Support listener attributes

kubernetes-sigs · Sep 24, 2024 · a8a4a41 · a8a4a41
1 parent 356c904
commit a8a4a41
Show file tree

Hide file tree

Showing 20 changed files with 750 additions and 21 deletions.
diff --git a/apis/elbv2/v1beta1/ingressclassparams_types.go b/apis/elbv2/v1beta1/ingressclassparams_types.go
@@ -85,6 +85,22 @@ type Attribute struct {
 	Value string `json:"value"`
 }
 
+type ListenerProtocol string
+
+const (
+	ListenerProtocolHTTP  ListenerProtocol = "HTTP"
+	ListenerProtocolHTTPS ListenerProtocol = "HTTPS"
+)
+
+type Listener struct {
+	// The protocol of the listener
+	Protocol ListenerProtocol `json:"protocol,omitempty"`
+	// The port of the listener
+	Port int32 `json:"port,omitempty"`
+	// The attributes of the listener
+	ListenerAttributes []Attribute `json:"listenerAttributes,omitempty"`
+}
+
 // IngressClassParamsSpec defines the desired state of IngressClassParams
 type IngressClassParamsSpec struct {
 	// CertificateArn specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams.
@@ -126,6 +142,10 @@ type IngressClassParamsSpec struct {
 	// LoadBalancerAttributes define the custom attributes to LoadBalancers for all Ingress that that belong to IngressClass with this IngressClassParams.
 	// +optional
 	LoadBalancerAttributes []Attribute `json:"loadBalancerAttributes,omitempty"`
+
+	// Listeners define a list of listeners with their protocol, port and attributes.
+	// +optional
+	Listeners []Listener `json:"listeners,omitempty"`
 }
 
 // +kubebuilder:object:root=true

diff --git a/apis/elbv2/v1beta1/zz_generated.deepcopy.go b/apis/elbv2/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml b/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml
@@ -204,6 +204,27 @@ spec:
                   - value
                   type: object
                 type: array
+              listeners:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    protocol:
+                      enum:
+                      - HTTPS
+                      - HTTP
+                      type: string
+                    port:
+                      type: integer
+                    listenerAttributes:
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          key:
+                            type: string
+                          value:
+                            type: string
             type: object
         type: object
     served: true

diff --git a/docs/install/iam_policy.json b/docs/install/iam_policy.json
@@ -39,7 +39,8 @@
                 "elasticloadbalancing:DescribeTargetGroupAttributes",
                 "elasticloadbalancing:DescribeTargetHealth",
                 "elasticloadbalancing:DescribeTags",
-                "elasticloadbalancing:DescribeTrustStores"
+                "elasticloadbalancing:DescribeTrustStores",
+                "elasticloadbalancing:DescribeListenerAttributes"
             ],
             "Resource": "*"
         },
@@ -188,7 +189,8 @@
                 "elasticloadbalancing:DeleteLoadBalancer",
                 "elasticloadbalancing:ModifyTargetGroup",
                 "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
+                "elasticloadbalancing:DeleteTargetGroup",
+                "elasticloadbalancing:ModifyListenerAttributes"
             ],
             "Resource": "*",
             "Condition": {

diff --git a/docs/install/iam_policy_cn.json b/docs/install/iam_policy_cn.json
@@ -39,7 +39,8 @@
                 "elasticloadbalancing:DescribeTargetGroupAttributes",
                 "elasticloadbalancing:DescribeTargetHealth",
                 "elasticloadbalancing:DescribeTags",
-                "elasticloadbalancing:DescribeTrustStores"
+                "elasticloadbalancing:DescribeTrustStores",
+                "elasticloadbalancing:DescribeListenerAttributes"
             ],
             "Resource": "*"
         },
@@ -210,7 +211,8 @@
                 "elasticloadbalancing:DeleteLoadBalancer",
                 "elasticloadbalancing:ModifyTargetGroup",
                 "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
+                "elasticloadbalancing:DeleteTargetGroup",
+                "elasticloadbalancing:ModifyListenerAttributes"
             ],
             "Resource": "*",
             "Condition": {

