add load balancer attributes support for IngressClassParams

apis/elbv2/v1beta1/ingressclassparams_types.go

@@ -56,6 +56,15 @@ type Tag struct {
 	Value string `json:"value"`
 }
 
+// Attributes defines custom attributes on resources.
+type Attribute struct {
+	// The key of the attribute.
+	Key string `json:"key"`
+
+	// The value of the attribute.
+	Value string `json:"value"`
+}
+
 // IngressClassParamsSpec defines the desired state of IngressClassParams
 type IngressClassParamsSpec struct {
 	// NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.
@@ -77,6 +86,10 @@ type IngressClassParamsSpec struct {
 
 	// Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams.
 	Tags []Tag `json:"tags,omitempty"`
+
+	// LoadBalancerAttributes define the custom attributes to LoadBalancers for all Ingress that that belong to IngressClass with this IngressClassParams.
+	// +optional
+	LoadBalancerAttributes []Attribute `json:"loadBalancerAttributes,omitempty"`
 }
 
 // +kubebuilder:object:root=true

config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml

@@ -63,6 +63,22 @@ spec:
                 - ipv4
                 - dualstack
                 type: string
+              loadBalancerAttributes:
+                description: LoadBalancerAttributes define the custom attributes to LoadBalancers for all Ingress that that belong to IngressClass with this IngressClassParams.
+                items:
+                  description: Attributes defines custom attributes on resources.
+                  properties:
+                    key:
+                      description: The key of the attribute.
+                      type: string
+                    value:
+                      description: The value of the attribute.
+                      type: string
+                  required:
+                  - key
+                  - value
+                  type: object
+                type: array
               namespaceSelector:
                 description: NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams. * if absent or present but empty, it selects all namespaces.
                 properties:

pkg/deploy/elbv2/load_balancer_synthesizer.go

@@ -63,7 +63,7 @@ func (s *loadBalancerSynthesizer) Synthesize(ctx context.Context) error {
 	for _, sdkLB := range unmatchedSDKLBs {
 		if err := s.lbManager.Delete(ctx, sdkLB); err != nil {
 			errMessage := err.Error()
-			if strings.Contains(errMessage,"OperationNotPermitted") && strings.Contains(errMessage, "deletion protection") {
+			if strings.Contains(errMessage, "OperationNotPermitted") && strings.Contains(errMessage, "deletion protection") {
 				s.disableDeletionProtection(sdkLB.LoadBalancer)
 				if err = s.lbManager.Delete(ctx, sdkLB); err != nil {
 					return err

pkg/ingress/model_build_load_balancer.go

@@ -24,7 +24,7 @@ import (
 )
 
 const (
-	resourceIDLoadBalancer = "LoadBalancer"
+	resourceIDLoadBalancer         = "LoadBalancer"
 	minimalAvailableIPAddressCount = int64(8)
 )
 
@@ -297,21 +297,12 @@ func (t *defaultModelBuildTask) buildLoadBalancerCOIPv4Pool(_ context.Context) (
 }
 
 func (t *defaultModelBuildTask) buildLoadBalancerAttributes(_ context.Context) ([]elbv2model.LoadBalancerAttribute, error) {
-	mergedAttributes := make(map[string]string)
-	for _, member := range t.ingGroup.Members {
-		var rawAttributes map[string]string
-		if _, err := t.annotationParser.ParseStringMapAnnotation(annotations.IngressSuffixLoadBalancerAttributes, &rawAttributes, member.Ing.Annotations); err != nil {
-			return nil, err
-		}
-		for attrKey, attrValue := range rawAttributes {
-			if existingAttrValue, exists := mergedAttributes[attrKey]; exists && existingAttrValue != attrValue {
-				return nil, errors.Errorf("conflicting loadBalancerAttribute %v: %v | %v", attrKey, existingAttrValue, attrValue)
-			}
-			mergedAttributes[attrKey] = attrValue
-		}
+	ingGroupAttributes, err := t.buildIngressGroupLoadBalancerAttributes(t.ingGroup.Members)
+	if err != nil {
+		return nil, err
 	}
-	attributes := make([]elbv2model.LoadBalancerAttribute, 0, len(mergedAttributes))
-	for attrKey, attrValue := range mergedAttributes {
+	attributes := make([]elbv2model.LoadBalancerAttribute, 0, len(ingGroupAttributes))
+	for attrKey, attrValue := range ingGroupAttributes {
 		attributes = append(attributes, elbv2model.LoadBalancerAttribute{
 			Key:   attrKey,
 			Value: attrValue,

pkg/ingress/model_build_load_balancer_attributes.go

@@ -0,0 +1,56 @@
+package ingress
+
+import (
+	"github.com/pkg/errors"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/algorithm"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+)
+
+// buildIngressGroupLoadBalancerAttributes builds the LB attributes for a group of Ingresses.
+func (t *defaultModelBuildTask) buildIngressGroupLoadBalancerAttributes(ingList []ClassifiedIngress) (map[string]string, error) {
+	ingGroupAttributes := make(map[string]string)
+	for _, ing := range ingList {
+		ingAttributes, err := t.buildIngressLoadBalancerAttributes(ing)
+		if err != nil {
+			return nil, err
+		}
+		// check for conflict attribute values
+		for attrKey, attrValue := range ingAttributes {
+			existingAttrValue, exists := ingGroupAttributes[attrKey]
+			if exists && existingAttrValue != attrValue {
+				return nil, errors.Errorf("conflicting attributes %v: %v | %v", attrKey, existingAttrValue, attrValue)
+			}
+			ingGroupAttributes[attrKey] = attrValue
+		}
+	}
+	if len(ingList) > 0 {
+		ingClassAttributes, err := t.buildIngressClassLoadBalancerAttributes(ingList[0].IngClassConfig)
+		if err != nil {
+			return nil, err
+		}
+		return algorithm.MergeStringMap(ingClassAttributes, ingGroupAttributes), nil
+	}
+	return ingGroupAttributes, nil
+}
+
+// buildIngressLoadBalancerAttributes builds the LB attributes used for a single Ingress
+// Note: the Attributes specified via IngressClass takes higher priority than the attributes specified via annotation on Ingress or Service.
+func (t *defaultModelBuildTask) buildIngressLoadBalancerAttributes(ing ClassifiedIngress) (map[string]string, error) {
+	var annotationAttributes map[string]string
+	if _, err := t.annotationParser.ParseStringMapAnnotation(annotations.IngressSuffixLoadBalancerAttributes, &annotationAttributes, ing.Ing.Annotations); err != nil {
+		return nil, err
+	}
+	return annotationAttributes, nil
+}
+
+// buildIngressClassLoadBalancerAttributes builds the LB attributes for an IngressClass.
+func (t *defaultModelBuildTask) buildIngressClassLoadBalancerAttributes(ingClassConfig ClassConfiguration) (map[string]string, error) {
+	if ingClassConfig.IngClassParams == nil || len(ingClassConfig.IngClassParams.Spec.LoadBalancerAttributes) == 0 {
+		return nil, nil
+	}
+	ingClassAttributes := make(map[string]string, len(ingClassConfig.IngClassParams.Spec.LoadBalancerAttributes))
+	for _, attr := range ingClassConfig.IngClassParams.Spec.LoadBalancerAttributes {
+		ingClassAttributes[attr.Key] = attr.Value
+	}
+	return ingClassAttributes, nil
+}