diff --git a/controller.go b/controller.go index 6889c241..9b2245e2 100644 --- a/controller.go +++ b/controller.go @@ -380,7 +380,7 @@ func main() { } log.Debug("kubernetes.NewAdapter") - kubeAdapter, err = kubernetes.NewAdapter(kubeConfig, ingressAPIVersion, ingressClassFiltersList, awsAdapter.SecurityGroupID(), sslPolicy, loadBalancerType, clusterLocalDomain, disableInstrumentedHttpClient) + kubeAdapter, err = kubernetes.NewAdapter(kubeConfig, ingressAPIVersion, ingressClassFiltersList, awsAdapter.SecurityGroupID(), sslPolicy, loadBalancerType, clusterLocalDomain, ipAddressType, disableInstrumentedHttpClient) if err != nil { log.Fatal(err) } diff --git a/kubernetes/adapter.go b/kubernetes/adapter.go index 922c39c9..b0faa83d 100644 --- a/kubernetes/adapter.go +++ b/kubernetes/adapter.go @@ -36,6 +36,7 @@ type Adapter struct { ingressDefaultSecurityGroup string ingressDefaultSSLPolicy string ingressDefaultLoadBalancerType string + ingressIpAddressType string clusterLocalDomain string routeGroupSupport bool } @@ -123,7 +124,7 @@ func (c *ConfigMap) String() string { } // NewAdapter creates an Adapter for Kubernetes using a given configuration. -func NewAdapter(config *Config, ingressAPIVersion string, ingressClassFilters []string, ingressDefaultSecurityGroup, ingressDefaultSSLPolicy, ingressDefaultLoadBalancerType, clusterLocalDomain string, disableInstrumentedHttpClient bool) (*Adapter, error) { +func NewAdapter(config *Config, ingressAPIVersion string, ingressClassFilters []string, ingressDefaultSecurityGroup, ingressDefaultSSLPolicy, ingressDefaultLoadBalancerType, clusterLocalDomain, ingressIpAddressType string, disableInstrumentedHttpClient bool) (*Adapter, error) { if config == nil || config.BaseURL == "" { return nil, ErrInvalidConfiguration } @@ -139,6 +140,7 @@ func NewAdapter(config *Config, ingressAPIVersion string, ingressClassFilters [] ingressDefaultSecurityGroup: ingressDefaultSecurityGroup, ingressDefaultSSLPolicy: ingressDefaultSSLPolicy, ingressDefaultLoadBalancerType: loadBalancerTypesAWSToIngress[ingressDefaultLoadBalancerType], + ingressIpAddressType: ingressIpAddressType, clusterLocalDomain: clusterLocalDomain, routeGroupSupport: true, }, nil @@ -200,9 +202,23 @@ func (a *Adapter) newIngress(typ IngressType, metadata kubeItemMetadata, host st shared = false } - ipAddressType := aws.IPAddressTypeIPV4 - if getAnnotationsString(annotations, ingressALBIPAddressType, "") == aws.IPAddressTypeDualstack { + ipAddressType := a.ingressIpAddressType + albIPType := getAnnotationsString(annotations, ingressALBIPAddressType, "") + ipType := getAnnotationsString(annotations, ingressIPAddressType, "") + if albIPType != "" { + log.Warnf("Deprecated annotation %q in use for %q resource named %q in namespace %q", ingressALBIPAddressType, typ, metadata.Name, metadata.Namespace) + + if ipType != "" { + log.Warnf("Both annotations are set for %q resource named %q in namespace %q, deprecated annotation %q=%q will be ignored, using %q=%q", + typ, metadata.Name, metadata.Namespace, ingressALBIPAddressType, albIPType, ingressIPAddressType, ipType) + } + } + // Prefer ingressIPAddressType if set, otherwise fallback to deprecated ingressALBIPAddressType + switch { + case ipType == aws.IPAddressTypeDualstack || albIPType == aws.IPAddressTypeDualstack: ipAddressType = aws.IPAddressTypeDualstack + case ipType == aws.IPAddressTypeIPV4 || albIPType == aws.IPAddressTypeIPV4: + ipAddressType = aws.IPAddressTypeIPV4 } sslPolicy := getAnnotationsString(annotations, ingressSSLPolicyAnnotation, a.ingressDefaultSSLPolicy) @@ -243,11 +259,6 @@ func (a *Adapter) newIngress(typ IngressType, metadata kubeItemMetadata, host st // convert to the internal naming e.g. nlb -> network loadBalancerType = loadBalancerTypesIngressToAWS[loadBalancerType] - if loadBalancerType == aws.LoadBalancerTypeNetwork { - // ensure ipv4 for network load balancers - ipAddressType = aws.IPAddressTypeIPV4 - } - http2 := true if getAnnotationsString(annotations, ingressHTTP2Annotation, "") == "false" { http2 = false diff --git a/kubernetes/adapter_test.go