @@ They are a set of kye=value pairs that describe AWS load balance controller feat
 | EnableServiceController               | string                          | true           | Toggles support for `Service` type resources. |
 | EnableIPTargetType                    | string                          | true           | Used to toggle support for target-type `ip` across `Ingress` and `Service` type resources. |
 | SubnetsClusterTagCheck                | string                          | true           | Enable or disable the check for `kubernetes.io/cluster/${cluster-name}` during subnet auto-discovery |
+| NLBHealthCheckTimeout                 | string                          | true           | Enable or disable the use of `service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout` for `Service` type resources (NLB) |
diff --git a/pkg/config/feature_gates.go b/pkg/config/feature_gates.go
@@ -2,9 +2,10 @@ package config
 
 import (
 	"fmt"
-	"github.com/spf13/pflag"
 	"strconv"
 	"strings"
+
+	"github.com/spf13/pflag"
 )
 
 type Feature string
@@ -17,6 +18,7 @@ const (
 	EnableServiceController     Feature = "EnableServiceController"
 	EnableIPTargetType          Feature = "EnableIPTargetType"
 	SubnetsClusterTagCheck      Feature = "SubnetsClusterTagCheck"
+	NLBHealthCheckTimeout       Feature = "NLBHealthCheckTimeout"
 )
 
 type FeatureGates interface {
@@ -51,6 +53,7 @@ func NewFeatureGates() FeatureGates {
 			EnableServiceController:     true,
 			EnableIPTargetType:          true,
 			SubnetsClusterTagCheck:      true,
+			NLBHealthCheckTimeout:       true,
 		},
 	}
 }
diff --git a/pkg/service/model_build_target_group.go b/pkg/service/model_build_target_group.go
@@ -18,6 +18,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	elbv2api "sigs.k8s.io/aws-load-balancer-controller/apis/elbv2/v1beta1"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
 	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/networking"
@@ -113,6 +114,13 @@ func (t *defaultModelBuildTask) buildTargetGroupHealthCheckConfigDefault(ctx con
 	if err != nil {
 		return nil, err
 	}
+	var healthCheckTimeoutSeconds *int64
+	if t.featureGates.Enabled(config.NLBHealthCheckTimeout) {
+		healthCheckTimeoutSeconds, err = t.buildTargetGroupHealthCheckTimeoutSeconds(ctx, t.defaultHealthCheckTimeout)
+		if err != nil {
+			return nil, err
+		}
+	}
 	healthyThresholdCount, err := t.buildTargetGroupHealthCheckHealthyThresholdCount(ctx, t.defaultHealthCheckHealthyThreshold)
 	if err != nil {
 		return nil, err
@@ -126,6 +134,7 @@ func (t *defaultModelBuildTask) buildTargetGroupHealthCheckConfigDefault(ctx con
 		Protocol:                &healthCheckProtocol,
 		Path:                    healthCheckPathPtr,
 		IntervalSeconds:         &intervalSeconds,
+		TimeoutSeconds:          healthCheckTimeoutSeconds,
 		HealthyThresholdCount:   &healthyThresholdCount,
 		UnhealthyThresholdCount: &unhealthyThresholdCount,
 	}, nil
@@ -148,6 +157,13 @@ func (t *defaultModelBuildTask) buildTargetGroupHealthCheckConfigForInstanceMode
 	if err != nil {
 		return nil, err
 	}
+	var healthCheckTimeoutSeconds *int64
+	if t.featureGates.Enabled(config.NLBHealthCheckTimeout) {
+		healthCheckTimeoutSeconds, err = t.buildTargetGroupHealthCheckTimeoutSeconds(ctx, t.defaultHealthCheckTimeoutForInstanceModeLocal)
+		if err != nil {
+			return nil, err
+		}
+	}
 	healthyThresholdCount, err := t.buildTargetGroupHealthCheckHealthyThresholdCount(ctx, t.defaultHealthCheckHealthyThresholdForInstanceModeLocal)
 	if err != nil {
 		return nil, err
@@ -161,6 +177,7 @@ func (t *defaultModelBuildTask) buildTargetGroupHealthCheckConfigForInstanceMode
 		Protocol:                &healthCheckProtocol,
 		Path:                    healthCheckPathPtr,
 		IntervalSeconds:         &intervalSeconds,
+		TimeoutSeconds:          healthCheckTimeoutSeconds,
 		HealthyThresholdCount:   &healthyThresholdCount,
 		UnhealthyThresholdCount: &unhealthyThresholdCount,
 	}, nil
@@ -308,12 +325,12 @@ func (t *defaultModelBuildTask) buildTargetGroupHealthCheckIntervalSeconds(_ con
 	return intervalSeconds, nil
 }
 
