feat: Support TargetGroupBinding on targets outside the cluster's VPC (#3479)

* feat: Support TargetGroupBinding on targets outside the cluster's VPC

* Update docs

* Make vpcid optional

* Add vpcid missing test case

- update docs

* Fix failing e2e test

* fix to use k8s API convention

* Add tests to improve coverage

* generate crds

Author: ikosenn

apis/elbv2/v1beta1/targetgroupbinding_types.go

@@ -145,6 +145,10 @@ type TargetGroupBindingSpec struct {
 	// ipAddressType specifies whether the target group is of type IPv4 or IPv6. If unspecified, it will be automatically inferred.
 	// +optional
 	IPAddressType *TargetGroupIPAddressType `json:"ipAddressType,omitempty"`
+
+	// VpcID is the VPC of the TargetGroup. If unspecified, it will be automatically inferred.
+	// +optional
+	VpcID string `json:"vpcID,omitempty"`
 }
 
 // TargetGroupBindingStatus defines the observed state of TargetGroupBinding

config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml

@@ -386,6 +386,10 @@ spec:
                 - instance
                 - ip
                 type: string
+              vpcID:
+                description: VpcID is the VPC of the TargetGroup. If unspecified,
+                  it will be automatically inferred.
+                type: string
             required:
             - serviceRef
             - targetGroupARN

docs/guide/targetgroupbinding/targetgroupbinding.md

@@ -5,8 +5,8 @@ This will allow you to provision the load balancer infrastructure completely out
 
 !!!tip "usage to support Ingress and Service"
     The AWS LoadBalancer controller internally used TargetGroupBinding to support the functionality for Ingress and Service resource as well.
-    It automatically creates TargetGroupBinding in the same namespace of the Service used. 
-    
+    It automatically creates TargetGroupBinding in the same namespace of the Service used.
+
     You can view all TargetGroupBindings in a namespace by `kubectl get targetgroupbindings -n <your-namespace> -o wide`
 
 
@@ -31,6 +31,28 @@ spec:
 ```
 
 
+## VpcID
+TargetGroupBinding CR supports the explicit definition of the Virtual Private Cloud (VPC) of your TargetGroup.
+
+!!!tip ""
+    If the VpcID is not explicitly specified, a mutating webhook will automatically call AWS API to find the VpcID for your TargetGroup and set it to correct value.
+
+
+## Sample YAML
+```yaml
+apiVersion: elbv2.k8s.aws/v1beta1
+kind: TargetGroupBinding
+metadata:
+  name: my-tgb
+spec:
+  serviceRef:
+    name: awesome-service # route traffic to the awesome-service
+    port: 80
+  targetGroupARN: <arn-to-targetGroup>
+  vpcID: <vpcID>
+```
+
+
 ## NodeSelector
 
 ### Default Node Selector

helm/aws-load-balancer-controller/crds/crds.yaml

@@ -587,6 +587,10 @@ spec:
                 - instance
                 - ip
                 type: string
+              vpcID:
+                description: VpcID is the VPC of the TargetGroup. If unspecified,
+                  it will be automatically inferred.
+                type: string
             required:
             - serviceRef
             - targetGroupARN

pkg/deploy/elbv2/target_group_binding_manager.go

@@ -187,6 +187,7 @@ func buildK8sTargetGroupBindingSpec(ctx context.Context, resTGB *elbv2model.Targ
 	}
 	k8sTGBSpec.NodeSelector = resTGB.Spec.Template.Spec.NodeSelector
 	k8sTGBSpec.IPAddressType = resTGB.Spec.Template.Spec.IPAddressType
+	k8sTGBSpec.VpcID = resTGB.Spec.Template.Spec.VpcID
 	return k8sTGBSpec, nil
 }
 

pkg/ingress/model_build_target_group.go

@@ -77,6 +77,7 @@ func (t *defaultModelBuildTask) buildTargetGroupBindingSpec(ctx context.Context,
 				Networking:    tgbNetworking,
 				NodeSelector:  nodeSelector,
 				IPAddressType: (*elbv2api.TargetGroupIPAddressType)(tg.Spec.IPAddressType),
+				VpcID:         t.vpcID,
 			},
 		},
 	}

pkg/ingress/model_builder_test.go

@@ -308,6 +308,7 @@ const baseStackJSON = `
                                 "$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-1:http/status/targetGroupARN"
                             },
                             "targetType":"instance",
+                            "vpcID": "vpc-dummy",
                             "ipAddressType":"ipv4",
                             "serviceRef":{
                                 "name":"svc-1",
@@ -350,6 +351,7 @@ const baseStackJSON = `
                             },
                             "targetType":"instance",
                             "ipAddressType":"ipv4",
+                            "vpcID": "vpc-dummy",
                             "serviceRef":{
                                 "name":"svc-2",
                                 "port":"http"
@@ -390,6 +392,7 @@ const baseStackJSON = `
                                 "$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-3:https/status/targetGroupARN"
                             },
                             "targetType":"ip",
+                            "vpcID": "vpc-dummy",
                             "ipAddressType":"ipv4",
                             "serviceRef":{
                                 "name":"svc-3",
@@ -1131,7 +1134,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
 					"port": 443,
 					"protocol": "HTTPS",
 					"sslPolicy": "ELBSecurityPolicy-2016-08",
-					"mutualAuthentication" : { 
+					"mutualAuthentication" : {
 						"mode" : "off"
 					}
 				}
@@ -1442,6 +1445,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
 						},
 						"spec": {
 							"ipAddressType": "ipv4",
+							"vpcID": "vpc-dummy",
 							"networking": {
 								"ingress": [
 									{
@@ -2429,6 +2433,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
 						},
 						"spec": {
 							"ipAddressType": "ipv6",
+							"vpcID": "vpc-dummy",
 							"networking": {
 								"ingress": [
 									{
@@ -2695,6 +2700,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
 						},
 						"spec": {
 							"ipAddressType": "ipv4",
+							"vpcID": "vpc-dummy",
 							"networking": {
 								"ingress": [
 									{
@@ -2854,6 +2860,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
 						},
 						"spec": {
 							"ipAddressType": "ipv4",
+							"vpcID": "vpc-dummy",
 							"networking": {
 								"ingress": [
 									{

pkg/model/elbv2/target_group_binding.go

@@ -103,6 +103,10 @@ type TargetGroupBindingSpec struct {
 	// ipAddressType specifies whether the target group is of type IPv4 or IPv6. If unspecified, it will be automatically inferred.
 	// +optional
 	IPAddressType *elbv2api.TargetGroupIPAddressType `json:"ipAddressType,omitempty"`
+
+	// VpcID is the VPC of the TargetGroup. If unspecified, it will be automatically inferred.
+	// +optional
+	VpcID string `json:"vpcID,omitempty"`
 }
 
 // Template for TargetGroupBinding Custom Resource.

pkg/service/model_build_target_group.go

@@ -444,6 +444,7 @@ func (t *defaultModelBuildTask) buildTargetGroupBindingSpec(ctx context.Context,
 				Networking:    tgbNetworking,
 				NodeSelector:  nodeSelector,
 				IPAddressType: (*elbv2api.TargetGroupIPAddressType)(targetGroup.Spec.IPAddressType),
+				VpcID:         t.vpcID,
 			},
 		},
 	}, nil