b/kubernetes/adapter_test.go index 730338b8..1b192eac 100644 --- a/kubernetes/adapter_test.go +++ b/kubernetes/adapter_test.go @@ -259,6 +259,74 @@ func TestNewIngressFromKube(tt *testing.T) { }, }, }, + { + msg: "test NLB with dualstack ip annotation", + defaultLoadBalancerType: aws.LoadBalancerTypeNetwork, + ingress: &Ingress{ + ResourceType: TypeIngress, + Namespace: "default", + Name: "foo", + Hostname: "bar", + Scheme: "internet-facing", + Shared: true, + HTTP2: true, + ClusterLocal: true, + SSLPolicy: testSSLPolicy, + IPAddressType: aws.IPAddressTypeDualstack, + LoadBalancerType: aws.LoadBalancerTypeNetwork, + SecurityGroup: testIngressDefaultSecurityGroup, + }, + kubeIngress: &ingress{ + Metadata: kubeItemMetadata{ + Namespace: "default", + Name: "foo", + Annotations: map[string]string{ + ingressIPAddressType: aws.IPAddressTypeDualstack, + }, + }, + Status: ingressStatus{ + LoadBalancer: ingressLoadBalancerStatus{ + Ingress: []ingressLoadBalancer{ + {Hostname: "bar"}, + }, + }, + }, + }, + }, + { + msg: "test ALB with dualstack ip annotation", + defaultLoadBalancerType: aws.LoadBalancerTypeApplication, + ingress: &Ingress{ + ResourceType: TypeIngress, + Namespace: "default", + Name: "foo", + Hostname: "bar", + Scheme: "internet-facing", + Shared: true, + HTTP2: true, + ClusterLocal: true, + SSLPolicy: testSSLPolicy, + IPAddressType: aws.IPAddressTypeDualstack, + LoadBalancerType: aws.LoadBalancerTypeApplication, + SecurityGroup: testIngressDefaultSecurityGroup, + }, + kubeIngress: &ingress{ + Metadata: kubeItemMetadata{ + Namespace: "default", + Name: "foo", + Annotations: map[string]string{ + ingressIPAddressType: aws.IPAddressTypeDualstack, + }, + }, + Status: ingressStatus{ + LoadBalancer: ingressLoadBalancerStatus{ + Ingress: []ingressLoadBalancer{ + {Hostname: "bar"}, + }, + }, + }, + }, + }, { msg: "test default NLB with security group fallbacks to ALB", defaultLoadBalancerType: aws.LoadBalancerTypeNetwork, @@ -443,7 +511,7 @@ func TestNewIngressFromKube(tt *testing.T) { }, } { tt.Run(tc.msg, func(t *testing.T) { - a, err := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testIngressDefaultSecurityGroup, testSSLPolicy, tc.defaultLoadBalancerType, DefaultClusterLocalDomain, false) + a, err := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testIngressDefaultSecurityGroup, testSSLPolicy, tc.defaultLoadBalancerType, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) if err != nil { t.Fatalf("cannot create kubernetes adapter: %v", err) } @@ -518,7 +586,7 @@ func (c *mockClient) patch(res string, payload []byte) (io.ReadCloser, error) { } func TestListIngress(t *testing.T) { - a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testIngressDefaultSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, false) + a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testIngressDefaultSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) client := &mockClient{} a.kubeClient = client ingresses, err := a.ListIngress() @@ -536,7 +604,7 @@ func TestListIngress(t *testing.T) { } func TestAdapterUpdateIngressLoadBalancer(t *testing.T) { - a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, false) + a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) client := &mockClient{} a.kubeClient = client ing := &Ingress{ @@ -565,7 +633,7 @@ func TestAdapterUpdateIngressLoadBalancer(t *testing.T) { } func TestUpdateRouteGroupLoadBalancer(t *testing.T) { - a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, false) + a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) client := &mockClient{} a.kubeClient = client ing := &Ingress{ @@ -604,7 +672,7 @@ func TestBrokenConfig(t *testing.T) { {"broken-cert", &Config{BaseURL: "dontcare", TLSClientConfig: TLSClientConfig{CAFile: "testdata/broken.pem"}}}, } { t.Run(fmt.Sprintf("%v", test.cfg), func(t *testing.T) { - _, err := NewAdapter(test.cfg, IngressAPIVersionNetworking, testIngressFilter, testSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, false) + _, err := NewAdapter(test.cfg, IngressAPIVersionNetworking, testIngressFilter, testSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) if