Skip to content

Commit f74c746

Browse files
M00nF1shM00nF1sh
committed
refactor security group handling to reuse worker node security group instead of creating new one
1 parent 42e619e commit f74c746

18 files changed

+882
-511
lines changed

internal/alb/lb/loadbalancer.go

Lines changed: 27 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -62,11 +62,10 @@ type loadBalancerConfig struct {
6262
Name string
6363
Tags map[string]string
6464

65-
Type *string
66-
Scheme *string
67-
IpAddressType *string
68-
SecurityGroups []string
69-
Subnets []string
65+
Type *string
66+
Scheme *string
67+
IpAddressType *string
68+
Subnets []string
7069
}
7170

7271
type defaultController struct {
@@ -88,6 +87,7 @@ func (controller *defaultController) Reconcile(ctx context.Context, ingress *ext
8887
if err != nil {
8988
return nil, err
9089
}
90+
9191
lbConfig, err := controller.buildLBConfig(ctx, ingress, ingressAnnos)
9292
if err != nil {
9393
return nil, fmt.Errorf("failed to build LoadBalancer configuration due to %v", err)
@@ -96,7 +96,12 @@ func (controller *defaultController) Reconcile(ctx context.Context, ingress *ext
9696
return nil, err
9797
}
9898

99-
instance, err := controller.ensureLBInstance(ctx, lbConfig)
99+
ingKey := k8s.NamespacedName(ingress)
100+
sgAttachment, err := controller.sgAssociationController.Setup(ctx, ingKey)
101+
if err != nil {
102+
return nil, err
103+
}
104+
instance, err := controller.ensureLBInstance(ctx, lbConfig, sgAttachment)
100105
if err != nil {
101106
return nil, err
102107
}
@@ -122,7 +127,7 @@ func (controller *defaultController) Reconcile(ctx context.Context, ingress *ext
122127
return nil, fmt.Errorf("failed to GC targetGroups due to %v", err)
123128
}
124129

125-
if err := controller.sgAssociationController.Reconcile(ctx, ingress, instance, tgGroup); err != nil {
130+
if err := controller.sgAssociationController.Reconcile(ctx, ingKey, sgAttachment, instance, tgGroup); err != nil {
126131
return nil, fmt.Errorf("failed to reconcile securityGroup associations due to %v", err)
127132
}
128133
return &LoadBalancer{
@@ -138,9 +143,6 @@ func (controller *defaultController) Delete(ctx context.Context, ingressKey type
138143
return fmt.Errorf("failed to find existing LoadBalancer due to %v", err)
139144
}
140145
if instance != nil {
141-
if err = controller.sgAssociationController.Delete(ctx, ingressKey, instance); err != nil {
142-
return fmt.Errorf("failed to clean up securityGroups due to %v", err)
143-
}
144146
if err = controller.lsGroupController.Delete(ctx, aws.StringValue(instance.LoadBalancerArn)); err != nil {
145147
return fmt.Errorf("failed to delete listeners due to %v", err)
146148
}
@@ -153,24 +155,27 @@ func (controller *defaultController) Delete(ctx context.Context, ingressKey type
153155
return err
154156
}
155157
}
158+
if err = controller.sgAssociationController.Delete(ctx, ingressKey); err != nil {
159+
return fmt.Errorf("failed to clean up securityGroups due to %v", err)
160+
}
156161

157162
return nil
158163
}
159164

160-
func (controller *defaultController) ensureLBInstance(ctx context.Context, lbConfig *loadBalancerConfig) (*elbv2.LoadBalancer, error) {
165+
func (controller *defaultController) ensureLBInstance(ctx context.Context, lbConfig *loadBalancerConfig, sgAttachment sg.LbAttachmentInfo) (*elbv2.LoadBalancer, error) {
161166
instance, err := controller.cloud.GetLoadBalancerByName(ctx, lbConfig.Name)
162167
if err != nil {
163168
return nil, fmt.Errorf("failed to find existing LoadBalancer due to %v", err)
164169
}
165170
if instance == nil {
166-
instance, err = controller.newLBInstance(ctx, lbConfig)
171+
instance, err = controller.newLBInstance(ctx, lbConfig, sgAttachment)
167172
if err != nil {
168173
return nil, fmt.Errorf("failed to create LoadBalancer due to %v", err)
169174
}
170175
return instance, nil
171176
}
172177
if controller.isLBInstanceNeedRecreation(ctx, instance, lbConfig) {
173-
instance, err = controller.recreateLBInstance(ctx, instance, lbConfig)
178+
instance, err = controller.recreateLBInstance(ctx, instance, lbConfig, sgAttachment)
174179
if err != nil {
175180
return nil, fmt.Errorf("failed to recreate LoadBalancer due to %v", err)
176181
}
@@ -182,14 +187,14 @@ func (controller *defaultController) ensureLBInstance(ctx context.Context, lbCon
182187
return instance, nil
183188
}
184189

