Support routing directly to pods

BUILDING.md

@@ -18,7 +18,7 @@ $ make clean; make
 ```
 $ docker images | grep -i alb-ingress-controller
 
-quay.io/coreos/alb-ingress-controller   1.0-beta.2         78f356144e33        20 minutes ago      47.4MB
+quay.io/coreos/alb-ingress-controller   1.0-beta.3         78f356144e33        20 minutes ago      47.4MB
 ```
 
 > Version can vary based on what's in the Makefile. If you wish to push to your own repo for testing, you can change the version and repo details in the Makefile then do a `docker push`.

Makefile

@@ -19,7 +19,7 @@
 
 all: container
 
-TAG?=1.0-beta.2
+TAG?=1.0-beta.3
 BUILD=$(shell git log --pretty=format:'%h' -n 1)
 PREFIX?=quay.io/coreos/alb-ingress-controller
 ARCH?=amd64

README.md

@@ -5,7 +5,7 @@
 
 # AWS ALB Ingress Controller
 
-**NOTE:** This controller is in beta state as we attempt to move to our first 1.0 release. The current image version is `1.0-beta.2`. Please file any issues you find and note the version used.
+**NOTE:** This controller is in beta state as we attempt to move to our first 1.0 release. The current image version is `1.0-beta.3`. Please file any issues you find and note the version used.
 
 The AWS ALB Ingress Controller satisfies Kubernetes [ingress resources](https://kubernetes.io/docs/user-guide/ingress) by provisioning [Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html).
 

alb-ingress-controller-helm/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 0.8
+appVersion: 1.0-beta.3
 description: The ALB Ingress Controller satisfies Kubernetes ingress resources by provisioning Application Load Balancers.
 engine: gotpl
 home: https://github.com/kubernetes-sigs/aws-alb-ingress-controller

alb-ingress-controller-helm/README.md

@@ -13,8 +13,9 @@ $ helm registry install quay.io/coreos/alb-ingress-controller-helm
 This chart bootstraps an alb-ingress-controller deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 
 ## Prerequisites
-  - Kubernetes 1.4+ with Beta APIs enabled
-  - [Helm Registry plugin](https://github.com/app-registry/helm-plugin)
+
+- Kubernetes 1.4+ with Beta APIs enabled
+- [Helm Registry plugin](https://github.com/app-registry/helm-plugin)
 
 ## Installing the Chart
 
@@ -42,32 +43,32 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following tables lists the configurable parameters of the alb-ingress-controller chart and their default values.
 