-func (t *defaultModelBuildTask) buildTargetGroupHealthCheckTimeoutSeconds(_ context.Context, defaultHealthCheckTimeout int64) (int64, error) {
+func (t *defaultModelBuildTask) buildTargetGroupHealthCheckTimeoutSeconds(_ context.Context, defaultHealthCheckTimeout int64) (*int64, error) {
 	timeoutSeconds := defaultHealthCheckTimeout
 	if _, err := t.annotationParser.ParseInt64Annotation(annotations.SvcLBSuffixHCTimeout, &timeoutSeconds, t.service.Annotations); err != nil {
-		return 0, err
+		return nil, err
 	}
-	return timeoutSeconds, nil
+	return &timeoutSeconds, nil
 }
 
 func (t *defaultModelBuildTask) buildTargetGroupHealthCheckHealthyThresholdCount(_ context.Context, defaultHealthCheckHealthyThreshold int64) (int64, error) {
diff --git a/pkg/service/model_build_target_group_test.go b/pkg/service/model_build_target_group_test.go
@@ -15,6 +15,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	elbv2api "sigs.k8s.io/aws-load-balancer-controller/apis/elbv2/v1beta1"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
 )
 
@@ -183,6 +184,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 				Port:                    &trafficPort,
 				Protocol:                (*elbv2.Protocol)(aws.String(string(elbv2.ProtocolTCP))),
 				IntervalSeconds:         aws.Int64(10),
+				TimeoutSeconds:          aws.Int64(10),
 				HealthyThresholdCount:   aws.Int64(3),
 				UnhealthyThresholdCount: aws.Int64(3),
 			},
@@ -209,6 +211,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 				Protocol:                (*elbv2.Protocol)(aws.String("HTTP")),
 				Path:                    aws.String("/healthz"),
 				IntervalSeconds:         aws.Int64(10),
+				TimeoutSeconds:          aws.Int64(30),
 				HealthyThresholdCount:   aws.Int64(2),
 				UnhealthyThresholdCount: aws.Int64(2),
 			},
@@ -229,6 +232,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 				Protocol:                (*elbv2.Protocol)(aws.String("HTTP")),
 				Path:                    aws.String("/"),
 				IntervalSeconds:         aws.Int64(10),
+				TimeoutSeconds:          aws.Int64(10),
 				HealthyThresholdCount:   aws.Int64(3),
 				UnhealthyThresholdCount: aws.Int64(3),
 			},
@@ -284,6 +288,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 				Port:                    &trafficPort,
 				Protocol:                (*elbv2.Protocol)(aws.String(string(elbv2.ProtocolTCP))),
 				IntervalSeconds:         aws.Int64(10),
+				TimeoutSeconds:          aws.Int64(10),
 				HealthyThresholdCount:   aws.Int64(3),
 				UnhealthyThresholdCount: aws.Int64(3),
 			},
@@ -304,6 +309,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 				Protocol:                (*elbv2.Protocol)(aws.String(string(elbv2.ProtocolHTTP))),
 				Path:                    aws.String("/healthz"),
 				IntervalSeconds:         aws.Int64(10),
+				TimeoutSeconds:          aws.Int64(6),
 				HealthyThresholdCount:   aws.Int64(2),
 				UnhealthyThresholdCount: aws.Int64(2),
 			},
@@ -333,6 +339,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 				Port:                    &port8888,
 				Protocol:                (*elbv2.Protocol)(aws.String(string(elbv2.ProtocolTCP))),
 				IntervalSeconds:         aws.Int64(10),
+				TimeoutSeconds:          aws.Int64(30),
 				HealthyThresholdCount:   aws.Int64(5),
 				UnhealthyThresholdCount: aws.Int64(5),
 			},
@@ -345,6 +352,7 @@ func Test_defaultModelBuilderTask_buildTargetHealthCheck(t *testing.T) {
 			builder := &defaultModelBuildTask{
 				service:                              tt.svc,
 				annotationParser:                     parser,
+				featureGates:                         config.NewFeatureGates(),
 				defaultAccessLogsS3Bucket:            "",
 				defaultAccessLogsS3Prefix:            "",
 				defaultLoadBalancingCrossZoneEnabled: false,
diff --git a/pkg/service/model_builder_test.go b/pkg/service/model_builder_test.go
@@ -190,6 +190,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "port":"traffic-port",
                 "protocol":"TCP",
                 "intervalSeconds":10,
+                "timeoutSeconds":10,
                 "healthyThresholdCount":3,
                 "unhealthyThresholdCount":3
              },
@@ -334,6 +335,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "port":"traffic-port",
                 "protocol":"TCP",
                 "intervalSeconds":10,
+                "timeoutSeconds":10,
                 "healthyThresholdCount":3,
                 "unhealthyThresholdCount":3
              },
@@ -518,6 +520,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "protocol":"HTTP",
                 "path":"/healthz",
                 "intervalSeconds":10,
+                "timeoutSeconds":30,
                 "healthyThresholdCount":2,
                 "unhealthyThresholdCount":2
              },
@@ -541,6 +544,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "protocol":"HTTP",
                 "path":"/healthz",
                 "intervalSeconds":10,
+                "timeoutSeconds":30,
                 "healthyThresholdCount":2,
                 "unhealthyThresholdCount":2
              },
@@ -852,6 +856,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "protocol":"HTTP",
                 "path":"/healthz",
                 "intervalSeconds":10,
+                "timeoutSeconds":30,
                 "healthyThresholdCount":2,
                 "unhealthyThresholdCount":2
              },
@@ -875,6 +880,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "protocol":"HTTP",
                 "path":"/healthz",
                 "intervalSeconds":10,
+                "timeoutSeconds":30,
                 "healthyThresholdCount":2,
                 "unhealthyThresholdCount":2
              },
@@ -1180,6 +1186,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "port": "traffic-port",
                 "protocol":"TCP",
                 "intervalSeconds":10,
+                "timeoutSeconds":10,
                 "healthyThresholdCount":3,
                 "unhealthyThresholdCount":3
              },
@@ -1202,6 +1209,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "port":"traffic-port",
                 "protocol":"TCP",
                 "intervalSeconds":10,
+                "timeoutSeconds":10,
                 "healthyThresholdCount":3,
                 "unhealthyThresholdCount":3
              },
@@ -1448,8 +1456,9 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
              "healthCheckConfig":{
                 "port": 29123,
                 "protocol":"HTTP",
-				"path":"/healthz",
+                "path":"/healthz",
                 "intervalSeconds":10,
+                "timeoutSeconds":6,
                 "healthyThresholdCount":2,
                 "unhealthyThresholdCount":2
              },
@@ -1471,8 +1480,9 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
              "healthCheckConfig":{
                 "port": 29123,
                 "protocol":"HTTP",
-				"path":"/healthz",
+                "path":"/healthz",
                 "intervalSeconds":10,
+                "timeoutSeconds":6,
                 "healthyThresholdCount":2,
                 "unhealthyThresholdCount":2
              },
@@ -1729,6 +1739,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "port":"traffic-port",
                 "protocol":"TCP",
                 "intervalSeconds":10,
+                "timeoutSeconds":10,
                 "healthyThresholdCount":3,
                 "unhealthyThresholdCount":3
              },
@@ -1941,7 +1952,8 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
             "unhealthyThresholdCount": 3,
             "protocol": "TCP",
             "port": "traffic-port",
-            "intervalSeconds": 10
+            "intervalSeconds": 10,
+            "timeoutSeconds":10
           },
           "targetGroupAttributes": [
             {
@@ -2210,6 +2222,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
             "port": "traffic-port",
             "protocol": "TCP",
             "intervalSeconds": 10,
+            "timeoutSeconds":10,
             "healthyThresholdCount": 3,
             "unhealthyThresholdCount": 3
           },
@@ -2355,6 +2368,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
             "port": "traffic-port",
             "protocol": "TCP",
             "intervalSeconds": 10,
+            "timeoutSeconds":10,
             "healthyThresholdCount": 3,
             "unhealthyThresholdCount": 3
           },
@@ -2551,6 +2565,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
             "port": "traffic-port",
             "protocol": "TCP",
             "intervalSeconds": 10,
+            "timeoutSeconds":10,
             "healthyThresholdCount": 3,
             "unhealthyThresholdCount": 3
           },
@@ -2693,6 +2708,7 @@ func Test_defaultModelBuilderTask_Build(t *testing.T) {
                 "port":"traffic-port",
                 "protocol":"TCP",
                 "intervalSeconds":10,
+                "timeoutSeconds":10,
                 "healthyThresholdCount":3,
                 "unhealthyThresholdCount":3
              },

