Fetch VPC ID from runtime using VPC tags provided via controller flags

docs/deploy/installation.md

@@ -37,7 +37,7 @@ You can set the IMDSv2 as follows:
 aws ec2 modify-instance-metadata-options --http-put-response-hop-limit 2 --http-tokens required --region <region> --instance-id <instance-id>
 ```
 
-Instead of depending on IMDSv2, you can specify the AWS Region and the VPC via the controller flags `--aws-region` and `--aws-vpc-id`.
+Instead of depending on IMDSv2, you can specify the AWS Region via the controller flag `--aws-region`, and the AWS VPC via controller flag `--aws-vpc-id` or by specifying vpc tags via the flag `--aws-vpc-tags` and an optional flag `--aws-vpc-tag-key` if you have a different key for the tag other than "Name". Note that if you specify flags `--aws-vpc-id` and `--aws-vpc-tags`, then value given to `--aws-vpc-id` will be taken by controller.
 
 ## Configure IAM
 

pkg/aws/cloud.go

@@ -1,6 +1,7 @@
 package aws
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"os"
@@ -10,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
 	amerrors "k8s.io/apimachinery/pkg/util/errors"
@@ -112,14 +114,11 @@ func NewCloud(cfg CloudConfig, metricsRegisterer prometheus.Registerer) (Cloud,
 
 	ec2Service := services.NewEC2(sess)
 
-	if len(cfg.VpcID) == 0 {
-		vpcID, err := inferVPCID(metadata, ec2Service)
-		if err != nil {
-			return nil, errors.Wrap(err, "failed to introspect vpcID from EC2Metadata or Node name, specify --aws-vpc-id instead if EC2Metadata is unavailable")
-		}
-		cfg.VpcID = vpcID
+	vpcID, err := getVpcID(cfg, ec2Service, metadata)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get VPC ID")
 	}
-
+	cfg.VpcID = vpcID
 	return &defaultCloud{
 		cfg:         cfg,
 		ec2:         ec2Service,
@@ -132,6 +131,21 @@ func NewCloud(cfg CloudConfig, metricsRegisterer prometheus.Registerer) (Cloud,
 	}, nil
 }
 
+func getVpcID(cfg CloudConfig, ec2Service services.EC2, metadata services.EC2Metadata) (string, error) {
+
+	logger := logr.Logger{}
+	if cfg.VpcID != "" {
+		logger.V(1).Info("vpcid is specified using flag --aws-vpc-id, controller will use the value %s", cfg.VpcID)
+		return cfg.VpcID, nil
+	}
+
+	if cfg.VpcTags != nil {
+		return inferVPCIDFromTags(ec2Service, cfg.VpcNameTagKey, cfg.VpcTags[cfg.VpcNameTagKey])
+	}
+
+	return inferVPCID(metadata, ec2Service)
+}
+
 func inferVPCID(metadata services.EC2Metadata, ec2Service services.EC2) (string, error) {
 	var errList []error
 	vpcId, err := metadata.VpcID()
@@ -168,6 +182,28 @@ func inferVPCID(metadata services.EC2Metadata, ec2Service services.EC2) (string,
 	return "", amerrors.NewAggregate(errList)
 }
 
+func inferVPCIDFromTags(ec2Service services.EC2, VpcNameTagKey string, VpcNameTagValue string) (string, error) {
+	vpcs, err := ec2Service.DescribeVPCsAsList(context.Background(), &ec2.DescribeVpcsInput{
+		Filters: []*ec2.Filter{
+			{
+				Name:   aws.String("tag:" + VpcNameTagKey),
+				Values: []*string{aws.String(VpcNameTagValue)},
+			},
+		},
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to fetch VPC ID with tag: %w", err)
+	}
+	if len(vpcs) == 0 {
+		return "", fmt.Errorf("no VPC exists with tag: %w", err)
+	}
+	if len(vpcs) > 1 {
+		return "", fmt.Errorf("multiple VPCs exists with tag: %w", err)
+	}
+
+	return *vpcs[0].VpcId, nil
+}
+
 var _ Cloud = &defaultCloud{}
 
 type defaultCloud struct {

pkg/aws/cloud_config.go

@@ -12,9 +12,12 @@ const (
 	flagAWSAPIEndpoints  = "aws-api-endpoints"
 	flagAWSAPIThrottle   = "aws-api-throttle"
 	flagAWSVpcID         = "aws-vpc-id"
+	flagAWSVpcTags       = "aws-vpc-tags"
 	flagAWSVpcCacheTTL   = "aws-vpc-cache-ttl"
 	flagAWSMaxRetries    = "aws-max-retries"
+	flagAWSVpcNameTagKey = "aws-vpc-tag-key"
 	defaultVpcID         = ""
+	defaultVpcNameTagKey = "Name"
 	defaultRegion        = ""
 	defaultAPIMaxRetries = 10
 )
@@ -29,6 +32,12 @@ type CloudConfig struct {
 	// VpcID for the LoadBalancer resources.
