From 8e6f9dce328531c85ca5e61c2a5428d550479b5d Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Tue, 15 Apr 2025 14:27:16 -0700 Subject: [PATCH 1/8] [gw api] tg creation --- .../v1beta1/loadbalancerconfig_types.go | 5 ++ .../v1beta1/targetgroupconfig_types.go | 12 +-- pkg/gateway/model/base_model_builder.go | 2 + pkg/gateway/model/model_build_target_group.go | 85 ++++++++++--------- 4 files changed, 56 insertions(+), 48 deletions(-) diff --git a/apis/gateway/v1beta1/loadbalancerconfig_types.go b/apis/gateway/v1beta1/loadbalancerconfig_types.go index c9a3e164a5..8435bd9772 100644 --- a/apis/gateway/v1beta1/loadbalancerconfig_types.go +++ b/apis/gateway/v1beta1/loadbalancerconfig_types.go @@ -243,6 +243,11 @@ type LoadBalancerConfigurationSpec struct { // when you specify securityGroups // +optional ManageBackendSecurityGroupRules bool `json:"manageBackendSecurityGroupRules,omitempty"` + + // EnableMultiCluster [Application / Network LoadBalancer] + // All TargetGroupBindings attached to this Load Balancer will have multi cluster support enabled. + // +optional + EnableMultiCluster bool `json:"enableMultiCluster,omitempty"` } // TODO -- these can be used to set what generation the gateway is currently on to track progress on reconcile. diff --git a/apis/gateway/v1beta1/targetgroupconfig_types.go b/apis/gateway/v1beta1/targetgroupconfig_types.go index c5fe018f16..8794e6b520 100644 --- a/apis/gateway/v1beta1/targetgroupconfig_types.go +++ b/apis/gateway/v1beta1/targetgroupconfig_types.go @@ -112,9 +112,9 @@ const ( type TargetGroupHealthCheckProtocol string const ( - TargetGroupHealthCheckProtocolHTTP TargetGroupHealthCheckProtocol = "http" - TargetGroupHealthCheckProtocolHTTPS TargetGroupHealthCheckProtocol = "https" - TargetGroupHealthCheckProtocolTCP TargetGroupHealthCheckProtocol = "tcp" + TargetGroupHealthCheckProtocolHTTP TargetGroupHealthCheckProtocol = "HTTP" + TargetGroupHealthCheckProtocolHTTPS TargetGroupHealthCheckProtocol = "HTTPS" + TargetGroupHealthCheckProtocolTCP TargetGroupHealthCheckProtocol = "TCP" ) // +kubebuilder:validation:Enum=HTTP;HTTPS;TCP;TLS;UDP;TCP_UDP @@ -133,9 +133,9 @@ const ( type ProtocolVersion string const ( - ProtocolVersionHTTP1 ProtocolVersion = "http1" - ProtocolVersionHTTP2 ProtocolVersion = "http2" - ProtocolVersionGRPC ProtocolVersion = "grpc" + ProtocolVersionHTTP1 ProtocolVersion = "HTTP1" + ProtocolVersionHTTP2 ProtocolVersion = "HTTP2" + ProtocolVersionGRPC ProtocolVersion = "GRPC" ) // +kubebuilder:validation:Enum=none;prefer-route-specific;prefer-default diff --git a/pkg/gateway/model/base_model_builder.go b/pkg/gateway/model/base_model_builder.go index b99d9888ee..cebfeafb0a 100644 --- a/pkg/gateway/model/base_model_builder.go +++ b/pkg/gateway/model/base_model_builder.go @@ -58,6 +58,8 @@ type baseModelBuilder struct { lbBuilder loadBalancerBuilder logger logr.Logger + tgByResID map[string]*elbv2model.TargetGroup + subnetBuilder subnetModelBuilder securityGroupBuilder securityGroupBuilder tgBuilder targetGroupBuilder diff --git a/pkg/gateway/model/model_build_target_group.go b/pkg/gateway/model/model_build_target_group.go index 0f5baafa4c..2288c32574 100644 --- a/pkg/gateway/model/model_build_target_group.go +++ b/pkg/gateway/model/model_build_target_group.go @@ -89,7 +89,7 @@ func (builder *targetGroupBuilderImpl) buildTargetGroup(tgByResID *map[string]bu return buildTargetGroupOutput{}, err } nodeSelector := builder.buildTargetGroupBindingNodeSelector(targetGroupProps, tgSpec.TargetType) - bindingSpec := builder.buildTargetGroupBindingSpec(lbConfig, targetGroupProps, tgSpec, nodeSelector, backend, backendSGIDToken) + bindingSpec := builder.buildTargetGroupBindingSpec(targetGroupProps, tgSpec, nodeSelector, backend, backendSGIDToken) output := buildTargetGroupOutput{ targetGroupSpec: tgSpec, @@ -109,7 +109,7 @@ func (builder *targetGroupBuilderImpl) getTargetGroupProps(routeDescriptor route return targetGroupProps } -func (builder *targetGroupBuilderImpl) buildTargetGroupBindingSpec(lbConfig *elbv2gw.LoadBalancerConfiguration, tgProps *elbv2gw.TargetGroupProps, tgSpec elbv2model.TargetGroupSpec, nodeSelector *metav1.LabelSelector, backend routeutils.Backend, backendSGIDToken core.StringToken) elbv2model.TargetGroupBindingResourceSpec { +func (builder *targetGroupBuilderImpl) buildTargetGroupBindingSpec(tgProps *elbv2gw.TargetGroupProps, tgSpec elbv2model.TargetGroupSpec, nodeSelector *metav1.LabelSelector, backend routeutils.Backend, backendSGIDToken core.StringToken) elbv2model.TargetGroupBindingResourceSpec { targetType := elbv2api.TargetType(tgSpec.TargetType) targetPort := backend.ServicePort.TargetPort if targetType == elbv2api.TargetTypeInstance { @@ -142,14 +142,14 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupBindingSpec(lbConfig *elb } } -func (builder *targetGroupBuilderImpl) buildTargetGroupBindingNetworking(targetPort intstr.IntOrString, healthCheckPort intstr.IntOrString, port corev1.ServicePort, backendSGIDToken core.StringToken) *elbv2model.TargetGroupBindingNetworking { +func (builder *targetGroupBuilderImpl) buildTargetGroupBindingNetworking(targetPort intstr.IntOrString, healthCheckPort intstr.IntOrString, svcPort corev1.ServicePort, backendSGIDToken core.StringToken) *elbv2model.TargetGroupBindingNetworking { if backendSGIDToken == nil { return nil } protocolTCP := elbv2api.NetworkingProtocolTCP protocolUDP := elbv2api.NetworkingProtocolUDP - udpSupported := port.Protocol == corev1.ProtocolUDP + udpSupported := svcPort.Protocol == corev1.ProtocolUDP if builder.disableRestrictedSGRules { ports := []elbv2api.NetworkingPort{ @@ -183,7 +183,6 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupBindingNetworking(targetP } var networkingPorts []elbv2api.NetworkingPort - var networkingRules []elbv2model.NetworkingIngressRule protocolToUse := &protocolTCP if udpSupported { @@ -209,6 +208,7 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupBindingNetworking(targetP }) } + var networkingRules []elbv2model.NetworkingIngressRule for _, port := range networkingPorts { networkingRules = append(networkingRules, elbv2model.NetworkingIngressRule{ From: []elbv2model.NetworkingPeer{ @@ -232,7 +232,7 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupSpec(gw *gwv1.Gateway, ro if err != nil { return elbv2model.TargetGroupSpec{}, err } - tgProtocolVersion := builder.buildTargetGroupProtocolVersion(targetGroupProps) + tgProtocolVersion := builder.buildTargetGroupProtocolVersion(targetGroupProps, route) healthCheckConfig, err := builder.buildTargetGroupHealthCheckConfig(targetGroupProps, tgProtocol, tgProtocolVersion, targetType, backend) if err != nil { @@ -249,8 +249,7 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupSpec(gw *gwv1.Gateway, ro return elbv2model.TargetGroupSpec{}, err } tgPort := builder.buildTargetGroupPort(targetType, *backend.ServicePort) - // TODO - backend.ServicePort.TargetPort might not be correct. - name := builder.buildTargetGroupName(targetGroupProps, k8s.NamespacedName(gw), route.GetRouteNamespacedName(), k8s.NamespacedName(backend.Service), backend.ServicePort.TargetPort, tgPort, targetType, tgProtocol, tgProtocolVersion) + name := builder.buildTargetGroupName(targetGroupProps, k8s.NamespacedName(gw), route.GetRouteNamespacedName(), k8s.NamespacedName(backend.Service), tgPort, targetType, tgProtocol, tgProtocolVersion) return elbv2model.TargetGroupSpec{ Name: name, TargetType: targetType, @@ -268,7 +267,7 @@ var invalidTargetGroupNamePattern = regexp.MustCompile("[[:^alnum:]]") // buildTargetGroupName will calculate the targetGroup's name. func (builder *targetGroupBuilderImpl) buildTargetGroupName(targetGroupProps *elbv2gw.TargetGroupProps, - gwKey types.NamespacedName, routeKey types.NamespacedName, svcKey types.NamespacedName, port intstr.IntOrString, tgPort int32, + gwKey types.NamespacedName, routeKey types.NamespacedName, svcKey types.NamespacedName, tgPort int32, targetType elbv2model.TargetType, tgProtocol elbv2model.Protocol, tgProtocolVersion *elbv2model.ProtocolVersion) string { if targetGroupProps != nil && targetGroupProps.TargetGroupName != "" { @@ -283,7 +282,6 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupName(targetGroupProps *el _, _ = uuidHash.Write([]byte(routeKey.Name)) _, _ = uuidHash.Write([]byte(svcKey.Namespace)) _, _ = uuidHash.Write([]byte(svcKey.Name)) - _, _ = uuidHash.Write([]byte(port.String())) _, _ = uuidHash.Write([]byte(strconv.Itoa(int(tgPort)))) _, _ = uuidHash.Write([]byte(targetType)) _, _ = uuidHash.Write([]byte(tgProtocol)) @@ -365,10 +363,7 @@ func (builder *targetGroupBuilderImpl) buildL7TargetGroupProtocol(targetGroupPro } func (builder *targetGroupBuilderImpl) buildL4TargetGroupProtocol(targetGroupProps *elbv2gw.TargetGroupProps, route routeutils.RouteDescriptor) (elbv2model.Protocol, error) { - // TODO, auto infer? if targetGroupProps == nil || targetGroupProps.Protocol == nil { - // infer this somehow!? - // use the backend config to get the protocol type. return builder.inferTargetGroupProtocolFromRoute(route), nil } @@ -406,7 +401,12 @@ func (builder *targetGroupBuilderImpl) inferTargetGroupProtocolFromRoute(route r return elbv2model.ProtocolTCP } -func (builder *targetGroupBuilderImpl) buildTargetGroupProtocolVersion(targetGroupProps *elbv2gw.TargetGroupProps) *elbv2model.ProtocolVersion { +var ( + http1 = elbv2model.ProtocolVersionHTTP1 + grpc = elbv2model.ProtocolVersionGRPC +) + +func (builder *targetGroupBuilderImpl) buildTargetGroupProtocolVersion(targetGroupProps *elbv2gw.TargetGroupProps, route routeutils.RouteDescriptor) *elbv2model.ProtocolVersion { // NLB doesn't support protocol version if builder.loadBalancerType == elbv2model.LoadBalancerTypeNetwork { return nil @@ -416,7 +416,11 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupProtocolVersion(targetGro pv := elbv2model.ProtocolVersion(*targetGroupProps.ProtocolVersion) return &pv } - http1 := elbv2model.ProtocolVersionHTTP1 + + if route.GetRouteKind() == routeutils.GRPCRouteKind { + return &grpc + } + return &http1 } @@ -425,13 +429,13 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckConfig(targetG // https://github.com/kubernetes-sigs/gateway-api/issues/451 // Gateway API doesn't have the same ServiceExternalTrafficPolicyLocal support. // TODO - Maybe a TargetGroupConfig attribute to support the same behavior? - healthCheckPort, err := builder.buildTargetGroupHealthCheckPort(targetGroupProps, targetType, backend) + healthCheckPort, err := builder.buildTargetGroupHealthCheckPort(targetGroupProps, targetType, backend.Service) if err != nil { return elbv2model.TargetGroupHealthCheckConfig{}, err } healthCheckProtocol := builder.buildTargetGroupHealthCheckProtocol(targetGroupProps, tgProtocol) healthCheckPath := builder.buildTargetGroupHealthCheckPath(targetGroupProps, tgProtocolVersion, healthCheckProtocol) - healthCheckMatcher := builder.buildTargetGroupHealthCheckMatcher(targetGroupProps, healthCheckProtocol) + healthCheckMatcher := builder.buildTargetGroupHealthCheckMatcher(targetGroupProps, tgProtocolVersion, healthCheckProtocol) healthCheckIntervalSeconds := builder.buildTargetGroupHealthCheckIntervalSeconds(targetGroupProps) healthCheckTimeoutSeconds := builder.buildTargetGroupHealthCheckTimeoutSeconds(targetGroupProps) healthCheckHealthyThresholdCount := builder.buildTargetGroupHealthCheckHealthyThresholdCount(targetGroupProps) @@ -450,8 +454,10 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckConfig(targetG return hcConfig, nil } -func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckPort(targetGroupProps *elbv2gw.TargetGroupProps, targetType elbv2model.TargetType, backend routeutils.Backend) (intstr.IntOrString, error) { - if targetGroupProps == nil || targetGroupProps.HealthCheckConfig == nil || targetGroupProps.HealthCheckConfig.HealthCheckPort == nil || *targetGroupProps.HealthCheckConfig.HealthCheckPort == shared_constants.HealthCheckPortTrafficPort { +func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckPort(targetGroupProps *elbv2gw.TargetGroupProps, targetType elbv2model.TargetType, svc *corev1.Service) (intstr.IntOrString, error) { + + portConfigNotExist := targetGroupProps == nil || targetGroupProps.HealthCheckConfig == nil || targetGroupProps.HealthCheckConfig.HealthCheckPort == nil + if portConfigNotExist || *targetGroupProps.HealthCheckConfig.HealthCheckPort == shared_constants.HealthCheckPortTrafficPort { return intstr.FromString(shared_constants.HealthCheckPortTrafficPort), nil } @@ -459,13 +465,17 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckPort(targetGro if healthCheckPort.Type == intstr.Int { return healthCheckPort, nil } + hcSvcPort, err := k8s.LookupServicePort(svc, healthCheckPort) + if err != nil { + return intstr.FromString(""), err + } - /* TODO - Zac revisit this? */ if targetType == elbv2model.TargetTypeInstance { - return intstr.FromInt(int(backend.ServicePort.NodePort)), nil + return intstr.FromInt(int(hcSvcPort.NodePort)), nil } - if backend.ServicePort.TargetPort.Type == intstr.Int { - return backend.ServicePort.TargetPort, nil + + if hcSvcPort.TargetPort.Type == intstr.Int { + return hcSvcPort.TargetPort, nil } return intstr.IntOrString{}, errors.New("cannot use named healthCheckPort for IP TargetType when service's targetPort is a named port") } @@ -487,7 +497,8 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckProtocol(targe case elbv2gw.TargetGroupHealthCheckProtocolHTTPS: return elbv2model.ProtocolHTTPS default: - return tgProtocol + // This should never happen, the CRD validation takes care of this. + return elbv2model.ProtocolHTTP } } @@ -507,15 +518,17 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckPath(targetGro return &builder.defaultHealthCheckPathHTTP } -func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckMatcher(targetGroupProps *elbv2gw.TargetGroupProps, hcProtocol elbv2model.Protocol) *elbv2model.HealthCheckMatcher { +func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckMatcher(targetGroupProps *elbv2gw.TargetGroupProps, tgProtocolVersion *elbv2model.ProtocolVersion, hcProtocol elbv2model.Protocol) *elbv2model.HealthCheckMatcher { if hcProtocol == elbv2model.ProtocolTCP { return nil } - if targetGroupProps != nil && targetGroupProps.ProtocolVersion != nil && string(*targetGroupProps.ProtocolVersion) == string(elbv2model.ProtocolVersionGRPC) { + useGRPC := tgProtocolVersion != nil && *tgProtocolVersion == elbv2model.ProtocolVersionGRPC + + if useGRPC { matcher := builder.defaultHealthCheckMatcherGRPCCode - if targetGroupProps.ProtocolVersion != nil && targetGroupProps.HealthCheckConfig != nil && targetGroupProps.HealthCheckConfig.Matcher != nil && targetGroupProps.HealthCheckConfig.Matcher.GRPCCode != nil { + if targetGroupProps != nil && targetGroupProps.HealthCheckConfig != nil && targetGroupProps.HealthCheckConfig.Matcher != nil && targetGroupProps.HealthCheckConfig.Matcher.GRPCCode != nil { matcher = *targetGroupProps.HealthCheckConfig.Matcher.GRPCCode } return &elbv2model.HealthCheckMatcher{ @@ -523,7 +536,7 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupHealthCheckMatcher(target } } matcher := builder.defaultHealthCheckMatcherHTTPCode - if targetGroupProps != nil && targetGroupProps.ProtocolVersion != nil && targetGroupProps.HealthCheckConfig != nil && targetGroupProps.HealthCheckConfig.Matcher != nil && targetGroupProps.HealthCheckConfig.Matcher.HTTPCode != nil { + if targetGroupProps != nil && targetGroupProps.HealthCheckConfig != nil && targetGroupProps.HealthCheckConfig.Matcher != nil && targetGroupProps.HealthCheckConfig.Matcher.HTTPCode != nil { matcher = *targetGroupProps.HealthCheckConfig.Matcher.HTTPCode } return &elbv2model.HealthCheckMatcher{ @@ -570,9 +583,7 @@ func (builder *targetGroupBuilderImpl) buildTargetGroupAttributes(targetGroupPro attributeMap[attr.Key] = attr.Value } - if builder.loadBalancerType == elbv2model.LoadBalancerTypeNetwork { - builder.buildL4TargetGroupAttributes(&attributeMap, targetGroupProps) - } + // TODO -- buildPreserveClientIPFlag Might need special logic