Skip to content

Add support for ALB IPv6 target groups #2284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 19, 2021
Merged

Add support for ALB IPv6 target groups #2284

merged 5 commits into from
Oct 19, 2021

Conversation

kishorj
Copy link
Collaborator

@kishorj kishorj commented Oct 11, 2021
edited
Loading

Issue

Description

Support IPv6 ALB target groups with the following prerequisites:

  • k8s cluster ipv6 configuration
  • Amazon VPC CNI plugin with IPv6 prefix delegation support
  • ALB target group target type IP
  • dualstack ALB

Targetgroupbinding CRD

Sample TargetGroupBinding spec with the IP address type

apiVersion: elbv2.k8s.aws/v1beta1
kind: TargetGroupBinding
metadata:
  name: my-tgb
spec:
  serviceRef:
    name: awesome-service # route traffic to the awesome-service
    port: 80
  targetGroupARN: <arn-to-targetGroup>
  ipAddressType: ipv6

spec.ipAddressType
ipAddressType is an optional setting.

  • Default to the IP address type of the target group resource
  • Validating Webhook ensures IP Address matches the type set on the AWS target group resource
  • Field is immutable, enforced via validating webhook
  • For controller-created targetgroup bindings, controller chooses the type based on service spec

Load balancer configuration

IPv6 target groups are supported for dual stack load balancers. For ALB, dual-stack support can be configured via the following ingress annotation

alb.ingress.kubernetes.io/ip-address-type: dualstack

For NLB, dual-stack support is configured via the following annotation

service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack

Service spec

For the auto-created target group bindings, the target group protocol is determined based on the service spec. The service spec.ipFamilyPolicy determines which IP protocol family to allow on the service configuration

  • SingleStack service can either be IPv6 or IPv4. This is the policy that will be supported in the initial phase.
  • PreferDualStack, configure IPv4 or IPv6 target groups based on configuration. [out of scope]
  • RequireDualStack, configure both IPv4 and IPv6 target groups. [out of scope]

The immutable spec.ipFamilies field is used to specify which IP family to use for single-stack or the order of IP families for dual-stack.

  • ["IPv4"]
  • ["IPv6"]
  • ["IPv4","IPv6"] (dual stack) [out-of-scope]
  • ["IPv6","IPv4"] (dual stack) [out-of-scope]

Listener rules

Listener rules forward traffic to either IPv4 target or IPv6 target based on the service configuration. Support for dual stack is currently out-of scope for this feature.

Limitations

  • IPv6 TG support is currently limited to ALB target group of type IP.
  • Dual stack support is out of scope for the initial release
  • Security group per pods (SGPP) feature will not work with IPv6 addresses

Future Enhancements

Dual stack services will be supported once VPC CNI is able to setup dual-stack pods.

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the docs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 11, 2021
@k8s-ci-robot k8s-ci-robot requested a review from M00nF1sh October 11, 2021 20:00
@kishorj kishorj added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Oct 11, 2021
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 12, 2021
@kishorj kishorj force-pushed the alb-ipv6-target branch 2 times, most recently from 033b0e5 to 94edb31 Compare October 13, 2021 22:32
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 13, 2021
@kishorj kishorj marked this pull request as ready for review October 13, 2021 22:44
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 13, 2021
@codecov-commenter
Copy link

codecov-commenter commented Oct 15, 2021
edited
Loading

Codecov Report

Merging #2284 (a141d98) into main (e8ab832) will increase coverage by 0.83%.
The diff coverage is 81.11%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2284      +/-   ##
==========================================
+ Coverage   53.38%   54.22%   +0.83%     
==========================================
  Files         136      136              
  Lines        7584     7716     +132     
==========================================
+ Hits         4049     4184     +135     
+ Misses       3219     3214       -5     
- Partials      316      318       +2
Impacted Files Coverage Δ
pkg/deploy/elbv2/target_group_binding_manager.go 0.00% <0.00%> (ø)
pkg/deploy/elbv2/target_group_manager.go 46.37% <0.00%> (-0.69%) ⬇️
pkg/model/elbv2/target_group.go 0.00% <ø> (ø)
pkg/model/elbv2/target_group_binding.go 0.00% <ø> (ø)
webhooks/elbv2/targetgroupbinding_validator.go 75.00% <64.86%> (-4.60%) ⬇️
webhooks/elbv2/targetgroupbinding_mutator.go 72.88% <75.00%> (+2.29%) ⬆️
pkg/networking/pod_eni_info_resolver.go 93.06% <89.74%> (-1.06%) ⬇️
pkg/ingress/model_build_target_group.go 72.20% <100.00%> (+2.20%) ⬆️
pkg/service/model_build_target_group.go 85.75% <100.00%> (+1.38%) ⬆️
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e8ab832...a141d98. Read the comment docs.

M00nF1sh
M00nF1sh reviewed Oct 16, 2021
View reviewed changes
M00nF1sh
M00nF1sh reviewed Oct 16, 2021
View reviewed changes
M00nF1sh
M00nF1sh reviewed Oct 16, 2021
View reviewed changes
M00nF1sh
M00nF1sh approved these changes Oct 18, 2021
View reviewed changes
Copy link
Collaborator

@M00nF1sh M00nF1sh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 18, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kishorj, M00nF1sh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kishorj
Copy link
Collaborator Author

kishorj commented Oct 18, 2021

/retest

1 similar comment
@kishorj
Copy link
Collaborator Author

kishorj commented Oct 18, 2021

/retest

@k8s-ci-robot k8s-ci-robot merged commit ec34185 into kubernetes-sigs:main Oct 19, 2021
@kishorj kishorj deleted the alb-ipv6-target branch October 26, 2021 17:17
@nicoaws
Copy link

nicoaws commented Dec 29, 2022

Is this reflected in the docs?

Timothy-Dougherty pushed a commit to adammw/aws-load-balancer-controller that referenced this pull request Nov 9, 2023
@kishorj @Timothy-Dougherty
Add support for ALB IPv6 target groups (kubernetes-sigs#2284)
dff664e 
* Add support for ALB IPv6 target groups

* Update CRDs

* resolve VPC ENI for pods with IPv6 addresses

* fix formatting

* refactor based on PR comments
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@M00nF1sh M00nF1sh M00nF1sh approved these changes

Assignees

@M00nF1sh M00nF1sh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kishorj @k8s-ci-robot @codecov-commenter @nicoaws @M00nF1sh