185-
func (controller *defaultController) newLBInstance(ctx context.Context, lbConfig *loadBalancerConfig) (*elbv2.LoadBalancer, error) {
190+
func (controller *defaultController) newLBInstance(ctx context.Context, lbConfig *loadBalancerConfig, sgAttachment sg.LbAttachmentInfo) (*elbv2.LoadBalancer, error) {
186191
albctx.GetLogger(ctx).Infof("creating LoadBalancer %v", lbConfig.Name)
187192
resp, err := controller.cloud.CreateLoadBalancerWithContext(ctx, &elbv2.CreateLoadBalancerInput{
188193
Name: aws.String(lbConfig.Name),
189194
Type: lbConfig.Type,
190195
Scheme: lbConfig.Scheme,
191196
IpAddressType: lbConfig.IpAddressType,
192-
SecurityGroups: aws.StringSlice(lbConfig.SecurityGroups),
197+
SecurityGroups: aws.StringSlice(sgAttachment.SGIDs()),
193198
Subnets: aws.StringSlice(lbConfig.Subnets),
194199
Tags: tags.ConvertToELBV2(lbConfig.Tags),
195200
})
@@ -205,13 +210,13 @@ func (controller *defaultController) newLBInstance(ctx context.Context, lbConfig
205210
return instance, nil
206211
}
207212

208-
func (controller *defaultController) recreateLBInstance(ctx context.Context, existingInstance *elbv2.LoadBalancer, lbConfig *loadBalancerConfig) (*elbv2.LoadBalancer, error) {
213+
func (controller *defaultController) recreateLBInstance(ctx context.Context, existingInstance *elbv2.LoadBalancer, lbConfig *loadBalancerConfig, sgAttachment sg.LbAttachmentInfo) (*elbv2.LoadBalancer, error) {
209214
existingLBArn := aws.StringValue(existingInstance.LoadBalancerArn)
210215
albctx.GetLogger(ctx).Infof("deleting LoadBalancer %v for recreation", existingLBArn)
211216
if err := controller.cloud.DeleteLoadBalancerByArn(ctx, existingLBArn); err != nil {
212217
return nil, err
213218
}
214-
return controller.newLBInstance(ctx, lbConfig)
219+
return controller.newLBInstance(ctx, lbConfig, sgAttachment)
215220
}
216221

217222
func (controller *defaultController) reconcileLBInstance(ctx context.Context, instance *elbv2.LoadBalancer, lbConfig *loadBalancerConfig) error {
@@ -307,15 +312,15 @@ func (controller *defaultController) buildLBConfig(ctx context.Context, ingress
307312
if err != nil {
308313
return nil, err
309314
}
315+
310316
return &loadBalancerConfig{
311317
Name: controller.nameTagGen.NameLB(ingress.Namespace, ingress.Name),
312318
Tags: lbTags,
313319

314-
Type: aws.String(elbv2.LoadBalancerTypeEnumApplication),
315-
Scheme: ingressAnnos.LoadBalancer.Scheme,
316-
IpAddressType: ingressAnnos.LoadBalancer.IPAddressType,
317-
SecurityGroups: ingressAnnos.LoadBalancer.SecurityGroups,
318-
Subnets: subnets,
320+
Type: aws.String(elbv2.LoadBalancerTypeEnumApplication),
321+
Scheme: ingressAnnos.LoadBalancer.Scheme,
322+
IpAddressType: ingressAnnos.LoadBalancer.IPAddressType,
323+
Subnets: subnets,
319324
}, nil
320325
}
321326

internal/alb/ls/mock_Controller.go

Lines changed: 5 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

internal/alb/ls/mock_RulesController.go

Lines changed: 13 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)