return attributeMap } @@ -588,22 +599,12 @@ func (builder *targetGroupBuilderImpl) convertMapToAttributes(attributeMap map[s return convertedAttributes } -func (builder *targetGroupBuilderImpl) buildL4TargetGroupAttributes(attributeMap *map[string]string, targetGroupProps *elbv2gw.TargetGroupProps) { - if targetGroupProps == nil { - return - } - // TODO -- buildPreserveClientIPFlag -} - func (builder *targetGroupBuilderImpl) buildTargetGroupResourceID(gwKey types.NamespacedName, svcKey types.NamespacedName, routeKey types.NamespacedName, port intstr.IntOrString) string { return fmt.Sprintf("%s/%s:%s-%s:%s-%s:%s", gwKey.Namespace, gwKey.Name, routeKey.Namespace, routeKey.Name, svcKey.Namespace, svcKey.Name, port.String()) } func (builder *targetGroupBuilderImpl) buildTargetGroupBindingNodeSelector(tgProps *elbv2gw.TargetGroupProps, targetType elbv2model.TargetType) *metav1.LabelSelector { - if targetType != elbv2model.TargetTypeInstance { - return nil - } - if tgProps == nil { + if targetType != elbv2model.TargetTypeInstance || tgProps == nil { return nil } return tgProps.NodeSelector From fea3ae3f034063ba5f02fa303b36b94536db9371 Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Thu, 17 Apr 2025 10:45:50 -0700 Subject: [PATCH 2/8] fixes to get tg + tgb working --- apis/gateway/v1beta1/zz_generated.deepcopy.go | 5 + ...ay.k8s.aws_loadbalancerconfigurations.yaml | 303 ++++ ...way.k8s.aws_targetgroupconfigurations.yaml | 498 ++++++ controllers/gateway/gateway_controller.go | 2 + pkg/gateway/model/base_model_builder.go | 2 - .../model/model_build_target_group_test.go | 1348 ++++++++++++++++- 6 files changed, 2148 insertions(+), 10 deletions(-) create mode 100644 config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml create mode 100644 config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml diff --git a/apis/gateway/v1beta1/zz_generated.deepcopy.go b/apis/gateway/v1beta1/zz_generated.deepcopy.go index fe1edd2f62..d5f95d1b74 100644 --- a/apis/gateway/v1beta1/zz_generated.deepcopy.go +++ b/apis/gateway/v1beta1/zz_generated.deepcopy.go @@ -696,6 +696,11 @@ func (in *TargetGroupProps) DeepCopyInto(out *TargetGroupProps) { *out = new(ProtocolVersion) **out = **in } + if in.EnableProxyProtocolV2 != nil { + in, out := &in.EnableProxyProtocolV2, &out.EnableProxyProtocolV2 + *out = new(bool) + **out = **in + } if in.VpcID != nil { in, out := &in.VpcID, &out.VpcID *out = new(string) diff --git a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml new file mode 100644 index 0000000000..aaa8a79ce3 --- /dev/null +++ b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml @@ -0,0 +1,303 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: loadbalancerconfigurations.gateway.k8s.aws +spec: + group: gateway.k8s.aws + names: + kind: LoadBalancerConfiguration + listKind: LoadBalancerConfigurationList + plural: loadbalancerconfigurations + singular: loadbalancerconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LoadBalancerConfigurationSpec defines the desired state of + LoadBalancerConfiguration + properties: + customerOwnedIpv4Pool: + description: |- + customerOwnedIpv4Pool [Application LoadBalancer] + is the ID of the customer-owned address for Application Load Balancers on Outposts pool. + type: string + enableICMP: + description: |- + EnableICMP [Network LoadBalancer] + enables the creation of security group rules to the managed security group + to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs + type: boolean + enableMultiCluster: + description: |- + EnableMultiCluster [Application / Network LoadBalancer] + All TargetGroupBindings attached to this Load Balancer will have multi cluster support enabled. + type: boolean + enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: + description: enforceSecurityGroupInboundRulesOnPrivateLinkTraffic + Indicates whether to evaluate inbound security group rules for traffic + sent to a Network Load Balancer through Amazon Web Services PrivateLink. + type: string + ipAddressType: + description: loadBalancerIPType defines what kind of load balancer + to provision (ipv4, dual stack) + enum: + - ipv4 + - dualstack + - dualstack-without-public-ipv4 + type: string + ipv4IPAMPoolId: + description: |- + IPv4IPAMPoolId [Application LoadBalancer] + defines the IPAM pool ID used for IPv4 Addresses on the ALB. + type: string + listenerConfigurations: + description: listenerConfigurations is an optional list of configurations + for each listener on LB + items: + properties: + alpnPolicy: + description: alpnPolicy an optional string that allows you to + configure ALPN policies on your Load Balancer + enum: + - HTTP1Only + - HTTP2Only + - HTTP2Optional + - HTTP2Preferred + - None + type: string + certificates: + description: certificates is the list of other certificates + to add to the listener. + items: + type: string + type: array + defaultCertificate: + description: |- + TODO: Add validation in admission webhook to make it required for secure protocols + defaultCertificate the cert arn to be used by default. + type: string + listenerAttributes: + description: listenerAttributes defines the attributes for the + listener + items: + description: ListenerAttribute defines listener attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + mutualAuthentication: + description: mutualAuthentication defines the mutual authentication + configuration information. + properties: + advertiseTrustStoreCaNames: + description: Indicates whether trust store CA certificate + names are advertised. + enum: + - "on" + - "off" + type: string + ignoreClientCertificateExpiry: + description: Indicates whether expired client certificates + are ignored. + type: boolean + mode: + description: The client certificate handling method. Options + are off , passthrough or verify + enum: + - "off" + - passthrough + - verify + type: string + trustStore: + description: The Name or ARN of the trust store. + type: string + required: + - mode + type: object + protocolPort: + description: protocolPort is identifier for the listener on + load balancer. It should be of the form PROTOCOL:PORT + pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$ + type: string + sslPolicy: + description: sslPolicy is the security policy that defines which + protocols and ciphers are supported for secure listeners [HTTPS + or TLS listener]. + type: string + required: + - protocolPort + type: object + type: array + loadBalancerAttributes: + description: LoadBalancerAttributes defines the attribute of LB + items: + description: LoadBalancerAttribute defines LB attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + loadBalancerName: + description: loadBalancerName defines the name of the LB to provision. + If unspecified, it will be automatically generated. + maxLength: 32 + minLength: 1 + type: string + loadBalancerSubnets: + description: |- + loadBalancerSubnets is an optional list of subnet configurations to be used in the LB + This value takes precedence over loadBalancerSubnetsSelector if both are selected. + items: + description: SubnetConfiguration defines the subnet settings for + a Load Balancer. + properties: + eipAllocation: + description: eipAllocation [Network LoadBalancer] the EIP name + for this subnet. + type: string + identifier: + description: identifier [Application LoadBalancer / Network + LoadBalancer] name or id for the subnet + type: string + ipv6Allocation: + description: IPv6Allocation [Network LoadBalancer] the ipv6 + address to assign to this subnet. + type: string + privateIPv4Allocation: + description: privateIPv4Allocation [Network LoadBalancer] the + private ipv4 address to assign to this subnet. + type: string + sourceNatIPv6Prefix: + description: SourceNatIPv6Prefix [Network LoadBalancer] The + IPv6 prefix to use for source NAT. Specify an IPv6 prefix + (/80 netmask) from the subnet CIDR block or auto_assigned + to use an IPv6 prefix selected at random from the subnet CIDR + block. + type: string + type: object + type: array + loadBalancerSubnetsSelector: + additionalProperties: + items: + type: string + type: array + description: |- + LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each + tag specified in the map key contains one of the values in the corresponding + value list. + type: object + manageBackendSecurityGroupRules: + description: |- + ManageBackendSecurityGroupRules [Application / Network LoadBalancer] + specifies whether you want the controller to configure security group rules on Node/Pod for traffic access + when you specify securityGroups + type: boolean + scheme: + description: scheme defines the type of LB to provision. If unspecified, + it will be automatically inferred. + enum: + - internal + - internet-facing + type: string + securityGroupPrefixes: + description: securityGroupPrefixes an optional list of prefixes that + are allowed to access the LB. + items: + type: string + type: array + securityGroups: + description: securityGroups an optional list of security group ids + or names to apply to the LB + items: + type: string + type: array + sourceRanges: + description: sourceRanges an optional list of CIDRs that are allowed + to access the LB. + items: + type: string + type: array + tags: + description: Tags defines list of Tags on LB. + items: + description: AWSTag defines a AWS Tag on resources. + properties: + key: + description: The key of the tag. + type: string + value: + description: The value of the tag. + type: string + required: + - key + - value + type: object + type: array + vpcId: + description: vpcId is the ID of the VPC for the load balancer. + type: string + type: object + status: + description: LoadBalancerConfigurationStatus defines the observed state + of TargetGroupBinding + properties: + observedGatewayClassConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the GatewayClass object. + format: int64 + type: integer + observedGatewayConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the Gateway object. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml new file mode 100644 index 0000000000..1ad36952b0 --- /dev/null +++ b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml @@ -0,0 +1,498 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: targetgroupconfigurations.gateway.k8s.aws +spec: + group: gateway.k8s.aws + names: + kind: TargetGroupConfiguration + listKind: TargetGroupConfigurationList + plural: targetgroupconfigurations + singular: targetgroupconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The Kubernetes Service's name + jsonPath: .spec.targetReference.name + name: SERVICE-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TargetGroupConfiguration is the Schema for defining TargetGroups + with an AWS ELB Gateway + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TargetGroupConfigurationSpec defines the TargetGroup properties + for a route. + properties: + defaultConfiguration: + description: defaultRouteConfiguration fallback configuration applied + to all routes, unless overridden by route-specific configurations. + properties: + enableProxyProtocolV2: + description: |- + enableProxyProtocolV2 [Network LoadBalancers] Indicates whether proxy protocol version 2 is enabled. + By default, proxy protocol is disabled. + type: boolean + healthCheckConfig: + description: healthCheckConfig The Health Check configuration + for this backend. + properties: + healthCheckInterval: + description: healthCheckInterval The approximate amount of + time, in seconds, between health checks of an individual + target. + format: int32 + type: integer + healthCheckPath: + description: healthCheckPath The destination for health checks + on the targets. + type: string + healthCheckPort: + description: |- + healthCheckPort The port the load balancer uses when performing health checks on targets. + The default is to use the port on which each target receives traffic from the load balancer. + type: string + healthCheckProtocol: + description: healthCheckProtocol The protocol to use to connect + with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols + are not supported for health checks. + enum: + - http + - https + - tcp + type: string + healthCheckTimeout: + description: healthCheckTimeout The amount of time, in seconds, + during which no response means a failed health check + format: int32 + type: integer + healthyThresholdCount: + description: healthyThresholdCount The number of consecutive + health checks successes required before considering an unhealthy + target healthy. + format: int32 + type: integer + matcher: + description: healthCheckCodes The HTTP or gRPC codes to use + when checking for a successful response from a target + properties: + grpcCode: + description: The gRPC codes + type: string + httpCode: + description: The HTTP codes. + type: string + type: object + unhealthyThresholdCount: + description: unhealthyThresholdCount The number of consecutive + health check failures required before considering the target + unhealthy. + format: int32 + type: integer + type: object + ipAddressType: + description: ipAddressType specifies whether the target group + is of type IPv4 or IPv6. If unspecified, it will be automatically + inferred. + enum: + - ipv4 + - ipv6 + type: string + nodeSelector: + description: node selector for instance type target groups to + only register certain nodes + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + protocol: + description: |- + Protocol [Application / Network Load Balancer] the protocol for the target group. + If unspecified, it will be automatically inferred. + enum: + - HTTP + - HTTPS + - TCP + - TLS + - UDP + - TCP_UDP + type: string + protocolVersion: + description: protocolVersion [HTTP/HTTPS protocol] The protocol + version. The possible values are GRPC , HTTP1 and HTTP2 + enum: + - http1 + - http2 + - grpc + type: string + tags: + description: Tags defines list of Tags on target group. + items: + description: Tag defines a AWS Tag on resources. + properties: + key: + description: The key of the tag. + type: string + value: + description: The value of the tag. + type: string + required: + - key + - value + type: object + type: array + targetGroupAttributes: + description: targetGroupAttributes defines the attribute of target + group + items: + description: TargetGroupAttribute defines target group attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + targetGroupName: + description: targetGroupName specifies the name to assign to the + Target Group. If not defined, then one is generated. + type: string + targetType: + description: targetType is the TargetType of TargetGroup. If unspecified, + it will be automatically inferred as instance. + enum: + - instance + - ip + type: string + vpcID: + description: vpcID is the VPC of the TargetGroup. If unspecified, + it will be automatically inferred. + type: string + type: object + routeConfigurations: + description: routeConfigurations the route configuration for specific + routes + items: + description: RouteConfiguration defines the per route configuration + properties: + identifier: + description: name the identifier of the route, it should be + in the form of ROUTE:NAMESPACE:NAME + pattern: ^(HTTPRoute|TLSRoute|TCPRoute|UDPRoute|GRPCRoute)?:([^:]+)?:([^:]+)?