err == nil { t.Error("expected an error") } @@ -613,7 +681,7 @@ func TestBrokenConfig(t *testing.T) { } func TestAdapter_GetConfigMap(t *testing.T) { - a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testIngressDefaultSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, false) + a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, testIngressFilter, testIngressDefaultSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) client := &mockClient{} a.kubeClient = client @@ -727,7 +795,7 @@ func TestListIngressFilterClass(t *testing.T) { }, } { t.Run(name, func(t *testing.T) { - a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, test.ingressClassFilters, testIngressDefaultSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, false) + a, _ := NewAdapter(testConfig, IngressAPIVersionNetworking, test.ingressClassFilters, testIngressDefaultSecurityGroup, testSSLPolicy, aws.LoadBalancerTypeApplication, DefaultClusterLocalDomain, aws.DefaultIpAddressType, false) client := &mockClient{} a.kubeClient = client ingresses, err := a.ListResources() diff --git a/kubernetes/ingress.go b/kubernetes/ingress.go index cc61a0a7..107afdff 100644 --- a/kubernetes/ingress.go +++ b/kubernetes/ingress.go @@ -60,8 +60,10 @@ type ingressLoadBalancer struct { } const ( + // deprecated, use ingressIPAddressType instead // ingressALBIPAddressType is used in external-dns, https://github.com/kubernetes-incubator/external-dns/pull/1079 ingressALBIPAddressType = "alb.ingress.kubernetes.io/ip-address-type" + ingressIPAddressType = "ingress.kubernetes.io/ip-address-type" IngressAPIVersionExtensions = "extensions/v1beta1" IngressAPIVersionNetworking = "networking.k8s.io/v1" ingressListResource = "/apis/%s/ingresses" diff --git a/testdata/ingress_alb_dualstack/input/k8s/ing.yaml b/testdata/ingress_alb_dualstack/input/k8s/ing.yaml new file mode 100644 index 00000000..6b35d8ca --- /dev/null +++ b/testdata/ingress_alb_dualstack/input/k8s/ing.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myingress +spec: + rules: + - host: foo.bar.org + http: + paths: + - backend: + service: + name: foo-bar-service + port: + name: main-port + path: / + pathType: ImplementationSpecific \ No newline at end of file diff --git a/testdata/ingress_alb_dualstack/output/params/ing.json b/testdata/ingress_alb_dualstack/output/params/ing.json new file mode 100644 index 00000000..5d4f46da --- /dev/null +++ b/testdata/ingress_alb_dualstack/output/params/ing.json @@ -0,0 +1,54 @@ +[ + { + "parameterKey": "LoadBalancerSchemeParameter", + "parameterValue": "internet-facing" + }, + { + "parameterKey": "LoadBalancerSecurityGroupParameter", + "parameterValue": "42" + }, + { + "parameterKey": "LoadBalancerSubnetsParameter", + "parameterValue": "foo1" + }, + { + "parameterKey": "TargetGroupVPCIDParameter", + "parameterValue": "1" + }, + { + "parameterKey": "TargetGroupTargetPortParameter", + "parameterValue": "0" + }, + { + "parameterKey": "ListenerSslPolicyParameter", + "parameterValue": "ELBSecurityPolicy-2016-08" + }, + { + "parameterKey": "IpAddressType", + "parameterValue": "dualstack" + }, + { + "parameterKey": "Type", + "parameterValue": "application" + }, + { + "parameterKey": "HTTP2", + "parameterValue": "true" + }, + { + "parameterKey": "TargetGroupHealthCheckPathParameter", + "parameterValue": "" + }, + { + "parameterKey": "TargetGroupHealthCheckPortParameter", + "parameterValue": "0" + }, + { + "parameterKey": "TargetGroupHealthCheckIntervalParameter", + "parameterValue": "0" + }, + { + "parameterKey": "TargetGroupHealthCheckTimeoutParameter", + "parameterValue": "0" + } +] diff --git a/testdata/ingress_alb_dualstack/output/tags/ing.json b/testdata/ingress_alb_dualstack/output/tags/ing.json new file mode 100644 index 00000000..d64eed43 --- /dev/null +++ b/testdata/ingress_alb_dualstack/output/tags/ing.json @@ -0,0 +1,12 @@ +[ + { + "key": "kubernetes:application", + "value": "" + },{ + "key": "kubernetes.io/cluster/aws:123:eu-central-1:kube-1", + "value": "owned" + },{ + "key": "ingress:certificate-arn/DUMMY", + "value": "0001-01-01T00:00:00Z" + } +] diff --git a/testdata/ingress_alb_dualstack/output/templates/ing.cf b/testdata/ingress_alb_dualstack/output/templates/ing.cf new file mode 100644 index 00000000..98930737 --- /dev/null +++ b/testdata/ingress_alb_dualstack/output/templates/ing.cf @@ -0,0 +1,225 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Load Balancer for Kubernetes Ingress", + "Parameters": { + "HTTP2": { + "Type": "String", + "Default": "true", + "Description": "H2 Enabled" + }, + "IpAddressType": { + "Type": "String", + "Default": "ipv4", + "Description": "IP Address Type, 'ipv4' or 'dualstack'" + }, + "ListenerSslPolicyParameter": { + "Type": "String", + "Default": "ELBSecurityPolicy-2016-08", + "Description": "The HTTPS SSL Security Policy Name" + }, + "LoadBalancerSchemeParameter": { + "Type": "String", + "Default": "internet-facing", + "Description": "The Load Balancer scheme - 'internal' or 'internet-facing'" + }, + "LoadBalancerSecurityGroupParameter": { + "Type": "List\u003cAWS::EC2::SecurityGroup::Id\u003e", + "Description": "The security group ID for the Load Balancer" + }, + "LoadBalancerSubnetsParameter": { + "Type": "List\u003cAWS::EC2::Subnet::Id\u003e", + "Description": "The list of subnets IDs for the Load Balancer" + }, + "TargetGroupHealthCheckIntervalParameter": { + "Type": "Number", + "Default": "10", + "Description": "The healthcheck interval" + }, + "TargetGroupHealthCheckPathParameter": { + "Type": "String", + "Default": "/kube-system/healthz", + "Description": "The healthcheck path" + }, + "TargetGroupHealthCheckPortParameter": { + "Type": "Number", + "Default": "9999", + "Description": "The healthcheck port" + }, + "TargetGroupHealthCheckTimeoutParameter": { + "Type": "Number", + "Default": "5", + "Description": "The healthcheck timeout" + }, + "TargetGroupTargetPortParameter": { + "Type": "Number", + "Default": "9999", + "Description": "The target port" + }, + "TargetGroupVPCIDParameter": { + "Type": "AWS::EC2::VPC::Id", + "Description": "The VPCID for the TargetGroup" + }, + "Type": { + "Type": "String", + "Default": "application", + "Description": "Loadbalancer Type, 'application' or 'network'" + } + }, + "Resources": { + "HTTPListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "TG" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "LB" + }, + "Port": 80, + "Protocol": "HTTP" + } + }, + "HTTPSListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "Certificates": [ + { + "CertificateArn": "DUMMY" + } + ], + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "TG" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "LB" + }, + "Port": 443, + "Protocol": "HTTPS", + "SslPolicy": { + "Ref": "ListenerSslPolicyParameter" + } + } + }, + "HTTPSListenerCertificatefc48082457b770e278fc0bd3d392d127869993166f76e8df57d19a0e662820ea": { + "Type": "AWS::ElasticLoadBalancingV2::ListenerCertificate", + "Properties": { + "Certificates": [ + { + "CertificateArn": "DUMMY" + } + ], + "ListenerArn": { + "Ref": "HTTPSListener" + } + } + }, + "LB": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "IpAddressType": { + "Ref": "IpAddressType" + }, + "LoadBalancerAttributes": [ + { + "Key": "idle_timeout.timeout_seconds", + "Value": "0" + }, + { + "Key": "routing.http2.enabled", + "Value": "true" + }, + { + "Key": "access_logs.s3.enabled", + "Value": "false" + } + ], + "Scheme": { + "Ref": "LoadBalancerSchemeParameter" + }, + "SecurityGroups": { + "Ref": "LoadBalancerSecurityGroupParameter" + }, + "Subnets": { + "Ref": "LoadBalancerSubnetsParameter" + }, + "Tags": [ + { + "Key": "StackName", + "Value": { + "Ref": "AWS::StackName" + } + } + ], + "Type": { + "Ref": "Type" + } + } + }, + "TG": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "HealthCheckIntervalSeconds": { + "Ref": "TargetGroupHealthCheckIntervalParameter" + }, + "HealthCheckPath": { + "Ref": "TargetGroupHealthCheckPathParameter" + }, + "HealthCheckPort": { + "Ref": "TargetGroupHealthCheckPortParameter" + }, + "HealthCheckProtocol": "HTTP", + "HealthCheckTimeoutSeconds": { + "Ref": "TargetGroupHealthCheckTimeoutParameter" + }, + "HealthyThresholdCount": 