advanced_routing/weighted_routing support

Author: M00nF1sh

.golangci.yml

@@ -17,4 +17,6 @@ linters:
 issues:
   exclude:
   - IpAddressType # AWS SDK GO are using IpAddressType, while go-lint requires IPAddressType :(
-  - ClientId      # AWS SDK GO are using ClientId, while go-lint requires ClientID :(
+  - ClientId      # AWS SDK GO are using ClientId, while go-lint requires ClientID :(
+  - SourceIp
+  - Http

docs/guide/ingress/annotation.md

@@ -24,6 +24,7 @@ You can add kubernetes annotations to ingress and service objects to customize t
 |[alb.ingress.kubernetes.io/auth-type](#auth-type)|none\|oidc\|cognito|none|ingress,service|
 |[alb.ingress.kubernetes.io/backend-protocol](#backend-protocol)|HTTP \| HTTPS|HTTP|ingress,service|
 |[alb.ingress.kubernetes.io/certificate-arn](#certificate-arn)|stringList|N/A|ingress|
+|[alb.ingress.kubernetes.io/conditions.${conditions-name}](#conditions)|json|N/A|ingress|
 |[alb.ingress.kubernetes.io/healthcheck-interval-seconds](#healthcheck-interval-seconds)|integer|'15'|ingress,service|
 |[alb.ingress.kubernetes.io/healthcheck-path](#healthcheck-path)|string|/|ingress,service|
 |[alb.ingress.kubernetes.io/healthcheck-port](#healthcheck-port)|integer \| traffic-port|traffic-port|ingress,service|
@@ -112,25 +113,173 @@ Traffic Routing can be controlled with following annotations:
     The `action-name` in the annotation must match the serviceName in the ingress rules, and servicePort must be `use-annotation`.
 
