Skip to content

add reconciler for securityGroup rules #1421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 16, 2020
Merged

add reconciler for securityGroup rules #1421

merged 5 commits into from
Sep 16, 2020

Conversation

M00nF1sh
Copy link
Collaborator

@M00nF1sh M00nF1sh commented Sep 15, 2020
edited
Loading

  1. networking.SecurityGroupInfo wraps the information about a securityGroup.
    • we expand the raw EC2IPPermission into multiple ones, so that each one contain only a single source.(ipRange/ipV6Range/etc).
    • for each expanded EC2IPPermission, we compute a set of labels from description(treat the description as comma-separated kv pairs). also, a special raw/description label is added for the raw description.
  2. networking.SecurityGroupManager provides cached operations for securityGroups.
  3. networking.SecurityGroupReconciler will reconcile permissions for securityGroups.
  4. targetGroupBinding.NetworkingManager will manage the network settings for targetGroupBindings.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Sep 15, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: M00nF1sh
To complete the pull request process, please assign
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Sep 15, 2020
kishorj
kishorj reviewed Sep 15, 2020
View reviewed changes
pkg/targetgroupbinding/networking_manager.go
return nil, err
}
containsPermission := false
for _, permission := range ipPermissions {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the expected number of permissions in the worst case?
This could cause a potential bottleneck.

Copy link
Collaborator Author

@M00nF1sh M00nF1sh Sep 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

humm, one securityGroup only have at most 10X permissions.
calculations like these will never be bottleneck :D (networking is)

pkg/targetgroupbinding/resource_manager.go
@@ -22,23 +23,29 @@ type ResourceManager interface {
}

// NewDefaultResourceManager constructs new defaultResourceManager.
func NewDefaultResourceManager(k8sClient client.Client, elbv2Client services.ELBV2, logger logr.Logger) *defaultResourceManager {
func NewDefaultResourceManager(k8sClient client.Client, elbv2Client services.ELBV2,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you modify the main.go as well? if so please include it together.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update the PR to modify main.go

@M00nF1sh M00nF1sh merged commit 48d7533 into kubernetes-sigs:v2_ga Sep 16, 2020
Timothy-Dougherty pushed a commit to adammw/aws-load-balancer-controller that referenced this pull request Nov 9, 2023
@M00nF1sh @Timothy-Dougherty
add reconciler for securityGroup rules (kubernetes-sigs#1421)
b074223 
* add reconciler for securityGroup rules

* add networking manager for targetGroupBindings

* add sg deployer

* fix crd types

* add tags handling for securityGroup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kishorj kishorj kishorj approved these changes

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@M00nF1sh @k8s-ci-robot @kishorj