0, + "Port": { + "Ref": "TargetGroupTargetPortParameter" + }, + "Protocol": "HTTP", + "TargetGroupAttributes": [ + { + "Key": "deregistration_delay.timeout_seconds", + "Value": "0" + } + ], + "UnhealthyThresholdCount": 0, + "VpcId": { + "Ref": "TargetGroupVPCIDParameter" + } + } + } + }, + "Outputs": { + "LoadBalancerARN": { + "Description": "The ARN of the LoadBalancer", + "Value": { + "Ref": "LB" + } + }, + "LoadBalancerDNSName": { + "Description": "DNS name for the LoadBalancer", + "Value": { + "Fn::GetAtt": [ + "LB", + "DNSName" + ] + } + }, + "TargetGroupARN": { + "Description": "The ARN of the TargetGroup", + "Value": { + "Ref": "TG" + } + } + } +} \ No newline at end of file diff --git a/testdata/ingress_nlb_dualstack/input/k8s/ing.yaml b/testdata/ingress_nlb_dualstack/input/k8s/ing.yaml new file mode 100644 index 00000000..f13da3da --- /dev/null +++ b/testdata/ingress_nlb_dualstack/input/k8s/ing.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myingress + annotations: + zalando.org/aws-load-balancer-type: nlb +spec: + rules: + - host: foo.bar.org + http: + paths: + - backend: + service: + name: foo-bar-service + port: + name: main-port + path: / + pathType: ImplementationSpecific diff --git a/testdata/ingress_nlb_dualstack/output/params/ing.json b/testdata/ingress_nlb_dualstack/output/params/ing.json new file mode 100644 index 00000000..74a4aaec --- /dev/null +++ b/testdata/ingress_nlb_dualstack/output/params/ing.json @@ -0,0 +1,54 @@ +[ + { + "parameterKey": "LoadBalancerSchemeParameter", + "parameterValue": "internet-facing" + }, + { + "parameterKey": "LoadBalancerSecurityGroupParameter", + "parameterValue": "42" + }, + { + "parameterKey": "LoadBalancerSubnetsParameter", + "parameterValue": "foo1" + }, + { + "parameterKey": "TargetGroupVPCIDParameter", + "parameterValue": "1" + }, + { + "parameterKey": "TargetGroupTargetPortParameter", + "parameterValue": "0" + }, + { + "parameterKey": "ListenerSslPolicyParameter", + "parameterValue": "ELBSecurityPolicy-2016-08" + }, + { + "parameterKey": "IpAddressType", + "parameterValue": "dualstack" + }, + { + "parameterKey": "Type", + "parameterValue": "network" + }, + { + "parameterKey": "HTTP2", + "parameterValue": "true" + }, + { + "parameterKey": "TargetGroupHealthCheckPathParameter", + "parameterValue": "" + }, + { + "parameterKey": "TargetGroupHealthCheckPortParameter", + "parameterValue": "0" + }, + { + "parameterKey": "TargetGroupHealthCheckIntervalParameter", + "parameterValue": "0" + }, + { + "parameterKey": "TargetGroupHealthCheckTimeoutParameter", + "parameterValue": "0" + } +] diff --git a/testdata/ingress_nlb_dualstack/output/tags/ing.json b/testdata/ingress_nlb_dualstack/output/tags/ing.json new file mode 100644 index 00000000..d64eed43 --- /dev/null +++ b/testdata/ingress_nlb_dualstack/output/tags/ing.json @@ -0,0 +1,12 @@ +[ + { + "key": "kubernetes:application", + "value": "" + },{ + "key": "kubernetes.io/cluster/aws:123:eu-central-1:kube-1", + "value": "owned" + },{ + "key": "ingress:certificate-arn/DUMMY", + "value": "0001-01-01T00:00:00Z" + } +] diff --git a/testdata/ingress_nlb_dualstack/output/templates/ing.cf b/testdata/ingress_nlb_dualstack/output/templates/ing.cf new file mode 100644 index 00000000..5d6a6073 --- /dev/null +++ b/testdata/ingress_nlb_dualstack/output/templates/ing.cf @@ -0,0 +1,201 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Load Balancer for Kubernetes Ingress", + "Parameters": { + "HTTP2": { + "Type": "String", + "Default": "true", + "Description": "H2 Enabled" + }, + "IpAddressType": { + "Type": "String", + "Default": "ipv4", + "Description": "IP Address Type, 'ipv4' or 'dualstack'" + }, + "ListenerSslPolicyParameter": { + "Type": "String", + "Default": "ELBSecurityPolicy-2016-08", + "Description": "The HTTPS SSL Security Policy Name" + }, + "LoadBalancerSchemeParameter": { + "Type": "String", + "Default": "internet-facing", + "Description": "The Load Balancer scheme - 'internal' or 'internet-facing'" + }, + "LoadBalancerSecurityGroupParameter": { + "Type": "List\u003cAWS::EC2::SecurityGroup::Id\u003e", + "Description": "The