Merge pull request #3296 from michaelsaah/issue-3285-fix

k8s-ci-robot · web-flow · commit 4e697f843109 · 2023-08-29T17:17:55.000-07:00
don't block TGB reconciliation loop on failed SG ingress reconciliation
diff --git a/pkg/k8s/events.go b/pkg/k8s/events.go
@@ -25,6 +25,7 @@ const (
 	TargetGroupBindingEventReasonFailedRemoveFinalizer  = "FailedRemoveFinalizer"
 	TargetGroupBindingEventReasonFailedUpdateStatus     = "FailedUpdateStatus"
 	TargetGroupBindingEventReasonFailedCleanup          = "FailedCleanup"
+	TargetGroupBindingEventReasonFailedNetworkReconcile = "FailedNetworkReconcile"
 	TargetGroupBindingEventReasonBackendNotFound        = "BackendNotFound"
 	TargetGroupBindingEventReasonSuccessfullyReconciled = "SuccessfullyReconciled"
 )
diff --git a/pkg/targetgroupbinding/networking_manager.go b/pkg/targetgroupbinding/networking_manager.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"strings"
 	"sync"
+	libErrors "errors"
 
 	awssdk "github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@@ -199,11 +200,13 @@ func (m *defaultNetworkingManager) reconcileWithIngressPermissionsPerSG(ctx cont
 	aggregatedIngressPermissionsPerSG := m.computeAggregatedIngressPermissionsPerSG(ctx)
 
 	permissionSelector := labels.SelectorFromSet(labels.Set{tgbNetworkingIPPermissionLabelKey: tgbNetworkingIPPermissionLabelValue})
+	var sgReconciliationErrors []error
 	for sgID, permissions := range aggregatedIngressPermissionsPerSG {
 		if err := m.sgReconciler.ReconcileIngress(ctx, sgID, permissions,
 			networking.WithPermissionSelector(permissionSelector),
 			networking.WithAuthorizeOnly(!computedForAllTGBs)); err != nil {
-			return err
+			sgReconciliationErrors = append(sgReconciliationErrors, err)
+			continue
 		}
 	}
 
@@ -213,6 +216,11 @@ func (m *defaultNetworkingManager) reconcileWithIngressPermissionsPerSG(ctx cont
 		}
 	}
 
+	if len(sgReconciliationErrors) > 0 {
+		err := libErrors.Join(sgReconciliationErrors...)
+		return err
+	}
+
 	return nil
 }
 
diff --git a/pkg/targetgroupbinding/resource_manager.go b/pkg/targetgroupbinding/resource_manager.go
@@ -136,8 +136,10 @@ func (m *defaultResourceManager) reconcileWithIPTargetType(ctx context.Context,
 	notDrainingTargets, drainingTargets := partitionTargetsByDrainingStatus(targets)
 	matchedEndpointAndTargets, unmatchedEndpoints, unmatchedTargets := matchPodEndpointWithTargets(endpoints, notDrainingTargets)
 
+	needNetworkingRequeue := false
 	if err := m.networkingManager.ReconcileForPodEndpoints(ctx, tgb, endpoints); err != nil {
-		return err
+		m.eventRecorder.Event(tgb, corev1.EventTypeWarning, k8s.TargetGroupBindingEventReasonFailedNetworkReconcile, err.Error())
+		needNetworkingRequeue = true
 	}
 	if len(unmatchedTargets) > 0 {
 		if err := m.deregisterTargets(ctx, tgARN, unmatchedTargets); err != nil {
@@ -167,6 +169,10 @@ func (m *defaultResourceManager) reconcileWithIPTargetType(ctx context.Context,
 	}
 