-Parameter | Description | Default
---- | --- | ---
-`awsRegion` | (REQUIRED) AWS region in which this ingress controller will operate | `us-west-1`
-`clusterName` | (REQUIRED) Resources created by the ALB Ingress controller will be prefixed with this string | `k8s`
-`controller.image.repository` | controller container image repository | `quay.io/coreos/alb-ingress-controller`
-`controller.image.tag` | controller container image tag | `0.8`
-`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
-`controller.extraEnv` | map of environment variables to be injected into the controller pod | `{}`
-`controller.nodeSelector` | node labels for controller pod assignment | `{}`
-`controller.tolerations` | controller pod toleration for taints | `{}`
-`controller.podAnnotations` | annotations to be added to controller pod | `{}`
-`controller.resources` | controller pod resource requests & limits | `{}`
-`controller.service.annotations` | annotations to be added to controller service | `{}`
-`defaultBackend.image.repository` | default backend container image repository | `gcr.io/google_containers/defaultbackend`
-`defaultBackend.image.tag` | default backend container image tag | `1.2`
-`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
-`defaultBackend.nodeSelector` | node labels for default backend pod assignment | `{}`
-`defaultBackend.podAnnotations` | annotations to be added to default backend pod | `{}`
-`defaultBackend.replicaCount` | desired number of default backend pods | `1`
-`defaultBackend.resources` | default backend pod resource requests & limits | `{}`
-`defaultBackend.service.annotations` | annotations to be added to default backend service | `{}`
-`rbac.create` | If true, create & use RBAC resources | `true`
-`rbac.serviceAccountName` | ServiceAccount ALB ingress controller will use (ignored if rbac.create=true) | `default`
-`scope.ingressClass` | If provided, the ALB ingress controller will only act on Ingress resources annotated with this class | `alb`
-`scope.singleNamespace` | If true, the ALB ingress controller will only act on Ingress resources in a single namespace | `false` (watch all namespaces)
-`scope.watchNamespace` | If scope.singleNamespace=true, the ALB ingress controller will only act on Ingress resources in this namespace | `""` (namespace of the ALB ingress controller)
+| Parameter                            | Description                                                                                                    | Default                                        |
+| ------------------------------------ | -------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- |
+| `awsRegion`                          | (REQUIRED) AWS region in which this ingress controller will operate                                            | `us-west-1`                                    |
+| `clusterName`                        | (REQUIRED) Resources created by the ALB Ingress controller will be prefixed with this string                   | `k8s`                                          |
+| `controller.image.repository`        | controller container image repository                                                                          | `quay.io/coreos/alb-ingress-controller`        |
+| `controller.image.tag`               | controller container image tag                                                                                 | `1.0-beta.3`                                   |
+| `controller.image.pullPolicy`        | controller container image pull policy                                                                         | `IfNotPresent`                                 |
+| `controller.extraEnv`                | map of environment variables to be injected into the controller pod                                            | `{}`                                           |
+| `controller.nodeSelector`            | node labels for controller pod assignment                                                                      | `{}`                                           |
+| `controller.tolerations`             | controller pod toleration for taints                                                                           | `{}`                                           |
+| `controller.podAnnotations`          | annotations to be added to controller pod                                                                      | `{}`                                           |
+| `controller.resources`               | controller pod resource requests & limits                                                                      | `{}`                                           |
+| `controller.service.annotations`     | annotations to be added to controller service                                                                  | `{}`                                           |
+| `defaultBackend.image.repository`    | default backend container image repository                                                                     | `gcr.io/google_containers/defaultbackend`      |
+| `defaultBackend.image.tag`           | default backend container image tag                                                                            | `1.2`                                          |
+| `defaultBackend.image.pullPolicy`    | default backend container image pull policy                                                                    | `IfNotPresent`                                 |
+| `defaultBackend.nodeSelector`        | node labels for default backend pod assignment                                                                 | `{}`                                           |
+| `defaultBackend.podAnnotations`      | annotations to be added to default backend pod                                                                 | `{}`                                           |
+| `defaultBackend.replicaCount`        | desired number of default backend pods                                                                         | `1`                                            |
+| `defaultBackend.resources`           | default backend pod resource requests & limits                                                                 | `{}`                                           |
+| `defaultBackend.service.annotations` | annotations to be added to default backend service                                                             | `{}`                                           |
+| `rbac.create`                        | If true, create & use RBAC resources                                                                           | `true`                                         |
+| `rbac.serviceAccountName`            | ServiceAccount ALB ingress controller will use (ignored if rbac.create=true)                                   | `default`                                      |
+| `scope.ingressClass`                 | If provided, the ALB ingress controller will only act on Ingress resources annotated with this class           | `alb`                                          |
+| `scope.singleNamespace`              | If true, the ALB ingress controller will only act on Ingress resources in a single namespace                   | `false` (watch all namespaces)                 |
+| `scope.watchNamespace`               | If scope.singleNamespace=true, the ALB ingress controller will only act on Ingress resources in this namespace | `""` (namespace of the ALB ingress controller) |
 
 ```console
 $ helm registry install quay.io/coreos/alb-ingress-controller-helm --name=my-release --set clusterName=mycluster

alb-ingress-controller-helm/values.yaml

@@ -17,7 +17,7 @@ clusterName: k8s
 controller:
   image:
     repository: quay.io/coreos/alb-ingress-controller
-    tag: "1.0-beta.2"
+    tag: "1.0-beta.3"
     pullPolicy: IfNotPresent
 
   extraEnv: {}

docs/ingress-resources.md

@@ -62,6 +62,7 @@ alb.ingress.kubernetes.io/healthcheck-timeout-seconds
 alb.ingress.kubernetes.io/healthy-threshold-count
 alb.ingress.kubernetes.io/unhealthy-threshold-count
 alb.ingress.kubernetes.io/listen-ports
+alb.ingress.kubernetes.io/target-type
 alb.ingress.kubernetes.io/security-groups
 alb.ingress.kubernetes.io/subnets
 alb.ingress.kubernetes.io/success-codes
@@ -96,6 +97,8 @@ Optional annotations are:
 
 - **listen-ports**: Defines the ports the ALB will expose. It defaults to `[{"HTTP": 80}]` unless a certificate ARN is defined, then it is `[{"HTTPS": 443}]`. Uses a format as follows '[{"HTTP":8080,"HTTPS": 443}]'.
 
+- **target-type**: Defines if the EC2 instance ID or the pod IP are used in the managed Target Groups. Defaults to `instance`. Valid options are `instance` and `pod`. With `instance` the Target Group targets are `<ec2 instance id>:<node port>`, for `pod` the targets are `<pod ip>:<pod port>`. When using the pod IP, it will route from all availabilty zones. `pod` is to be used when the pod network is routable and can be reached by the ALB.
+
 - **security-groups**: [Security groups](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) that should be applied to the ALB instance. These can be referenced by security group IDs or the name tag associated with each security group. Example ID values are `sg-723a380a,sg-a6181ede,sg-a5181edd`. Example tag values are `appSG, webSG`. When the annotation is not present, the controller will create a security group with appropriate ports allowing access to `0.0.0.0/0` and attached to the ALB. It will also create a security group for instances that allows all TCP traffic when the source is the security group created for the ALB.
 
 - **subnets**: The subnets where the ALB instance should be deployed. Must include 2 subnets, each in a different [availability zone](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html). These can be referenced by subnet IDs or the name tag associated with the subnet. Example values for subnet IDs are `subnet-a4f0098e,subnet-457ed533,subnet-95c904cd`. Example values for name tags are: `webSubnet,appSubnet`. If subnets are not specified the ALB controller will attempt to detect qualified subnets. This qualification is done by locating subnets that match the following criteria.
@@ -133,6 +136,7 @@ alb.ingress.kubernetes.io/healthcheck-protocol
 alb.ingress.kubernetes.io/healthcheck-timeout-seconds
 alb.ingress.kubernetes.io/healthy-threshold-count
 alb.ingress.kubernetes.io/unhealthy-threshold-count
+alb.ingress.kubernetes.io/target-type
 alb.ingress.kubernetes.io/success-codes
 alb.ingress.kubernetes.io/target-group-attributes
 ```

