Setup a second NLB listener when an AWS ACM certificate is used #10157
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rifelpet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
area/api
area/nodeup
approved
rifelpet
force-pushed
the
acm-nlb
branch
2 times, most recently
from
242f0db
to
a0180ee
Compare
k8s-ci-robot
added
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
k8s-ci-robot
added
the
do-not-merge/work-in-progress
rifelpet
force-pushed
the
acm-nlb
branch
3 times, most recently
from
e46d44c
to
dec0763
Compare
rifelpet
force-pushed
the
acm-nlb
branch
4 times, most recently
from
1d24b56
to
1f87260
Compare
k8s-ci-robot
added
size/L
|
/hold for #10156 |
k8s-ci-robot
added
the
do-not-merge/hold
|
/test pull-kops-e2e-k8s-containerd |
| actual.TargetGroups = append(actual.TargetGroups, &TargetGroup{ARN: targetGroupARN}) | ||
|
|
||
| cloud := c.Cloud.(awsup.AWSCloud) | ||
| descResp, err := cloud.ELBV2().DescribeTargetGroups(&elbv2.DescribeTargetGroupsInput{ | ||
| TargetGroupArns: []*string{targetGroupARN}, | ||
| }) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("error querying for NLB listener target groups: %v", err) | ||
| } | ||
| if len(descResp.TargetGroups) != 1 { | ||
| return nil, fmt.Errorf("unexpected DescribeTargetGroups response: %v", descResp) | ||
| } | ||
| actualListener.TargetGroupName = aws.StringValue(descResp.TargetGroups[0].TargetGroupName) |
There was a problem hiding this comment.
Can we compare by ID and avoid listing the TGs? Should be similar to what we do with ASGs and LTs.
I guess we can do this in a future PR as this is working ok for now.
There was a problem hiding this comment.
Not sure I understand, which field would we use with "compare by ID" ? We need a field that can be both provided by the model and something we can look up in Find(). It seems like our only options for that are TargetGroupName or tags.
There was a problem hiding this comment.
I meant that at the time this runs there is also full info on target groups populated in e.TargetGroups, so you can just get the name from there without an extra call to DescribeTargetGroups.
Though this is an optimisation that can be done later.
There was a problem hiding this comment.
If we're removing a listener (and therefore target group), e.TargetGroups won't have the target group being removed so we wont be able to lookup its name from e.TargetGroups. We'd have to DescribeTargetGroups to find it.
Though maybe the value of actualListener.TargetGroupName doesn't actually matter for a listener being deleted? When we add target group deletion support we probably won't be using the listener.TargetGroupName to determine what to delete, instead just use NLBTargetGroupName() to determine all the possible TG names and look for any that exist in AWS that shouldn't and delete them. just thinking out loud here...
There was a problem hiding this comment.
If delete is done by ARN, probably no describing will be needed. I agree that the compare part should check which ones are removed and just delete them.
| func (a OrderTargetGroupsByPort) Less(i, j int) bool { | ||
| if a[i].ARN != nil || a[j].ARN != nil { | ||
| return fi.StringValue(a[i].ARN) < fi.StringValue(a[j].ARN) | ||
| } | ||
| return fi.StringValue(a[i].Name) < fi.StringValue(a[j].Name) | ||
| } | ||
|
|
There was a problem hiding this comment.
Not quite by port. Name should be enough?
There was a problem hiding this comment.
Still curious, why compare both by Name and ARN? Names should be unique.
| @@ -163,12 +163,11 @@ func (e *AutoscalingGroup) Find(c *fi.Context) (*AutoscalingGroup, error) { | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
| actual.TargetGroups = []*TargetGroup{} |
| @@ -370,7 +370,10 @@ func (b *AutoscalingGroupModelBuilder) buildAutoScalingGroupTask(c *fi.ModelBuil | |||
| if !featureflag.Spotinst.Enabled() { | |||
There was a problem hiding this comment.
| if !featureflag.Spotinst.Enabled() { | |
| t.TargetGroups = []*awstasks.TargetGroup{} | |
| if !featureflag.Spotinst.Enabled() { |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
…-upstream-release-1.19 Automated cherry pick of #10157: Add support for multiple NLB listeners and target
This uses commits from #9761 combined with the new NLB support to provision a second NLB listener. It requires converting the
ListenersandTargetGroupsNLB fields to slices in which each listener should forward traffic to the target group of the same list index. I couldn't use a map of port number to TargetGroup because fi/loader.go uses reflection to set values of fields that are Tasks, and map values aren't addressable which resulted in a panic.I also temporarily pulled in the commit from https://github.com/kubernetes/kops/pull/10076/files to run the e2e presubmit job with an ACM cert. Before we merge this I'll remove the commit.
ref: #9756