 	_ = drainingTargets
+
+	if needNetworkingRequeue {
+		return runtime.NewRequeueNeeded("networking reconciliation")
+	}
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ const (`
`25`	`25`	`TargetGroupBindingEventReasonFailedRemoveFinalizer = "FailedRemoveFinalizer"`
`26`	`26`	`TargetGroupBindingEventReasonFailedUpdateStatus = "FailedUpdateStatus"`
`27`	`27`	`TargetGroupBindingEventReasonFailedCleanup = "FailedCleanup"`
	`28`	`+ TargetGroupBindingEventReasonFailedNetworkReconcile = "FailedNetworkReconcile"`
`28`	`29`	`TargetGroupBindingEventReasonBackendNotFound = "BackendNotFound"`
`29`	`30`	`TargetGroupBindingEventReasonSuccessfullyReconciled = "SuccessfullyReconciled"`
`30`	`31`	`)`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"net"`
`7`	`7`	`"strings"`
`8`	`8`	`"sync"`
	`9`	`+ libErrors "errors"`
`9`	`10`
`10`	`11`	`awssdk "github.com/aws/aws-sdk-go/aws"`
`11`	`12`	`"github.com/aws/aws-sdk-go/aws/awserr"`
`@@ -199,11 +200,13 @@ func (m *defaultNetworkingManager) reconcileWithIngressPermissionsPerSG(ctx cont`
`199`	`200`	`aggregatedIngressPermissionsPerSG := m.computeAggregatedIngressPermissionsPerSG(ctx)`
`200`	`201`
`201`	`202`	`permissionSelector := labels.SelectorFromSet(labels.Set{tgbNetworkingIPPermissionLabelKey: tgbNetworkingIPPermissionLabelValue})`
	`203`	`+ var sgReconciliationErrors []error`
`202`	`204`	`for sgID, permissions := range aggregatedIngressPermissionsPerSG {`
`203`	`205`	`if err := m.sgReconciler.ReconcileIngress(ctx, sgID, permissions,`
`204`	`206`	`networking.WithPermissionSelector(permissionSelector),`
`205`	`207`	`networking.WithAuthorizeOnly(!computedForAllTGBs)); err != nil {`
`206`		`- return err`
	`208`	`+ sgReconciliationErrors = append(sgReconciliationErrors, err)`
	`209`	`+ continue`
`207`	`210`	`}`
`208`	`211`	`}`
`209`	`212`
`@@ -213,6 +216,11 @@ func (m *defaultNetworkingManager) reconcileWithIngressPermissionsPerSG(ctx cont`
`213`	`216`	`}`
`214`	`217`	`}`
`215`	`218`
	`219`	`+ if len(sgReconciliationErrors) > 0 {`
	`220`	`+ err := libErrors.Join(sgReconciliationErrors...)`
	`221`	`+ return err`
	`222`	`+ }`
	`223`	`+`
`216`	`224`	`return nil`
`217`	`225`	`}`
`218`	`226`
Original file line number	Diff line number	Diff line change
`@@ -136,8 +136,10 @@ func (m *defaultResourceManager) reconcileWithIPTargetType(ctx context.Context,`
`136`	`136`	`notDrainingTargets, drainingTargets := partitionTargetsByDrainingStatus(targets)`
`137`	`137`	`matchedEndpointAndTargets, unmatchedEndpoints, unmatchedTargets := matchPodEndpointWithTargets(endpoints, notDrainingTargets)`
`138`	`138`
	`139`	`+ needNetworkingRequeue := false`
`139`	`140`	`if err := m.networkingManager.ReconcileForPodEndpoints(ctx, tgb, endpoints); err != nil {`
`140`		`- return err`
	`141`	`+ m.eventRecorder.Event(tgb, corev1.EventTypeWarning, k8s.TargetGroupBindingEventReasonFailedNetworkReconcile, err.Error())`
	`142`	`+ needNetworkingRequeue = true`
`141`	`143`	`}`
`142`	`144`	`if len(unmatchedTargets) > 0 {`
`143`	`145`	`if err := m.deregisterTargets(ctx, tgARN, unmatchedTargets); err != nil {`
`@@ -167,6 +169,10 @@ func (m *defaultResourceManager) reconcileWithIPTargetType(ctx context.Context,`
`167`	`169`	`}`
`168`	`170`
`169`	`171`	`_ = drainingTargets`
	`172`	`+`
	`173`	`+ if needNetworkingRequeue {`
	`174`	`+ return runtime.NewRequeueNeeded("networking reconciliation")`
	`175`	`+ }`
`170`	`176`	`return nil`
`171`	`177`	`}`
`172`	`178`