     !!!example
-        - fixed 503 response
-            ```yaml
-            apiVersion: extensions/v1beta1
-            kind: Ingress
-            metadata:
-              namespace: default
-              name: ingress
-              annotations:
-                kubernetes.io/ingress.class: alb
-                alb.ingress.kubernetes.io/actions.response-503: '{"Type": "fixed-response", "FixedResponseConfig": {"ContentType":"text/plain", "StatusCode":"503", "MessageBody":"503 error text"}}'
-            spec:
-              rules:
-                - http:
-                    paths:
-                      - path: /503
-                        backend:
-                          serviceName: response-503
-                          servicePort: use-annotation
-            ```
+        - response-503: return fixed 503 response
+        - redirect-to-eks: redirect to an external url
+        - forward-single-tg: forward to an single targetGroup [**simplified schema**]
+        - forward-multiple-tg: forward to multiple targetGroups with different weights and stickiness config [**advanced schema**]
+
+        ```yaml
+        apiVersion: extensions/v1beta1
+        kind: Ingress
+        metadata:
+          namespace: default
+          name: ingress
+          annotations:
+            kubernetes.io/ingress.class: alb
+            alb.ingress.kubernetes.io/scheme: internet-facing
+            alb.ingress.kubernetes.io/actions.response-503: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"503","MessageBody":"503 error text"}}
+            alb.ingress.kubernetes.io/actions.redirect-to-eks: >
+              {"Type":"redirect","RedirectConfig":{"Host":"aws.amazon.com","Path":"/eks/","Port":"443","Protocol":"HTTPS","Query":"k=v","StatusCode":"HTTP_302"}}
+            alb.ingress.kubernetes.io/actions.forward-single-tg: >
+              {"Type":"forward","TargetGroupArn": "arn-of-your-target-group"}
+            alb.ingress.kubernetes.io/actions.forward-multiple-tg: >
+              {"Type":"forward","ForwardConfig":{"TargetGroups":[{"TargetGroupArn":""arn-of-your-target-group","Weight":80},{"ServiceName":"service-1","ServicePort":"80","Weight":20}],"TargetGroupStickinessConfig":{"Enabled":true,"DurationSeconds":200}}}
+        spec:
+          rules:
+            - http:
+                paths:
+                  - path: /503
+                    backend:
+                      serviceName: response-503
+                      servicePort: use-annotation
+                  - path: /eks
+                    backend:
+                      serviceName: redirect-to-eks
+                      servicePort: use-annotation
+                  - path: /path1
+                    backend:
+                      serviceName: forward-single-tg
+                      servicePort: use-annotation
+                  - path: /path2
+                    backend:
+                      serviceName: forward-multiple-tg
+                      servicePort: use-annotation
+        ```
+    
+    !!!note "use ARN in forward Action"
+        ARN can be used in forward action(both simplified schema and advanced schema), it must be an targetGroup created outside of k8s, typically an targetGroup for legacy application.
+    !!!note "use ServiceName/ServicePort in forward Action"
+        ServiceName/ServicePort can be used in forward action(advanced schema only).
+        
+        Limitation: [Auth related annotations](#authentication) on Service object won't be respected, it must be applied to Ingress object.
+
+- <a name="conditions">`alb.ingress.kubernetes.io/conditions.${conditions-name}`</a> Provides a method for specifing routing conditions **in addition to original host/path condition on Ingress spec**. 
+
+    The `conditions-name` in the annotation must match the serviceName in the ingress rules, and servicePort must be `use-annotation`.
+
+    !!!example
+        - rule-path1: 
+            - Host is www.example.com OR anno.example.com
+            - Path is /path1
+        - rule-path2:
+            - Host is www.example.com
+            - Path is /path2 OR /anno/path2
+        - rule-path3:
+            - Host is www.example.com
+            - Path is /path3
+            - Http header HeaderName is HeaderValue1 OR HeaderValue2
+        - rule-path4:
+            - Host is www.example.com
+            - Path is /path4
+            - Http request method is GET OR HEAD
+        - rule-path5:
+            - Host is www.example.com
+            - Path is /path5
+            - Query string is paramA:valueA1 OR paramA:valueA2
+        - rule-path6:
+            - Host is www.example.com
+            - Path is /path6
+            - Source IP is192.168.0.0/16 OR 172.16.0.0/16
+        - rule-path7:
+            - Host is www.example.com
+            - Path is /path6
+            - Http header HeaderName is HeaderValue
+            - Query string is paramA:valueA
+            - Query string is paramB:valueB
+
+        ```yaml
+        apiVersion: extensions/v1beta1
+        kind: Ingress
+        metadata:
+          namespace: default
+          name: ingress
+          annotations:
+            kubernetes.io/ingress.class: alb
+            alb.ingress.kubernetes.io/scheme: internet-facing
+            alb.ingress.kubernetes.io/actions.rule-path1: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"Host is www.example.com OR anno.example.com"}}
+            alb.ingress.kubernetes.io/conditions.rule-path1: >
+              [{"Field":"host-header","HostHeaderConfig":{"Values":["anno.example.com"]}}]
+            alb.ingress.kubernetes.io/actions.rule-path2: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"Path is /path2 OR /anno/path2"}}
+            alb.ingress.kubernetes.io/conditions.rule-path2: >
+              [{"Field":"path-pattern","PathPatternConfig":{"Values":["/anno/path2"]}}]
+            alb.ingress.kubernetes.io/actions.rule-path3: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"Http header HeaderName is HeaderValue1 OR HeaderValue2"}}
+            alb.ingress.kubernetes.io/conditions.rule-path3: >
+              [{"Field":"http-header","HttpHeaderConfig":{"HttpHeaderName": "HeaderName", "Values":["HeaderValue1", "HeaderValue2"]}}]
+            alb.ingress.kubernetes.io/actions.rule-path4: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"Http request method is GET OR HEAD"}}
+            alb.ingress.kubernetes.io/conditions.rule-path4: >
+              [{"Field":"http-request-method","HttpRequestMethodConfig":{"Values":["GET", "HEAD"]}}]
+            alb.ingress.kubernetes.io/actions.rule-path5: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"Query string is paramA:valueA1 OR paramA:valueA2"}}
+            alb.ingress.kubernetes.io/conditions.rule-path5: >
+              [{"Field":"query-string","QueryStringConfig":{"Values":[{"Key":"paramA","Value":"valueA1"},{"Key":"paramA","Value":"valueA2"}]}}]
+            alb.ingress.kubernetes.io/actions.rule-path6: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"Source IP is 192.168.0.0/16 OR 172.16.0.0/16"}}
+            alb.ingress.kubernetes.io/conditions.rule-path6: >
+              [{"Field":"source-ip","SourceIpConfig":{"Values":["192.168.0.0/16", "172.16.0.0/16"]}}]
+            alb.ingress.kubernetes.io/actions.rule-path7: >
+              {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"200","MessageBody":"multiple conditions applies"}}
+            alb.ingress.kubernetes.io/conditions.rule-path7: >
+              [{"Field":"http-header","HttpHeaderConfig":{"HttpHeaderName": "HeaderName", "Values":["HeaderValue"]}},{"Field":"query-string","QueryStringConfig":{"Values":[{"Key":"paramA","Value":"valueA"}]}},{"Field":"query-string","QueryStringConfig":{"Values":[{"Key":"paramB","Value":"valueB"}]}}]
+        spec:
+          rules:
+            - host: www.example.com
+              http:
+                paths:
+                  - path: /path1
+                    backend:
+                      serviceName: rule-path1
+                      servicePort: use-annotation
+                  - path: /path2
+                    backend:
+                      serviceName: rule-path2
+                      servicePort: use-annotation
+                  - path: /path3
+                    backend:
+                      serviceName: rule-path3
+                      servicePort: use-annotation
+                  - path: /path4
+                    backend:
+                      serviceName: rule-path4
+                      servicePort: use-annotation
+                  - path: /path5
+                    backend:
+                      serviceName: rule-path5
+                      servicePort: use-annotation
+                  - path: /path6
+                    backend:
+                      serviceName: rule-path6
+                      servicePort: use-annotation
+                  - path: /path7
+                    backend:
+                      serviceName: rule-path7
+                      servicePort: use-annotation
+        ```
+
+    !!!warning "limitations"
+        General ALB limitations applies:
+
+        1. Each rule can optionally include up to one of each of the following conditions: host-header, http-request-method, path-pattern, and source-ip. Each rule can also optionally include one or more of each of the following conditions: http-header and query-string.
+            
+        2. You can specify up to three match evaluations per condition.
+            
+        3. You can specify up to five match evaluations per rule.
+        
+        Refer [ALB documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#rule-condition-types) for more details.
 
