Merge pull request #4502 from wweiwei-li/aga-fix

Add check for duplicate endpoints

Author: k8s-ci-robot

apis/aga/v1beta1/globalaccelerator_types.go

@@ -279,7 +279,7 @@ type IPSet struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:storageversion
-// +kubebuilder:printcolumn:name="NAME",type="string",JSONPath=".spec.name",description="The Global Accelerator name"
+// +kubebuilder:printcolumn:name="ACCELERATOR-NAME",type="string",JSONPath=".spec.name",description="The Global Accelerator name"
 // +kubebuilder:printcolumn:name="DNS-NAME",type="string",JSONPath=".status.dnsName",description="The Global Accelerator DNS name"
 // +kubebuilder:printcolumn:name="TYPE",type="string",JSONPath=".spec.type",description="The Global Accelerator type"
 // +kubebuilder:printcolumn:name="STATUS",type="string",JSONPath=".status.status",description="The Global Accelerator status"

config/crd/aga/aga-crds.yaml

@@ -17,7 +17,7 @@ spec:
   - additionalPrinterColumns:
     - description: The Global Accelerator name
       jsonPath: .spec.name
-      name: NAME
+      name: ACCELERATOR-NAME
       type: string
     - description: The Global Accelerator DNS name
       jsonPath: .status.dnsName

config/crd/aga/aga.k8s.aws_globalaccelerators.yaml

@@ -17,7 +17,7 @@ spec:
   - additionalPrinterColumns:
     - description: The Global Accelerator name
       jsonPath: .spec.name
-      name: NAME
+      name: ACCELERATOR-NAME
       type: string
     - description: The Global Accelerator DNS name
       jsonPath: .status.dnsName

helm/aws-load-balancer-controller/crds/aga-crds.yaml

@@ -17,7 +17,7 @@ spec:
   - additionalPrinterColumns:
     - description: The Global Accelerator name
       jsonPath: .spec.name
-      name: NAME
+      name: ACCELERATOR-NAME
       type: string
     - description: The Global Accelerator DNS name
       jsonPath: .status.dnsName

helm/aws-load-balancer-controller/templates/webhook.yaml

@@ -326,6 +326,36 @@ webhooks:
     - ingresses
   sideEffects: None
 {{- end }}
+{{- if .Values.controllerConfig.featureGates.GlobalAcceleratorController }}
+- clientConfig:
+    {{- if not $.Values.enableCertManager }}
+    caBundle: {{ $tls.caCert }}
+    {{- end }}
+    service:
+      name: {{ template "aws-load-balancer-controller.webhookService" . }}
+      namespace: {{ $.Release.Namespace }}
+      path: /validate-aga-k8s-aws-v1beta1-globalaccelerator
+      port: 443
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: vglobalaccelerator.aga.k8s.aws
+  admissionReviewVersions:
+  - v1beta1
+  namespaceSelector: {}
+  objectSelector: {}
+  rules:
+  - apiGroups:
+    - aga.k8s.aws
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - globalaccelerators
+  sideEffects: None
+  timeoutSeconds: 10
+{{- end }}
 ---
 {{- if not $.Values.enableCertManager }}
 apiVersion: v1

pkg/deploy/aga/accelerator_manager.go

@@ -118,7 +118,7 @@ func (m *defaultAcceleratorManager) Update(ctx context.Context, resAccelerator *
 
 	var updatedAccelerator *agatypes.Accelerator
 	if !m.isSDKAcceleratorSettingsDrifted(resAccelerator, sdkAccelerator) {
-		m.logger.Info("No drift detected in accelerator settings, skipping update",
+		m.logger.V(1).Info("No drift detected in accelerator settings, skipping update",
 			"stackID", resAccelerator.Stack().StackID(),
 			"resourceID", resAccelerator.ID(),
 			"acceleratorARN", *sdkAccelerator.Accelerator.AcceleratorArn)

pkg/deploy/aga/endpoint_group_manager.go

@@ -146,7 +146,7 @@ func (m *defaultEndpointGroupManager) buildSDKUpdateEndpointGroupInput(_ context
 func (m *defaultEndpointGroupManager) Update(ctx context.Context, resEndpointGroup *agamodel.EndpointGroup, sdkEndpointGroup *agatypes.EndpointGroup) (agamodel.EndpointGroupStatus, error) {
 	// Check if the endpoint group actually needs an update
 	if !m.isSDKEndpointGroupSettingsDrifted(resEndpointGroup, sdkEndpointGroup) {
-		m.logger.Info("No drift detected in endpoint group settings, skipping update",
+		m.logger.V(1).Info("No drift detected in endpoint group settings, skipping update",
 			"stackID", resEndpointGroup.Stack().StackID(),
 			"resourceID", resEndpointGroup.ID(),
 			"endpointGroupARN", *sdkEndpointGroup.EndpointGroupArn)

