refactor subnet resolver and add discovery by subnet's reachability(public/private)

Author: M00nF1sh

main.go

@@ -17,9 +17,10 @@ limitations under the License.
 package main
 
 import (
-	"k8s.io/client-go/util/workqueue"
 	"os"
 
+	"k8s.io/client-go/util/workqueue"
+
 	elbv2deploy "sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/elbv2"
 
 	"github.com/go-logr/logr"
@@ -119,7 +120,11 @@ func main() {
 	sgReconciler := networking.NewDefaultSecurityGroupReconciler(sgManager, ctrl.Log)
 	azInfoProvider := networking.NewDefaultAZInfoProvider(cloud.EC2(), ctrl.Log.WithName("az-info-provider"))
 	vpcInfoProvider := networking.NewDefaultVPCInfoProvider(cloud.EC2(), ctrl.Log.WithName("vpc-info-provider"))
-	subnetResolver := networking.NewDefaultSubnetsResolver(azInfoProvider, cloud.EC2(), cloud.VpcID(), controllerCFG.ClusterName, ctrl.Log.WithName("subnets-resolver"))
+	subnetResolver := networking.NewDefaultSubnetsResolver(azInfoProvider, cloud.EC2(), cloud.VpcID(), controllerCFG.ClusterName,
+		controllerCFG.FeatureGates.Enabled(config.SubnetsClusterTagCheck),
+		controllerCFG.FeatureGates.Enabled(config.ALBSingleSubnet),
+		controllerCFG.FeatureGates.Enabled(config.SubnetDiscoveryByReachability),
+		ctrl.Log.WithName("subnets-resolver"))
 	multiClusterManager := targetgroupbinding.NewMultiClusterManager(mgr.GetClient(), mgr.GetAPIReader(), ctrl.Log)
 	tgbResManager := targetgroupbinding.NewDefaultResourceManager(mgr.GetClient(), cloud.ELBV2(), cloud.EC2(),
 		podInfoRepo, sgManager, sgReconciler, vpcInfoProvider, multiClusterManager, lbcMetricsCollector,

pkg/aws/services/ec2.go

@@ -2,6 +2,7 @@ package services
 
 import (
 	"context"
+
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/provider"
@@ -24,6 +25,9 @@ type EC2 interface {
 	// DescribeVPCsAsList wraps the DescribeVpcsPagesWithContext API, which aggregates paged results into list.
 	DescribeVPCsAsList(ctx context.Context, input *ec2.DescribeVpcsInput) ([]types.Vpc, error)
 
+	// DescribeRouteTablesAsList wraps the DescribeRouteTablesWithContext API, which aggregates paged results into list.
+	DescribeRouteTablesAsList(ctx context.Context, input *ec2.DescribeRouteTablesInput) ([]types.RouteTable, error)
+
 	CreateTagsWithContext(ctx context.Context, input *ec2.CreateTagsInput) (*ec2.CreateTagsOutput, error)
 	DeleteTagsWithContext(ctx context.Context, input *ec2.DeleteTagsInput) (*ec2.DeleteTagsOutput, error)
 	CreateSecurityGroupWithContext(ctx context.Context, input *ec2.CreateSecurityGroupInput) (*ec2.CreateSecurityGroupOutput, error)
@@ -141,6 +145,23 @@ func (c *ec2Client) DescribeVPCsAsList(ctx context.Context, input *ec2.DescribeV
 	return result, nil
 }
 
+func (c *ec2Client) DescribeRouteTablesAsList(ctx context.Context, input *ec2.DescribeRouteTablesInput) ([]types.RouteTable, error) {
+	var result []types.RouteTable
+	client, err := c.awsClientsProvider.GetEC2Client(ctx, "DescribeRouteTables")
+	if err != nil {
+		return nil, err
+	}
+	paginator := ec2.NewDescribeRouteTablesPaginator(client, input)
+	for paginator.HasMorePages() {
+		output, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+		result = append(result, output.RouteTables...)
+	}
+	return result, nil
+}
+
 func (c *ec2Client) CreateTagsWithContext(ctx context.Context, input *ec2.CreateTagsInput) (*ec2.CreateTagsOutput, error) {
 	client, err := c.awsClientsProvider.GetEC2Client(ctx, "CreateTags")
 	if err != nil {

pkg/aws/services/ec2_mocks.go

@@ -11,18 +11,19 @@ import (
 type Feature string
 
 const (
-	ListenerRulesTagging         Feature = "ListenerRulesTagging"
-	WeightedTargetGroups         Feature = "WeightedTargetGroups"
-	ServiceTypeLoadBalancerOnly  Feature = "ServiceTypeLoadBalancerOnly"
-	EndpointsFailOpen            Feature = "EndpointsFailOpen"
-	EnableServiceController      Feature = "EnableServiceController"
-	EnableIPTargetType           Feature = "EnableIPTargetType"
-	EnableRGTAPI                 Feature = "EnableRGTAPI"
-	SubnetsClusterTagCheck       Feature = "SubnetsClusterTagCheck"
-	NLBHealthCheckAdvancedConfig Feature = "NLBHealthCheckAdvancedConfig"
-	NLBSecurityGroup             Feature = "NLBSecurityGroup"
-	ALBSingleSubnet              Feature = "ALBSingleSubnet"
-	LBCapacityReservation        Feature = "LBCapacityReservation"
+	ListenerRulesTagging          Feature = "ListenerRulesTagging"
+	WeightedTargetGroups          Feature = "WeightedTargetGroups"
+	ServiceTypeLoadBalancerOnly   Feature = "ServiceTypeLoadBalancerOnly"
+	EndpointsFailOpen             Feature = "EndpointsFailOpen"
+	EnableServiceController       Feature = "EnableServiceController"
+	EnableIPTargetType            Feature = "EnableIPTargetType"
+	EnableRGTAPI                  Feature = "EnableRGTAPI"
+	SubnetsClusterTagCheck        Feature = "SubnetsClusterTagCheck"
+	NLBHealthCheckAdvancedConfig  Feature = "NLBHealthCheckAdvancedConfig"
+	NLBSecurityGroup              Feature = "NLBSecurityGroup"
+	ALBSingleSubnet               Feature = "ALBSingleSubnet"
+	SubnetDiscoveryByReachability Feature = "SubnetDiscoveryByReachability"
+	LBCapacityReservation         Feature = "LBCapacityReservation"
 )
 
