Merge pull request #1109 from miheer/eip-refactor

NE-1674: Add LB EIP Allocation for AWS
openshift · Aug 2, 2024 · a01ed6c · a01ed6c
2 parents a9b7292 + 8b768d2
commit a01ed6c
Show file tree

Hide file tree

Showing 92 changed files with 145,816 additions and 2,817 deletions.
diff --git a/go.mod b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/gopacket v1.1.19
 	github.com/jongio/azidext/go/azidext v0.4.0
-	github.com/maistra/istio-operator v0.0.0-20230322122339-793794762e67
+	github.com/maistra/istio-operator v0.0.0-20240712143246-fd7dfc8af831
 	github.com/openshift/api v3.9.1-0.20190924102528-32369d4db2ad+incompatible
 	github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8
 	github.com/openshift/library-go v0.0.0-20240419113445-f1541d628746
@@ -80,6 +80,7 @@ require (
 	github.com/go-playground/locales v0.13.0 // indirect
 	github.com/go-playground/universal-translator v0.17.0 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/goccy/go-yaml v1.8.8 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -133,6 +134,7 @@ require (
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
@@ -155,6 +157,6 @@ require (
 // github.com/operator-framework/operator-sdk.
 replace (
 	bitbucket.org/ww/goautoneg => github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d
-	github.com/openshift/api => github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357
+	github.com/openshift/api => github.com/openshift/api v0.0.0-20240802135124-8b2b377d9d42
 	k8s.io/client-go => k8s.io/client-go v0.29.0
 )
diff --git a/go.sum b/go.sum
@@ -803,6 +803,7 @@ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on
 github.com/containerd/containerd v1.2.7/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.4.8/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY=
@@ -1066,6 +1067,7 @@ github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8c
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE=
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@@ -1109,6 +1111,7 @@ github.com/gobuffalo/packr/v2 v2.7.1/go.mod h1:qYEvAazPaVxy7Y7KR0W8qYEE+RymX74kE
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-yaml v1.8.8 h1:MGfRB1GeSn/hWXYWS2Pt67iC2GJNnebdIro01ddyucA=
 github.com/goccy/go-yaml v1.8.8/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/gocql/gocql v0.0.0-20190301043612-f6df8288f9b4/go.mod h1:4Fw1eo5iaEhDUs8XyuhSVCVy52Jq3L+/3GJgYkwc+/0=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
@@ -1486,8 +1489,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/maistra/istio-operator v0.0.0-20230322122339-793794762e67 h1:MKacYZbpog8jM+uN3/TQS/FUO+Emz/qdAhma63x1pCk=
-github.com/maistra/istio-operator v0.0.0-20230322122339-793794762e67/go.mod h1:OTwsAjzSt6870+UXseGMkEPwiyif2xr8A6xyTUrGXVg=
+github.com/maistra/istio-operator v0.0.0-20240712143246-fd7dfc8af831 h1:BBZSqzUOFeNJ6v14I6ppSJEWOZ7DTNq66g9mp5DYons=
+github.com/maistra/istio-operator v0.0.0-20240712143246-fd7dfc8af831/go.mod h1:Kb3f1dhD5zwRFR4AFpSItjy/djRNQsV69NrMeeDL85A=
 github.com/markbates/inflect v1.0.4/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
@@ -1659,8 +1662,8 @@ github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.m
 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357 h1:yp8QH1cSR7zynJlJMdluuD/QEGxY980uV1cooF2snio=
-github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM=
+github.com/openshift/api v0.0.0-20240802135124-8b2b377d9d42 h1:6dvhH92q5/tuU1T4U1s3P3yuVO9ADiXa1hwBHLIYVYE=
+github.com/openshift/api v0.0.0-20240802135124-8b2b377d9d42/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM=
 github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc=
 github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240/go.mod h1:4riOwdj99Hd/q+iAcJZfNCsQQQMwURnZV6RL4WHYS5w=
 github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 h1:HGfbllzRcrJBSiwzNjBCs7sExLUxC5/1evnvlNGB0Cg=
@@ -2548,6 +2551,7 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=