$ + type: string + targetGroupProps: + description: targetGroupProps the target group specific properties + properties: + enableProxyProtocolV2: + description: |- + enableProxyProtocolV2 [Network LoadBalancers] Indicates whether proxy protocol version 2 is enabled. + By default, proxy protocol is disabled. + type: boolean + healthCheckConfig: + description: healthCheckConfig The Health Check configuration + for this backend. + properties: + healthCheckInterval: + description: healthCheckInterval The approximate amount + of time, in seconds, between health checks of an individual + target. + format: int32 + type: integer + healthCheckPath: + description: healthCheckPath The destination for health + checks on the targets. + type: string + healthCheckPort: + description: |- + healthCheckPort The port the load balancer uses when performing health checks on targets. + The default is to use the port on which each target receives traffic from the load balancer. + type: string + healthCheckProtocol: + description: healthCheckProtocol The protocol to use + to connect with the target. The GENEVE, TLS, UDP, + and TCP_UDP protocols are not supported for health + checks. + enum: + - http + - https + - tcp + type: string + healthCheckTimeout: + description: healthCheckTimeout The amount of time, + in seconds, during which no response means a failed + health check + format: int32 + type: integer + healthyThresholdCount: + description: healthyThresholdCount The number of consecutive + health checks successes required before considering + an unhealthy target healthy. + format: int32 + type: integer + matcher: + description: healthCheckCodes The HTTP or gRPC codes + to use when checking for a successful response from + a target + properties: + grpcCode: + description: The gRPC codes + type: string + httpCode: + description: The HTTP codes. + type: string + type: object + unhealthyThresholdCount: + description: unhealthyThresholdCount The number of consecutive + health check failures required before considering + the target unhealthy. + format: int32 + type: integer + type: object + ipAddressType: + description: ipAddressType specifies whether the target + group is of type IPv4 or IPv6. If unspecified, it will + be automatically inferred. + enum: + - ipv4 + - ipv6 + type: string + nodeSelector: + description: node selector for instance type target groups + to only register certain nodes + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + protocol: + description: |- + Protocol [Application / Network Load Balancer] the protocol for the target group. + If unspecified, it will be automatically inferred. + enum: + - HTTP + - HTTPS + - TCP + - TLS + - UDP + - TCP_UDP + type: string + protocolVersion: + description: protocolVersion [HTTP/HTTPS protocol] The protocol + version. The possible values are GRPC , HTTP1 and HTTP2 + enum: + - http1 + - http2 + - grpc + type: string + tags: + description: Tags defines list of Tags on target group. + items: + description: Tag defines a AWS Tag on resources. + properties: + key: + description: The key of the tag. + type: string + value: + description: The value of the tag. + type: string + required: + - key + - value + type: object + type: array + targetGroupAttributes: + description: targetGroupAttributes defines the attribute + of target group + items: + description: TargetGroupAttribute defines target group + attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + targetGroupName: + description: targetGroupName specifies the name to assign + to the Target Group. If not defined, then one is generated. + type: string + targetType: + description: targetType is the TargetType of TargetGroup. + If unspecified, it will be automatically inferred as instance. + enum: + - instance + - ip + type: string + vpcID: + description: vpcID is the VPC of the TargetGroup. If unspecified, + it will be automatically inferred. + type: string + type: object + required: + - identifier + - targetGroupProps + type: object + type: array + targetReference: + description: targetReference the kubernetes object to attach the Target + Group settings to. + properties: + group: + default: "" + description: |- + Group is the group of the referent. For example, "gateway.networking.k8s.io". + When unspecified or empty string, core API group is inferred. + type: string + kind: + default: Service + description: |- + Kind is the Kubernetes resource kind of the referent. For example + "Service". + + + Defaults to "Service" when not specified. + type: string + name: + description: Name is the name of the referent. + type: string + required: + - name + type: object + required: + - targetReference + type: object + status: + description: TargetGroupConfigurationStatus defines the observed state + of TargetGroupConfiguration + properties: + observedGatewayClassConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the GatewayClass object. + format: int64 + type: integer + observedGatewayConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the Gateway object. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/controllers/gateway/gateway_controller.go b/controllers/gateway/gateway_controller.go index 76e124e4ab..89947b8cc5 100644 --- a/controllers/gateway/gateway_controller.go +++ b/controllers/gateway/gateway_controller.go @@ -184,6 +184,8 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R allRoutes, err := r.gatewayLoader.LoadRoutesForGateway(ctx, *gw, r.routeFilter) + r.logger.Info("In Gateway Controller - Got these routes", "routes", allRoutes) + if err != nil { return err } diff --git a/pkg/gateway/model/base_model_builder.go b/pkg/gateway/model/base_model_builder.go index cebfeafb0a..b99d9888ee 100644 --- a/pkg/gateway/model/base_model_builder.go +++ b/pkg/gateway/model/base_model_builder.go @@ -58,8 +58,6 @@ type baseModelBuilder struct { lbBuilder loadBalancerBuilder logger logr.Logger - tgByResID map[string]*elbv2model.TargetGroup - subnetBuilder subnetModelBuilder securityGroupBuilder securityGroupBuilder tgBuilder targetGroupBuilder diff --git a/pkg/gateway/model/model_build_target_group_test.go b/pkg/gateway/model/model_build_target_group_test.go index 292263c022..5c478df896 100644 --- a/pkg/gateway/model/model_build_target_group_test.go +++ b/pkg/gateway/model/model_build_target_group_test.go @@ -5,9 +5,12 @@ import ( "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" elbv2api "sigs.k8s.io/aws-load-balancer-controller/apis/elbv2/v1beta1" + elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1" "sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/routeutils" + "sigs.k8s.io/aws-load-balancer-controller/pkg/model/core" elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2" "sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants" gwv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -67,7 +70,7 @@ func Test_buildTargetGroup(t *testing.T) { }, }, expectedTgSpec: elbv2model.TargetGroupSpec{ - Name: "k8s-myrouten-myroute-1949ae79d7", + Name: "k8s-myrouten-myroute-d02da2803b", TargetType: elbv2model.TargetTypeInstance, Port: awssdk.Int32(8080), Protocol: elbv2model.ProtocolTCP, @@ -90,7 +93,7 @@ func Test_buildTargetGroup(t *testing.T) { Template: elbv2model.TargetGroupBindingTemplate{ ObjectMeta: metav1.ObjectMeta{ Namespace: "my-svc-ns", - Name: "k8s-myrouten-myroute-1949ae79d7", + Name: "k8s-myrouten-myroute-d02da2803b", }, Spec: elbv2model.TargetGroupBindingSpec{ TargetType: &instanceType, @@ -139,7 +142,7 @@ func Test_buildTargetGroup(t *testing.T) { }, }, expectedTgSpec: elbv2model.TargetGroupSpec{ - Name: "k8s-myrouten-myroute-e99d898968", + Name: "k8s-myrouten-myroute-d146029dfb", TargetType: elbv2model.TargetTypeInstance, Port: awssdk.Int32(8080), Protocol: elbv2model.ProtocolHTTP, @@ -167,7 +170,7 @@ func Test_buildTargetGroup(t *testing.T) { Template: elbv2model.TargetGroupBindingTemplate{ ObjectMeta: metav1.ObjectMeta{ Namespace: "my-svc-ns", - Name: "k8s-myrouten-myroute-e99d898968", + Name: "k8s-myrouten-myroute-d146029dfb", }, Spec: elbv2model.TargetGroupBindingSpec{ TargetType: &instanceType, @@ -216,7 +219,7 @@ func Test_buildTargetGroup(t *testing.T) { }, }, expectedTgSpec: elbv2model.TargetGroupSpec{ - Name: "k8s-myrouten-myroute-7ac9e90fa0", + Name: "k8s-myrouten-myroute-d9d6c4e6eb", TargetType: elbv2model.TargetTypeIP, Port: awssdk.Int32(80), Protocol: elbv2model.ProtocolTCP, @@ -239,7 +242,7 @@ func Test_buildTargetGroup(t *testing.T) { Template: elbv2model.TargetGroupBindingTemplate{ ObjectMeta: metav1.ObjectMeta{ Namespace: "my-svc-ns", - Name: "k8s-myrouten-myroute-7ac9e90fa0", + Name: "k8s-myrouten-myroute-d9d6c4e6eb", }, Spec: elbv2model.TargetGroupBindingSpec{ TargetType: &ipType, @@ -288,7 +291,7 @@ func Test_buildTargetGroup(t *testing.T) { }, }, expectedTgSpec: elbv2model.TargetGroupSpec{ - Name: "k8s-myrouten-myroute-8a97d3dcbe", + Name: "k8s-myrouten-myroute-400113e816", TargetType: elbv2model.TargetTypeIP, Port: awssdk.Int32(80), Protocol: elbv2model.ProtocolHTTP, @@ -316,7 +319,7 @@ func Test_buildTargetGroup(t *testing.T) { Template: elbv2model.TargetGroupBindingTemplate{ ObjectMeta: metav1.ObjectMeta{ Namespace: "my-svc-ns", - Name: "k8s-myrouten-myroute-8a97d3dcbe", + Name: "k8s-myrouten-myroute-400113e816", }, Spec: elbv2model.TargetGroupBindingSpec{ TargetType: &ipType, @@ -360,3 +363,1332 @@ func Test_buildTargetGroup(t *testing.T) { }) } } + +func Test_getTargetGroupProps(t *testing.T) { + props := elbv2gw.TargetGroupProps{} + testCases := []struct { + name string + expected *elbv2gw.TargetGroupProps + backend routeutils.Backend + }{ + { + name: "no tg config", + }, + { + name: "with tg config", + backend: routeutils.Backend{ + ELBv2TargetGroupConfig: &elbv2gw.TargetGroupConfiguration{ + Spec: elbv2gw.TargetGroupConfigurationSpec{ + DefaultConfiguration: props, + }, + }, + }, + expected: &props, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := &targetGroupBuilderImpl{} + mockRoute := &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "my-route", + Namespace: "my-ns", + } + + result := builder.getTargetGroupProps(mockRoute, tc.backend) + assert.Equal(t, tc.expected, result) + }) + } +} + +func Test_buildTargetGroupBindingNetworking(t *testing.T) { + protocolTCP := elbv2api.NetworkingProtocolTCP + protocolUDP := elbv2api.NetworkingProtocolUDP + + intstr80 := intstr.FromInt32(80) + intstr85 := intstr.FromInt32(85) + intstrTrafficPort := intstr.FromString(shared_constants.HealthCheckPortTrafficPort) + + testCases := []struct { + name string + disableRestrictedSGRules bool + + targetPort intstr.IntOrString + healthCheckPort intstr.IntOrString + svcPort corev1.ServicePort + backendSGIDToken core.StringToken + + expected *elbv2model.TargetGroupBindingNetworking + }{ + { + name: "disable restricted sg rules", + disableRestrictedSGRules: true, + backendSGIDToken: core.LiteralStringToken("foo"), + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: nil, + }, + }, + }, + }, + }, + }, + { + name: "disable restricted sg rules - with udp", + disableRestrictedSGRules: true, + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolUDP, + }, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: nil, + }, + { + Protocol: &protocolUDP, + Port: nil, + }, + }, + }, + }, + }, + }, + { + name: "use restricted sg rules - int hc port", + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolTCP, + }, + targetPort: intstr80, + healthCheckPort: intstr80, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr80, + }, + }, + }, + }, + }, + }, + { + name: "use restricted sg rules - int hc port - udp traffic", + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolUDP, + }, + targetPort: intstr80, + healthCheckPort: intstr80, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolUDP, + Port: &intstr80, + }, + }, + }, + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr80, + }, + }, + }, + }, + }, + }, + { + name: "use restricted sg rules - str hc port", + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolTCP, + }, + targetPort: intstr80, + healthCheckPort: intstrTrafficPort, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr80, + }, + }, + }, + }, + }, + }, + { + name: "use restricted sg rules - str hc port - udp", + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolUDP, + }, + targetPort: intstr80, + healthCheckPort: intstrTrafficPort, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolUDP, + Port: &intstr80, + }, + }, + }, + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr80, + }, + }, + }, + }, + }, + }, + { + name: "use restricted sg rules - diff hc port", + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolTCP, + }, + targetPort: intstr80, + healthCheckPort: intstr85, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr80, + }, + }, + }, + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr85, + }, + }, + }, + }, + }, + }, + { + name: "use restricted sg rules - str hc port - udp", + backendSGIDToken: core.LiteralStringToken("foo"), + svcPort: corev1.ServicePort{ + Protocol: corev1.ProtocolUDP, + }, + targetPort: intstr80, + healthCheckPort: intstr85, + expected: &elbv2model.TargetGroupBindingNetworking{ + Ingress: []elbv2model.NetworkingIngressRule{ + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolUDP, + Port: &intstr80, + }, + }, + }, + { + From: []elbv2model.NetworkingPeer{ + { + SecurityGroup: &elbv2model.SecurityGroup{ + GroupID: core.LiteralStringToken("foo"), + }, + }, + }, + Ports: []elbv2api.NetworkingPort{ + { + Protocol: &protocolTCP, + Port: &intstr85, + }, + }, + }, + }, + }, + }, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := &targetGroupBuilderImpl{ + disableRestrictedSGRules: tc.disableRestrictedSGRules, + } + + result := builder.buildTargetGroupBindingNetworking(tc.targetPort, tc.healthCheckPort, tc.svcPort, tc.backendSGIDToken) + assert.Equal(t, tc.expected, result) + }) + } +} + +func Test_buildTargetGroupName(t *testing.T) { + http2 := elbv2model.ProtocolVersionHTTP2 + clusterName := "foo" + gwKey := types.NamespacedName{ + Namespace: "my-ns", + Name: "my-gw", + } + routeKey := types.NamespacedName{ + Namespace: "my-ns", + Name: "my-route", + } + svcKey := types.NamespacedName{ + Namespace: "my-ns", + Name: "my-svc", + } + testCases := []struct { + name string + targetGroupProps *elbv2gw.TargetGroupProps + protocolVersion *elbv2model.ProtocolVersion + expected string + }{ + { + name: "name override", + targetGroupProps: &elbv2gw.TargetGroupProps{TargetGroupName: "foobaz"}, + expected: "foobaz", + }, + { + name: "no name in props", + targetGroupProps: &elbv2gw.TargetGroupProps{}, + expected: "k8s-myns-myroute-719950e570", + }, + { + name: "no props", + expected: "k8s-myns-myroute-719950e570", + }, + { + name: "protocol specified props", + protocolVersion: &http2, + expected: "k8s-myns-myroute-ce262fa9fe", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{ + clusterName: clusterName, + } + + result := builder.buildTargetGroupName(tc.targetGroupProps, gwKey, routeKey, svcKey, 80, elbv2model.TargetTypeIP, elbv2model.ProtocolTCP, tc.protocolVersion) + assert.Equal(t, tc.expected, result) + }) + } +} + +func Test_buildTargetGroupTargetType(t *testing.T) { + builder := targetGroupBuilderImpl{ + defaultTargetType: elbv2model.TargetTypeIP, + } + + res := builder.buildTargetGroupTargetType(nil) + assert.Equal(t, elbv2model.TargetTypeIP, res) + + res = builder.buildTargetGroupTargetType(&elbv2gw.TargetGroupProps{}) + assert.Equal(t, elbv2model.TargetTypeIP, res) + + inst := elbv2gw.TargetTypeInstance + res = builder.buildTargetGroupTargetType(&elbv2gw.TargetGroupProps{ + TargetType: &inst, + }) + assert.Equal(t, elbv2model.TargetTypeInstance, res) +} + +func Test_buildTargetGroupIPAddressType(t *testing.T) { + testCases := []struct { + name string + svc *corev1.Service + loadBalancerIPAddressType elbv2model.IPAddressType + expectErr bool + expected elbv2model.TargetGroupIPAddressType + }{ + { + name: "no ip families", + svc: &corev1.Service{}, + loadBalancerIPAddressType: elbv2model.IPAddressTypeIPV4, + expected: elbv2model.TargetGroupIPAddressTypeIPv4, + }, + { + name: "ipv4 family", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + IPFamilies: []corev1.IPFamily{ + corev1.IPv4Protocol, + }, + }, + }, + loadBalancerIPAddressType: elbv2model.IPAddressTypeIPV4, + expected: elbv2model.TargetGroupIPAddressTypeIPv4, + }, + { + name: "ipv6 family", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + IPFamilies: []corev1.IPFamily{ + corev1.IPv6Protocol, + }, + }, + }, + loadBalancerIPAddressType: elbv2model.IPAddressTypeDualStack, + expected: elbv2model.TargetGroupIPAddressTypeIPv6, + }, + { + name: "ipv6 family - dual stack no ipv4", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + IPFamilies: []corev1.IPFamily{ + corev1.IPv6Protocol, + }, + }, + }, + loadBalancerIPAddressType: elbv2model.IPAddressTypeDualStackWithoutPublicIPV4, + expected: elbv2model.TargetGroupIPAddressTypeIPv6, + }, + { + name: "ipv6 family - bad lb type", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + IPFamilies: []corev1.IPFamily{ + corev1.IPv6Protocol, + }, + }, + }, + loadBalancerIPAddressType: elbv2model.IPAddressTypeIPV4, + expectErr: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{} + res, err := builder.buildTargetGroupIPAddressType(tc.svc, tc.loadBalancerIPAddressType) + if tc.expectErr { + assert.Error(t, err) + return + } + assert.NoError(t, err) + assert.Equal(t, tc.expected, res) + + }) + } +} + +func Test_buildTargetGroupPort(t *testing.T) { + testCases := []struct { + name string + targetType elbv2model.TargetType + svcPort corev1.ServicePort + expected int32 + }{ + { + name: "instance", + svcPort: corev1.ServicePort{ + NodePort: 8080, + }, + targetType: elbv2model.TargetTypeInstance, + expected: 8080, + }, + { + name: "instance - no node port", + svcPort: corev1.ServicePort{}, + targetType: elbv2model.TargetTypeInstance, + expected: 1, + }, + { + name: "ip", + svcPort: corev1.ServicePort{ + NodePort: 8080, + TargetPort: intstr.FromInt32(80), + }, + targetType: elbv2model.TargetTypeIP, + expected: 80, + }, + { + name: "ip - str port", + svcPort: corev1.ServicePort{ + NodePort: 8080, + TargetPort: intstr.FromString("foo"), + }, + targetType: elbv2model.TargetTypeIP, + expected: 1, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{} + res := builder.buildTargetGroupPort(tc.targetType, tc.svcPort) + assert.Equal(t, tc.expected, res) + + }) + } +} + +func Test_buildTargetGroupProtocol(t *testing.T) { + testCases := []struct { + name string + lbType elbv2model.LoadBalancerType + targetGroupProps *elbv2gw.TargetGroupProps + route routeutils.RouteDescriptor + expected elbv2model.Protocol + expectErr bool + }{ + { + name: "alb - auto detect - http", + lbType: elbv2model.LoadBalancerTypeApplication, + route: &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolHTTP, + }, + { + name: "alb - auto detect - grpc", + lbType: elbv2model.LoadBalancerTypeApplication, + route: &routeutils.MockRoute{ + Kind: routeutils.GRPCRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolHTTP, + }, + { + name: "alb - auto detect - tls", + lbType: elbv2model.LoadBalancerTypeApplication, + route: &routeutils.MockRoute{ + Kind: routeutils.TLSRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolHTTPS, + }, + { + name: "nlb - auto detect - tcp", + lbType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{ + Kind: routeutils.TCPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTCP, + }, + { + name: "alb - auto detect - udp", + lbType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{ + Kind: routeutils.UDPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolUDP, + }, + { + name: "nlb - auto detect - tls", + lbType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{ + Kind: routeutils.TLSRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTLS, + }, + { + name: "alb - specified - http", + lbType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolHTTP), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.TCPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolHTTP, + }, + { + name: "alb - specified - https", + lbType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolHTTPS), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.TCPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolHTTPS, + }, + { + name: "alb - specified - invalid protocol", + lbType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolTCP), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.TCPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expectErr: true, + }, + { + name: "nlb - auto detect - tcp", + lbType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{ + Kind: routeutils.TCPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTCP, + }, + { + name: "alb - auto detect - udp", + lbType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{ + Kind: routeutils.UDPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolUDP, + }, + { + name: "nlb - auto detect - tls", + lbType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{ + Kind: routeutils.TLSRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTLS, + }, + { + name: "nlb - specified - tcp protocol", + lbType: elbv2model.LoadBalancerTypeNetwork, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolTCP), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTCP, + }, + { + name: "nlb - specified - udp protocol", + lbType: elbv2model.LoadBalancerTypeNetwork, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolUDP), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolUDP, + }, + { + name: "nlb - specified - tcpudp protocol", + lbType: elbv2model.LoadBalancerTypeNetwork, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolTCP_UDP), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTCP_UDP, + }, + { + name: "nlb - specified - tls protocol", + lbType: elbv2model.LoadBalancerTypeNetwork, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolTLS), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expected: elbv2model.ProtocolTLS, + }, + { + name: "nlb - specified - invalid protocol", + lbType: elbv2model.LoadBalancerTypeNetwork, + targetGroupProps: &elbv2gw.TargetGroupProps{ + Protocol: protocolPtr(elbv2gw.ProtocolHTTPS), + }, + route: &routeutils.MockRoute{ + Kind: routeutils.HTTPRouteKind, + Name: "r1", + Namespace: "ns", + }, + expectErr: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{ + loadBalancerType: tc.lbType, + } + res, err := builder.buildTargetGroupProtocol(tc.targetGroupProps, tc.route) + if tc.expectErr { + assert.Error(t, err) + return + } + assert.NoError(t, err) + assert.Equal(t, tc.expected, res) + }) + } +} + +func Test_buildTargetGroupProtocolVersion(t *testing.T) { + http2Gw := elbv2gw.ProtocolVersionHTTP2 + http2Elb := elbv2model.ProtocolVersionHTTP2 + http1Elb := elbv2model.ProtocolVersionHTTP1 + grpcElb := elbv2model.ProtocolVersionGRPC + testCases := []struct { + name string + loadBalancerType elbv2model.LoadBalancerType + route routeutils.RouteDescriptor + targetGroupProps *elbv2gw.TargetGroupProps + expected *elbv2model.ProtocolVersion + }{ + { + name: "nlb - no props", + loadBalancerType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{Kind: routeutils.TCPRouteKind}, + }, + { + name: "nlb - with props", + loadBalancerType: elbv2model.LoadBalancerTypeNetwork, + route: &routeutils.MockRoute{Kind: routeutils.TCPRouteKind}, + targetGroupProps: &elbv2gw.TargetGroupProps{ + ProtocolVersion: &http2Gw, + }, + }, + { + name: "alb - no props", + route: &routeutils.MockRoute{Kind: routeutils.HTTPRouteKind}, + loadBalancerType: elbv2model.LoadBalancerTypeApplication, + expected: &http1Elb, + }, + { + name: "alb - no props - grpc", + route: &routeutils.MockRoute{Kind: routeutils.GRPCRouteKind}, + loadBalancerType: elbv2model.LoadBalancerTypeApplication, + expected: &grpcElb, + }, + { + name: "alb - with props", + route: &routeutils.MockRoute{Kind: routeutils.HTTPRouteKind}, + loadBalancerType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + ProtocolVersion: &http2Gw, + }, + expected: &http2Elb, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{ + loadBalancerType: tc.loadBalancerType, + } + res := builder.buildTargetGroupProtocolVersion(tc.targetGroupProps, tc.route) + assert.Equal(t, tc.expected, res) + }) + } +} + +func Test_buildTargetGroupHealthCheckPort(t *testing.T) { + testCases := []struct { + name string + targetGroupProps *elbv2gw.TargetGroupProps + targetType elbv2model.TargetType + svc *corev1.Service + expected intstr.IntOrString + expectErr bool + }{ + { + name: "nil props", + expected: intstr.FromString(shared_constants.HealthCheckPortTrafficPort), + }, + { + name: "nil hc props", + targetGroupProps: &elbv2gw.TargetGroupProps{}, + expected: intstr.FromString(shared_constants.HealthCheckPortTrafficPort), + }, + { + name: "nil hc port", + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{}, + }, + expected: intstr.FromString(shared_constants.HealthCheckPortTrafficPort), + }, + { + name: "explicit is use traffic port hc port", + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String(shared_constants.HealthCheckPortTrafficPort), + }, + }, + expected: intstr.FromString(shared_constants.HealthCheckPortTrafficPort), + }, + { + name: "explicit port", + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String("80"), + }, + }, + expected: intstr.FromInt32(80), + }, + { + name: "resolve str port", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "foo", + TargetPort: intstr.FromInt32(80), + }, + }, + }, + }, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String("foo"), + }, + }, + expected: intstr.FromInt32(80), + }, + { + name: "resolve str port - instance", + targetType: elbv2model.TargetTypeInstance, + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "foo", + TargetPort: intstr.FromInt32(80), + NodePort: 1000, + }, + }, + }, + }, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String("foo"), + }, + }, + expected: intstr.FromInt32(1000), + }, + { + name: "resolve str port - resolves to other str port (error)", + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "foo", + TargetPort: intstr.FromString("bar"), + NodePort: 1000, + }, + }, + }, + }, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String("foo"), + }, + }, + expectErr: true, + }, + { + name: "resolve str port - resolves to other str port but instance mode", + targetType: elbv2model.TargetTypeInstance, + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "foo", + TargetPort: intstr.FromString("bar"), + NodePort: 1000, + }, + }, + }, + }, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String("foo"), + }, + }, + expected: intstr.FromInt32(1000), + }, + { + name: "resolve str port - cant find configured port", + targetType: elbv2model.TargetTypeInstance, + svc: &corev1.Service{ + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "baz", + TargetPort: intstr.FromString("bar"), + NodePort: 1000, + }, + }, + }, + }, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPort: awssdk.String("foo"), + }, + }, + expectErr: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{} + res, err := builder.buildTargetGroupHealthCheckPort(tc.targetGroupProps, tc.targetType, tc.svc) + if tc.expectErr { + assert.Error(t, err, res) + return + } + assert.NoError(t, err) + assert.Equal(t, tc.expected, res) + }) + } +} + +func Test_buildTargetGroupHealthCheckProtocol(t *testing.T) { + testCases := []struct { + name string + lbType elbv2model.LoadBalancerType + targetGroupProps *elbv2gw.TargetGroupProps + tgProtocol elbv2model.Protocol + expected elbv2model.Protocol + }{ + { + name: "nlb - default", + lbType: elbv2model.LoadBalancerTypeNetwork, + tgProtocol: elbv2model.ProtocolUDP, + expected: elbv2model.ProtocolTCP, + }, + { + name: "alb - default", + lbType: elbv2model.LoadBalancerTypeApplication, + tgProtocol: elbv2model.ProtocolHTTP, + expected: elbv2model.ProtocolHTTP, + }, + { + name: "specified http", + lbType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckProtocol: (*elbv2gw.TargetGroupHealthCheckProtocol)(awssdk.String(string(elbv2gw.ProtocolHTTP))), + }, + }, + tgProtocol: elbv2model.ProtocolHTTP, + expected: elbv2model.ProtocolHTTP, + }, + { + name: "specified https", + lbType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckProtocol: (*elbv2gw.TargetGroupHealthCheckProtocol)(awssdk.String(string(elbv2gw.ProtocolHTTPS))), + }, + }, + tgProtocol: elbv2model.ProtocolHTTP, + expected: elbv2model.ProtocolHTTPS, + }, + { + name: "specified tcp", + lbType: elbv2model.LoadBalancerTypeApplication, + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckProtocol: (*elbv2gw.TargetGroupHealthCheckProtocol)(awssdk.String(string(elbv2gw.ProtocolTCP))), + }, + }, + tgProtocol: elbv2model.ProtocolTCP, + expected: elbv2model.ProtocolTCP, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{ + loadBalancerType: tc.lbType, + } + + res := builder.buildTargetGroupHealthCheckProtocol(tc.targetGroupProps, tc.tgProtocol) + assert.Equal(t, tc.expected, res) + }) + } +} + +func Test_buildTargetGroupHealthCheckPath(t *testing.T) { + httpDefaultPath := "httpDefault" + grpcDefaultPath := "grpcDefault" + testCases := []struct { + name string + targetGroupProps *elbv2gw.TargetGroupProps + tgProtocolVersion *elbv2model.ProtocolVersion + hcProtocol elbv2model.Protocol + expected *string + }{ + { + name: "path specified", + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthCheckPath: awssdk.String("foo"), + }, + }, + expected: awssdk.String("foo"), + }, + { + name: "default - tcp", + hcProtocol: elbv2model.ProtocolTCP, + }, + { + name: "default - http", + hcProtocol: elbv2model.ProtocolHTTP, + expected: &httpDefaultPath, + }, + { + name: "default - grpc", + hcProtocol: elbv2model.ProtocolHTTP, + tgProtocolVersion: (*elbv2model.ProtocolVersion)(awssdk.String(string(elbv2model.ProtocolVersionGRPC))), + expected: &grpcDefaultPath, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{ + defaultHealthCheckPathHTTP: httpDefaultPath, + defaultHealthCheckPathGRPC: grpcDefaultPath, + } + + res := builder.buildTargetGroupHealthCheckPath(tc.targetGroupProps, tc.tgProtocolVersion, tc.hcProtocol) + assert.Equal(t, tc.expected, res) + }) + } +} + +func Test_buildTargetGroupHealthCheckMatcher(t *testing.T) { + httpDefaultMatcher := "httpMatcher" + grpcDefaultMatcher := "grpcMatcher" + testCases := []struct { + name string + targetGroupProps *elbv2gw.TargetGroupProps + tgProtocolVersion *elbv2model.ProtocolVersion + hcProtocol elbv2model.Protocol + expected *elbv2model.HealthCheckMatcher + }{ + { + name: "default - tcp", + hcProtocol: elbv2model.ProtocolTCP, + }, + { + name: "specified - grpc", + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + Matcher: &elbv2gw.HealthCheckMatcher{ + GRPCCode: awssdk.String("foo"), + }, + }, + }, + hcProtocol: elbv2model.ProtocolHTTP, + tgProtocolVersion: (*elbv2model.ProtocolVersion)(awssdk.String(string(elbv2model.ProtocolVersionGRPC))), + expected: &elbv2model.HealthCheckMatcher{ + GRPCCode: awssdk.String("foo"), + }, + }, + { + name: "specified - http", + targetGroupProps: &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + Matcher: &elbv2gw.HealthCheckMatcher{ + HTTPCode: awssdk.String("foo"), + }, + }, + }, + hcProtocol: elbv2model.ProtocolHTTP, + expected: &elbv2model.HealthCheckMatcher{ + HTTPCode: awssdk.String("foo"), + }, + }, + { + name: "default - grpc", + hcProtocol: elbv2model.ProtocolHTTP, + tgProtocolVersion: (*elbv2model.ProtocolVersion)(awssdk.String(string(elbv2model.ProtocolVersionGRPC))), + expected: &elbv2model.HealthCheckMatcher{ + GRPCCode: &grpcDefaultMatcher, + }, + }, + { + name: "default - http1", + hcProtocol: elbv2model.ProtocolHTTP, + tgProtocolVersion: (*elbv2model.ProtocolVersion)(awssdk.String(string(elbv2model.ProtocolVersionHTTP1))), + expected: &elbv2model.HealthCheckMatcher{ + HTTPCode: &httpDefaultMatcher, + }, + }, + { + name: "default - no protocol version", + hcProtocol: elbv2model.ProtocolHTTP, + tgProtocolVersion: (*elbv2model.ProtocolVersion)(awssdk.String(string(elbv2model.ProtocolVersionHTTP1))), + expected: &elbv2model.HealthCheckMatcher{ + HTTPCode: &httpDefaultMatcher, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{ + defaultHealthCheckMatcherHTTPCode: httpDefaultMatcher, + defaultHealthCheckMatcherGRPCCode: grpcDefaultMatcher, + } + + res := builder.buildTargetGroupHealthCheckMatcher(tc.targetGroupProps, tc.tgProtocolVersion, tc.hcProtocol) + assert.Equal(t, tc.expected, res) + }) + } +} + +func Test_basicHealthCheckParams(t *testing.T) { + builder := targetGroupBuilderImpl{ + defaultHealthCheckInterval: 1, + defaultHealthCheckTimeout: 2, + defaultHealthyThresholdCount: 3, + defaultHealthCheckUnhealthyThresholdCount: 4, + } + + defaultProps := []*elbv2gw.TargetGroupProps{ + nil, + {}, + { + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{}, + }, + } + + for _, prop := range defaultProps { + assert.Equal(t, int32(1), builder.buildTargetGroupHealthCheckIntervalSeconds(prop)) + assert.Equal(t, int32(2), builder.buildTargetGroupHealthCheckTimeoutSeconds(prop)) + assert.Equal(t, int32(3), builder.buildTargetGroupHealthCheckHealthyThresholdCount(prop)) + assert.Equal(t, int32(4), builder.buildTargetGroupHealthCheckUnhealthyThresholdCount(prop)) + } + + filledInProps := &elbv2gw.TargetGroupProps{ + HealthCheckConfig: &elbv2gw.HealthCheckConfiguration{ + HealthyThresholdCount: awssdk.Int32(30), + HealthCheckInterval: awssdk.Int32(10), + HealthCheckPath: nil, + HealthCheckPort: nil, + HealthCheckProtocol: nil, + HealthCheckTimeout: awssdk.Int32(20), + UnhealthyThresholdCount: awssdk.Int32(40), + Matcher: nil, + }} + + assert.Equal(t, int32(10), builder.buildTargetGroupHealthCheckIntervalSeconds(filledInProps)) + assert.Equal(t, int32(20), builder.buildTargetGroupHealthCheckTimeoutSeconds(filledInProps)) + assert.Equal(t, int32(30), builder.buildTargetGroupHealthCheckHealthyThresholdCount(filledInProps)) + assert.Equal(t, int32(40), builder.buildTargetGroupHealthCheckUnhealthyThresholdCount(filledInProps)) +} + +func Test_targetGroupAttributes(t *testing.T) { + testCases := []struct { + name string + props *elbv2gw.TargetGroupProps + expected []elbv2model.TargetGroupAttribute + }{ + { + name: "no props - nil", + expected: make([]elbv2model.TargetGroupAttribute, 0), + }, + { + name: "no props", + props: &elbv2gw.TargetGroupProps{}, + expected: make([]elbv2model.TargetGroupAttribute, 0), + }, + { + name: "some props", + props: &elbv2gw.TargetGroupProps{ + TargetGroupAttributes: []elbv2gw.TargetGroupAttribute{ + { + Key: "foo", + Value: "bar", + }, + { + Key: "foo1", + Value: "bar1", + }, + { + Key: "foo2", + Value: "bar2", + }, + }, + }, + expected: []elbv2model.TargetGroupAttribute{ + { + Key: "foo", + Value: "bar", + }, + { + Key: "foo1", + Value: "bar1", + }, + { + Key: "foo2", + Value: "bar2", + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + builder := targetGroupBuilderImpl{} + + res := builder.convertMapToAttributes(builder.buildTargetGroupAttributes(tc.props)) + assert.ElementsMatch(t, tc.expected, res) + }) + } +} + +func Test_buildTargetGroupBindingNodeSelector(t *testing.T) { + builder := targetGroupBuilderImpl{} + + res := builder.buildTargetGroupBindingNodeSelector(nil, elbv2model.TargetTypeInstance) + assert.Nil(t, res) + + propWithSelector := &elbv2gw.TargetGroupProps{ + NodeSelector: &metav1.LabelSelector{}, + } + + res = builder.buildTargetGroupBindingNodeSelector(propWithSelector, elbv2model.TargetTypeIP) + assert.Nil(t, res) + + assert.NotNil(t, builder.buildTargetGroupBindingNodeSelector(propWithSelector, elbv2model.TargetTypeInstance)) +} + +func Test_buildTargetGroupBindingMultiClusterFlag(t *testing.T) { + builder := targetGroupBuilderImpl{} + + assert.False(t, builder.buildTargetGroupBindingMultiClusterFlag(nil)) + + props := &elbv2gw.TargetGroupProps{ + EnableMultiCluster: false, + } + + assert.False(t, builder.buildTargetGroupBindingMultiClusterFlag(props)) + props.EnableMultiCluster = true + assert.True(t, builder.buildTargetGroupBindingMultiClusterFlag(props)) +} + +func protocolPtr(protocol elbv2gw.Protocol) *elbv2gw.Protocol { + return &protocol +} From 83ca9e9739d46e5fc28f6685a78d71833d3b95ac Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Thu, 17 Apr 2025 11:41:33 -0700 Subject: [PATCH 3/8] make logging less noisy --- controllers/gateway/gateway_controller.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/controllers/gateway/gateway_controller.go b/controllers/gateway/gateway_controller.go index 89947b8cc5..76e124e4ab 100644 --- a/controllers/gateway/gateway_controller.go +++ b/controllers/gateway/gateway_controller.go @@ -184,8 +184,6 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R allRoutes, err := r.gatewayLoader.LoadRoutesForGateway(ctx, *gw, r.routeFilter) - r.logger.Info("In Gateway Controller - Got these routes", "routes", allRoutes) - if err != nil { return err } From f2d04c6f829d1ebcc581a20762451c03cf7a8988 Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Mon, 21 Apr 2025 10:12:52 -0700 Subject: [PATCH 4/8] refactor multicluster to target group props --- apis/gateway/v1beta1/loadbalancerconfig_types.go | 5 ----- apis/gateway/v1beta1/targetgroupconfig_types.go | 5 +++++ .../gateway.k8s.aws_loadbalancerconfigurations.yaml | 5 ----- .../gateway.k8s.aws_targetgroupconfigurations.yaml | 10 ++++++++++ 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/apis/gateway/v1beta1/loadbalancerconfig_types.go b/apis/gateway/v1beta1/loadbalancerconfig_types.go index 8435bd9772..c9a3e164a5 100644 --- a/apis/gateway/v1beta1/loadbalancerconfig_types.go +++ b/apis/gateway/v1beta1/loadbalancerconfig_types.go @@ -243,11 +243,6 @@ type LoadBalancerConfigurationSpec struct { // when you specify securityGroups // +optional ManageBackendSecurityGroupRules bool `json:"manageBackendSecurityGroupRules,omitempty"` - - // EnableMultiCluster [Application / Network LoadBalancer] - // All TargetGroupBindings attached to this Load Balancer will have multi cluster support enabled. - // +optional - EnableMultiCluster bool `json:"enableMultiCluster,omitempty"` } // TODO -- these can be used to set what generation the gateway is currently on to track progress on reconcile. diff --git a/apis/gateway/v1beta1/targetgroupconfig_types.go b/apis/gateway/v1beta1/targetgroupconfig_types.go index 8794e6b520..7615fccd57 100644 --- a/apis/gateway/v1beta1/targetgroupconfig_types.go +++ b/apis/gateway/v1beta1/targetgroupconfig_types.go @@ -216,6 +216,11 @@ type TargetGroupProps struct { // +optional EnableMultiCluster bool `json:"enableMultiCluster,omitempty"` + // EnableMultiCluster [Application / Network LoadBalancer] + // Allows for multiple Clusters / Services to use the generated TargetGroup ARN + // +optional + EnableMultiCluster bool `json:"enableMultiCluster,omitempty"` + // vpcID is the VPC of the TargetGroup. If unspecified, it will be automatically inferred. // +optional VpcID *string `json:"vpcID,omitempty"` diff --git a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml index aaa8a79ce3..f146a9eb99 100644 --- a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml +++ b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml @@ -56,11 +56,6 @@ spec: enables the creation of security group rules to the managed security group to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs type: boolean - enableMultiCluster: - description: |- - EnableMultiCluster [Application / Network LoadBalancer] - All TargetGroupBindings attached to this Load Balancer will have multi cluster support enabled. - type: boolean enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: description: enforceSecurityGroupInboundRulesOnPrivateLinkTraffic Indicates whether to evaluate inbound security group rules for traffic diff --git a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml index 1ad36952b0..4f4e4c62d1 100644 --- a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml +++ b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml @@ -53,6 +53,11 @@ spec: description: defaultRouteConfiguration fallback configuration applied to all routes, unless overridden by route-specific configurations. properties: + enableMultiCluster: + description: |- + EnableMultiCluster [Application / Network LoadBalancer] + Allows for multiple Clusters / Services to use the generated TargetGroup ARN + type: boolean enableProxyProtocolV2: description: |- enableProxyProtocolV2 [Network LoadBalancers] Indicates whether proxy protocol version 2 is enabled. @@ -253,6 +258,11 @@ spec: targetGroupProps: description: targetGroupProps the target group specific properties properties: + enableMultiCluster: + description: |- + EnableMultiCluster [Application / Network LoadBalancer] + Allows for multiple Clusters / Services to use the generated TargetGroup ARN + type: boolean enableProxyProtocolV2: description: |- enableProxyProtocolV2 [Network LoadBalancers] Indicates whether proxy protocol version 2 is enabled. From 4a629db8df04afe6576f50c6c01d137cf5950fba Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Mon, 21 Apr 2025 11:51:53 -0700 Subject: [PATCH 5/8] refactor to use route kind enum --- apis/gateway/v1beta1/targetgroupconfig_types.go | 5 ----- apis/gateway/v1beta1/zz_generated.deepcopy.go | 5 ----- .../gateway.k8s.aws_targetgroupconfigurations.yaml | 10 ---------- 3 files changed, 20 deletions(-) diff --git a/apis/gateway/v1beta1/targetgroupconfig_types.go b/apis/gateway/v1beta1/targetgroupconfig_types.go index 7615fccd57..8794e6b520 100644 --- a/apis/gateway/v1beta1/targetgroupconfig_types.go +++ b/apis/gateway/v1beta1/targetgroupconfig_types.go @@ -216,11 +216,6 @@ type TargetGroupProps struct { // +optional EnableMultiCluster bool `json:"enableMultiCluster,omitempty"` - // EnableMultiCluster [Application / Network LoadBalancer] - // Allows for multiple Clusters / Services to use the generated TargetGroup ARN - // +optional - EnableMultiCluster bool `json:"enableMultiCluster,omitempty"` - // vpcID is the VPC of the TargetGroup. If unspecified, it will be automatically inferred. // +optional VpcID *string `json:"vpcID,omitempty"` diff --git a/apis/gateway/v1beta1/zz_generated.deepcopy.go b/apis/gateway/v1beta1/zz_generated.deepcopy.go index d5f95d1b74..fe1edd2f62 100644 --- a/apis/gateway/v1beta1/zz_generated.deepcopy.go +++ b/apis/gateway/v1beta1/zz_generated.deepcopy.go @@ -696,11 +696,6 @@ func (in *TargetGroupProps) DeepCopyInto(out *TargetGroupProps) { *out = new(ProtocolVersion) **out = **in } - if in.EnableProxyProtocolV2 != nil { - in, out := &in.EnableProxyProtocolV2, &out.EnableProxyProtocolV2 - *out = new(bool) - **out = **in - } if in.VpcID != nil { in, out := &in.VpcID, &out.VpcID *out = new(string) diff --git a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml index 4f4e4c62d1..b2b21ca7b2 100644 --- a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml +++ b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml @@ -58,11 +58,6 @@ spec: EnableMultiCluster [Application / Network LoadBalancer] Allows for multiple Clusters / Services to use the generated TargetGroup ARN type: boolean - enableProxyProtocolV2: - description: |- - enableProxyProtocolV2 [Network LoadBalancers] Indicates whether proxy protocol version 2 is enabled. - By default, proxy protocol is disabled. - type: boolean healthCheckConfig: description: healthCheckConfig The Health Check configuration for this backend. @@ -263,11 +258,6 @@ spec: EnableMultiCluster [Application / Network LoadBalancer] Allows for multiple Clusters / Services to use the generated TargetGroup ARN type: boolean - enableProxyProtocolV2: - description: |- - enableProxyProtocolV2 [Network LoadBalancers] Indicates whether proxy protocol version 2 is enabled. - By default, proxy protocol is disabled. - type: boolean healthCheckConfig: description: healthCheckConfig The Health Check configuration for this backend. From eb7b737f1c693a44db775104584f766ff9e690e3 Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Mon, 21 Apr 2025 12:01:07 -0700 Subject: [PATCH 6/8] infer target group type from route --- ...ay.k8s.aws_loadbalancerconfigurations.yaml | 298 ----------- ...way.k8s.aws_targetgroupconfigurations.yaml | 498 ------------------ 2 files changed, 796 deletions(-) delete mode 100644 config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml delete mode 100644 config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml diff --git a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml deleted file mode 100644 index f146a9eb99..0000000000 --- a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml +++ /dev/null @@ -1,298 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: loadbalancerconfigurations.gateway.k8s.aws -spec: - group: gateway.k8s.aws - names: - kind: LoadBalancerConfiguration - listKind: LoadBalancerConfigurationList - plural: loadbalancerconfigurations - singular: loadbalancerconfiguration - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: LoadBalancerConfigurationSpec defines the desired state of - LoadBalancerConfiguration - properties: - customerOwnedIpv4Pool: - description: |- - customerOwnedIpv4Pool [Application LoadBalancer] - is the ID of the customer-owned address for Application Load Balancers on Outposts pool. - type: string - enableICMP: - description: |- - EnableICMP [Network LoadBalancer] - enables the creation of security group rules to the managed security group - to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs - type: boolean - enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: - description: enforceSecurityGroupInboundRulesOnPrivateLinkTraffic - Indicates whether to evaluate inbound security group rules for traffic - sent to a Network Load Balancer through Amazon Web Services PrivateLink. - type: string - ipAddressType: - description: loadBalancerIPType defines what kind of load balancer - to provision (ipv4, dual stack) - enum: - - ipv4 - - dualstack - - dualstack-without-public-ipv4 - type: string - ipv4IPAMPoolId: - description: |- - IPv4IPAMPoolId [Application LoadBalancer] - defines the IPAM pool ID used for IPv4 Addresses on the ALB. - type: string - listenerConfigurations: - description: listenerConfigurations is an optional list of configurations - for each listener on LB - items: - properties: - alpnPolicy: - description: alpnPolicy an optional string that allows you to - configure ALPN policies on your Load Balancer - enum: - - HTTP1Only - - HTTP2Only - - HTTP2Optional - - HTTP2Preferred - - None - type: string - certificates: - description: certificates is the list of other certificates - to add to the listener. - items: - type: string - type: array - defaultCertificate: - description: |- - TODO: Add validation in admission webhook to make it required for secure protocols - defaultCertificate the cert arn to be used by default. - type: string - listenerAttributes: - description: listenerAttributes defines the attributes for the - listener - items: - description: ListenerAttribute defines listener attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - mutualAuthentication: - description: mutualAuthentication defines the mutual authentication - configuration information. - properties: - advertiseTrustStoreCaNames: - description: Indicates whether trust store CA certificate - names are advertised. - enum: - - "on" - - "off" - type: string - ignoreClientCertificateExpiry: - description: Indicates whether expired client certificates - are ignored. - type: boolean - mode: - description: The client certificate handling method. Options - are off , passthrough or verify - enum: - - "off" - - passthrough - - verify - type: string - trustStore: - description: The Name or ARN of the trust store. - type: string - required: - - mode - type: object - protocolPort: - description: protocolPort is identifier for the listener on - load balancer. It should be of the form PROTOCOL:PORT - pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$ - type: string - sslPolicy: - description: sslPolicy is the security policy that defines which - protocols and ciphers are supported for secure listeners [HTTPS - or TLS listener]. - type: string - required: - - protocolPort - type: object - type: array - loadBalancerAttributes: - description: LoadBalancerAttributes defines the attribute of LB - items: - description: LoadBalancerAttribute defines LB attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - loadBalancerName: - description: loadBalancerName defines the name of the LB to provision. - If unspecified, it will be automatically generated. - maxLength: 32 - minLength: 1 - type: string - loadBalancerSubnets: - description: |- - loadBalancerSubnets is an optional list of subnet configurations to be used in the LB - This value takes precedence over loadBalancerSubnetsSelector if both are selected. - items: - description: SubnetConfiguration defines the subnet settings for - a Load Balancer. - properties: - eipAllocation: - description: eipAllocation [Network LoadBalancer] the EIP name - for this subnet. - type: string - identifier: - description: identifier [Application LoadBalancer / Network - LoadBalancer] name or id for the subnet - type: string - ipv6Allocation: - description: IPv6Allocation [Network LoadBalancer] the ipv6 - address to assign to this subnet. - type: string - privateIPv4Allocation: - description: privateIPv4Allocation [Network LoadBalancer] the - private ipv4 address to assign to this subnet. - type: string - sourceNatIPv6Prefix: - description: SourceNatIPv6Prefix [Network LoadBalancer] The - IPv6 prefix to use for source NAT. Specify an IPv6 prefix - (/80 netmask) from the subnet CIDR block or auto_assigned - to use an IPv6 prefix selected at random from the subnet CIDR - block. - type: string - type: object - type: array - loadBalancerSubnetsSelector: - additionalProperties: - items: - type: string - type: array - description: |- - LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each - tag specified in the map key contains one of the values in the corresponding - value list. - type: object - manageBackendSecurityGroupRules: - description: |- - ManageBackendSecurityGroupRules [Application / Network LoadBalancer] - specifies whether you want the controller to configure security group rules on Node/Pod for traffic access - when you specify securityGroups - type: boolean - scheme: - description: scheme defines the type of LB to provision. If unspecified, - it will be automatically inferred. - enum: - - internal - - internet-facing - type: string - securityGroupPrefixes: - description: securityGroupPrefixes an optional list of prefixes that - are allowed to access the LB. - items: - type: string - type: array - securityGroups: - description: securityGroups an optional list of security group ids - or names to apply to the LB - items: - type: string - type: array - sourceRanges: - description: sourceRanges an optional list of CIDRs that are allowed - to access the LB. - items: - type: string - type: array - tags: - description: Tags defines list of Tags on LB. - items: - description: AWSTag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - vpcId: - description: vpcId is the ID of the VPC for the load balancer. - type: string - type: object - status: - description: LoadBalancerConfigurationStatus defines the observed state - of TargetGroupBinding - properties: - observedGatewayClassConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the GatewayClass object. - format: int64 - type: integer - observedGatewayConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the Gateway object. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml deleted file mode 100644 index b2b21ca7b2..0000000000 --- a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml +++ /dev/null @@ -1,498 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: targetgroupconfigurations.gateway.k8s.aws -spec: - group: gateway.k8s.aws - names: - kind: TargetGroupConfiguration - listKind: TargetGroupConfigurationList - plural: targetgroupconfigurations - singular: targetgroupconfiguration - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.targetReference.name - name: SERVICE-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TargetGroupConfiguration is the Schema for defining TargetGroups - with an AWS ELB Gateway - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TargetGroupConfigurationSpec defines the TargetGroup properties - for a route. - properties: - defaultConfiguration: - description: defaultRouteConfiguration fallback configuration applied - to all routes, unless overridden by route-specific configurations. - properties: - enableMultiCluster: - description: |- - EnableMultiCluster [Application / Network LoadBalancer] - Allows for multiple Clusters / Services to use the generated TargetGroup ARN - type: boolean - healthCheckConfig: - description: healthCheckConfig The Health Check configuration - for this backend. - properties: - healthCheckInterval: - description: healthCheckInterval The approximate amount of - time, in seconds, between health checks of an individual - target. - format: int32 - type: integer - healthCheckPath: - description: healthCheckPath The destination for health checks - on the targets. - type: string - healthCheckPort: - description: |- - healthCheckPort The port the load balancer uses when performing health checks on targets. - The default is to use the port on which each target receives traffic from the load balancer. - type: string - healthCheckProtocol: - description: healthCheckProtocol The protocol to use to connect - with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols - are not supported for health checks. - enum: - - http - - https - - tcp - type: string - healthCheckTimeout: - description: healthCheckTimeout The amount of time, in seconds, - during which no response means a failed health check - format: int32 - type: integer - healthyThresholdCount: - description: healthyThresholdCount The number of consecutive - health checks successes required before considering an unhealthy - target healthy. - format: int32 - type: integer - matcher: - description: healthCheckCodes The HTTP or gRPC codes to use - when checking for a successful response from a target - properties: - grpcCode: - description: The gRPC codes - type: string - httpCode: - description: The HTTP codes. - type: string - type: object - unhealthyThresholdCount: - description: unhealthyThresholdCount The number of consecutive - health check failures required before considering the target - unhealthy. - format: int32 - type: integer - type: object - ipAddressType: - description: ipAddressType specifies whether the target group - is of type IPv4 or IPv6. If unspecified, it will be automatically - inferred. - enum: - - ipv4 - - ipv6 - type: string - nodeSelector: - description: node selector for instance type target groups to - only register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - protocol: - description: |- - Protocol [Application / Network Load Balancer] the protocol for the target group. - If unspecified, it will be automatically inferred. - enum: - - HTTP - - HTTPS - - TCP - - TLS - - UDP - - TCP_UDP - type: string - protocolVersion: - description: protocolVersion [HTTP/HTTPS protocol] The protocol - version. The possible values are GRPC , HTTP1 and HTTP2 - enum: - - http1 - - http2 - - grpc - type: string - tags: - description: Tags defines list of Tags on target group. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - targetGroupAttributes: - description: targetGroupAttributes defines the attribute of target - group - items: - description: TargetGroupAttribute defines target group attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - targetGroupName: - description: targetGroupName specifies the name to assign to the - Target Group. If not defined, then one is generated. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred as instance. - enum: - - instance - - ip - type: string - vpcID: - description: vpcID is the VPC of the TargetGroup. If unspecified, - it will be automatically inferred. - type: string - type: object - routeConfigurations: - description: routeConfigurations the route configuration for specific - routes - items: - description: RouteConfiguration defines the per route configuration - properties: - identifier: - description: name the identifier of the route, it should be - in the form of ROUTE:NAMESPACE:NAME - pattern: ^(HTTPRoute|TLSRoute|TCPRoute|UDPRoute|GRPCRoute)?:([^:]+)?:([^:]+)?$ - type: string - targetGroupProps: - description: targetGroupProps the target group specific properties - properties: - enableMultiCluster: - description: |- - EnableMultiCluster [Application / Network LoadBalancer] - Allows for multiple Clusters / Services to use the generated TargetGroup ARN - type: boolean - healthCheckConfig: - description: healthCheckConfig The Health Check configuration - for this backend. - properties: - healthCheckInterval: - description: healthCheckInterval The approximate amount - of time, in seconds, between health checks of an individual - target. - format: int32 - type: integer - healthCheckPath: - description: healthCheckPath The destination for health - checks on the targets. - type: string - healthCheckPort: - description: |- - healthCheckPort The port the load balancer uses when performing health checks on targets. - The default is to use the port on which each target receives traffic from the load balancer. - type: string - healthCheckProtocol: - description: healthCheckProtocol The protocol to use - to connect with the target. The GENEVE, TLS, UDP, - and TCP_UDP protocols are not supported for health - checks. - enum: - - http - - https - - tcp - type: string - healthCheckTimeout: - description: healthCheckTimeout The amount of time, - in seconds, during which no response means a failed - health check - format: int32 - type: integer - healthyThresholdCount: - description: healthyThresholdCount The number of consecutive - health checks successes required before considering - an unhealthy target healthy. - format: int32 - type: integer - matcher: - description: healthCheckCodes The HTTP or gRPC codes - to use when checking for a successful response from - a target - properties: - grpcCode: - description: The gRPC codes - type: string - httpCode: - description: The HTTP codes. - type: string - type: object - unhealthyThresholdCount: - description: unhealthyThresholdCount The number of consecutive - health check failures required before considering - the target unhealthy. - format: int32 - type: integer - type: object - ipAddressType: - description: ipAddressType specifies whether the target - group is of type IPv4 or IPv6. If unspecified, it will - be automatically inferred. - enum: - - ipv4 - - ipv6 - type: string - nodeSelector: - description: node selector for instance type target groups - to only register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - protocol: - description: |- - Protocol [Application / Network Load Balancer] the protocol for the target group. - If unspecified, it will be automatically inferred. - enum: - - HTTP - - HTTPS - - TCP - - TLS - - UDP - - TCP_UDP - type: string - protocolVersion: - description: protocolVersion [HTTP/HTTPS protocol] The protocol - version. The possible values are GRPC , HTTP1 and HTTP2 - enum: - - http1 - - http2 - - grpc - type: string - tags: - description: Tags defines list of Tags on target group. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - targetGroupAttributes: - description: targetGroupAttributes defines the attribute - of target group - items: - description: TargetGroupAttribute defines target group - attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - targetGroupName: - description: targetGroupName specifies the name to assign - to the Target Group. If not defined, then one is generated. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. - If unspecified, it will be automatically inferred as instance. - enum: - - instance - - ip - type: string - vpcID: - description: vpcID is the VPC of the TargetGroup. If unspecified, - it will be automatically inferred. - type: string - type: object - required: - - identifier - - targetGroupProps - type: object - type: array - targetReference: - description: targetReference the kubernetes object to attach the Target - Group settings to. - properties: - group: - default: "" - description: |- - Group is the group of the referent. For example, "gateway.networking.k8s.io". - When unspecified or empty string, core API group is inferred. - type: string - kind: - default: Service - description: |- - Kind is the Kubernetes resource kind of the referent. For example - "Service". - - - Defaults to "Service" when not specified. - type: string - name: - description: Name is the name of the referent. - type: string - required: - - name - type: object - required: - - targetReference - type: object - status: - description: TargetGroupConfigurationStatus defines the observed state - of TargetGroupConfiguration - properties: - observedGatewayClassConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the GatewayClass object. - format: int64 - type: integer - observedGatewayConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the Gateway object. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} From 06b5c27ab495080ad7524aa3c04cc1bc49dae219 Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Mon, 21 Apr 2025 17:41:49 -0700 Subject: [PATCH 7/8] unit tests for target group builder --- ...ay.k8s.aws_loadbalancerconfigurations.yaml | 298 +++++++++++ ...way.k8s.aws_targetgroupconfigurations.yaml | 498 ++++++++++++++++++ 2 files changed, 796 insertions(+) create mode 100644 config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml create mode 100644 config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml diff --git a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml new file mode 100644 index 0000000000..f146a9eb99 --- /dev/null +++ b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml @@ -0,0 +1,298 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: loadbalancerconfigurations.gateway.k8s.aws +spec: + group: gateway.k8s.aws + names: + kind: LoadBalancerConfiguration + listKind: LoadBalancerConfigurationList + plural: loadbalancerconfigurations + singular: loadbalancerconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LoadBalancerConfigurationSpec defines the desired state of + LoadBalancerConfiguration + properties: + customerOwnedIpv4Pool: + description: |- + customerOwnedIpv4Pool [Application LoadBalancer] + is the ID of the customer-owned address for Application Load Balancers on Outposts pool. + type: string + enableICMP: + description: |- + EnableICMP [Network LoadBalancer] + enables the creation of security group rules to the managed security group + to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs + type: boolean + enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: + description: enforceSecurityGroupInboundRulesOnPrivateLinkTraffic + Indicates whether to evaluate inbound security group rules for traffic + sent to a Network Load Balancer through Amazon Web Services PrivateLink. + type: string + ipAddressType: + description: loadBalancerIPType defines what kind of load balancer + to provision (ipv4, dual stack) + enum: + - ipv4 + - dualstack + - dualstack-without-public-ipv4 + type: string + ipv4IPAMPoolId: + description: |- + IPv4IPAMPoolId [Application LoadBalancer] + defines the IPAM pool ID used for IPv4 Addresses on the ALB. + type: string + listenerConfigurations: + description: listenerConfigurations is an optional list of configurations + for each listener on LB + items: + properties: + alpnPolicy: + description: alpnPolicy an optional string that allows you to + configure ALPN policies on your Load Balancer + enum: + - HTTP1Only + - HTTP2Only + - HTTP2Optional + - HTTP2Preferred + - None + type: string + certificates: + description: certificates is the list of other certificates + to add to the listener. + items: + type: string + type: array + defaultCertificate: + description: |- + TODO: Add validation in admission webhook to make it required for secure protocols + defaultCertificate the cert arn to be used by default. + type: string + listenerAttributes: + description: listenerAttributes defines the attributes for the + listener + items: + description: ListenerAttribute defines listener attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + mutualAuthentication: + description: mutualAuthentication defines the mutual authentication + configuration information. + properties: + advertiseTrustStoreCaNames: + description: Indicates whether trust store CA certificate + names are advertised. + enum: + - "on" + - "off" + type: string + ignoreClientCertificateExpiry: + description: Indicates whether expired client certificates + are ignored. + type: boolean + mode: + description: The client certificate handling method. Options + are off , passthrough or verify + enum: + - "off" + - passthrough + - verify + type: string + trustStore: + description: The Name or ARN of the trust