Merge pull request #3804 from Skarlso/create_nlb

Add ability to use NLBs as control plane load-balancers

Author: k8s-ci-robot

api/v1beta1/awscluster_conversion.go

@@ -41,17 +41,30 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 		}
 		restoreControlPlaneLoadBalancer(restored.Spec.ControlPlaneLoadBalancer, dst.Spec.ControlPlaneLoadBalancer)
 	}
+	restoreControlPlaneLoadBalancerStatus(&restored.Status.Network.APIServerELB, &dst.Status.Network.APIServerELB)
 
 	dst.Spec.S3Bucket = restored.Spec.S3Bucket
 
 	return nil
 }
 
+// restoreControlPlaneLoadBalancerStatus manually restores the control plane loadbalancer status data.
+// Assumes restored and dst are non-nil.
+func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav1.LoadBalancer) {
+	dst.ARN = restored.ARN
+	dst.LoadBalancerType = restored.LoadBalancerType
+	dst.ELBAttributes = restored.ELBAttributes
+	dst.ELBListeners = restored.ELBListeners
+}
+
 // restoreControlPlaneLoadBalancer manually restores the control plane loadbalancer data.
 // Assumes restored and dst are non-nil.
 func restoreControlPlaneLoadBalancer(restored, dst *infrav1.AWSLoadBalancerSpec) {
 	dst.Name = restored.Name
 	dst.HealthCheckProtocol = restored.HealthCheckProtocol
+	dst.LoadBalancerType = restored.LoadBalancerType
+	dst.DisableHostsRewrite = restored.DisableHostsRewrite
+	dst.PreserveClientIP = restored.PreserveClientIP
 }
 
 // ConvertFrom converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.

api/v1beta1/conversion.go

@@ -17,6 +17,8 @@ limitations under the License.
 package v1beta1
 
 import (
+	"unsafe"
+
 	"k8s.io/apimachinery/pkg/conversion"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
 )
@@ -32,3 +34,39 @@ func Convert_v1beta1_AWSResourceReference_To_v1beta2_AWSResourceReference(in *AW
 func Convert_v1beta1_AWSMachineSpec_To_v1beta2_AWSMachineSpec(in *AWSMachineSpec, out *v1beta2.AWSMachineSpec, s conversion.Scope) error {
 	return autoConvert_v1beta1_AWSMachineSpec_To_v1beta2_AWSMachineSpec(in, out, s)
 }
+
+func Convert_v1beta2_AWSLoadBalancerSpec_To_v1beta1_AWSLoadBalancerSpec(in *v1beta2.AWSLoadBalancerSpec, out *AWSLoadBalancerSpec, s conversion.Scope) error {
+	return autoConvert_v1beta2_AWSLoadBalancerSpec_To_v1beta1_AWSLoadBalancerSpec(in, out, s)
+}
+
+func Convert_v1beta2_NetworkStatus_To_v1beta1_NetworkStatus(in *v1beta2.NetworkStatus, out *NetworkStatus, s conversion.Scope) error {
+	return autoConvert_v1beta2_NetworkStatus_To_v1beta1_NetworkStatus(in, out, s)
+}
+
+func Convert_v1beta1_ClassicELB_To_v1beta2_LoadBalancer(in *ClassicELB, out *v1beta2.LoadBalancer, s conversion.Scope) error {
+	out.Name = in.Name
+	out.DNSName = in.DNSName
+	out.Scheme = v1beta2.ELBScheme(in.Scheme)
+	out.HealthCheck = (*v1beta2.ClassicELBHealthCheck)(in.HealthCheck)
+	out.AvailabilityZones = in.AvailabilityZones
+	out.ClassicElbAttributes = (v1beta2.ClassicELBAttributes)(in.Attributes)
+	out.ClassicELBListeners = *(*[]v1beta2.ClassicELBListener)(unsafe.Pointer(&in.Listeners))
+	out.SecurityGroupIDs = in.SecurityGroupIDs
+	out.Tags = in.Tags
+	out.SubnetIDs = in.SubnetIDs
+	return nil
+}
+
+func Convert_v1beta2_LoadBalancer_To_v1beta1_ClassicELB(in *v1beta2.LoadBalancer, out *ClassicELB, s conversion.Scope) error {
+	out.Name = in.Name
+	out.DNSName = in.DNSName
+	out.Scheme = ClassicELBScheme(in.Scheme)
+	out.HealthCheck = (*ClassicELBHealthCheck)(in.HealthCheck)
+	out.AvailabilityZones = in.AvailabilityZones
+	out.Attributes = (ClassicELBAttributes)(in.ClassicElbAttributes)
+	out.Listeners = *(*[]ClassicELBListener)(unsafe.Pointer(&in.ClassicELBListeners))
+	out.SecurityGroupIDs = in.SecurityGroupIDs
+	out.Tags = in.Tags
+	out.SubnetIDs = in.SubnetIDs
+	return nil
+}

api/v1beta1/zz_generated.conversion.go

@@ -152,6 +152,15 @@ type Bastion struct {
 	AMI string `json:"ami,omitempty"`
 }
 
+type LoadBalancerType string
+
+var (
+	LoadBalancerTypeClassic = LoadBalancerType("classic")
+	LoadBalancerTypeELB     = LoadBalancerType("elb")
+	LoadBalancerTypeALB     = LoadBalancerType("alb")
+	LoadBalancerTypeNLB     = LoadBalancerType("nlb")
+)
+
 // AWSLoadBalancerSpec defines the desired state of an AWS load balancer.
 type AWSLoadBalancerSpec struct {
 	// Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique
@@ -167,7 +176,7 @@ type AWSLoadBalancerSpec struct {
 	// +kubebuilder:default=internet-facing
 	// +kubebuilder:validation:Enum=internet-facing;internal
 	// +optional
-	Scheme *ClassicELBScheme `json:"scheme,omitempty"`
+	Scheme *ELBScheme `json:"scheme,omitempty"`
 
 	// CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing.
 	//
@@ -184,15 +193,27 @@ type AWSLoadBalancerSpec struct {
 	// +optional
 	Subnets []string `json:"subnets,omitempty"`
 
-	// HealthCheckProtocol sets the protocol type for classic ELB health check target
-	// default value is ClassicELBProtocolSSL
+	// HealthCheckProtocol sets the protocol type for ELB health check target
+	// default value is ELBProtocolSSL
 	// +optional
-	HealthCheckProtocol *ClassicELBProtocol `json:"healthCheckProtocol,omitempty"`
+	HealthCheckProtocol *ELBProtocol `json:"healthCheckProtocol,omitempty"`
 
 	// AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs
 	// This is optional - if not provided new security groups will be created for the load balancer
 	// +optional
 	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
+
+	// LoadBalancerType sets the type for a load balancer. The default type is classic.
+	// +kubebuilder:validation:Enum:=classic;elb;alb;nlb
+	LoadBalancerType LoadBalancerType `json:"loadBalancerType,omitempty"`
+
+	// DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB's address as 127.0.0.1 to the hosts
+	// file of each instance. This is by default, false.
+	DisableHostsRewrite bool `json:"disableHostsRewrite,omitempty"`
+
+	// PreserveClientIP lets the user control if preservation of client ips must be retained or not.
+	// If this is enabled 6443 will be opened to 0.0.0.0/0.
+	PreserveClientIP bool `json:"preserveClientIP,omitempty"`
 }
 
 // AWSClusterStatus defines the observed state of AWSCluster.

api/v1beta2/awscluster_types.go

@@ -92,7 +92,7 @@ func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
 	}
 	if oldC.Spec.ControlPlaneLoadBalancer == nil {
 		// If old scheme was nil, the only value accepted here is the default value: internet-facing
-		if newLoadBalancer.Scheme != nil && newLoadBalancer.Scheme.String() != ClassicELBSchemeInternetFacing.String() {
+		if newLoadBalancer.Scheme != nil && newLoadBalancer.Scheme.String() != ELBSchemeInternetFacing.String() {
 			allErrs = append(allErrs,
 				field.Invalid(field.NewPath("spec", "controlPlaneLoadBalancer", "scheme"),
 					r.Spec.ControlPlaneLoadBalancer.Scheme, "field is immutable, default value was set to internet-facing"),
@@ -117,7 +117,7 @@ func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
 		}
 	}
 
-	// Block the update for HealthCheckProtocol :
+	// Block the update for Protocol :
 	// - if it was not set in old spec but added in new spec
 	// - if it was set in old spec but changed in new spec
 	if !cmp.Equal(newLoadBalancer.HealthCheckProtocol, existingLoadBalancer.HealthCheckProtocol) {