 ## Access control
 Access control for LoadBalancer can be controlled with following annotations:

go.mod

@@ -3,7 +3,7 @@ module github.com/kubernetes-sigs/aws-alb-ingress-controller
 require (
 	github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30 // indirect
 	github.com/aws/aws-k8s-tester/e2e/tester v0.0.0-20190907061006-260b0e114d90
-	github.com/aws/aws-sdk-go v1.23.21
+	github.com/aws/aws-sdk-go v1.27.3
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/go-logr/glogr v0.1.0
 	github.com/go-logr/logr v0.1.0 // indirect
@@ -31,7 +31,7 @@ require (
 	github.com/prometheus/common v0.4.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.4.0
-	github.com/ticketmaster/aws-sdk-go-cache v0.0.0-20180926195306-58922816129c
+	github.com/ticketmaster/aws-sdk-go-cache v0.0.0-20180926195306-58922816129c // indirect
 	golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/api v0.0.0-20181213150558-05914d821849

go.sum

@@ -16,6 +16,10 @@ github.com/aws/aws-k8s-tester/e2e/tester v0.0.0-20190907061006-260b0e114d90/go.m
 github.com/aws/aws-sdk-go v1.15.39/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.23.21 h1:eVJT2C99cAjZlBY8+CJovf6AwrSANzAcYNuxdCB+SPk=
 github.com/aws/aws-sdk-go v1.23.21/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.25.43 h1:R5YqHQFIulYVfgRySz9hvBRTWBjudISa+r0C8XQ1ufg=
+github.com/aws/aws-sdk-go v1.25.43/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.27.3 h1:CBWC7Yot0U6OU/uosUmq7tKJVBTq6HrhgW1Vjpt9SMw=
+github.com/aws/aws-sdk-go v1.27.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -380,6 +384,7 @@ golang.org/x/tools v0.0.0-20191010075000-0337d82405ff h1:XdBG6es/oFDr1HwaxkxgVve
 golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=