docs/walkthrough.md

@@ -12,9 +12,9 @@ In this example, you'll
 
 1. Deploy the default-backend service
 
-       ```
-       kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/master/examples/default-backend.yaml
-       ```
+	```
+	kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/master/examples/default-backend.yaml
+	```
 
 1. Download the example alb-ingress-manifest locally.
 

examples/2048/2048-ingress.yaml

@@ -1,21 +1,19 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: "nginx-ingress"
+  name: "2048-ingress"
   namespace: "2048-game"
   annotations:
     kubernetes.io/ingress.class: alb
     alb.ingress.kubernetes.io/scheme: internal
-    alb.ingress.kubernetes.io/subnets: subnet-1234
-    alb.ingress.kubernetes.io/security-groups: sg-1234
+    alb.ingress.kubernetes.io/target-type: pod
   labels:
-    app: 2048-nginx-ingress
+    app: 2048-ingress
 spec:
   rules:
-  - host: 2048.example.com
-    http:
+  - http:
       paths:
       - path: /
         backend:
           serviceName: "service-2048"
-          servicePort: 80
+          servicePort: 80

examples/alb-ingress-controller.yaml

@@ -85,7 +85,7 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
         # Repository location of the ALB Ingress Controller.
-        image: quay.io/coreos/alb-ingress-controller:1.0-beta.2
+        image: quay.io/coreos/alb-ingress-controller:1.0-beta.3
         imagePullPolicy: Always
         name: server
         resources: {}
@@ -94,3 +94,5 @@ spec:
       restartPolicy: Always
       securityContext: {}
       terminationGracePeriodSeconds: 30
+      serviceAccountName: alb-ingress
+      serviceAccount: alb-ingress

