Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EIP allocations and subnet ID order is not respected #2854

Closed
2 of 3 tasks
dgadodia opened this issue Oct 28, 2024 · 2 comments
Closed
2 of 3 tasks

EIP allocations and subnet ID order is not respected #2854

dgadodia opened this issue Oct 28, 2024 · 2 comments
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@dgadodia
Copy link

Acknowledgements

Describe the bug

We are using service.beta.kubernetes.io/aws-load-balancer-eip-allocations and service.beta.kubernetes.io/aws-load-balancer-subnets annotations to create a mapping between EIP and subnets.
As per docs , EIP allocations has this side note Length/order must match subnets

However this order is not respected because we end up sorting the list of subnets.
https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/990ee2e98224e96ef8ec443e027dcb6ada3bb4f8/pkg/networking/subnet_resolver.go#L461

As a result, we end up mapping EIP to subnets which we don't intend (want) to

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

When we set these annotations
service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eip-w, eip-x, eip-y, eip-z
service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-random-ewewe, subnet-random-wewe, subnet-random-qrqr, subnet-random-rqrq

The mapping of the NLB created should
eip-w -> subnet-random-ewewe
eip-x -> subnet-random-wewe
eip-y -> subnet-random-qrqr,
eip-z -> subnet-random-rqrq

Current Behavior

The mapping which ends up being created is

sorted(["subnet-random-ewewe", "subnet-random-wewe", "subnet-random-qrqr", "subnet-random-rqrq"])
['subnet-random-ewewe', 'subnet-random-qrqr', 'subnet-random-rqrq', 'subnet-random-wewe']

eip-w -> subnet-random-ewewe
eip-x -> subnet-random-qrqr
eip-y -> subnet-random-rqrq
eip-z -> subnet-random-wewe

Reproduction Steps

Deployed k8s manifest example

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubernetes.io/ingress.class: alb
    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: service=myapp-gateway,vertical=platform,cost_center=infrastructure
    service.beta.kubernetes.io/aws-load-balancer-alpn-policy: HTTP2Preferred
    service.beta.kubernetes.io/aws-load-balancer-attributes: deletion_protection.enabled=true,access_logs.s3.enabled=true,access_logs.s3.bucket=myapp-logs-internal-us-west-2,access_logs.s3.prefix=myapp-gateway-access-logs
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'false'
    service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eip-w,eip-x,eip-y,eip-z
    service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack
    service.beta.kubernetes.io/aws-load-balancer-name: myapp-gateway
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:1234567890:certificate/some-random-uuid
    service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-FS-1-2-Res-2020-10
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-random-ewewe, subnet-random-wewe, subnet-random-qrqr, subnet-random-rqrq
    service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: proxy_protocol_v2.enabled=true,deregistration_delay.timeout_seconds=240,deregistration_delay.connection_termination.enabled=true
    service.beta.kubernetes.io/aws-load-balancer-type: external
  labels:
    app: myapp-gateway
    install.operator.istio.io/owning-resource: unknown
    istio: ingressgateway
    istio.io/rev: 1-22
    operator.istio.io/component: IngressGateways
    release: istio
  name: myapp-gateway
  namespace: istio-system
spec:
  loadBalancerSourceRanges:
  - 0.0.0.0/0
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: 8080
  selector:
    app: myapp-gateway
    istio: ingressgateway
  type: LoadBalancer

Possible Solution

No response

Additional Information/Context

No response

AWS Go SDK V2 Module Versions Used

N/A

Compiler and Version used

N/A

Operating System and version

N/A
@dgadodia dgadodia added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 28, 2024
@dgadodia
Copy link
Author

Wrong repo

@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dgadodia