Add ability to use NLBs as control plane load-balancers

Author: Skarlso

api/v1beta1/awscluster_conversion.go

@@ -42,6 +42,8 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 		restoreControlPlaneLoadBalancer(restored.Spec.ControlPlaneLoadBalancer, dst.Spec.ControlPlaneLoadBalancer)
 	}
 
+	restoreControlPlaneLoadBalancerStatus(&restored.Status.Network, &dst.Status.Network)
+
 	dst.Spec.S3Bucket = restored.Spec.S3Bucket
 
 	return nil
@@ -52,6 +54,14 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 func restoreControlPlaneLoadBalancer(restored, dst *infrav1.AWSLoadBalancerSpec) {
 	dst.Name = restored.Name
 	dst.HealthCheckProtocol = restored.HealthCheckProtocol
+	dst.LoadBalancerType = restored.LoadBalancerType
+	dst.DisableHostsRewrite = restored.DisableHostsRewrite
+}
+
+// restoreControlPlaneLoadBalancerStatus manually restores the control plane loadbalancer status data.
+// Assumes restored and dst are non-nil.
+func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav1.NetworkStatus) {
+	dst.APIServerLB = restored.APIServerLB
 }
 
 // ConvertFrom converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.

api/v1beta1/conversion.go

@@ -32,3 +32,15 @@ func Convert_v1beta1_AWSResourceReference_To_v1beta2_AWSResourceReference(in *AW
 func Convert_v1beta1_AWSMachineSpec_To_v1beta2_AWSMachineSpec(in *AWSMachineSpec, out *v1beta2.AWSMachineSpec, s conversion.Scope) error {
 	return autoConvert_v1beta1_AWSMachineSpec_To_v1beta2_AWSMachineSpec(in, out, s)
 }
+
+func Convert_v1beta2_AWSLoadBalancerSpec_To_v1beta1_AWSLoadBalancerSpec(in *v1beta2.AWSLoadBalancerSpec, out *AWSLoadBalancerSpec, s conversion.Scope) error {
+	return autoConvert_v1beta2_AWSLoadBalancerSpec_To_v1beta1_AWSLoadBalancerSpec(in, out, s)
+}
+
+func Convert_v1beta1_ClassicELB_To_v1beta2_ClassicELB(in *ClassicELB, out *v1beta2.ClassicELB, s conversion.Scope) error {
+	return autoConvert_v1beta1_ClassicELB_To_v1beta2_ClassicELB(in, out, s)
+}
+
+func Convert_v1beta2_NetworkStatus_To_v1beta1_NetworkStatus(in *v1beta2.NetworkStatus, out *NetworkStatus, s conversion.Scope) error {
+	return autoConvert_v1beta2_NetworkStatus_To_v1beta1_NetworkStatus(in, out, s)
+}

api/v1beta1/zz_generated.conversion.go

@@ -152,6 +152,15 @@ type Bastion struct {
 	AMI string `json:"ami,omitempty"`
 }
 
+type LoadBalancerType string
+
+var (
+	LoadBalancerTypeClassic = LoadBalancerType("classic")
+	LoadBalancerTypeELB     = LoadBalancerType("elb")
+	LoadBalancerTypeALB     = LoadBalancerType("alb")
+	LoadBalancerTypeNLB     = LoadBalancerType("nlb")
+)
+
 // AWSLoadBalancerSpec defines the desired state of an AWS load balancer.
 type AWSLoadBalancerSpec struct {
 	// Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique
@@ -193,6 +202,14 @@ type AWSLoadBalancerSpec struct {
 	// This is optional - if not provided new security groups will be created for the load balancer
 	// +optional
 	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
+
+	// LoadBalancerType sets the type for a load balancer. The default type is classic.
+	// +kubebuilder:validation:Enum:=classic;elb;alb;nlb
+	LoadBalancerType LoadBalancerType `json:"loadBalancerType,omitempty"`
+
+	// DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB's address as 127.0.0.1 to the hosts
+	// file of each instance. This is by default, false.
+	DisableHostsRewrite bool `json:"disableHostsRewrite,omitempty"`
 }
 
 // AWSClusterStatus defines the observed state of AWSCluster.

api/v1beta2/awscluster_types.go

@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package v1beta2
 
 import (
@@ -61,7 +62,10 @@ func SetDefaults_AWSClusterSpec(s *AWSClusterSpec) { //nolint:golint,stylecheck
 		}
 	}
 	if s.ControlPlaneLoadBalancer == nil {
-		s.ControlPlaneLoadBalancer = &AWSLoadBalancerSpec{Scheme: &ClassicELBSchemeInternetFacing}
+		s.ControlPlaneLoadBalancer = &AWSLoadBalancerSpec{
+			Scheme:           &ClassicELBSchemeInternetFacing,
+			LoadBalancerType: LoadBalancerTypeClassic,
+		}
 	}
 }
 

api/v1beta2/defaults.go

@@ -29,6 +29,9 @@ type NetworkStatus struct {
 
 	// APIServerELB is the Kubernetes api server classic load balancer.
 	APIServerELB ClassicELB `json:"apiServerElb,omitempty"`
+
+	// APIServerLB is the Kubernetes api server load balancer.
+	APIServerLB LBSpec `json:"apiServerLb,omitempty"`
 }
 
 // ClassicELBScheme defines the scheme of a classic load balancer.
@@ -44,6 +47,18 @@ var (
 	ClassicELBSchemeInternal = ClassicELBScheme("internal")
 )
 
