Add code for filtering target group & load balancers by VPC ID

[Shreya027]

Issue

#1566

Description

Added Filtering of Target Group and Load Balancer by VPC ID.

Checklist

• Reproduced issue
• Implemented code
• Added unit tests
• Carried out manual tests

Issue Description: The conditions that led to the error involved dangling TargetGroup that was created for an old (deleted) cluster but was left uncleaned up. In such a scenario, if a user created a new cluster (in a new VPC) and deployed alb resources to the cluster, there is a possibility that the alb controller will reuse to old TargetGroup if the tag values for previous TargetGroup matches. In case of the customer issue, the cluster was deleted but the TargetGroup was not cleaned up by the user. So when the user tried to created a new cluster (in a new VPC with same cluster-name), it found the old TargetGroup and tried re-using it.

Solution: The code fixes this behavior by filtering TargetGroup and Load Balancers by vpc-id. However, customers are responsible for deleting Ingresses before deleting the cluster (so target groups and load balancers can be cleaned up properly).

Log on Issue Reproduction: (shows status: 404 )

{"level":"info","ts":1627076759.10457,"logger":"controllers.ingress","msg":"successfully built model","model":"{\"id\":\"game-2048/ingress-2048\",\"resources\":{\"AWS::EC2::SecurityGroup\":{\"ManagedLBSecurityGroup\":{\"spec\":{\"groupName\":\"k8s-game2048-ingress2-f1f400dac5\",\"description\":\"[k8s] Managed SecurityGroup for LoadBalancer\",\"ingress\":[{\"ipProtocol\":\"tcp\",\"fromPort\":80,\"toPort\":80,\"ipRanges\":[{\"cidrIP\":\"0.0.0.0/0\"}]}]}}},\"AWS::ElasticLoadBalancingV2::Listener\":{\"80\":{\"spec\":{\"loadBalancerARN\":{\"$ref\":\"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN\"},\"port\":80,\"protocol\":\"HTTP\",\"defaultActions\":[{\"type\":\"fixed-response\",\"fixedResponseConfig\":{\"contentType\":\"text/plain\",\"statusCode\":\"404\"

Manual Tests:

• I initially built the controller image locally and then pushed it to ECR.
• Next, I deployed the load balancer controller onto the cluster using helm (also attached IAM service account)
• Once the controller pods were in running state, I deployed ingress resouces (using a 2048 game YAML) onto it.
• I checked the logs of the controller pods on deployment using kubectl logs <pod_name> -n <ns_name>
• It showed an error in the log similar to the error reproduced as above and shown below

{"level":"info","ts":1628208589.8923402,"logger":"controllers.ingress","msg":"successfully built model","model":"{\"id\":\"s-game-2048/s-ingress-2048\",\"resources\":{\"AWS::EC2::SecurityGroup\":{\"ManagedLBSecurityGroup\":{\"spec\":{\"groupName\":\"k8s-sgame204-singress-d845ce2c30\",\"description\":\"[k8s] Managed SecurityGroup for LoadBalancer\",\"ingress\":[{\"ipProtocol\":\"tcp\",\"fromPort\":80,\"toPort\":80,\"ipRanges\":[{\"cidrIP\":\"0.0.0.0/0\"}]}]}}},\"AWS::ElasticLoadBalancingV2::Listener\":{\"80\":{\"spec\":{\"loadBalancerARN\":{\"$ref\":\"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN\"},\"port\":80,\"protocol\":\"HTTP\",\"defaultActions\":[{\"type\":\"fixed-response\",\"fixedResponseConfig\":{\"contentType\":\"text/plain\",\"statusCode\":\"404\"}}]}}},

• Next, I updated the load balancer controller image using kubectl set image deployment/aws-load-balancer-controller aws-load-balancer-controller=$IMAGE -n <ns_name> where IMAGE name was exported to be same as the image pushed to ECR.
• After the deployment image was updated, I checked the new logs of the controller pods on deployment using kubectl logs <pod_name> -n <ns_name>. It did not have any error logs as above.
• Also, I verified that the alb controller pods had the correct image pushed by me to ECR using kubectl describe <alb_pod_name> -n <ns_name>

[k8s-ci-robot]

Welcome @Shreya027!

It looks like this is your first PR to kubernetes-sigs/aws-load-balancer-controller 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/aws-load-balancer-controller has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @Shreya027. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov-commenter]

Codecov Report

Merging #2157 (432edbd) into main (c5af90f) will increase coverage by 0.29%.
The diff coverage is 80.00%.

@@            Coverage Diff             @@
##             main    #2157      +/-   ##
==========================================
+ Coverage   52.04%   52.34%   +0.29%     
==========================================
  Files         132      132              
  Lines        7130     7189      +59     
==========================================
+ Hits         3711     3763      +52     
- Misses       3131     3137       +6     
- Partials      288      289       +1     

Impacted Files	Coverage Δ
pkg/deploy/stack_deployer.go	0.00% <0.00%> (ø)
pkg/deploy/elbv2/tagging_manager.go	61.63% <84.21%> (+0.59%)	⬆️
pkg/service/model_build_load_balancer.go	83.17% <0.00%> (-1.22%)	⬇️
pkg/networking/pod_eni_info_resolver.go	94.11% <0.00%> (-0.06%)	⬇️
pkg/k8s/node_utils.go	100.00% <0.00%> (ø)
pkg/ingress/model_build_load_balancer.go	51.08% <0.00%> (+0.21%)	⬆️
pkg/networking/subnet_resolver.go	92.52% <0.00%> (+0.36%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c5af90f...432edbd. Read the comment docs.

[kishorj]

could you describe the manual tests you ran to verify the changes? Also explain more about why this change is needed in the PR description.

[kishorj]

test has the same name as the one from line 817. it is helpful to use more descriptive names.

[kishorj]

same name the test from line 443.

[kishorj]

/ok-to-test

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kishorj, Shreya027

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [kishorj]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kishorj]

/lgtm