security group ID for the Load Balancer" + }, + "LoadBalancerSubnetsParameter": { + "Type": "List\u003cAWS::EC2::Subnet::Id\u003e", + "Description": "The list of subnets IDs for the Load Balancer" + }, + "TargetGroupHealthCheckIntervalParameter": { + "Type": "Number", + "Default": "10", + "Description": "The healthcheck interval" + }, + "TargetGroupHealthCheckPathParameter": { + "Type": "String", + "Default": "/kube-system/healthz", + "Description": "The healthcheck path" + }, + "TargetGroupHealthCheckPortParameter": { + "Type": "Number", + "Default": "9999", + "Description": "The healthcheck port" + }, + "TargetGroupHealthCheckTimeoutParameter": { + "Type": "Number", + "Default": "5", + "Description": "The healthcheck timeout" + }, + "TargetGroupTargetPortParameter": { + "Type": "Number", + "Default": "9999", + "Description": "The target port" + }, + "TargetGroupVPCIDParameter": { + "Type": "AWS::EC2::VPC::Id", + "Description": "The VPCID for the TargetGroup" + }, + "Type": { + "Type": "String", + "Default": "application", + "Description": "Loadbalancer Type, 'application' or 'network'" + } + }, + "Resources": { + "HTTPSListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "Certificates": [ + { + "CertificateArn": "DUMMY" + } + ], + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "TG" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "LB" + }, + "Port": 443, + "Protocol": "TLS", + "SslPolicy": { + "Ref": "ListenerSslPolicyParameter" + } + } + }, + "HTTPSListenerCertificatefc48082457b770e278fc0bd3d392d127869993166f76e8df57d19a0e662820ea": { + "Type": "AWS::ElasticLoadBalancingV2::ListenerCertificate", + "Properties": { + "Certificates": [ + { + "CertificateArn": "DUMMY" + } + ], + "ListenerArn": { + "Ref": "HTTPSListener" + } + } + }, + "LB": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "IpAddressType": { + "Ref": "IpAddressType" + }, + "LoadBalancerAttributes": [ + { + "Key": "load_balancing.cross_zone.enabled", + "Value": "false" + }, + { + "Key": "dns_record.client_routing_policy", + "Value": "any_availability_zone" + }, + { + "Key": "access_logs.s3.enabled", + "Value": "false" + } + ], + "Scheme": { + "Ref": "LoadBalancerSchemeParameter" + }, + "Subnets": { + "Ref": "LoadBalancerSubnetsParameter" + }, + "Tags": [ + { + "Key": "StackName", + "Value": { + "Ref": "AWS::StackName" + } + } + ], + "Type": { + "Ref": "Type" + } + } + }, + "TG": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "HealthCheckIntervalSeconds": { + "Ref": "TargetGroupHealthCheckIntervalParameter" + }, + "HealthCheckPath": { + "Ref": "TargetGroupHealthCheckPathParameter" + }, + "HealthCheckPort": { + "Ref": "TargetGroupHealthCheckPortParameter" + }, + "HealthCheckProtocol": "HTTP", + "HealthyThresholdCount": 0, + "Port": { + "Ref": "TargetGroupTargetPortParameter" + }, + "Protocol": "TCP", + "TargetGroupAttributes": [ + { + "Key": "deregistration_delay.timeout_seconds", + "Value": "0" + } + ], + "UnhealthyThresholdCount": 0, + "VpcId": { + "Ref": "TargetGroupVPCIDParameter" + } + } + } + }, + "Outputs": { + "LoadBalancerARN": { + "Description": "The ARN of the LoadBalancer", + "Value": { + "Ref": "LB" + } + }, + "LoadBalancerDNSName": { + "Description": "DNS name for the LoadBalancer", + "Value": { + "Fn::GetAtt": [ + "LB", + "DNSName" + ] + } + }, + "TargetGroupARN": { + "Description": "The ARN of the TargetGroup", + "Value": { + "Ref": "TG" + } + } + } +} \ No newline at end of file diff --git a/testdata/ingress_nlb_dualstack_annotation/input/k8s/ing.yaml b/testdata/ingress_nlb_dualstack_annotation/input/k8s/ing.yaml new file mode 100644 index 00000000..29a3c4b9 --- /dev/null +++ b/testdata/ingress_nlb_dualstack_annotation/input/k8s/ing.