pkg/alb/lb/loadbalancer.go

@@ -40,7 +40,7 @@ type NewDesiredLoadBalancerOptions struct {
 	IngressRules          []extensions.IngressRule
 	GetServiceNodePort    func(string, int32) (*int64, error)
 	GetServiceAnnotations func(string, string) (*map[string]string, error)
-	GetNodes              func() util.AWSStringSlice
+	TargetsFunc           func(*string, string, string, *int64) albelbv2.TargetDescriptions
 }
 
 // NewDesiredLoadBalancer returns a new loadbalancer.LoadBalancer based on the opts provided.
@@ -125,7 +125,7 @@ func NewDesiredLoadBalancer(o *NewDesiredLoadBalancerOptions) (newLoadBalancer *
 		GetServiceNodePort:    o.GetServiceNodePort,
 		GetServiceAnnotations: o.GetServiceAnnotations,
 		AnnotationFactory:     o.AnnotationFactory,
-		GetNodes:              o.GetNodes,
+		TargetsFunc:           o.TargetsFunc,
 	})
 
 	if err != nil {
@@ -176,15 +176,6 @@ type NewCurrentLoadBalancerOptions struct {
 
 // NewCurrentLoadBalancer returns a new loadbalancer.LoadBalancer based on an elbv2.LoadBalancer.
 func NewCurrentLoadBalancer(o *NewCurrentLoadBalancerOptions) (newLoadBalancer *LoadBalancer, err error) {
-	lbTags := o.ResourceTags.LoadBalancers[*o.LoadBalancer.LoadBalancerArn]
-
-	namespace, ingressName, err := tagsFromLB(lbTags)
-	if err != nil {
-		return nil, fmt.Errorf("The LoadBalancer %s does not have the proper tags, can't import: %s", *o.LoadBalancer.LoadBalancerName, err.Error())
-	}
-
-	name := createLBName(namespace, ingressName, o.ALBNamePrefix)
-
 	attrs, err := albelbv2.ELBV2svc.DescribeLoadBalancerAttributesFiltered(o.LoadBalancer.LoadBalancerArn)
 	if err != nil {
 		return newLoadBalancer, fmt.Errorf("Failed to retrieve attributes from ELBV2 in AWS. Error: %s", err.Error())
@@ -239,8 +230,8 @@ func NewCurrentLoadBalancer(o *NewCurrentLoadBalancerOptions) (newLoadBalancer *
 	}
 
 	newLoadBalancer = &LoadBalancer{
-		id:         name,
-		tags:       tags{current: lbTags},
+		id:         *o.LoadBalancer.LoadBalancerName,
+		tags:       tags{current: o.ResourceTags.LoadBalancers[*o.LoadBalancer.LoadBalancerArn]},
 		lb:         lb{current: o.LoadBalancer},
 		logger:     o.Logger,
 		attributes: attributes{current: attrs},
@@ -335,6 +326,7 @@ func (l *LoadBalancer) Reconcile(rOpts *ReconcileOptions) []error {
 		IgnoreDeletes:     true,
 	}
 
+	// Creates target groups
 	tgs, err := l.targetgroups.Reconcile(tgsOpts)
 	if err != nil {
 		errors = append(errors, err)
@@ -353,12 +345,13 @@ func (l *LoadBalancer) Reconcile(rOpts *ReconcileOptions) []error {
 		l.listeners = ltnrs
 	}
 
-	// Decide: Is this still needed?
+	// Does not consider TG used for listener default action
 	for _, listener := range l.listeners {
 		unusedTGs := listener.GetRules().FindUnusedTGs(l.targetgroups)
 		unusedTGs.StripDesiredState()
 	}
 
+	// removes target groups
 	tgsOpts.IgnoreDeletes = false
 	tgs, err = l.targetgroups.Reconcile(tgsOpts)
 	if err != nil {