forked from kubernetes-sigs/aws-load-balancer-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
stack_deployer.go
124 lines (111 loc) · 6.64 KB
/
stack_deployer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package deploy
import (
"context"
"github.com/go-logr/logr"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/aws"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/config"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/deploy/ec2"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/deploy/elbv2"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/deploy/shield"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/deploy/tracking"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/deploy/wafregional"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/deploy/wafv2"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/model/core"
"github.com/sonal-chauhan/aws-load-balancer-controller/pkg/networking"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// StackDeployer will deploy a resource stack into AWS and K8S.
type StackDeployer interface {
// Deploy a resource stack.
Deploy(ctx context.Context, stack core.Stack) error
}
// NewDefaultStackDeployer constructs new defaultStackDeployer.
func NewDefaultStackDeployer(cloud aws.Cloud, k8sClient client.Client,
networkingSGManager networking.SecurityGroupManager, networkingSGReconciler networking.SecurityGroupReconciler,
config config.ControllerConfig, tagPrefix string, logger logr.Logger) *defaultStackDeployer {
trackingProvider := tracking.NewDefaultProvider(tagPrefix, config.ClusterName)
ec2TaggingManager := ec2.NewDefaultTaggingManager(cloud.EC2(), networkingSGManager, cloud.VpcID(), logger)
elbv2TaggingManager := elbv2.NewDefaultTaggingManager(cloud.ELBV2(), cloud.VpcID(), config.FeatureGates, cloud.RGT(), logger)
return &defaultStackDeployer{
cloud: cloud,
k8sClient: k8sClient,
addonsConfig: config.AddonsConfig,
trackingProvider: trackingProvider,
ec2TaggingManager: ec2TaggingManager,
ec2SGManager: ec2.NewDefaultSecurityGroupManager(cloud.EC2(), trackingProvider, ec2TaggingManager, networkingSGReconciler, cloud.VpcID(), config.ExternalManagedTags, logger),
elbv2TaggingManager: elbv2TaggingManager,
elbv2LBManager: elbv2.NewDefaultLoadBalancerManager(cloud.ELBV2(), trackingProvider, elbv2TaggingManager, config.ExternalManagedTags, logger),
elbv2LSManager: elbv2.NewDefaultListenerManager(cloud.ELBV2(), trackingProvider, elbv2TaggingManager, config.ExternalManagedTags, config.FeatureGates, logger),
elbv2LRManager: elbv2.NewDefaultListenerRuleManager(cloud.ELBV2(), trackingProvider, elbv2TaggingManager, config.ExternalManagedTags, config.FeatureGates, logger),
elbv2TGManager: elbv2.NewDefaultTargetGroupManager(cloud.ELBV2(), trackingProvider, elbv2TaggingManager, cloud.VpcID(), config.ExternalManagedTags, logger),
elbv2TGBManager: elbv2.NewDefaultTargetGroupBindingManager(k8sClient, trackingProvider, logger),
wafv2WebACLAssociationManager: wafv2.NewDefaultWebACLAssociationManager(cloud.WAFv2(), logger),
wafRegionalWebACLAssociationManager: wafregional.NewDefaultWebACLAssociationManager(cloud.WAFRegional(), logger),
shieldProtectionManager: shield.NewDefaultProtectionManager(cloud.Shield(), logger),
featureGates: config.FeatureGates,
vpcID: cloud.VpcID(),
logger: logger,
}
}
var _ StackDeployer = &defaultStackDeployer{}
// defaultStackDeployer is the default implementation for StackDeployer
type defaultStackDeployer struct {
cloud aws.Cloud
k8sClient client.Client
addonsConfig config.AddonsConfig
trackingProvider tracking.Provider
ec2TaggingManager ec2.TaggingManager
ec2SGManager ec2.SecurityGroupManager
elbv2TaggingManager elbv2.TaggingManager
elbv2LBManager elbv2.LoadBalancerManager
elbv2LSManager elbv2.ListenerManager
elbv2LRManager elbv2.ListenerRuleManager
elbv2TGManager elbv2.TargetGroupManager
elbv2TGBManager elbv2.TargetGroupBindingManager
wafv2WebACLAssociationManager wafv2.WebACLAssociationManager
wafRegionalWebACLAssociationManager wafregional.WebACLAssociationManager
shieldProtectionManager shield.ProtectionManager
featureGates config.FeatureGates
vpcID string
logger logr.Logger
}
type ResourceSynthesizer interface {
Synthesize(ctx context.Context) error
PostSynthesize(ctx context.Context) error
}
// Deploy a resource stack.
func (d *defaultStackDeployer) Deploy(ctx context.Context, stack core.Stack) error {
synthesizers := []ResourceSynthesizer{
ec2.NewSecurityGroupSynthesizer(d.cloud.EC2(), d.trackingProvider, d.ec2TaggingManager, d.ec2SGManager, d.vpcID, d.logger, stack),
elbv2.NewTargetGroupSynthesizer(d.cloud.ELBV2(), d.trackingProvider, d.elbv2TaggingManager, d.elbv2TGManager, d.logger, d.featureGates, stack),
elbv2.NewLoadBalancerSynthesizer(d.cloud.ELBV2(), d.trackingProvider, d.elbv2TaggingManager, d.elbv2LBManager, d.logger, stack),
elbv2.NewListenerSynthesizer(d.cloud.ELBV2(), d.elbv2TaggingManager, d.elbv2LSManager, d.logger, stack),
elbv2.NewListenerRuleSynthesizer(d.cloud.ELBV2(), d.elbv2TaggingManager, d.elbv2LRManager, d.logger, stack),
elbv2.NewTargetGroupBindingSynthesizer(d.k8sClient, d.trackingProvider, d.elbv2TGBManager, d.logger, stack),
}
if d.addonsConfig.WAFV2Enabled {
synthesizers = append(synthesizers, wafv2.NewWebACLAssociationSynthesizer(d.wafv2WebACLAssociationManager, d.logger, stack))
}
if d.addonsConfig.WAFEnabled && d.cloud.WAFRegional().Available() {
synthesizers = append(synthesizers, wafregional.NewWebACLAssociationSynthesizer(d.wafRegionalWebACLAssociationManager, d.logger, stack))
}
if d.addonsConfig.ShieldEnabled {
shieldSubscribed, err := d.shieldProtectionManager.IsSubscribed(ctx)
if err != nil {
d.logger.Error(err, "unable to determine AWS Shield subscription state, skipping AWS shield reconciliation")
} else if shieldSubscribed {
synthesizers = append(synthesizers, shield.NewProtectionSynthesizer(d.shieldProtectionManager, d.logger, stack))
}
}
for _, synthesizer := range synthesizers {
if err := synthesizer.Synthesize(ctx); err != nil {
return err
}
}
for i := len(synthesizers) - 1; i >= 0; i-- {
if err := synthesizers[i].PostSynthesize(ctx); err != nil {
return err
}
}
return nil
}