pkg/deploy/aga/listener_manager.go

@@ -131,7 +131,7 @@ func (m *defaultListenerManager) buildSDKUpdateListenerInput(ctx context.Context
 func (m *defaultListenerManager) Update(ctx context.Context, resListener *agamodel.Listener, sdkListener *ListenerResource) (agamodel.ListenerStatus, error) {
 	// Check if the listener actually needs an update
 	if !m.isSDKListenerSettingsDrifted(resListener, sdkListener) {
-		m.logger.Info("No drift detected in listener settings, skipping update",
+		m.logger.V(1).Info("No drift detected in listener settings, skipping update",
 			"stackID", resListener.Stack().StackID(),
 			"resourceID", resListener.ID(),
 			"listenerARN", *sdkListener.Listener.ListenerArn)

test/e2e/gateway/common_resource_stack.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
@@ -208,7 +209,14 @@ func deleteReferenceGrants(ctx context.Context, f *framework.Framework, refGrant
 
 func createGatewayClass(ctx context.Context, f *framework.Framework, gwc *gwv1.GatewayClass) error {
 	f.Logger.Info("creating gateway class", "gwc", k8s.NamespacedName(gwc))
-	return f.K8sClient.Create(ctx, gwc)
+	err := f.K8sClient.Create(ctx, gwc)
+	if err != nil && !apierrors.IsAlreadyExists(err) {
+		return err
+	}
+	if apierrors.IsAlreadyExists(err) {
+		f.Logger.Info("gateway class already exists", "gwc", k8s.NamespacedName(gwc))
+	}
+	return nil
 }
 
 func createLoadBalancerConfig(ctx context.Context, f *framework.Framework, lbc *elbv2gw.LoadBalancerConfiguration) error {

test/e2e/globalaccelerator/aga_verifier.go

@@ -47,6 +47,21 @@ type GlobalAcceleratorExpectation struct {
 	Listeners     []ListenerExpectation
 }
 
+func matchesListener(listener *types.Listener, expected ListenerExpectation) bool {
+	if expected.Protocol != "" && string(listener.Protocol) != expected.Protocol {
+		return false
+	}
+	if len(expected.PortRanges) > 0 {
+		if len(listener.PortRanges) == 0 {
+			return false
+		}
+		if awssdk.ToInt32(listener.PortRanges[0].FromPort) != expected.PortRanges[0].FromPort {
+			return false
+		}
+	}
+	return true
+}
+
 func verifyGlobalAcceleratorConfiguration(ctx context.Context, f *framework.Framework, acceleratorARN string, expected GlobalAcceleratorExpectation) error {
 	agaClient := f.Cloud.GlobalAccelerator()
 
@@ -79,8 +94,25 @@ func verifyGlobalAcceleratorConfiguration(ctx context.Context, f *framework.Fram
 			return fmt.Errorf("listener count mismatch: expected %d, got %d", len(expected.Listeners), len(listListenersResp.Listeners))
 		}
 
+		// Verify each expected listener exists (order-independent)
+		matched := make(map[int]bool)
 		for i, expectedListener := range expected.Listeners {
-			listener := listListenersResp.Listeners[i]
+			var listener *types.Listener
+			var matchedIdx int
+			for j := range listListenersResp.Listeners {
+				if !matched[j] && matchesListener(&listListenersResp.Listeners[j], expectedListener) {
+					listener = &listListenersResp.Listeners[j]
+					matchedIdx = j
+					break
+				}
+			}
+			if listener == nil {
+				if len(expectedListener.PortRanges) > 0 {
+					return fmt.Errorf("expected listener[%d] with port %d not found", i, expectedListener.PortRanges[0].FromPort)
+				}
+				return fmt.Errorf("expected listener[%d] not found", i)
+			}
+			matched[matchedIdx] = true
 
 			if expectedListener.Protocol != "" && string(listener.Protocol) != expectedListener.Protocol {
 				return fmt.Errorf("listener[%d] protocol mismatch: expected %s, got %s", i, expectedListener.Protocol, string(listener.Protocol))