 	VpcID string
 
+	// VPC tags List
+	VpcTags map[string]string
+
+	// VPC Name Tag Key, default "Name"
+	VpcNameTagKey string
+
 	// VPC cache TTL in minutes
 	VpcCacheTTL time.Duration
 
@@ -43,6 +52,8 @@ func (cfg *CloudConfig) BindFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&cfg.Region, flagAWSRegion, defaultRegion, "AWS Region for the kubernetes cluster")
 	fs.Var(cfg.ThrottleConfig, flagAWSAPIThrottle, "throttle settings for AWS APIs, format: serviceID1:operationRegex1=rate:burst,serviceID2:operationRegex2=rate:burst")
 	fs.StringVar(&cfg.VpcID, flagAWSVpcID, defaultVpcID, "AWS VpcID for the LoadBalancer resources")
+	fs.StringToStringVar(&cfg.VpcTags, flagAWSVpcTags, nil, "AWS VPC tags List,format: tagkey1=tagvalue1,tagkey2=tagvalue2")
+	fs.StringVar(&cfg.VpcNameTagKey, flagAWSVpcNameTagKey, defaultVpcNameTagKey, "AWS tag key for identifying the VPC")
 	fs.IntVar(&cfg.MaxRetries, flagAWSMaxRetries, defaultAPIMaxRetries, "Maximum retries for AWS APIs")
 	fs.StringToStringVar(&cfg.AWSEndpoints, flagAWSAPIEndpoints, nil, "Custom AWS endpoint configuration, format: serviceID1=URL1,serviceID2=URL2")
 }

pkg/aws/services/ec2.go

@@ -2,6 +2,7 @@ package services
 
 import (
 	"context"
+
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
@@ -10,17 +11,20 @@ import (
 type EC2 interface {
 	ec2iface.EC2API
 
-	// wrapper to DescribeInstancesPagesWithContext API, which aggregates paged results into list.
+	// DescribeInstancesAsList wraps the DescribeInstancesPagesWithContext API, which aggregates paged results into list.
 	DescribeInstancesAsList(ctx context.Context, input *ec2.DescribeInstancesInput) ([]*ec2.Instance, error)
 
-	// wrapper to DescribeNetworkInterfacesPagesWithContext API, which aggregates paged results into list.
+	// DescribeNetworkInterfacesAsList wraps the DescribeNetworkInterfacesPagesWithContext API, which aggregates paged results into list.
 	DescribeNetworkInterfacesAsList(ctx context.Context, input *ec2.DescribeNetworkInterfacesInput) ([]*ec2.NetworkInterface, error)
 
-	// wrapper to DescribeSecurityGroupsPagesWithContext API, which aggregates paged results into list.
+	// DescribeSecurityGroupsAsList wraps the DescribeSecurityGroupsPagesWithContext API, which aggregates paged results into list.
 	DescribeSecurityGroupsAsList(ctx context.Context, input *ec2.DescribeSecurityGroupsInput) ([]*ec2.SecurityGroup, error)
 
-	// wrapper to DescribeSubnetsPagesWithContext API, which aggregates paged results into list.
+	// DescribeSubnetsAsList wraps the DescribeSubnetsPagesWithContext API, which aggregates paged results into list.
 	DescribeSubnetsAsList(ctx context.Context, input *ec2.DescribeSubnetsInput) ([]*ec2.Subnet, error)
+
+	// DescribeVPCsAsList wraps the DescribeVpcsPagesWithContext API, which aggregates paged results into list.
+	DescribeVPCsAsList(ctx context.Context, input *ec2.DescribeVpcsInput) ([]*ec2.Vpc, error)
 }
 
 // NewEC2 constructs new EC2 implementation.
@@ -79,3 +83,14 @@ func (c *defaultEC2) DescribeSubnetsAsList(ctx context.Context, input *ec2.Descr
 	}
 	return result, nil
 }
+
+func (c *defaultEC2) DescribeVPCsAsList(ctx context.Context, input *ec2.DescribeVpcsInput) ([]*ec2.Vpc, error) {
+	var result []*ec2.Vpc
+	if err := c.DescribeVpcsPagesWithContext(ctx, input, func(output *ec2.DescribeVpcsOutput, _ bool) bool {
+		result = append(result, output.Vpcs...)
+		return true
+	}); err != nil {
+		return nil, err
+	}
+	return result, nil
+}