Restrict subnet auto-discovery to new LB (#2125)

Author: oliviassss

controllers/ingress/group_controller.go

@@ -16,6 +16,8 @@ import (
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy"
+	elbv2deploy "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/elbv2"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/ingress"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/model/core"
@@ -48,10 +50,12 @@ func NewGroupReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorder
 	authConfigBuilder := ingress.NewDefaultAuthConfigBuilder(annotationParser)
 	enhancedBackendBuilder := ingress.NewDefaultEnhancedBackendBuilder(k8sClient, annotationParser, authConfigBuilder)
 	referenceIndexer := ingress.NewDefaultReferenceIndexer(enhancedBackendBuilder, authConfigBuilder, logger)
+	trackingProvider := tracking.NewDefaultProvider(ingressTagPrefix, config.ClusterName)
+	elbv2TaggingManager := elbv2deploy.NewDefaultTaggingManager(cloud.ELBV2(), logger)
 	modelBuilder := ingress.NewDefaultModelBuilder(k8sClient, eventRecorder,
 		cloud.EC2(), cloud.ACM(),
 		annotationParser, subnetsResolver,
-		authConfigBuilder, enhancedBackendBuilder,
+		authConfigBuilder, enhancedBackendBuilder, trackingProvider, elbv2TaggingManager,
 		cloud.VpcID(), config.ClusterName, config.DefaultTags, config.ExternalManagedTags,
 		config.DefaultSSLPolicy, logger)
 	stackMarshaller := deploy.NewDefaultStackMarshaller()

pkg/ingress/model_build_load_balancer.go

@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"regexp"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
 	"strings"
 
 	awssdk "github.com/aws/aws-sdk-go/aws"
@@ -189,32 +190,48 @@ func (t *defaultModelBuildTask) buildLoadBalancerSubnetMappings(ctx context.Cont
 		explicitSubnetNameOrIDsList = append(explicitSubnetNameOrIDsList, rawSubnetNameOrIDs)
 	}
 
-	if len(explicitSubnetNameOrIDsList) == 0 {
-		chosenSubnets, err := t.subnetsResolver.ResolveViaDiscovery(ctx,
+	if len(explicitSubnetNameOrIDsList) != 0 {
+		chosenSubnetNameOrIDs := explicitSubnetNameOrIDsList[0]
+		for _, subnetNameOrIDs := range explicitSubnetNameOrIDsList[1:] {
+			// subnetNameOrIDs order doesn't matter
+			if !cmp.Equal(chosenSubnetNameOrIDs, subnetNameOrIDs, equality.IgnoreStringSliceOrder()) {
+				return nil, errors.Errorf("conflicting subnets: %v | %v", chosenSubnetNameOrIDs, subnetNameOrIDs)
+			}
+		}
+		chosenSubnets, err := t.subnetsResolver.ResolveViaNameOrIDSlice(ctx, chosenSubnetNameOrIDs,
 			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
 			networking.WithSubnetsResolveLBScheme(scheme),
 		)
 		if err != nil {
-			return nil, errors.Wrap(err, "couldn't auto-discover subnets")
+			return nil, err
 		}
 		return buildLoadBalancerSubnetMappingsWithSubnets(chosenSubnets), nil
 	}
+	stackTags := t.trackingProvider.StackTags(t.stack)
 
-	chosenSubnetNameOrIDs := explicitSubnetNameOrIDsList[0]
-	for _, subnetNameOrIDs := range explicitSubnetNameOrIDsList[1:] {
-		// subnetNameOrIDs orders doesn't matter.
-		if !cmp.Equal(chosenSubnetNameOrIDs, subnetNameOrIDs, equality.IgnoreStringSliceOrder()) {
-			return nil, errors.Errorf("conflicting subnets: %v | %v", chosenSubnetNameOrIDs, subnetNameOrIDs)
-		}
-	}
-	chosenSubnets, err := t.subnetsResolver.ResolveViaNameOrIDSlice(ctx, chosenSubnetNameOrIDs,
-		networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
-		networking.WithSubnetsResolveLBScheme(scheme),
-	)
+	sdkLBs, err := t.elbv2TaggingManager.ListLoadBalancers(ctx, tracking.TagsAsTagFilter(stackTags))
 	if err != nil {
 		return nil, err
 	}
-	return buildLoadBalancerSubnetMappingsWithSubnets(chosenSubnets), nil
+
+	if len(sdkLBs) == 0 {
+		chosenSubnets, err := t.subnetsResolver.ResolveViaDiscovery(ctx,
+			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
+			networking.WithSubnetsResolveLBScheme(scheme),
+		)
+		if err != nil {
+			return nil, errors.Wrap(err, "couldn't auto-discover subnets")
+		}
+		return buildLoadBalancerSubnetMappingsWithSubnets(chosenSubnets), nil
+	}
+
+	availabilityZones := sdkLBs[0].LoadBalancer.AvailabilityZones
+	subnetIDs := make([]string, 0, len(availabilityZones))
+	for _, availabilityZone := range availabilityZones {
+		subnetID := awssdk.StringValue(availabilityZone.SubnetId)
+		subnetIDs = append(subnetIDs, subnetID)
+	}
+	return buildLoadBalancerSubnetMappingsWithSubnetIDs(subnetIDs), nil
 }
 
