Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

finalize user-facing elements(finalizer/tagging/labeling) #1469

Merged
merged 3 commits into from
Oct 8, 2020
Merged

finalize user-facing elements(finalizer/tagging/labeling) #1469

merged 3 commits into from
Oct 8, 2020

Conversation

M00nF1sh
Copy link
Collaborator

@M00nF1sh M00nF1sh commented Oct 7, 2020
edited

finalize all user-facing elements, details below:

AWS

For AWS resources created by this controller, the tagging strategy is as follows:

  • elbv2.k8s.aws/cluster: cluster-name will be applied on all AWS resources.
  • ingress.k8s.aws/stack: stack-id will be applied on all AWS resources provisioned for Ingress resources:
    • For explicit IngressGroup, stack-id will be groupName
    • For implicit IngressGroup, stack-id will be namespace/ingressName
  • ingress.k8s.aws/resource: resource-id will be applied on all AWS resources provisioned for Ingress resources:
    • For LoadBalancer, resource-id will be LoadBalancer
    • For Managed LB SecurityGroup, resource-id will be ManagedLBSecurityGroup
    • For TargetGroup, resource-id will be namespace/ingressName-serviceName:servicePort
  • service.k8s.aws/stack: stack-id will be applied on all AWS resources provisioned for Service resources:
    • stack-id will be namespace/serviceName
  • service.k8s.aws/resource: resource-id will be applied on all AWS resources provisioned for Service resources:
    • For LoadBalancer, resource-id will be LoadBalancer
    • For TargetGroup, resource-id will be namespace/serviceName:servicePort

For AWS resources created by this controller, the naming strategy is as follows:

  1. LoadBalancer:
    • For explicit IngressGroup: k8s-%.17s{groupName}-%.10s{hash}
    • For implicit IngressGroup & Service: k8s-%.8s{namespace}%.8s{name}-%.10s{hash}
  2. TargetGroup: k8s-%.8s{namespace}%.8s{name}-%.10s{hash}

K8s

For K8s resources created by this controller, the labelling strategy is as follows:

Note: We break "stack" into "stack-namespace" and "stack-name" for implicit IngressGroup and Service since label value must be within 63 characters.

  • For explicit IngressGroup, the following tags will be applied on all K8s resources:
    • ingress.k8s.aws/stack: groupName
  • For implicit IngressGroup, the following tags will be applied on all K8s resources:
    • ingress.k8s.aws/stack-namespace: namespace
    • ingress.k8s.aws/stack-name: ingressName
  • For Service, the following tags will be applied on all K8s resources:
    • service.k8s.aws/stack-namespace: namespace
    • service.k8s.aws/stack-name: serviceName

For K8s resources, the following finalizers are used:

  • For Ingresses within explicit IngressGroup: group.ingress.k8s.aws/groupName
  • For Ingresses don't belong to explicit IngressGroup: ingress.k8s.aws/resources
  • For Services: service.k8s.aws/resources
  • For TargetGroupBindings: elbv2.k8s.aws/resources

For pods behind targetGroupBindings with IP targetType, the following readinessGate will be injected:

  • target-health.elbv2.k8s.aws/targetGroupBindingName

additional changes:

  1. support Tag on creation for TargetGroups.
  2. preserve old tags on AWS resources provisioned by AWSALBLoadBalancerController(v1.1.3+), so that downgrade is support.
  3. normalize the namespace/name used in resource names. so that targetGroup won't be named like "k8s-xxxx--dde"(two continuous '-' within name).
  4. standard all naming generation for resources created for Ingress and Service, especially:
    1. the LoadBalancer name of both ALB/NLB follows the same k8s-.8{namespace}-.8{name}-.10{hash} pattern. For IngressGroups, the name can be k8s-.17{groupName}-.10{hash}
    2. the TargetGroups are now named following similar pattern across ALB/NLB.
  5. the resourceID of LoadBalancer for NLB stack is changed to LoadBalancer
  6. use shared k8s.finalizerManager to handle finalizer logic for IngressGroup
  7. abstract a TaggingManager for EC2 Tagging operations.
  8. various code style corrections

Test done:

  1. create Ingress -> delete Ingress (success)
  2. create IngressGroup -> delete IngressGroup (success)
  3. create Ingress with long name in long namespace -> delete Ingress (success)
  4. create Ingress with old controller -> disable old controller -> run new controller -> verify resource state
    -> disable new controller -> delete TargetGroupBindings -> run old controller -> verify resource state (success)

Fixes #1463

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Oct 7, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: M00nF1sh
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@M00nF1sh M00nF1sh merged commit 800f50f into kubernetes-sigs:v2_ga Oct 8, 2020
Timothy-Dougherty pushed a commit to adammw/aws-load-balancer-controller that referenced this pull request Nov 9, 2023
@M00nF1sh @Timothy-Dougherty
finalize user-facing elements(finalizer/tagging/labeling) (kubernetes…
f8587ad 
…-sigs#1469)

* finalize user-facing elements

* update and generate mocks

* use sha256 for hashes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kishorj kishorj kishorj approved these changes

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@M00nF1sh @k8s-ci-robot @kishorj