Skip to content

Commit

Permalink
Add sni support (#111)
Browse files Browse the repository at this point in the history
* Add sni support

* Generate CF template with Go

* Safely migrate certs between stacks, fix stack naming

* Add new certs by default

* Remove old template generation

* Fix build

* Migrate old cert tag to new certs without dropping ALB

* Stable sort for stacks with same number of certs

* Test adding certs in createStack

* Remove unused variables/functions

* Cleanup Makefile

* Change error handling

* Refactor add ingress logic

* Move logic into managedItem methods

* Document new feature/upgrade path
  • Loading branch information
mikkeloscar authored Feb 19, 2018
1 parent 9ae52ee commit 6d5a4fe
Show file tree
Hide file tree
Showing 14 changed files with 571 additions and 577 deletions.
15 changes: 4 additions & 11 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,9 @@ BINARY ?= kube-ingress-aws-controller
VERSION ?= $(shell git describe --tags --always --dirty)
IMAGE ?= registry-write.opensource.zalan.do/teapot/$(BINARY)
TAG ?= $(VERSION)
GITHEAD = $(shell git rev-parse --short HEAD)
GITURL = $(shell git config --get remote.origin.url)
GITSTATUS = $(shell git status --porcelain || echo "no changes")
SOURCES = $(shell find . -name '*.go') aws/cftemplate.go
SOURCES = $(shell find . -name '*.go')
DOCKERFILE ?= Dockerfile
GOPKGS = $(shell go list ./... | grep -v /vendor/)
GOPKGS = $(shell go list ./...)
BUILD_FLAGS ?= -v
LDFLAGS ?= -X controller.version=$(VERSION) -w -s

Expand All @@ -18,9 +15,8 @@ default: build.local

clean:
rm -rf build
rm -f aws/cftemplate.go

test: aws/cftemplate.go
test:
go test -v -race -cover $(GOPKGS)

fmt:
Expand All @@ -34,11 +30,8 @@ build.local: build/$(BINARY)
build.linux: build/linux/$(BINARY)
build.osx: build/osx/$(BINARY)

aws/cftemplate.go: aws/ingress-cf-template.yaml aws/cf.go
go generate aws/cf.go

build/$(BINARY): $(SOURCES)
go build -o build/$(BINARY) $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" .
CGO_ENABLED=0 go build -o build/$(BINARY) $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" .

build/linux/$(BINARY): $(SOURCES)
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $(BUILD_FLAGS) -o build/linux/$(BINARY) -ldflags "$(LDFLAGS)" .
Expand Down
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,21 @@ This information is used to manage AWS resources for each ingress objects of the
- Support for multiple Auto Scaling Groups
- Support for instances that are not part of Auto Scaling Group
- Can be used in clusters created by [Kops](https://github.com/kubernetes/kops), see our [deployment guide for Kops](deploy/kops.md)
- [Support Multiple TLS Certificates per ALB (SNI)](https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/).

## Upgrade

### <v0.6.0 to >=v0.6.0

Version `v0.6.0` introduced support for Multiple TLS Certificates per ALB
(SNI). When upgrading your ALBs will automatically be aggregated to a single
ALB with multiple certificates configured.
It also adds support for attaching single EC2 instances and multiple
AutoScalingGroups to the ALBs therefore you must ensure you have the correct
instance filter defined before upgrading. The default filter is
`tag:kubernetes.io/cluster/<cluster-id>=owned tag-key=k8s.io/role/node` see
[How it works](#how-it-works) for more information on how to configure this.

### <v0.5.0 to >=v0.5.0

Version `v0.5.0` introduced support for both `internet-facing` and `internal`
Expand Down
36 changes: 17 additions & 19 deletions aws/adapter.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,6 @@ const (

nameTag = "Name"

certificateARNTag = "ingress:certificate-arn"

customTagFilterEnvVarName = "CUSTOM_FILTERS"
)

Expand Down Expand Up @@ -300,15 +298,22 @@ func (a *Adapter) UpdateTargetGroupsAndAutoScalingGroups(stacks []*Stack) {
}
}

// CreateStack creates a new Application Load Balancer using CloudFormation. The stack name is derived
// from the Cluster ID and the certificate ARN (when available).
// All the required resources (listeners and target group) are created in a transactional fashion.
// CreateStack creates a new Application Load Balancer using CloudFormation.
// The stack name is derived from the Cluster ID and a has of the certificate
// ARNs (when available).
// All the required resources (listeners and target group) are created in a
// transactional fashion.
// Failure to create the stack causes it to be deleted automatically.
func (a *Adapter) CreateStack(certificateARN, scheme string) (string, error) {
func (a *Adapter) CreateStack(certificateARNs []string, scheme string) (string, error) {
certARNs := make(map[string]time.Time, len(certificateARNs))
for _, arn := range certificateARNs {
certARNs[arn] = time.Time{}
}

spec := &stackSpec{
name: a.stackName(certificateARN, scheme),
name: a.stackName(),
scheme: scheme,
certificateARN: certificateARN,
certificateARNs: certARNs,
securityGroupID: a.SecurityGroupID(),
subnets: a.FindLBSubnets(scheme),
vpcID: a.VpcID(),
Expand All @@ -324,11 +329,11 @@ func (a *Adapter) CreateStack(certificateARN, scheme string) (string, error) {
return createStack(a.cloudformation, spec)
}

func (a *Adapter) UpdateStack(stackName, certificateARN, scheme string) (string, error) {
func (a *Adapter) UpdateStack(stackName string, certificateARNs map[string]time.Time, scheme string) (string, error) {
spec := &stackSpec{
name: stackName,
scheme: scheme,
certificateARN: certificateARN,
certificateARNs: certificateARNs,
securityGroupID: a.SecurityGroupID(),
subnets: a.FindLBSubnets(scheme),
vpcID: a.VpcID(),
Expand All @@ -344,22 +349,15 @@ func (a *Adapter) UpdateStack(stackName, certificateARN, scheme string) (string,
return updateStack(a.cloudformation, spec)
}

func (a *Adapter) stackName(certificateARN, scheme string) string {
return normalizeStackName(a.ClusterID(), certificateARN, scheme)
func (a *Adapter) stackName() string {
return normalizeStackName(a.ClusterID())
}

// GetStack returns the CloudFormation stack details with the name or ID from the argument
func (a *Adapter) GetStack(stackID string) (*Stack, error) {
return getStack(a.cloudformation, stackID)
}

// MarkToDeleteStack adds a "deleteScheduled" Tag to the CloudFormation stack with the given name
func (a *Adapter) MarkToDeleteStack(stack *Stack) (time.Time, error) {
t0 := time.Now().Add(a.stackTTL)

return t0, markToDeleteStack(a.cloudformation, stack.Name(), t0.Format(time.RFC3339))
}

// DeleteStack deletes the CloudFormation stack with the given name
func (a *Adapter) DeleteStack(stack *Stack) error {
for _, asg := range a.autoScalingGroups {
Expand Down
Loading

0 comments on commit 6d5a4fe

Please sign in to comment.