Original file line number	Diff line number	Diff line change
`@@ -2,9 +2,10 @@ package config`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"fmt"`
`5`		`- "github.com/spf13/pflag"`
`6`	`5`	`"strconv"`
`7`	`6`	`"strings"`
	`7`	`+`
	`8`	`+ "github.com/spf13/pflag"`
`8`	`9`	`)`
`9`	`10`
`10`	`11`	`type Feature string`
`@@ -17,6 +18,7 @@ const (`
`17`	`18`	`EnableServiceController Feature = "EnableServiceController"`
`18`	`19`	`EnableIPTargetType Feature = "EnableIPTargetType"`
`19`	`20`	`SubnetsClusterTagCheck Feature = "SubnetsClusterTagCheck"`
	`21`	`+ NLBHealthCheckTimeout Feature = "NLBHealthCheckTimeout"`
`20`	`22`	`)`
`21`	`23`
`22`	`24`	`type FeatureGates interface {`
`@@ -51,6 +53,7 @@ func NewFeatureGates() FeatureGates {`
`51`	`53`	`EnableServiceController: true,`
`52`	`54`	`EnableIPTargetType: true,`
`53`	`55`	`SubnetsClusterTagCheck: true,`
	`56`	`+ NLBHealthCheckTimeout: true,`
`54`	`57`	`},`
`55`	`58`	`}`
`56`	`59`	`}`