diff --git a/docs/install/iam_policy_us-gov.json b/docs/install/iam_policy_us-gov.json
@@ -39,7 +39,8 @@
                 "elasticloadbalancing:DescribeTargetGroupAttributes",
                 "elasticloadbalancing:DescribeTargetHealth",
                 "elasticloadbalancing:DescribeTags",
-                "elasticloadbalancing:DescribeTrustStores"
+                "elasticloadbalancing:DescribeTrustStores",
+                "elasticloadbalancing:DescribeListenerAttributes"
             ],
             "Resource": "*"
         },
@@ -210,7 +211,8 @@
                 "elasticloadbalancing:DeleteLoadBalancer",
                 "elasticloadbalancing:ModifyTargetGroup",
                 "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
+                "elasticloadbalancing:DeleteTargetGroup",
+                "elasticloadbalancing:ModifyListenerAttributes"
             ],
             "Resource": "*",
             "Condition": {

diff --git a/helm/aws-load-balancer-controller/crds/crds.yaml b/helm/aws-load-balancer-controller/crds/crds.yaml
@@ -203,6 +203,27 @@ spec:
                   - value
                   type: object
                 type: array
+              listeners:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    protocol:
+                      enum:
+                      - HTTPS
+                      - HTTP
+                      type: string
+                    port:
+                      type: integer
+                    listenerAttributes:
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          key:
+                            type: string
+                          value:
+                            type: string
             type: object
         type: object
     served: true

diff --git a/pkg/annotations/constants.go b/pkg/annotations/constants.go
@@ -48,6 +48,7 @@ const (
 	IngressSuffixManageSecurityGroupRules     = "manage-backend-security-group-rules"
 	IngressSuffixMutualAuthentication         = "mutual-authentication"
 	IngressSuffixSecurityGroupPrefixLists     = "security-group-prefix-lists"
+	IngressSuffixlsAttsAnnotationPrefix       = "listener-attributes"
 
 	// NLB annotation suffixes
 	// prefixes service.beta.kubernetes.io, service.kubernetes.io
@@ -88,4 +89,5 @@ const (
 	SvcLBSuffixManageSGRules                             = "aws-load-balancer-manage-backend-security-group-rules"
 	SvcLBSuffixEnforceSGInboundRulesOnPrivateLinkTraffic = "aws-load-balancer-inbound-sg-rules-on-private-link-traffic"
 	SvcLBSuffixSecurityGroupPrefixLists                  = "aws-load-balancer-security-group-prefix-lists"
+	SvcLBSuffixlsAttsAnnotationPrefix                    = "aws-load-balancer-listener-attributes"
 )
diff --git a/pkg/aws/services/elbv2.go b/pkg/aws/services/elbv2.go
@@ -2,11 +2,12 @@ package services
 
 import (
 	"context"
+	"time"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
 	"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/endpoints"
-	"time"
 )
 
 type ELBV2 interface {
@@ -57,6 +58,8 @@ type ELBV2 interface {
 	DescribeTrustStoresWithContext(ctx context.Context, input *elasticloadbalancingv2.DescribeTrustStoresInput) (*elasticloadbalancingv2.DescribeTrustStoresOutput, error)
 	RemoveListenerCertificatesWithContext(ctx context.Context, input *elasticloadbalancingv2.RemoveListenerCertificatesInput) (*elasticloadbalancingv2.RemoveListenerCertificatesOutput, error)
 	AddListenerCertificatesWithContext(ctx context.Context, input *elasticloadbalancingv2.AddListenerCertificatesInput) (*elasticloadbalancingv2.AddListenerCertificatesOutput, error)
+	DescribeListenerAttributesWithContext(ctx context.Context, input *elasticloadbalancingv2.DescribeListenerAttributesInput) (*elasticloadbalancingv2.DescribeListenerAttributesOutput, error)
+	ModifyListenerAttributesWithContext(ctx context.Context, input *elasticloadbalancingv2.ModifyListenerAttributesInput) (*elasticloadbalancingv2.ModifyListenerAttributesOutput, error)
 }
 