+// LBScheme defines the scheme of a network load balancer.
+type LBScheme string
+
+var (
+	// LBSchemeInternal defines an internal-only facing
+	// load balancer internal to an ELB.
+	LBSchemeInternal = ClassicELBScheme("internal")
+
+	// LBSchemeIncorrectInternetFacing was inaccurately used to define an internet-facing LB in v0.6 releases > v0.6.6 and v0.7.0 release.
+	LBSchemeIncorrectInternetFacing = ClassicELBScheme("Internet-facing")
+)
+
 func (e ClassicELBScheme) String() string {
 	return string(e)
 }
@@ -69,6 +84,51 @@ var (
 	ClassicELBProtocolHTTPS = ClassicELBProtocol("HTTPS")
 )
 
+// LBProtocol defines listener protocols for a classic load balancer.
+type LBProtocol string
+
+func (e LBProtocol) String() string {
+	return string(e)
+}
+
+var (
+	// LBProtocolTCP defines the NLB API string representing the TCP protocol.
+	LBProtocolTCP = LBProtocol("TCP")
+	// LBProtocolTLS defines the NLB API string representing the TLS protocol.
+	LBProtocolTLS = LBProtocol("TLS")
+	// LBProtocolUDP defines the NLB API string representing the UPD protocol.
+	LBProtocolUDP = LBProtocol("UDP")
+)
+
+// TargetGroupHealthCheck defines health check settings for the target group.
+// TODO: Create default values for these.
+type TargetGroupHealthCheck struct {
+	HealthCheckProtocol        *string `json:"healthCheckProtocol"`
+	HealthCheckPath            *string `json:"healthCheckPath"`
+	HealthCheckIntervalSeconds *int64  `json:"healthCheckIntervalSeconds"`
+	HealthCheckTimeoutSeconds  *int64  `json:"healthCheckTimeoutSeconds"`
+	HealthyThresholdCount      *int64  `json:"healthyThresholdCount"`
+}
+
+// LBTargetGroupSpec specifies target group settings for a given listener.
+// This is created first, and the ARN is then passed to the listener.
+type LBTargetGroupSpec struct {
+	Name *string `json:"name"`
+	Port *int64  `json:"port"`
+	// +kubebuilder:validation:Enum=tcp;tls;upd
+	Protocol LBProtocol `json:"protocol"`
+	VpcID    *string    `json:"vpcId"`
+	// HealthCheck is the classic elb health check associated with the load balancer.
+	HealthCheck *TargetGroupHealthCheck `json:"targetGroupHealthCheck,omitempty"`
+}
+
+// LBListener defines an AWS network load balancer listener.
+type LBListener struct {
+	Protocol    LBProtocol        `json:"protocol"`
+	Port        int64             `json:"port"`
+	TargetGroup LBTargetGroupSpec `json:"targetGroup"`
+}
+
 // ClassicELB defines an AWS classic load balancer.
 type ClassicELB struct {
 	// The name of the load balancer. It must be unique within the set of load balancers
@@ -104,6 +164,41 @@ type ClassicELB struct {
 	Tags map[string]string `json:"tags,omitempty"`
 }
 
+// LBSpec defines an AWS network load balancer.
+type LBSpec struct {
+	// ARN of the load balancer. Unlike the ClassicLB, ARN is used mostly
+	// to define and get it.
+	ARN string `json:"arn,omitempty"`
+	// The name of the load balancer. It must be unique within the set of load balancers
+	// defined in the region. It also serves as identifier.
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// Scheme is the load balancer scheme, either internet-facing or private.
+	Scheme LBScheme `json:"scheme,omitempty"`
+
+	// DNSName is the dns name of the load balancer.
+	DNSName string `json:"dnsName,omitempty"`
+
+	// AvailabilityZones is an array of availability zones in the VPC attached to the load balancer.
+	AvailabilityZones []string `json:"availabilityZones,omitempty"`
+
+	// SubnetIDs is an array of subnets in the VPC attached to the load balancer.
+	SubnetIDs []string `json:"subnetIds,omitempty"`
+
+	// SecurityGroupIDs is an array of security groups assigned to the load balancer.
+	SecurityGroupIDs []string `json:"securityGroupIds,omitempty"`
+
+	// Listeners is an array of classic elb listeners associated with the load balancer. There must be at least one.
+	Listeners []LBListener `json:"listeners,omitempty"`
+
+	// Attributes defines extra attributes associated with the load balancer.
+	Attributes map[string]*string `json:"attributes,omitempty"`
+
+	// Tags is a map of tags associated with the load balancer.
+	Tags map[string]string `json:"tags,omitempty"`
+}
+
 // IsUnmanaged returns true if the Classic ELB is unmanaged.
 func (b *ClassicELB) IsUnmanaged(clusterName string) bool {
 	return b.Name != "" && !Tags(b.Tags).HasOwned(clusterName)
@@ -114,6 +209,16 @@ func (b *ClassicELB) IsManaged(clusterName string) bool {
 	return !b.IsUnmanaged(clusterName)
 }
 
+// IsManaged returns true if LB is managed.
+func (lb *LBSpec) IsManaged(clusterName string) bool {
+	return !lb.IsUnmanaged(clusterName)
+}
+
+// IsUnmanaged returns true if the LB is unmanaged.
+func (lb *LBSpec) IsUnmanaged(clusterName string) bool {
+	return lb.Name != "" && !Tags(lb.Tags).HasOwned(clusterName)
+}
+
 // ClassicELBAttributes defines extra attributes associated with a classic load balancer.
 type ClassicELBAttributes struct {
 	// IdleTimeout is time that the connection is allowed to be idle (no data