Add support for service weighted target groups

Author: kellyyan

controllers/service/service_controller.go

@@ -50,10 +50,11 @@ func NewServiceReconciler(cloud services.Cloud, k8sClient client.Client, eventRe
 	annotationParser := annotations.NewSuffixAnnotationParser(serviceAnnotationPrefix)
 	trackingProvider := tracking.NewDefaultProvider(serviceTagPrefix, controllerConfig.ClusterName)
 	serviceUtils := service.NewServiceUtils(annotationParser, shared_constants.ServiceFinalizer, controllerConfig.ServiceConfig.LoadBalancerClass, controllerConfig.FeatureGates)
+	enhancedBackendBuilder := service.NewDefaultEnhancedBackendBuilder(k8sClient, annotationParser, logger)
 	modelBuilder := service.NewDefaultModelBuilder(annotationParser, subnetsResolver, vpcInfoProvider, cloud.VpcID(), trackingProvider,
 		elbv2TaggingManager, cloud.EC2(), controllerConfig.FeatureGates, controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags,
 		controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, controllerConfig.DefaultLoadBalancerScheme, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), serviceUtils,
-		backendSGProvider, sgResolver, controllerConfig.EnableBackendSecurityGroup, controllerConfig.EnableManageBackendSecurityGroupRules, controllerConfig.DisableRestrictedSGRules, logger, metricsCollector, controllerConfig.FeatureGates.Enabled(config.EnableTCPUDPListenerType))
+		backendSGProvider, sgResolver, controllerConfig.EnableBackendSecurityGroup, controllerConfig.EnableManageBackendSecurityGroupRules, controllerConfig.DisableRestrictedSGRules, logger, metricsCollector, controllerConfig.FeatureGates.Enabled(config.EnableTCPUDPListenerType), enhancedBackendBuilder)
 	stackMarshaller := deploy.NewDefaultStackMarshaller()
 	stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingManager, networkingSGManager, networkingSGReconciler, elbv2TaggingManager, controllerConfig, serviceTagPrefix, logger, metricsCollector, controllerName, controllerConfig.FeatureGates.Enabled(config.EnhancedDefaultBehavior), targetGroupCollector, false)
 	return &serviceReconciler{

docs/guide/service/annotations.md

@@ -0,0 +1,112 @@
+package service
+
+import (
+	"github.com/pkg/errors"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+// TargetGroupTuple Information about how traffic will be distributed between multiple target groups in a forward rule.
+// Target group protocol defaults to listener protocol.
+type TargetGroupTuple struct {
+	// The Amazon Resource Name (ARN) of the target group.
+	TargetGroupARN *string `json:"targetGroupARN"`
+
+	// The K8s service Name.
+	ServiceName *string `json:"serviceName"`
+
+	// The K8s service port.
+	ServicePort *intstr.IntOrString `json:"servicePort"`
+
+	// Whether the traffic should be decrypted and forwarded to the target unencrypted. For a TLS listener, its target groups default to TLS protocol. To set the target group to TCP protocol. Set Decrypt to true.
+	// +optional
+	Decrypt *bool `json:"decrypt,omitempty"`
+
+	// The weight.
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:validation:Maximum=999
+	// +optional
+	Weight *int32 `json:"weight,omitempty"`
+}
+
+func (t *TargetGroupTuple) validate() error {
+	if (t.TargetGroupARN != nil) == (t.ServiceName != nil) {
+		return errors.New("precisely one of targetGroupARN and serviceName can be specified")
+	}
+
+	if t.ServiceName != nil && t.ServicePort == nil {
+		return errors.New("missing servicePort")
+	}
+
+	if t.Weight != nil && (*t.Weight < 0 || *t.Weight > 999) {
+		return errors.New("target group weight must be between 0 and 999")
+	}
+	return nil
+}
+
+// TargetGroupStickinessConfig Information about the target group stickiness.
+type TargetGroupStickinessConfig struct {
+	// Whether target group stickiness is enabled.
+	// +optional
+	Enabled *bool `json:"enabled,omitempty"`
+}
+
+// ForwardActionConfig Information about a forward action.
+type ForwardActionConfig struct {
+	// The weight of the base service.
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:validation:Maximum=999
+	BaseServiceWeight *int32 `json:"baseServiceWeight"`
+
+	// One or more target groups.
+	// +kubebuilder:validation:MaxProperties=4
+	TargetGroups []TargetGroupTuple `json:"targetGroups"`
+
+	// The target group stickiness.
+	// +optional
+	TargetGroupStickinessConfig *TargetGroupStickinessConfig `json:"targetGroupStickinessConfig,omitempty"`
+}
+
+func (c *ForwardActionConfig) validate() error {
+	for _, t := range c.TargetGroups {
+		if err := t.validate(); err != nil {
+			return errors.Wrap(err, "invalid TargetGroupTuple")
+		}
+	}
+	if len(c.TargetGroups) > 1 {
+		for _, t := range c.TargetGroups {
+			if t.Weight == nil {
+				return errors.New("weight must be set when routing to multiple target groups")
+			}
+		}
+	}
+	return nil
+}
+
+// ActionType The type of action.
+type ActionType string
+
+const (
+	ActionTypeForward ActionType = "forward"
+)
+
+type Action struct {
+	// The type of action.
+	Type ActionType `json:"type"`
+
+	// Information for creating an action that distributes requests among one or more target groups.
+	ForwardConfig *ForwardActionConfig `json:"forwardConfig,omitempty"`
+}
+
+func (a *Action) validate() error {
+	switch a.Type {
+	case ActionTypeForward:
+		if a.ForwardConfig != nil {
+			if err := a.ForwardConfig.validate(); err != nil {
+				return errors.Wrap(err, "invalid ForwardConfig")
+			}
+		}
+	default:
+		return errors.Errorf("unknown action type: %v", a.Type)
+	}
+	return nil
+}

pkg/service/config_types.go

@@ -0,0 +1,72 @@
+package service
+
+import (
+	"context"
+
+	awssdk "github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/go-logr/logr"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type EnhancedBackend struct{}
+
+// EnhancedBackendBuilder is capable of build EnhancedBackend for Service backend.
+type EnhancedBackendBuilder interface {
+	Build(ctx context.Context, svc *corev1.Service, action Action, backendServices map[types.NamespacedName]*corev1.Service) error
+}
+
+// NewDefaultEnhancedBackendBuilder constructs new defaultEnhancedBackendBuilder.
+func NewDefaultEnhancedBackendBuilder(k8sClient client.Client, annotationParser annotations.Parser, logger logr.Logger) *defaultEnhancedBackendBuilder {
+	return &defaultEnhancedBackendBuilder{
+		k8sClient:        k8sClient,
+		annotationParser: annotationParser,
+		logger:           logger,
+	}
+}
+
+type defaultEnhancedBackendBuilder struct {
+	k8sClient        client.Client
+	annotationParser annotations.Parser
+	logger           logr.Logger
+}
+
+func (b *defaultEnhancedBackendBuilder) Build(ctx context.Context, svc *corev1.Service, action Action, backendServices map[types.NamespacedName]*corev1.Service) error {
+	if err := b.loadBackendServices(ctx, &action, svc.Namespace, backendServices); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// loadBackendServices loads referenced backend services into backendServices.
+func (b *defaultEnhancedBackendBuilder) loadBackendServices(ctx context.Context, action *Action, namespace string,
+	backendServices map[types.NamespacedName]*corev1.Service) error {
+	svcNames := sets.NewString()
+	for _, tgt := range action.ForwardConfig.TargetGroups {
+		if tgt.ServiceName != nil {
+			svcNames.Insert(awssdk.ToString(tgt.ServiceName))
+		}
+	}
+
+	for svcName := range svcNames {
+		svcKey := types.NamespacedName{Namespace: namespace, Name: svcName}
+		if _, ok := backendServices[svcKey]; ok {
+			continue
+		}
+
+		// Fetch the Service from the API
+		svc := &corev1.Service{}
+		err := b.k8sClient.Get(ctx, svcKey, svc)
+		if err != nil {
+			return err
+		}
+
+		backendServices[svcKey] = svc
+	}
+
+	return nil
+}