 func NewELBV2(cfg aws.Config, endpointsResolver *endpoints.Resolver) ELBV2 {
@@ -268,3 +271,11 @@ func (c *elbv2Client) DescribeRulesAsList(ctx context.Context, input *elasticloa
 	}
 	return result, nil
 }
+
+func (c *elbv2Client) DescribeListenerAttributesWithContext(ctx context.Context, input *elasticloadbalancingv2.DescribeListenerAttributesInput) (*elasticloadbalancingv2.DescribeListenerAttributesOutput, error) {
+	return c.elbv2Client.DescribeListenerAttributes(ctx, input)
+}
+
+func (c *elbv2Client) ModifyListenerAttributesWithContext(ctx context.Context, input *elasticloadbalancingv2.ModifyListenerAttributesInput) (*elasticloadbalancingv2.ModifyListenerAttributesOutput, error) {
+	return c.elbv2Client.ModifyListenerAttributes(ctx, input)
+}
diff --git a/pkg/aws/services/elbv2_mocks.go b/pkg/aws/services/elbv2_mocks.go
diff --git a/pkg/deploy/elbv2/listener_attributes_reconciler.go b/pkg/deploy/elbv2/listener_attributes_reconciler.go
@@ -0,0 +1,94 @@
+package elbv2
+
+import (
+	"context"
+
+	awssdk "github.com/aws/aws-sdk-go-v2/aws"
+	elbv2sdk "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
+	elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/algorithm"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
+)
+
+// Reconciler for Listener attributes
+type ListenerAttributesReconciler interface {
+	Reconcile(ctx context.Context, resLS *elbv2model.Listener, sdkLS ListenerWithTags) error
+}
+
+// NewListenerAttributesReconciler constructs new ListenerAttributesReconciler.
+func NewDefaultListenerAttributesReconciler(elbv2Client services.ELBV2, logger logr.Logger) *defaultListenerAttributesReconciler {
+	return &defaultListenerAttributesReconciler{
+		elbv2Client: elbv2Client,
+		logger:      logger,
+	}
+}
+
+var _ ListenerAttributesReconciler = &defaultListenerAttributesReconciler{}
+
+// default implementation for ListenerAttributeReconciler
+type defaultListenerAttributesReconciler struct {
+	elbv2Client services.ELBV2
+	logger      logr.Logger
+}
+
+func (r *defaultListenerAttributesReconciler) Reconcile(ctx context.Context, resLS *elbv2model.Listener, sdkLS ListenerWithTags) error {
+	desiredAttrs := r.getDesiredListenerAttributes(ctx, resLS)
+	currentAttrs, err := r.getCurrentListenerAttributes(ctx, sdkLS)
+	if err != nil {
+		return err
+	}
+	attributesToUpdate, _ := algorithm.DiffStringMap(desiredAttrs, currentAttrs)
+	if len(attributesToUpdate) > 0 {
+		req := &elbv2sdk.ModifyListenerAttributesInput{
+			ListenerArn: sdkLS.Listener.ListenerArn,
+			Attributes:  nil,
+		}
+		for _, attrKey := range sets.StringKeySet(attributesToUpdate).List() {
+			req.Attributes = append(req.Attributes, elbv2types.ListenerAttribute{
+				Key:   awssdk.String(attrKey),
+				Value: awssdk.String(attributesToUpdate[attrKey]),
+			})
+		}
+		r.logger.Info("modifying listener attributes",
+			"stackID", resLS.Stack().StackID(),
+			"resourceID", resLS.ID(),
+			"arn", awssdk.ToString(sdkLS.Listener.ListenerArn),
+			"change", attributesToUpdate)
+		if _, err := r.elbv2Client.ModifyListenerAttributesWithContext(ctx, req); err != nil {
+			return err
+		}
+		r.logger.Info("modified listener attribute",
+			"stackID", resLS.Stack().StackID(),
+			"resourceID", resLS.ID(),
+			"arn", awssdk.ToString(sdkLS.Listener.ListenerArn))
+
+	}
+	return nil
+
+}
+
+func (r *defaultListenerAttributesReconciler) getDesiredListenerAttributes(ctx context.Context, resLS *elbv2model.Listener) map[string]string {
+	lsAttributes := make(map[string]string, len(resLS.Spec.ListenerAttributes))
+	for _, attr := range resLS.Spec.ListenerAttributes {
+		lsAttributes[attr.Key] = attr.Value
+	}
+	return lsAttributes
+}
+
+func (r *defaultListenerAttributesReconciler) getCurrentListenerAttributes(ctx context.Context, sdkLS ListenerWithTags) (map[string]string, error) {
+	req := &elbv2sdk.DescribeListenerAttributesInput{
+		ListenerArn: sdkLS.Listener.ListenerArn,
+	}
+	resp, err := r.elbv2Client.DescribeListenerAttributesWithContext(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	lsAttributes := make(map[string]string, len(resp.Attributes))
+	for _, attr := range resp.Attributes {
+		lsAttributes[awssdk.ToString(attr.Key)] = awssdk.ToString(attr.Value)
+	}
+	return lsAttributes, nil
+}