store. + type: string + required: + - mode + type: object + protocolPort: + description: protocolPort is identifier for the listener on + load balancer. It should be of the form PROTOCOL:PORT + pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$ + type: string + sslPolicy: + description: sslPolicy is the security policy that defines which + protocols and ciphers are supported for secure listeners [HTTPS + or TLS listener]. + type: string + required: + - protocolPort + type: object + type: array + loadBalancerAttributes: + description: LoadBalancerAttributes defines the attribute of LB + items: + description: LoadBalancerAttribute defines LB attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + loadBalancerName: + description: loadBalancerName defines the name of the LB to provision. + If unspecified, it will be automatically generated. + maxLength: 32 + minLength: 1 + type: string + loadBalancerSubnets: + description: |- + loadBalancerSubnets is an optional list of subnet configurations to be used in the LB + This value takes precedence over loadBalancerSubnetsSelector if both are selected. + items: + description: SubnetConfiguration defines the subnet settings for + a Load Balancer. + properties: + eipAllocation: + description: eipAllocation [Network LoadBalancer] the EIP name + for this subnet. + type: string + identifier: + description: identifier [Application LoadBalancer / Network + LoadBalancer] name or id for the subnet + type: string + ipv6Allocation: + description: IPv6Allocation [Network LoadBalancer] the ipv6 + address to assign to this subnet. + type: string + privateIPv4Allocation: + description: privateIPv4Allocation [Network LoadBalancer] the + private ipv4 address to assign to this subnet. + type: string + sourceNatIPv6Prefix: + description: SourceNatIPv6Prefix [Network LoadBalancer] The + IPv6 prefix to use for source NAT. Specify an IPv6 prefix + (/80 netmask) from the subnet CIDR block or auto_assigned + to use an IPv6 prefix selected at random from the subnet CIDR + block. + type: string + type: object + type: array + loadBalancerSubnetsSelector: + additionalProperties: + items: + type: string + type: array + description: |- + LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each + tag specified in the map key contains one of the values in the corresponding + value list. + type: object + manageBackendSecurityGroupRules: + description: |- + ManageBackendSecurityGroupRules [Application / Network LoadBalancer] + specifies whether you want the controller to configure security group rules on Node/Pod for traffic access + when you specify securityGroups + type: boolean + scheme: + description: scheme defines the type of LB to provision. If unspecified, + it will be automatically inferred. + enum: + - internal + - internet-facing + type: string + securityGroupPrefixes: + description: securityGroupPrefixes an optional list of prefixes that + are allowed to access the LB. + items: + type: string + type: array + securityGroups: + description: securityGroups an optional list of security group ids + or names to apply to the LB + items: + type: string + type: array + sourceRanges: + description: sourceRanges an optional list of CIDRs that are allowed + to access the LB. + items: + type: string + type: array + tags: + description: Tags defines list of Tags on LB. + items: + description: AWSTag defines a AWS Tag on resources. + properties: + key: + description: The key of the tag. + type: string + value: + description: The value of the tag. + type: string + required: + - key + - value + type: object + type: array + vpcId: + description: vpcId is the ID of the VPC for the load balancer. + type: string + type: object + status: + description: LoadBalancerConfigurationStatus defines the observed state + of TargetGroupBinding + properties: + observedGatewayClassConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the GatewayClass object. + format: int64 + type: integer + observedGatewayConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the Gateway object. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml new file mode 100644 index 0000000000..b2b21ca7b2 --- /dev/null +++ b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml @@ -0,0 +1,498 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: targetgroupconfigurations.gateway.k8s.aws +spec: + group: gateway.k8s.aws + names: + kind: TargetGroupConfiguration + listKind: TargetGroupConfigurationList + plural: targetgroupconfigurations + singular: targetgroupconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The Kubernetes Service's name + jsonPath: .spec.targetReference.name + name: SERVICE-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TargetGroupConfiguration is the Schema for defining TargetGroups + with an AWS ELB Gateway + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TargetGroupConfigurationSpec defines the TargetGroup properties + for a route. + properties: + defaultConfiguration: + description: defaultRouteConfiguration fallback configuration applied + to all routes, unless overridden by route-specific configurations. + properties: + enableMultiCluster: + description: |- + EnableMultiCluster [Application / Network LoadBalancer] + Allows for multiple Clusters / Services to use the generated TargetGroup ARN + type: boolean + healthCheckConfig: + description: healthCheckConfig The Health Check configuration + for this backend. + properties: + healthCheckInterval: + description: healthCheckInterval The approximate amount of + time, in seconds, between health checks of an individual + target. + format: int32 + type: integer + healthCheckPath: + description: healthCheckPath The destination for health checks + on the targets. + type: string + healthCheckPort: + description: |- + healthCheckPort The port the load balancer uses when performing health checks on targets. + The default is to use the port on which each target receives traffic from the load balancer. + type: string + healthCheckProtocol: + description: healthCheckProtocol The protocol to use to connect + with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols + are not supported for health checks. + enum: + - http + - https + - tcp + type: string + healthCheckTimeout: + description: healthCheckTimeout The amount of time, in seconds, + during which no response means a failed health check + format: int32 + type: integer + healthyThresholdCount: + description: healthyThresholdCount The number of consecutive + health checks successes required before considering an unhealthy + target healthy. + format: int32 + type: integer + matcher: + description: healthCheckCodes The HTTP or gRPC codes to use + when checking for a successful response from a target + properties: + grpcCode: + description: The gRPC codes + type: string + httpCode: + description: The HTTP codes. + type: string + type: object + unhealthyThresholdCount: + description: unhealthyThresholdCount The number of consecutive + health check failures required before considering the target + unhealthy. + format: int32 + type: integer + type: object + ipAddressType: + description: ipAddressType specifies whether the target group + is of type IPv4 or IPv6. If unspecified, it will be automatically + inferred. + enum: + - ipv4 + - ipv6 + type: string + nodeSelector: + description: node selector for instance type target groups to + only register certain nodes + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + protocol: + description: |- + Protocol [Application / Network Load Balancer] the protocol for the target group. + If unspecified, it will be automatically inferred. + enum: + - HTTP + - HTTPS + - TCP + - TLS + - UDP + - TCP_UDP + type: string + protocolVersion: + description: protocolVersion [HTTP/HTTPS protocol] The protocol + version. The possible values are GRPC , HTTP1 and HTTP2 + enum: + - http1 + - http2 + - grpc + type: string + tags: + description: Tags defines list of Tags on target group. + items: + description: Tag defines a AWS Tag on resources. + properties: + key: + description: The key of the tag. + type: string + value: + description: The value of the tag. + type: string + required: + - key + - value + type: object + type: array + targetGroupAttributes: + description: targetGroupAttributes defines the attribute of target + group + items: + description: TargetGroupAttribute defines target group attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + targetGroupName: + description: targetGroupName specifies the name to assign to the + Target Group. If not defined, then one is generated. + type: string + targetType: + description: targetType is the TargetType of TargetGroup. If unspecified, + it will be automatically inferred as instance. + enum: + - instance + - ip + type: string + vpcID: + description: vpcID is the VPC of the TargetGroup. If unspecified, + it will be automatically inferred. + type: string + type: object + routeConfigurations: + description: routeConfigurations the route configuration for specific + routes + items: + description: RouteConfiguration defines the per route configuration + properties: + identifier: + description: name the identifier of the route, it should be + in the form of ROUTE:NAMESPACE:NAME + pattern: ^(HTTPRoute|TLSRoute|TCPRoute|UDPRoute|GRPCRoute)?:([^:]+)?:([^:]+)?$ + type: string + targetGroupProps: + description: targetGroupProps the target group specific properties + properties: + enableMultiCluster: + description: |- + EnableMultiCluster [Application / Network LoadBalancer] + Allows for multiple Clusters / Services to use the generated TargetGroup ARN + type: boolean + healthCheckConfig: + description: healthCheckConfig The Health Check configuration + for this backend. + properties: + healthCheckInterval: + description: healthCheckInterval The approximate amount + of time, in seconds, between health checks of an individual + target. + format: int32 + type: integer + healthCheckPath: + description: healthCheckPath The destination for health + checks on the targets. + type: string + healthCheckPort: + description: |- + healthCheckPort The port the load balancer uses when performing health checks on targets. + The default is to use the port on which each target receives traffic from the load balancer. + type: string + healthCheckProtocol: + description: healthCheckProtocol The protocol to use + to connect with the target. The GENEVE, TLS, UDP, + and TCP_UDP protocols are not supported for health + checks. + enum: + - http + - https + - tcp + type: string + healthCheckTimeout: + description: healthCheckTimeout The amount of time, + in seconds, during which no response means a failed + health check + format: int32 + type: integer + healthyThresholdCount: + description: healthyThresholdCount The number of consecutive + health checks successes required before considering + an unhealthy target healthy. + format: int32 + type: integer + matcher: + description: healthCheckCodes The HTTP or gRPC codes + to use when checking for a successful response from + a target + properties: + grpcCode: + description: The gRPC codes + type: string + httpCode: + description: The HTTP codes. + type: string + type: object + unhealthyThresholdCount: + description: unhealthyThresholdCount The number of consecutive + health check failures required before considering + the target unhealthy. + format: int32 + type: integer + type: object + ipAddressType: + description: ipAddressType specifies whether the target + group is of type IPv4 or IPv6. If unspecified, it will + be automatically inferred. + enum: + - ipv4 + - ipv6 + type: string + nodeSelector: + description: node selector for instance type target groups + to only register certain nodes + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + protocol: + description: |- + Protocol [Application / Network Load Balancer] the protocol for the target group. + If unspecified, it will be automatically inferred. + enum: + - HTTP + - HTTPS + - TCP + - TLS + - UDP + - TCP_UDP + type: string + protocolVersion: + description: protocolVersion [HTTP/HTTPS protocol] The protocol + version. The possible values are GRPC , HTTP1 and HTTP2 + enum: + - http1 + - http2 + - grpc + type: string + tags: + description: Tags defines list of Tags on target group. + items: + description: Tag defines a AWS Tag on resources. + properties: + key: + description: The key of the tag. + type: string + value: + description: The value of the tag. + type: string + required: + - key + - value + type: object + type: array + targetGroupAttributes: + description: targetGroupAttributes defines the attribute + of target group + items: + description: TargetGroupAttribute defines target group + attribute. + properties: + key: + description: The key of the attribute. + type: string + value: + description: The value of the attribute. + type: string + required: + - key + - value + type: object + type: array + targetGroupName: + description: targetGroupName specifies the name to assign + to the Target Group. If not defined, then one is generated. + type: string + targetType: + description: targetType is the TargetType of TargetGroup. + If unspecified, it will be automatically inferred as instance. + enum: + - instance + - ip + type: string + vpcID: + description: vpcID is the VPC of the TargetGroup. If unspecified, + it will be automatically inferred. + type: string + type: object + required: + - identifier + - targetGroupProps + type: object + type: array + targetReference: + description: targetReference the kubernetes object to attach the Target + Group settings to. + properties: + group: + default: "" + description: |- + Group is the group of the referent. For example, "gateway.networking.k8s.io". + When unspecified or empty string, core API group is inferred. + type: string + kind: + default: Service + description: |- + Kind is the Kubernetes resource kind of the referent. For example + "Service". + + + Defaults to "Service" when not specified. + type: string + name: + description: Name is the name of the referent. + type: string + required: + - name + type: object + required: + - targetReference + type: object + status: + description: TargetGroupConfigurationStatus defines the observed state + of TargetGroupConfiguration + properties: + observedGatewayClassConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the GatewayClass object. + format: int64 + type: integer + observedGatewayConfigurationGeneration: + description: The generation of the Gateway Configuration attached + to the Gateway object. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} From 0886c6b4b35751f862c3ae299216d1d0f2378541 Mon Sep 17 00:00:00 2001 From: Zachary Nixon Date: Mon, 21 Apr 2025 17:56:24 -0700 Subject: [PATCH 8/8] fix crds --- ...ay.k8s.aws_loadbalancerconfigurations.yaml | 298 ----------- ...way.k8s.aws_targetgroupconfigurations.yaml | 498 ------------------ 2 files changed, 796 deletions(-) delete mode 100644 config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml delete mode 100644 config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml diff --git a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml deleted file mode 100644 index f146a9eb99..0000000000 --- a/config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml +++ /dev/null @@ -1,298 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: loadbalancerconfigurations.gateway.k8s.aws -spec: - group: gateway.k8s.aws - names: - kind: LoadBalancerConfiguration - listKind: LoadBalancerConfigurationList - plural: loadbalancerconfigurations - singular: loadbalancerconfiguration - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: LoadBalancerConfigurationSpec defines the desired state of - LoadBalancerConfiguration - properties: - customerOwnedIpv4Pool: - description: |- - customerOwnedIpv4Pool [Application LoadBalancer] - is the ID of the customer-owned address for Application Load Balancers on Outposts pool. - type: string - enableICMP: - description: |- - EnableICMP [Network LoadBalancer] - enables the creation of security group rules to the managed security group - to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs - type: boolean - enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: - description: enforceSecurityGroupInboundRulesOnPrivateLinkTraffic - Indicates whether to evaluate inbound security group rules for traffic - sent to a Network Load Balancer through Amazon Web Services PrivateLink. - type: string - ipAddressType: - description: loadBalancerIPType defines what kind of load balancer - to provision (ipv4, dual stack) - enum: - - ipv4 - - dualstack - - dualstack-without-public-ipv4 - type: string - ipv4IPAMPoolId: - description: |- - IPv4IPAMPoolId [Application LoadBalancer] - defines the IPAM pool ID used for IPv4 Addresses on the ALB. - type: string - listenerConfigurations: - description: listenerConfigurations is an optional list of configurations - for each listener on LB - items: - properties: - alpnPolicy: - description: alpnPolicy an optional string that allows you to - configure ALPN policies on your Load Balancer - enum: - - HTTP1Only - - HTTP2Only - - HTTP2Optional - - HTTP2Preferred - - None - type: string - certificates: - description: certificates is the list of other certificates - to add to the listener. - items: - type: string - type: array - defaultCertificate: - description: |- - TODO: Add validation in admission webhook to make it required for secure protocols - defaultCertificate the cert arn to be used by default. - type: string - listenerAttributes: - description: listenerAttributes defines the attributes for the - listener - items: - description: ListenerAttribute defines listener attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - mutualAuthentication: - description: mutualAuthentication defines the mutual authentication - configuration information. - properties: - advertiseTrustStoreCaNames: - description: Indicates whether trust store CA certificate - names are advertised. - enum: - - "on" - - "off" - type: string - ignoreClientCertificateExpiry: - description: Indicates whether expired client certificates - are ignored. - type: boolean - mode: - description: The client certificate handling method. Options - are off , passthrough or verify - enum: - - "off" - - passthrough - - verify - type: string - trustStore: - description: The Name or ARN of the trust store. - type: string - required: - - mode - type: object - protocolPort: - description: protocolPort is identifier for the listener on - load balancer. It should be of the form PROTOCOL:PORT - pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$ - type: string - sslPolicy: - description: sslPolicy is the security policy that defines which - protocols and ciphers are supported for secure listeners [HTTPS - or TLS listener]. - type: string - required: - - protocolPort - type: object - type: array - loadBalancerAttributes: - description: LoadBalancerAttributes defines the attribute of LB - items: - description: LoadBalancerAttribute defines LB attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - loadBalancerName: - description: loadBalancerName defines the name of the LB to provision. - If unspecified, it will be automatically generated. - maxLength: 32 - minLength: 1 - type: string - loadBalancerSubnets: - description: |- - loadBalancerSubnets is an optional list of subnet configurations to be used in the LB - This value takes precedence over loadBalancerSubnetsSelector if both are selected. - items: - description: SubnetConfiguration defines the subnet settings for - a Load Balancer. - properties: - eipAllocation: - description: eipAllocation [Network LoadBalancer] the EIP name - for this subnet. - type: string - identifier: - description: identifier [Application LoadBalancer / Network - LoadBalancer] name or id for the subnet - type: string - ipv6Allocation: - description: IPv6Allocation [Network LoadBalancer] the ipv6 - address to assign to this subnet. - type: string - privateIPv4Allocation: - description: privateIPv4Allocation [Network LoadBalancer] the - private ipv4 address to assign to this subnet. - type: string - sourceNatIPv6Prefix: - description: SourceNatIPv6Prefix [Network LoadBalancer] The - IPv6 prefix to use for source NAT. Specify an IPv6 prefix - (/80 netmask) from the subnet CIDR block or auto_assigned - to use an IPv6 prefix selected at random from the subnet CIDR - block. - type: string - type: object - type: array - loadBalancerSubnetsSelector: - additionalProperties: - items: - type: string - type: array - description: |- - LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each - tag specified in the map key contains one of the values in the corresponding - value list. - type: object - manageBackendSecurityGroupRules: - description: |- - ManageBackendSecurityGroupRules [Application / Network LoadBalancer] - specifies whether you want the controller to configure security group rules on Node/Pod for traffic access - when you specify securityGroups - type: boolean - scheme: - description: scheme defines the type of LB to provision. If unspecified, - it will be automatically inferred. - enum: - - internal - - internet-facing - type: string - securityGroupPrefixes: - description: securityGroupPrefixes an optional list of prefixes that - are allowed to access the LB. - items: - type: string - type: array - securityGroups: - description: securityGroups an optional list of security group ids - or names to apply to the LB - items: - type: string - type: array - sourceRanges: - description: sourceRanges an optional list of CIDRs that are allowed - to access the LB. - items: - type: string - type: array - tags: - description: Tags defines list of Tags on LB. - items: - description: AWSTag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - vpcId: - description: vpcId is the ID of the VPC for the load balancer. - type: string - type: object - status: - description: LoadBalancerConfigurationStatus defines the observed state - of TargetGroupBinding - properties: - observedGatewayClassConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the GatewayClass object. - format: int64 - type: integer - observedGatewayConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the Gateway object. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml b/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml deleted file mode 100644 index b2b21ca7b2..0000000000 --- a/config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml +++ /dev/null @@ -1,498 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: targetgroupconfigurations.gateway.k8s.aws -spec: - group: gateway.k8s.aws - names: - kind: TargetGroupConfiguration - listKind: TargetGroupConfigurationList - plural: targetgroupconfigurations - singular: targetgroupconfiguration - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.targetReference.name - name: SERVICE-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TargetGroupConfiguration is the Schema for defining TargetGroups - with an AWS ELB Gateway - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TargetGroupConfigurationSpec defines the TargetGroup properties - for a route. - properties: - defaultConfiguration: - description: defaultRouteConfiguration fallback configuration applied - to all routes, unless overridden by route-specific configurations. - properties: - enableMultiCluster: - description: |- - EnableMultiCluster [Application / Network LoadBalancer] - Allows for multiple Clusters / Services to use the generated TargetGroup ARN - type: boolean - healthCheckConfig: - description: healthCheckConfig The Health Check configuration - for this backend. - properties: - healthCheckInterval: - description: healthCheckInterval The approximate amount of - time, in seconds, between health checks of an individual - target. - format: int32 - type: integer - healthCheckPath: - description: healthCheckPath The destination for health checks - on the targets. - type: string - healthCheckPort: - description: |- - healthCheckPort The port the load balancer uses when performing health checks on targets. - The default is to use the port on which each target receives traffic from the load balancer. - type: string - healthCheckProtocol: - description: healthCheckProtocol The protocol to use to connect - with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols - are not supported for health checks. - enum: - - http - - https - - tcp - type: string - healthCheckTimeout: - description: healthCheckTimeout The amount of time, in seconds, - during which no response means a failed health check - format: int32 - type: integer - healthyThresholdCount: - description: healthyThresholdCount The number of consecutive - health checks successes required before considering an unhealthy - target healthy. - format: int32 - type: integer - matcher: - description: healthCheckCodes The HTTP or gRPC codes to use - when checking for a successful response from a target - properties: - grpcCode: - description: The gRPC codes - type: string - httpCode: - description: The HTTP codes. - type: string - type: object - unhealthyThresholdCount: - description: unhealthyThresholdCount The number of consecutive - health check failures required before considering the target - unhealthy. - format: int32 - type: integer - type: object - ipAddressType: - description: ipAddressType specifies whether the target group - is of type IPv4 or IPv6. If unspecified, it will be automatically - inferred. - enum: - - ipv4 - - ipv6 - type: string - nodeSelector: - description: node selector for instance type target groups to - only register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - protocol: - description: |- - Protocol [Application / Network Load Balancer] the protocol for the target group. - If unspecified, it will be automatically inferred. - enum: - - HTTP - - HTTPS - - TCP - - TLS - - UDP - - TCP_UDP - type: string - protocolVersion: - description: protocolVersion [HTTP/HTTPS protocol] The protocol - version. The possible values are GRPC , HTTP1 and HTTP2 - enum: - - http1 - - http2 - - grpc - type: string - tags: - description: Tags defines list of Tags on target group. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - targetGroupAttributes: - description: targetGroupAttributes defines the attribute of target - group - items: - description: TargetGroupAttribute defines target group attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - targetGroupName: - description: targetGroupName specifies the name to assign to the - Target Group. If not defined, then one is generated. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred as instance. - enum: - - instance - - ip - type: string - vpcID: - description: vpcID is the VPC of the TargetGroup. If unspecified, - it will be automatically inferred. - type: string - type: object - routeConfigurations: - description: routeConfigurations the route configuration for specific - routes - items: - description: RouteConfiguration defines the per route configuration - properties: - identifier: - description: name the identifier of the route, it should be - in the form of ROUTE:NAMESPACE:NAME - pattern: ^(HTTPRoute|TLSRoute|TCPRoute|UDPRoute|GRPCRoute)?:([^:]+)?:([^:]+)?$ - type: string - targetGroupProps: - description: targetGroupProps the target group specific properties - properties: - enableMultiCluster: - description: |- - EnableMultiCluster [Application / Network LoadBalancer] - Allows for multiple Clusters / Services to use the generated TargetGroup ARN - type: boolean - healthCheckConfig: - description: healthCheckConfig The Health Check configuration - for this backend. - properties: - healthCheckInterval: - description: healthCheckInterval The approximate amount - of time, in seconds, between health checks of an individual - target. - format: int32 - type: integer - healthCheckPath: - description: healthCheckPath The destination for health - checks on the targets. - type: string - healthCheckPort: - description: |- - healthCheckPort The port the load balancer uses when performing health checks on targets. - The default is to use the port on which each target receives traffic from the load balancer. - type: string - healthCheckProtocol: - description: healthCheckProtocol The protocol to use - to connect with the target. The GENEVE, TLS, UDP, - and TCP_UDP protocols are not supported for health - checks. - enum: - - http - - https - - tcp - type: string - healthCheckTimeout: - description: healthCheckTimeout The amount of time, - in seconds, during which no response means a failed - health check - format: int32 - type: integer - healthyThresholdCount: - description: healthyThresholdCount The number of consecutive - health checks successes required before considering - an unhealthy target healthy. - format: int32 - type: integer - matcher: - description: healthCheckCodes The HTTP or gRPC codes - to use when checking for a successful response from - a target - properties: - grpcCode: - description: The gRPC codes - type: string - httpCode: - description: The HTTP codes. - type: string - type: object - unhealthyThresholdCount: - description: unhealthyThresholdCount The number of consecutive - health check failures required before considering - the target unhealthy. - format: int32 - type: integer - type: object - ipAddressType: - description: ipAddressType specifies whether the target - group is of type IPv4 or IPv6. If unspecified, it will - be automatically inferred. - enum: - - ipv4 - - ipv6 - type: string - nodeSelector: - description: node selector for instance type target groups - to only register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - protocol: - description: |- - Protocol [Application / Network Load Balancer] the protocol for the target group. - If unspecified, it will be automatically inferred. - enum: - - HTTP - - HTTPS - - TCP - - TLS - - UDP - - TCP_UDP - type: string - protocolVersion: - description: protocolVersion [HTTP/HTTPS protocol] The protocol - version. The possible values are GRPC , HTTP1 and HTTP2 - enum: - - http1 - - http2 - - grpc - type: string - tags: - description: Tags defines list of Tags on target group. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - targetGroupAttributes: - description: targetGroupAttributes defines the attribute - of target group - items: - description: TargetGroupAttribute defines target group - attribute. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - targetGroupName: - description: targetGroupName specifies the name to assign - to the Target Group. If not defined, then one is generated. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. - If unspecified, it will be automatically inferred as instance. - enum: - - instance - - ip - type: string - vpcID: - description: vpcID is the VPC of the TargetGroup. If unspecified, - it will be automatically inferred. - type: string - type: object - required: - - identifier - - targetGroupProps - type: object - type: array - targetReference: - description: targetReference the kubernetes object to attach the Target - Group settings to. - properties: - group: - default: "" - description: |- - Group is the group of the referent. For example, "gateway.networking.k8s.io". - When unspecified or empty string, core API group is inferred. - type: string - kind: - default: Service - description: |- - Kind is the Kubernetes resource kind of the referent. For example - "Service". - - - Defaults to "Service" when not specified. - type: string - name: - description: Name is the name of the referent. - type: string - required: - - name - type: object - required: - - targetReference - type: object - status: - description: TargetGroupConfigurationStatus defines the observed state - of TargetGroupConfiguration - properties: - observedGatewayClassConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the GatewayClass object. - format: int64 - type: integer - observedGatewayConfigurationGeneration: - description: The generation of the Gateway Configuration attached - to the Gateway object. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {}