enhance ip mode for non-ec2 nodes

Author: M00nF1sh

Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.12.7-stretch as builder
+FROM golang:1.13.4-stretch as builder
 WORKDIR /go/src/github.com/kubernetes-sigs/aws-alb-ingress-controller/
 COPY . .
 RUN make server

go.mod

@@ -2,18 +2,15 @@ module github.com/kubernetes-sigs/aws-alb-ingress-controller
 
 require (
 	github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30 // indirect
-	github.com/aws/aws-k8s-tester/e2e/tester v0.0.0-20190907061006-260b0e114d90 // indirect
+	github.com/aws/aws-k8s-tester/e2e/tester v0.0.0-20190907061006-260b0e114d90
 	github.com/aws/aws-sdk-go v1.23.21
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/go-logr/glogr v0.1.0
 	github.com/go-logr/logr v0.1.0 // indirect
 	github.com/go-logr/zapr v0.1.0 // indirect
-	github.com/gogo/protobuf v1.2.0 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
-	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
 	github.com/golang/mock v1.2.0
-	github.com/golangci/golangci-lint v1.14.0 // indirect
-	github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect
+	github.com/golangci/golangci-lint v1.21.0 // indirect
 	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
 	github.com/googleapis/gnostic v0.2.0 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
@@ -24,33 +21,28 @@ require (
 	github.com/mattn/goveralls v0.0.3-0.20190325144123-900af2b6e486 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
-	github.com/onsi/ginkgo v1.7.0
-	github.com/onsi/gomega v1.4.3
+	github.com/onsi/ginkgo v1.10.1
+	github.com/onsi/gomega v1.7.0
 	github.com/pborman/uuid v1.2.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.8.1
-	github.com/prometheus/client_golang v0.9.2
-	github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910
-	github.com/prometheus/common v0.0.0-20181126121408-4724e9255275
-	github.com/spf13/pflag v1.0.3
-	github.com/stretchr/objx v0.1.1 // indirect
-	github.com/stretchr/testify v1.2.2
+	github.com/prometheus/client_golang v0.9.3
+	github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90
+	github.com/prometheus/common v0.4.0
+	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.4.0
 	github.com/ticketmaster/aws-sdk-go-cache v0.0.0-20180926195306-58922816129c
-	go.uber.org/atomic v1.3.2 // indirect
-	go.uber.org/multierr v1.1.0 // indirect
-	go.uber.org/zap v1.9.1 // indirect
-	golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67 // indirect
 	golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635 // indirect
-	golang.org/x/sys v0.0.0-20190214214411-e77772198cdc // indirect
-	golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/api v0.0.0-20181213150558-05914d821849
 	k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93
 	k8s.io/apiserver v0.0.0-20190214201149-f9f16382a346
-	k8s.io/client-go v2.0.0-alpha.0.0.20181213151034-8d9ed539ba31+incompatible
+	k8s.io/client-go v0.0.0-20181213151034-8d9ed539ba31
 	k8s.io/klog v0.2.0
 	k8s.io/kube-openapi v0.0.0-20190208205540-d7c86cdc46e3 // indirect
 	sigs.k8s.io/controller-runtime v0.1.10
 	sigs.k8s.io/structured-merge-diff v0.0.0-20190215000154-7666d3d49c8f // indirect
 	sigs.k8s.io/yaml v1.1.0 // indirect
 )
+
+go 1.13

go.sum

@@ -74,14 +74,14 @@ func (c *instanceAttachmentControllerV1) Reconcile(ctx context.Context, ingKey t
 
 	shouldAttachENIIDs := targetENIIDs.Difference(attachedENIIDs)
 	for eniID := range shouldAttachENIIDs {
-		if err := c.ensureSGAttachedToENI(ctx, instanceSGID, targetENIs[eniID]); err != nil {
+		if err := c.ensureSGAttachedToENI(ctx, instanceSGID, eniID, targetENIs[eniID]); err != nil {
 			return err
 		}
 	}
 
 	shouldDetachENIIDs := attachedENIIDs.Difference(targetENIIDs)
 	for eniID := range shouldDetachENIIDs {
-		if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, attachedENIs[eniID]); err != nil {
+		if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, eniID, attachedENIs[eniID]); err != nil {
 			return err
 		}
 	}
@@ -102,8 +102,8 @@ func (c *instanceAttachmentControllerV1) Delete(ctx context.Context, ingKey type
 	if err != nil {
 		return err
 	}
-	for _, eni := range attachedENIs {
-		if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, eni); err != nil {
+	for eniID, eniInfo := range attachedENIs {
+		if err := c.ensureSGDetachedFromENI(ctx, instanceSGID, eniID, eniInfo); err != nil {
 			return err
 		}
 	}
@@ -141,7 +141,7 @@ func (c *instanceAttachmentControllerV1) ensureInstanceSG(ctx context.Context, i
 }
 
 // findENIsAttachedWithInstanceSG finds all ENIs attached with instance SG.
-func (c *instanceAttachmentControllerV1) findENIsAttachedWithInstanceSG(ctx context.Context, instanceSGID string) (map[string]*ec2.NetworkInterface, error) {
+func (c *instanceAttachmentControllerV1) findENIsAttachedWithInstanceSG(ctx context.Context, instanceSGID string) (map[string]ENIInfo, error) {
 	enis, err := c.cloud.DescribeNetworkInterfaces(ctx, &ec2.DescribeNetworkInterfacesInput{
 		Filters: []*ec2.Filter{
 			{
@@ -153,36 +153,34 @@ func (c *instanceAttachmentControllerV1) findENIsAttachedWithInstanceSG(ctx cont
 	if err != nil {
 		return nil, err
 	}
-	result := make(map[string]*ec2.NetworkInterface, len(enis))
+	result := make(map[string]ENIInfo, len(enis))
 	for _, eni := range enis {
-		result[aws.StringValue(eni.NetworkInterfaceId)] = eni
+		result[aws.StringValue(eni.NetworkInterfaceId)] = NewENIInfoViaENI(eni)
 	}
 	return result, nil
 }
 