pkg/service/enhanced_backend_builder.go

@@ -0,0 +1,197 @@
+package service
+
+import (
+	"context"
+	"testing"
+
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+
+	awssdk "github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/equality"
+	testclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+var svc1 = &corev1.Service{
+	ObjectMeta: metav1.ObjectMeta{
+		Namespace: "awesome-ns",
+		Name:      "svc-1",
+	},
+}
+
+var svc2 = &corev1.Service{
+	ObjectMeta: metav1.ObjectMeta{
+		Namespace: "awesome-ns",
+		Name:      "svc-2",
+	},
+}
+
+func Test_defaultEnhancedBackendBuilder_Build(t *testing.T) {
+	portTCP := intstr.FromString("tcp")
+
+	type env struct {
+		svcs []*corev1.Service
+	}
+	type args struct {
+		svc             *corev1.Service
+		action          Action
+		backendServices map[types.NamespacedName]*corev1.Service
+	}
+
+	tests := []struct {
+		name                string
+		env                 env
+		args                args
+		want                EnhancedBackend
+		wantBackendServices map[types.NamespacedName]*corev1.Service
+		wantErr             error
+	}{
+		{
+			name: "builds enhanced backend",
+			env:  env{svcs: []*corev1.Service{svc1}},
+			args: args{
+				svc: svc1,
+				action: Action{
+					Type: ActionTypeForward,
+					ForwardConfig: &ForwardActionConfig{
+						TargetGroups: []TargetGroupTuple{
+							{
+								ServiceName: awssdk.String("svc-1"),
+								ServicePort: &portTCP,
+							},
+						},
+					},
+				},
+				backendServices: map[types.NamespacedName]*corev1.Service{},
+			},
+			wantBackendServices: map[types.NamespacedName]*corev1.Service{
+				types.NamespacedName{Namespace: "awesome-ns", Name: "svc-1"}: svc1,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			k8sSchema := runtime.NewScheme()
+			clientgoscheme.AddToScheme(k8sSchema)
+			k8sClient := testclient.NewClientBuilder().WithScheme(k8sSchema).Build()
+			for _, svc := range tt.env.svcs {
+				assert.NoError(t, k8sClient.Create(ctx, svc.DeepCopy()))
+			}
+			annotationParser := annotations.NewSuffixAnnotationParser("service.beta.kubernetes.io")
+			b := &defaultEnhancedBackendBuilder{
+				k8sClient:        k8sClient,
+				annotationParser: annotationParser,
+			}
+
+			err := b.Build(context.Background(), tt.args.svc, tt.args.action, tt.args.backendServices)
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func Test_defaultEnhancedBackendBuilder_loadBackendServices(t *testing.T) {
+	port80 := intstr.FromInt(80)
+
+	type env struct {
+		svcs []*corev1.Service
+	}
+	type args struct {
+		action          *Action
+		namespace       string
+		backendServices map[types.NamespacedName]*corev1.Service
+	}
+	tests := []struct {
+		name                string
+		env                 env
+		args                args
+		wantAction          Action
+		wantBackendServices map[types.NamespacedName]*corev1.Service
+		wantErr             error
+	}{
+		{
+			name: "forward to a single service",
+			env: env{
+				svcs: []*corev1.Service{svc1, svc2},
+			},
+			args: args{
+				action: &Action{
+					Type: ActionTypeForward,
+					ForwardConfig: &ForwardActionConfig{
+						TargetGroups: []TargetGroupTuple{
+							{
+								ServiceName: awssdk.String("svc-1"),
+								ServicePort: &port80,
+							},
+						},
+					},
+				},
+				namespace:       "awesome-ns",
+				backendServices: map[types.NamespacedName]*corev1.Service{},
+			},
+			wantBackendServices: map[types.NamespacedName]*corev1.Service{
+				types.NamespacedName{Namespace: "awesome-ns", Name: "svc-1"}: svc1,
+			},
+		},
+		{
+			name: "forward to multiple services",
+			env: env{
+				svcs: []*corev1.Service{svc1, svc2},
+			},
+			args: args{
+				action: &Action{
+					Type: ActionTypeForward,
+					ForwardConfig: &ForwardActionConfig{
+						TargetGroups: []TargetGroupTuple{
+							{
+								ServiceName: awssdk.String("svc-1"),
+								ServicePort: &port80,
+							},
+							{
+								ServiceName: awssdk.String("svc-2"),
+								ServicePort: &port80,
+							},
+						},
+					},
+				},
+				namespace:       "awesome-ns",
+				backendServices: map[types.NamespacedName]*corev1.Service{},
+			},
+			wantBackendServices: map[types.NamespacedName]*corev1.Service{
+				types.NamespacedName{Namespace: "awesome-ns", Name: "svc-1"}: svc1,
+				types.NamespacedName{Namespace: "awesome-ns", Name: "svc-2"}: svc2,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			k8sSchema := runtime.NewScheme()
+			clientgoscheme.AddToScheme(k8sSchema)
+			k8sClient := testclient.NewClientBuilder().WithScheme(k8sSchema).Build()
+			for _, svc := range tt.env.svcs {
+				assert.NoError(t, k8sClient.Create(ctx, svc.DeepCopy()))
+			}
+
+			b := &defaultEnhancedBackendBuilder{
+				k8sClient: k8sClient,
+			}
+			err := b.loadBackendServices(ctx, tt.args.action, tt.args.namespace, tt.args.backendServices)
+			if tt.wantErr != nil {
+				assert.EqualError(t, err, tt.wantErr.Error())
+			} else {
+				assert.NoError(t, err)
+				opt := equality.IgnoreFakeClientPopulatedFields()
+				assert.True(t, cmp.Equal(tt.wantBackendServices, tt.args.backendServices, opt),
+					"diff: %v", cmp.Diff(tt.wantBackendServices, tt.args.backendServices, opt))
+			}
+		})
+	}
+}