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myingress + annotations: + zalando.org/aws-load-balancer-type: nlb + ingress.kubernetes.io/ip-address-type: dualstack +spec: + rules: + - host: foo.bar.org + http: + paths: + - backend: + service: + name: foo-bar-service + port: + name: main-port + path: / + pathType: ImplementationSpecific diff --git a/testdata/ingress_nlb_dualstack_annotation/output/params/ing.json b/testdata/ingress_nlb_dualstack_annotation/output/params/ing.json new file mode 100644 index 00000000..74a4aaec --- /dev/null +++ b/testdata/ingress_nlb_dualstack_annotation/output/params/ing.json @@ -0,0 +1,54 @@ +[ + { + "parameterKey": "LoadBalancerSchemeParameter", + "parameterValue": "internet-facing" + }, + { + "parameterKey": "LoadBalancerSecurityGroupParameter", + "parameterValue": "42" + }, + { + "parameterKey": "LoadBalancerSubnetsParameter", + "parameterValue": "foo1" + }, + { + "parameterKey": "TargetGroupVPCIDParameter", + "parameterValue": "1" + }, + { + "parameterKey": "TargetGroupTargetPortParameter", + "parameterValue": "0" + }, + { + "parameterKey": "ListenerSslPolicyParameter", + "parameterValue": "ELBSecurityPolicy-2016-08" + }, + { + "parameterKey": "IpAddressType", + "parameterValue": "dualstack" + }, + { + "parameterKey": "Type", + "parameterValue": "network" + }, + { + "parameterKey": "HTTP2", + "parameterValue": "true" + }, + { + "parameterKey": "TargetGroupHealthCheckPathParameter", + "parameterValue": "" + }, + { + "parameterKey": "TargetGroupHealthCheckPortParameter", + "parameterValue": "0" + }, + { + "parameterKey": "TargetGroupHealthCheckIntervalParameter", + "parameterValue": "0" + }, + { + "parameterKey": "TargetGroupHealthCheckTimeoutParameter", + "parameterValue": "0" + } +] diff --git a/testdata/ingress_nlb_dualstack_annotation/output/tags/ing.json b/testdata/ingress_nlb_dualstack_annotation/output/tags/ing.json new file mode 100644 index 00000000..d64eed43 --- /dev/null +++ b/testdata/ingress_nlb_dualstack_annotation/output/tags/ing.json @@ -0,0 +1,12 @@ +[ + { + "key": "kubernetes:application", + "value": "" + },{ + "key": "kubernetes.io/cluster/aws:123:eu-central-1:kube-1", + "value": "owned" + },{ + "key": "ingress:certificate-arn/DUMMY", + "value": "0001-01-01T00:00:00Z" + } +] diff --git a/testdata/ingress_nlb_dualstack_annotation/output/templates/ing.cf b/testdata/ingress_nlb_dualstack_annotation/output/templates/ing.cf new file mode 100644 index 00000000..5d6a6073 --- /dev/null +++ b/testdata/ingress_nlb_dualstack_annotation/output/templates/ing.cf @@ -0,0 +1,201 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Load Balancer for Kubernetes Ingress", + "Parameters": { + "HTTP2": { + "Type": "String", + "Default": "true", + "Description": "H2 Enabled" + }, + "IpAddressType": { + "Type": "String", + "Default": "ipv4", + "Description": "IP Address Type, 'ipv4' or 'dualstack'" + }, + "ListenerSslPolicyParameter": { + "Type": "String", + "Default": "ELBSecurityPolicy-2016-08", + "Description": "The HTTPS SSL Security Policy Name" + }, + "LoadBalancerSchemeParameter": { + "Type": "String", + "Default": "internet-facing", + "Description": "The Load Balancer scheme - 'internal' or 'internet-facing'" + }, + "LoadBalancerSecurityGroupParameter": { + "Type": "List\u003cAWS::EC2::SecurityGroup::Id\u003e", + "Description": "The security group ID for the Load Balancer" + }, + "LoadBalancerSubnetsParameter": { + "Type": "List\u003cAWS::EC2::Subnet::Id\u003e", + "Description": "The list of subnets IDs for the Load Balancer" + }, + "TargetGroupHealthCheckIntervalParameter": { + "Type": "Number", + "Default": "10", + "Description": "The healthcheck interval" + }, + "TargetGroupHealthCheckPathParameter": { + "Type": "String", + "Default": "/kube-system/healthz", + "Description": "The healthcheck path" + }, + "TargetGroupHealthCheckPortParameter": { + "Type": "Number", + "Default": "9999", + "Description": "The healthcheck port" + }, + "TargetGroupHealthCheckTimeoutParameter": { + "Type": "Number", + "Default": "5", + "Description": "The healthcheck timeout" + }, + "TargetGroupTargetPortParameter": { + "Type": "Number", + "Default": "9999", + "Description": "The target port" + }, + "TargetGroupVPCIDParameter": { + "Type": "AWS::EC2::VPC::Id", + "Description": "The VPCID for the TargetGroup" + }, + "Type": { + "Type": "String", + "Default": "application", + "Description": "Loadbalancer Type, 'application' or 