 type FeatureGates interface {
@@ -50,18 +51,19 @@ type defaultFeatureGates struct {
 func NewFeatureGates() FeatureGates {
 	return &defaultFeatureGates{
 		featureState: map[Feature]bool{
-			ListenerRulesTagging:         true,
-			WeightedTargetGroups:         true,
-			ServiceTypeLoadBalancerOnly:  false,
-			EndpointsFailOpen:            true,
-			EnableServiceController:      true,
-			EnableIPTargetType:           true,
-			EnableRGTAPI:                 false,
-			SubnetsClusterTagCheck:       true,
-			NLBHealthCheckAdvancedConfig: true,
-			NLBSecurityGroup:             true,
-			ALBSingleSubnet:              false,
-			LBCapacityReservation:        true,
+			ListenerRulesTagging:          true,
+			WeightedTargetGroups:          true,
+			ServiceTypeLoadBalancerOnly:   false,
+			EndpointsFailOpen:             true,
+			EnableServiceController:       true,
+			EnableIPTargetType:            true,
+			EnableRGTAPI:                  false,
+			SubnetsClusterTagCheck:        true,
+			NLBHealthCheckAdvancedConfig:  true,
+			NLBSecurityGroup:              true,
+			ALBSingleSubnet:               false,
+			SubnetDiscoveryByReachability: true,
+			LBCapacityReservation:         true,
 		},
 	}
 }

pkg/config/feature_gates.go

@@ -5,16 +5,16 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"regexp"
+
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 	ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/google/go-cmp/cmp"
 	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/util/sets"
-	"regexp"
 	"sigs.k8s.io/aws-load-balancer-controller/apis/elbv2/v1beta1"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/algorithm"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
-	"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/equality"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
@@ -24,8 +24,7 @@ import (
 )
 
 const (
-	resourceIDLoadBalancer         = "LoadBalancer"
-	minimalAvailableIPAddressCount = int32(8)
+	resourceIDLoadBalancer = "LoadBalancer"
 )
 
 func (t *defaultModelBuildTask) buildLoadBalancer(ctx context.Context, listenPortConfigByPort map[int32]listenPortConfig) (*elbv2model.LoadBalancer, error) {
@@ -226,8 +225,6 @@ func (t *defaultModelBuildTask) buildLoadBalancerSubnetMappings(ctx context.Cont
 		chosenSubnets, err := t.subnetsResolver.ResolveViaSelector(ctx, chosenSubnetSelector,
 			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
 			networking.WithSubnetsResolveLBScheme(scheme),
-			networking.WithSubnetsClusterTagCheck(t.featureGates.Enabled(config.SubnetsClusterTagCheck)),
-			networking.WithALBSingleSubnet(t.featureGates.Enabled(config.ALBSingleSubnet)),
 		)
 		if err != nil {
 			return nil, err
@@ -246,7 +243,6 @@ func (t *defaultModelBuildTask) buildLoadBalancerSubnetMappings(ctx context.Cont
 		chosenSubnets, err := t.subnetsResolver.ResolveViaNameOrIDSlice(ctx, chosenSubnetNameOrIDs,
 			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
 			networking.WithSubnetsResolveLBScheme(scheme),
-			networking.WithALBSingleSubnet(t.featureGates.Enabled(config.ALBSingleSubnet)),
 		)
 		if err != nil {
 			return nil, err
@@ -264,8 +260,6 @@ func (t *defaultModelBuildTask) buildLoadBalancerSubnetMappings(ctx context.Cont
 		chosenSubnets, err := t.subnetsResolver.ResolveViaDiscovery(ctx,
 			networking.WithSubnetsResolveLBType(elbv2model.LoadBalancerTypeApplication),
 			networking.WithSubnetsResolveLBScheme(scheme),
-			networking.WithSubnetsResolveAvailableIPAddressCount(minimalAvailableIPAddressCount),
-			networking.WithSubnetsClusterTagCheck(t.featureGates.Enabled(config.SubnetsClusterTagCheck)),
 		)
 		if err != nil {
 			return nil, errors.Wrap(err, "couldn't auto-discover subnets")

pkg/ingress/model_build_load_balancer.go

@@ -4,10 +4,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"strings"
 	"testing"
 
+	ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
+
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/go-logr/logr"
@@ -1271,6 +1272,9 @@ func Test_defaultModelBuildTask_buildLoadBalancerSubnets(t *testing.T) {
 				mockEC2,
 				"vpc-1",
 				"test-cluster",
+				true,
+				true,
+				true,
 				logr.New(&log.NullLogSink{}),
 			)