-func (c *instanceAttachmentControllerV1) ensureSGAttachedToENI(ctx context.Context, sgID string, eni *ec2.InstanceNetworkInterface) error {
+func (c *instanceAttachmentControllerV1) ensureSGAttachedToENI(ctx context.Context, sgID string, eniID string, eniInfo ENIInfo) error {
 	desiredGroups := []string{sgID}
-	for _, group := range eni.Groups {
-		groupID := aws.StringValue(group.GroupId)
+	for _, groupID := range eniInfo.SecurityGroups() {
 		if groupID == sgID {
 			return nil
 		}
 		desiredGroups = append(desiredGroups, groupID)
 	}
 
-	albctx.GetLogger(ctx).Infof("attaching securityGroup %s to ENI %s", sgID, *eni.NetworkInterfaceId)
+	albctx.GetLogger(ctx).Infof("attaching securityGroup %s to ENI %s", sgID, eniID)
 	_, err := c.cloud.ModifyNetworkInterfaceAttributeWithContext(ctx, &ec2.ModifyNetworkInterfaceAttributeInput{
-		NetworkInterfaceId: eni.NetworkInterfaceId,
+		NetworkInterfaceId: aws.String(eniID),
 		Groups:             aws.StringSlice(desiredGroups),
 	})
 	return err
 }
 
-func (c *instanceAttachmentControllerV1) ensureSGDetachedFromENI(ctx context.Context, sgID string, eni *ec2.NetworkInterface) error {
+func (c *instanceAttachmentControllerV1) ensureSGDetachedFromENI(ctx context.Context, sgID string, eniID string, eniInfo ENIInfo) error {
 	sgAttached := false
 	desiredGroups := []string{}
-	for _, group := range eni.Groups {
-		groupID := aws.StringValue(group.GroupId)
+	for _, groupID := range eniInfo.SecurityGroups() {
 		if groupID == sgID {
 			sgAttached = true
 		} else {
@@ -193,9 +191,9 @@ func (c *instanceAttachmentControllerV1) ensureSGDetachedFromENI(ctx context.Con
 		return nil
 	}
 
-	albctx.GetLogger(ctx).Infof("detaching securityGroup %s from ENI %s", sgID, *eni.NetworkInterfaceId)
+	albctx.GetLogger(ctx).Infof("detaching securityGroup %s from ENI %s", sgID, eniID)
 	_, err := c.cloud.ModifyNetworkInterfaceAttributeWithContext(ctx, &ec2.ModifyNetworkInterfaceAttributeInput{
-		NetworkInterfaceId: eni.NetworkInterfaceId,
+		NetworkInterfaceId: aws.String(eniID),
 		Groups:             aws.StringSlice(desiredGroups),
 	})
 	return err

internal/alb/sg/instance_attachment_v1.go

@@ -102,9 +102,7 @@ func (c *instanceAttachmentControllerV2) findInstanceSGsForTgGroup(ctx context.C
 
 	sgIDs := sets.NewString()
 	for _, eni := range targetENIs {
-		for _, group := range eni.Groups {
-			sgIDs.Insert(aws.StringValue(group.GroupId))
-		}
+		sgIDs.Insert(eni.SecurityGroups()...)
 	}
 	if len(sgIDs) == 0 {
 		return nil, nil
@@ -126,24 +124,25 @@ func (c *instanceAttachmentControllerV2) findInstanceSGsForTgGroup(ctx context.C
 
 	clusterTag := "kubernetes.io/cluster/" + c.cloud.GetClusterName()
 	instanceSGIDs := sets.NewString()
-	for _, eni := range targetENIs {
-		if len(eni.Groups) == 1 {
-			instanceSGIDs.Insert(aws.StringValue(eni.Groups[0].GroupId))
+	for eniID, eni := range targetENIs {
+		eniSGIDs := eni.SecurityGroups()
+		if len(eniSGIDs) == 1 {
+			instanceSGIDs.Insert(eniSGIDs[0])
 			continue
 		}
 		var instanceSGIDsWithClusterTag []string
-		for _, group := range eni.Groups {
-			instanceSG := sgByID[aws.StringValue(group.GroupId)]
+		for _, eniSGID := range eniSGIDs {
+			instanceSG := sgByID[eniSGID]
 			for _, tag := range instanceSG.Tags {
 				if aws.StringValue(tag.Key) == clusterTag {
-					instanceSGIDsWithClusterTag = append(instanceSGIDsWithClusterTag, aws.StringValue(group.GroupId))
+					instanceSGIDsWithClusterTag = append(instanceSGIDsWithClusterTag, eniSGID)
 					break
 				}
 			}
 		}
 		if len(instanceSGIDsWithClusterTag) != 1 {
 			return nil, errors.Errorf("expect one securityGroup tagged with %v on eni %v, got %v",
-				clusterTag, aws.StringValue(eni.NetworkInterfaceId), len(instanceSGIDsWithClusterTag),
+				clusterTag, eniID, len(instanceSGIDsWithClusterTag),
 			)
 		}
 		instanceSGIDs.Insert(instanceSGIDsWithClusterTag[0])