Target groups can now also be specified by Name #2655
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @marcosdiez. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/M
Codecov ReportBase: 54.07% // Head: 54.07% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #2655 +/- ##
==========================================
- Coverage 54.07% 54.07% -0.01%
==========================================
Files 144 144
Lines 8301 8335 +34
==========================================
+ Hits 4489 4507 +18
- Misses 3484 3492 +8
- Partials 328 336 +8
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
k8s-ci-robot
added
size/L
|
Hello @M00nF1sh ! Could you please take a look at this PR ? |
|
@M00nF1sh don't forget me! |
|
@kishorj could you please take a look at this PR ? |
k8s-ci-robot
added
the
needs-rebase
marcosdiez
force-pushed
the
targetGroupName
branch
from
505fe46
to
0efe885
Compare
k8s-ci-robot
removed
the
needs-rebase
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
Would it be possible to review this MR? |
|
@kishorj when you have a capacity, would you be able to review this MR and share your feedback please? |
|
|
||
| ## Sample YAML |
There was a problem hiding this comment.
Was this deletion intended?
There was a problem hiding this comment.
Hi! This line wasn't really deleted. It changed to ## Sample YAMLs (plural) and moved about 10 lines above :)
| } else if tgb.Spec.TargetGroupName != "" { | ||
| tgObj, err := v.getTargetGroupsByNameFromAWS(ctx, tgb.Spec.TargetGroupName) | ||
| if err != nil { | ||
| return errors.Errorf("Can't locate TargetGroup with name %s", tgb.Spec.TargetGroupName) | ||
| } | ||
| tgb.Spec.TargetGroupARN = *tgObj.TargetGroupArn |
There was a problem hiding this comment.
What is the purpose of this code? The validator can't mutate.
There was a problem hiding this comment.
The purpose of this code is to guarantee that the either the ARN of the TargetGroup exists or it's possible to infer the ARN by the name of the TargetGroup (since it's unique).
And even though the validator can't mutate, I added tgb.Spec.TargetGroupARN = *tgObj.TargetGroupArn to guarantee the object is in a consistent state though the rest of the process.
The whole code of aws-load-balancer-controller was written assuming there is an ARN. By changing the object here I guarantee as early as possible that that assumption is true.
There was a problem hiding this comment.
A comment to that effect would be helpful.
|
Hi, @marcosdiez do you have the capacity to add suggested changes and update MR? |
| @@ -37,6 +37,12 @@ func (m *targetGroupBindingMutator) Prototype(_ admission.Request) (runtime.Obje | |||
|
|
|||
| func (m *targetGroupBindingMutator) MutateCreate(ctx context.Context, obj runtime.Object) (runtime.Object, error) { | |||
| tgb := obj.(*elbv2api.TargetGroupBinding) | |||
| if tgb.Spec.TargetGroupARN == "" && tgb.Spec.TargetGroupName == "" { | |||
| return nil, errors.Errorf("You must provide either TargetGroupARN or TargetGroupName") | |||
There was a problem hiding this comment.
Error messages should not start with upper case.
| return nil, errors.Errorf("You must provide either TargetGroupARN or TargetGroupName") | |
| return nil, errors.Errorf("must provide either TargetGroupARN or TargetGroupName") |
| IPAddressType: &targetGroupIPAddressTypeIPv4, | ||
| }, | ||
| }, | ||
| }, |
There was a problem hiding this comment.
Add tests for likely error cases.
| } else if tgb.Spec.TargetGroupName != "" { | ||
| tgObj, err := v.getTargetGroupsByNameFromAWS(ctx, tgb.Spec.TargetGroupName) | ||
| if err != nil { | ||
| return errors.Errorf("Can't locate TargetGroup with name %s", tgb.Spec.TargetGroupName) |
There was a problem hiding this comment.
| return errors.Errorf("Can't locate TargetGroup with name %s", tgb.Spec.TargetGroupName) | |
| return fmt.Errorf("searching TargetGroup with name %s: %w", tgb.Spec.TargetGroupName, err) |
| return nil, err | ||
| } | ||
| if len(tgList) != 1 { | ||
| return nil, errors.Errorf("expecting a single targetGroup with name [%s] but got %v", tgName, len(tgList)) |
There was a problem hiding this comment.
The caller also includes the desired tgName, so consider removing that from this message.
There was a problem hiding this comment.
If one needs to read logs, one is usually not having a good day. More info means more helpful logs. I believe we should keep that. It's not sensitive at all.
There was a problem hiding this comment.
Duplicating the same information in a single log line is not more helpful.
There was a problem hiding this comment.
Sorry, why am I duplicating the same information in a single log line ? tgName != len(tgList)
| } else if tgb.Spec.TargetGroupName != "" { | ||
| tgObj, err := v.getTargetGroupsByNameFromAWS(ctx, tgb.Spec.TargetGroupName) | ||
| if err != nil { | ||
| return errors.Errorf("Can't locate TargetGroup with name %s", tgb.Spec.TargetGroupName) | ||
| } | ||
| tgb.Spec.TargetGroupARN = *tgObj.TargetGroupArn |
There was a problem hiding this comment.
A comment to that effect would be helpful.
k8s-ci-robot
added
the
needs-rebase
marcosdiez
force-pushed
the
targetGroupName
branch
from
d446894
to
8fda219
Compare
k8s-ci-robot
removed
the
needs-rebase
|
Hi, We would very much like not having to depend on the full Target Group ARN because it is not deterministic so it requires a certain amount of handover from our Terraform-based IaC to the in-cluster reconciliation. If this was implemented, we can make assumptions on how to identify the Target Group, helping us to decouple the two reconciliation engines. |
…pName has been provided
marcosdiez
force-pushed
the
targetGroupName
branch
from
8fda219
to
d21d942
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: marcosdiez The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
size/XL
|
Any chance to release it as experimental feature. Buy that time the community could provide feedback. And for sure we could fix the bugs if any. This mr is already 2 years old. |
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
Any update on this MR? It would make it significantly easier to integrate our GitOps with our IaC. Would love to see it officially supported rather than needing suboptimal workarounds to achieve the same end. |
|
I've refreshed this PR in #3903... 🤞 that will gain some traction... |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
Issue
Partially solves #2373
Description
On
TargetGroupBindingone can now choose a target group by it's name, using thetargetGroupNamefield.Example
Implementation detail:
All I did was to make the field
targetGroupNamevalid, maketargetGroupARNnon mandatory and interceptMutateCreateandcheckRequiredFields, so that iftargetGroupARNis empty andtargetGroupNameis provided, AWS is queried for the ARN.As a future PR, I could from time to time check if a new target group with
targetGroupNamewas created and later bind it.One can currently test this using the following container:
marcosdiez/aws-alb-ingress-controller:20220524-1006Checklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