diff --git a/manifests/00-custom-resource-definition-CustomNoUpgrade.yaml b/manifests/00-custom-resource-definition-CustomNoUpgrade.yaml
@@ -368,6 +368,44 @@ spec:
                                   parameters for an AWS network load balancer. Present
                                   only if type is NLB.
                                 properties:
+                                  eipAllocations:
+                                    description: "eipAllocations is a list of IDs
+                                      for Elastic IP (EIP) addresses that are assigned
+                                      to the Network Load Balancer. The following
+                                      restrictions apply: \n eipAllocations can only
+                                      be used with external scope, not internal. An
+                                      EIP can be allocated to only a single IngressController.
+                                      The number of EIP allocations must match the
+                                      number of subnets that are used for the load
+                                      balancer. Each EIP allocation must be unique.
+                                      A maximum of 10 EIP allocations are permitted.
+                                      \n See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
+                                      for general information about configuration,
+                                      characteristics, and limitations of Elastic
+                                      IP addresses."
+                                    items:
+                                      description: EIPAllocation is an ID for an Elastic
+                                        IP (EIP) address that can be allocated to
+                                        an ELB in the AWS environment. Values must
+                                        begin with `eipalloc-` followed by exactly
+                                        17 hexadecimal (`[0-9a-fA-F]`) characters.
+                                      maxLength: 26
+                                      minLength: 26
+                                      type: string
+                                      x-kubernetes-validations:
+                                      - message: eipAllocations should start with
+                                          'eipalloc-'
+                                        rule: self.startsWith('eipalloc-')
+                                      - message: eipAllocations must be 'eipalloc-'
+                                          followed by exactly 17 hexadecimal characters
+                                          (0-9, a-f, A-F)
+                                        rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$')
+                                    maxItems: 10
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                    x-kubernetes-validations:
+                                    - message: eipAllocations cannot contain duplicates
+                                      rule: self.all(x, self.exists_one(y, x == y))
                                   subnets:
                                     description: "subnets specifies the subnets to
                                       which the load balancer will attach. The subnets
@@ -444,6 +482,25 @@ spec:
                                       rule: has(self.ids) && self.ids.size() > 0 ||
                                         has(self.names) && self.names.size() > 0
                                 type: object
+                                x-kubernetes-validations:
+                                - message: number of subnets must be equal to number
+                                    of eipAllocations
+                                  rule: 'has(self.subnets) && has(self.subnets.ids)
+                                    && has(self.subnets.names) && has(self.eipAllocations)
+                                    ? size(self.subnets.ids + self.subnets.names)
+                                    == size(self.eipAllocations) : true'
+                                - message: number of subnets must be equal to number
+                                    of eipAllocations
+                                  rule: 'has(self.subnets) && has(self.subnets.ids)
+                                    && !has(self.subnets.names) && has(self.eipAllocations)
+                                    ? size(self.subnets.ids) == size(self.eipAllocations)
+                                    : true'
+                                - message: number of subnets must be equal to number
+                                    of eipAllocations
+                                  rule: 'has(self.subnets) && has(self.subnets.names)
+                                    && !has(self.subnets.ids) && has(self.eipAllocations)
+                                    ? size(self.subnets.names) == size(self.eipAllocations)
+                                    : true'
                               type:
                                 description: "type is the type of AWS load balancer
                                   to instantiate for an ingresscontroller. \n Valid
@@ -547,6 +604,11 @@ spec:
                     - dnsManagementPolicy
                     - scope
                     type: object
+                    x-kubernetes-validations:
+                    - message: eipAllocations are forbidden when the scope is Internal.
+                      rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters)
+                        || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer)
+                        || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)'
                   nodePort:
                     description: nodePort holds parameters for the NodePortService
                       endpoint publishing strategy. Present only if type is NodePortService.
@@ -2172,6 +2234,44 @@ spec:
                                   parameters for an AWS network load balancer. Present
                                   only if type is NLB.
                                 properties:
+                                  eipAllocations:
+                                    description: "eipAllocations is a list of IDs
+                                      for Elastic IP (EIP) addresses that are assigned
+                                      to the Network Load Balancer. The following
+                                      restrictions apply: \n eipAllocations can only
+                                      be used with external scope, not internal. An
+                                      EIP can be allocated to only a single IngressController.
+                                      The number of EIP allocations must match the
+                                      number of subnets that are used for the load
+                                      balancer. Each EIP allocation must be unique.
+                                      A maximum of 10 EIP allocations are permitted.
+                                      \n See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
+                                      for general information about configuration,
+                                      characteristics, and limitations of Elastic
+                                      IP addresses."
+                                    items:
+                                      description: EIPAllocation is an ID for an Elastic
+                                        IP (EIP) address that can be allocated to
+                                        an ELB in the AWS environment. Values must
+                                        begin with `eipalloc-` followed by exactly
+                                        17 hexadecimal (`[0-9a-fA-F]`) characters.
+                                      maxLength: 26
+                                      minLength: 26
+                                      type: string
+                                      x-kubernetes-validations:
+                                      - message: eipAllocations should start with
+                                          'eipalloc-'
+                                        rule: self.startsWith('eipalloc-')
+                                      - message: eipAllocations must be 'eipalloc-'
+                                          followed by exactly 17 hexadecimal characters
+                                          (0-9, a-f, A-F)
+                                        rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$')
+                                    maxItems: 10
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                    x-kubernetes-validations:
+                                    - message: eipAllocations cannot contain duplicates
+                                      rule: self.all(x, self.exists_one(y, x == y))
                                   subnets:
                                     description: "subnets specifies the subnets to
                                       which the load balancer will attach. The subnets
@@ -2248,6 +2348,25 @@ spec:
                                       rule: has(self.ids) && self.ids.size() > 0 ||
                                         has(self.names) && self.names.size() > 0
                                 type: object
+                                x-kubernetes-validations:
+                                - message: number of subnets must be equal to number
+                                    of eipAllocations
+                                  rule: 'has(self.subnets) && has(self.subnets.ids)
+                                    && has(self.subnets.names) && has(self.eipAllocations)
+                                    ? size(self.subnets.ids + self.subnets.names)
+                                    == size(self.eipAllocations) : true'
+                                - message: number of subnets must be equal to number
+                                    of eipAllocations
+                                  rule: 'has(self.subnets) && has(self.subnets.ids)
+                                    && !has(self.subnets.names) && has(self.eipAllocations)
+                                    ? size(self.subnets.ids) == size(self.eipAllocations)
+                                    : true'
+                                - message: number of subnets must be equal to number
+                                    of eipAllocations
+                                  rule: 'has(self.subnets) && has(self.subnets.names)
+                                    && !has(self.subnets.ids) && has(self.eipAllocations)
+                                    ? size(self.subnets.names) == size(self.eipAllocations)
+                                    : true'
                               type:
                                 description: "type is the type of AWS load balancer
                                   to instantiate for an ingresscontroller. \n Valid
@@ -2351,6 +2470,11 @@ spec:
                     - dnsManagementPolicy
                     - scope
                     type: object
+                    x-kubernetes-validations:
+                    - message: eipAllocations are forbidden when the scope is Internal.
+                      rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters)
+                        || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer)
+                        || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)'
                   nodePort:
                     description: nodePort holds parameters for the NodePortService
                       endpoint publishing strategy. Present only if type is NodePortService.