 func (t *defaultModelBuildTask) buildLoadBalancerSecurityGroups(ctx context.Context, listenPortConfigByPort map[int64]listenPortConfig, ipAddressType elbv2model.IPAddressType) ([]core.StringToken, error) {
@@ -368,3 +385,13 @@ func buildLoadBalancerSubnetMappingsWithSubnets(subnets []*ec2sdk.Subnet) []elbv
 	}
 	return subnetMappings
 }
+
+func buildLoadBalancerSubnetMappingsWithSubnetIDs(subnetIDs []string) []elbv2model.SubnetMapping {
+	subnetMappings := make([]elbv2model.SubnetMapping, 0, len(subnetIDs))
+	for _, subnetID := range subnetIDs {
+		subnetMappings = append(subnetMappings, elbv2model.SubnetMapping{
+			SubnetID: subnetID,
+		})
+	}
+	return subnetMappings
+}

pkg/ingress/model_builder.go

@@ -12,6 +12,8 @@ import (
 	"k8s.io/client-go/tools/record"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+	elbv2deploy "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/elbv2"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/model/core"
 	ec2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/ec2"
@@ -31,6 +33,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR
 	ec2Client services.EC2, acmClient services.ACM,
 	annotationParser annotations.Parser, subnetsResolver networkingpkg.SubnetsResolver,
 	authConfigBuilder AuthConfigBuilder, enhancedBackendBuilder EnhancedBackendBuilder,
+	trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager,
 	vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string,
 	logger logr.Logger) *defaultModelBuilder {
 	certDiscovery := NewACMCertDiscovery(acmClient, logger)
@@ -47,6 +50,8 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR
 		authConfigBuilder:      authConfigBuilder,
 		enhancedBackendBuilder: enhancedBackendBuilder,
 		ruleOptimizer:          ruleOptimizer,
+		trackingProvider:       trackingProvider,
+		elbv2TaggingManager:    elbv2TaggingManager,
 		defaultTags:            defaultTags,
 		externalManagedTags:    sets.NewString(externalManagedTags...),
 		defaultSSLPolicy:       defaultSSLPolicy,
@@ -71,6 +76,8 @@ type defaultModelBuilder struct {
 	authConfigBuilder      AuthConfigBuilder
 	enhancedBackendBuilder EnhancedBackendBuilder
 	ruleOptimizer          RuleOptimizer
+	trackingProvider       tracking.Provider
+	elbv2TaggingManager    elbv2deploy.TaggingManager
 	defaultTags            map[string]string
 	externalManagedTags    sets.String
 	defaultSSLPolicy       string
@@ -93,6 +100,8 @@ func (b *defaultModelBuilder) Build(ctx context.Context, ingGroup Group) (core.S
 		authConfigBuilder:      b.authConfigBuilder,
 		enhancedBackendBuilder: b.enhancedBackendBuilder,
 		ruleOptimizer:          b.ruleOptimizer,
+		trackingProvider:       b.trackingProvider,
+		elbv2TaggingManager:    b.elbv2TaggingManager,
 		logger:                 b.logger,
 
 		ingGroup: ingGroup,
@@ -138,6 +147,8 @@ type defaultModelBuildTask struct {
 	authConfigBuilder      AuthConfigBuilder
 	enhancedBackendBuilder EnhancedBackendBuilder
 	ruleOptimizer          RuleOptimizer
+	trackingProvider       tracking.Provider
+	elbv2TaggingManager    elbv2deploy.TaggingManager
 	logger                 logr.Logger
 
 	ingGroup          Group