'network'" + } + }, + "Resources": { + "HTTPSListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "Certificates": [ + { + "CertificateArn": "DUMMY" + } + ], + "DefaultActions": [ + { + "TargetGroupArn": { + "Ref": "TG" + }, + "Type": "forward" + } + ], + "LoadBalancerArn": { + "Ref": "LB" + }, + "Port": 443, + "Protocol": "TLS", + "SslPolicy": { + "Ref": "ListenerSslPolicyParameter" + } + } + }, + "HTTPSListenerCertificatefc48082457b770e278fc0bd3d392d127869993166f76e8df57d19a0e662820ea": { + "Type": "AWS::ElasticLoadBalancingV2::ListenerCertificate", + "Properties": { + "Certificates": [ + { + "CertificateArn": "DUMMY" + } + ], + "ListenerArn": { + "Ref": "HTTPSListener" + } + } + }, + "LB": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "IpAddressType": { + "Ref": "IpAddressType" + }, + "LoadBalancerAttributes": [ + { + "Key": "load_balancing.cross_zone.enabled", + "Value": "false" + }, + { + "Key": "dns_record.client_routing_policy", + "Value": "any_availability_zone" + }, + { + "Key": "access_logs.s3.enabled", + "Value": "false" + } + ], + "Scheme": { + "Ref": "LoadBalancerSchemeParameter" + }, + "Subnets": { + "Ref": "LoadBalancerSubnetsParameter" + }, + "Tags": [ + { + "Key": "StackName", + "Value": { + "Ref": "AWS::StackName" + } + } + ], + "Type": { + "Ref": "Type" + } + } + }, + "TG": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "HealthCheckIntervalSeconds": { + "Ref": "TargetGroupHealthCheckIntervalParameter" + }, + "HealthCheckPath": { + "Ref": "TargetGroupHealthCheckPathParameter" + }, + "HealthCheckPort": { + "Ref": "TargetGroupHealthCheckPortParameter" + }, + "HealthCheckProtocol": "HTTP", + "HealthyThresholdCount": 0, + "Port": { + "Ref": "TargetGroupTargetPortParameter" + }, + "Protocol": "TCP", + "TargetGroupAttributes": [ + { + "Key": "deregistration_delay.timeout_seconds", + "Value": "0" + } + ], + "UnhealthyThresholdCount": 0, + "VpcId": { + "Ref": "TargetGroupVPCIDParameter" + } + } + } + }, + "Outputs": { + "LoadBalancerARN": { + "Description": "The ARN of the LoadBalancer", + "Value": { + "Ref": "LB" + } + }, + "LoadBalancerDNSName": { + "Description": "DNS name for the LoadBalancer", + "Value": { + "Fn::GetAtt": [ + "LB", + "DNSName" + ] + } + }, + "TargetGroupARN": { + "Description": "The ARN of the TargetGroup", + "Value": { + "Ref": "TG" + } + } + } +} \ No newline at end of file diff --git a/worker_test.go b/worker_test.go index 077eb7da..2a347ea2 100644 --- a/worker_test.go +++ b/worker_test.go @@ -49,8 +49,9 @@ func TestResourceConversionOneToOne(tt *testing.T) { } for _, scenario := range []struct { - name string - typeLB string + name string + typeLB string + ipAddressType string // mock responsesEC2 fake.EC2Outputs responsesASG fake.ASGOutputs @@ -61,8 +62,63 @@ func TestResourceConversionOneToOne(tt *testing.T) { problems []string }{ { - name: "ingress_alb", - typeLB: aws.LoadBalancerTypeApplication, + name: "ingress_alb", + typeLB: aws.LoadBalancerTypeApplication, + ipAddressType: aws.IPAddressTypeIPV4, + responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( + fake.TestInstance{ + Id: "i0", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.3", + VpcId: vpcID, + State: running, + }, + fake.TestInstance{ + Id: "i1", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.4", + VpcId: vpcID, + State: running, + }, + fake.TestInstance{ + Id: "i2", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.5", + VpcId: vpcID, + State: running, + }), nil), + DescribeSecurityGroups: fake.R(fake.MockDescribeSecurityGroupsOutput(map[string]string{"id": securityGroupID}), nil), + DescribeSubnets: fake.R(fake.MockDescribeSubnetsOutput( + fake.TestSubnet{Id: "foo1", Name: "bar1", Az: "baz1", Tags: map[string]string{"kubernetes.io/role/elb": ""}}), nil), + DescribeRouteTables: fake.R(fake.MockDescribeRouteTableOutput( + fake.TestRouteTable{SubnetID: "foo1", GatewayIds: []string{"igw-foo1"}}, + fake.TestRouteTable{SubnetID: "mismatch", GatewayIds: []string{"igw-foo2"}, Main: true}, + ), nil), + }, + responsesASG: fake.ASGOutputs{ + DescribeAutoScalingGroups: fake.R(fake.MockDescribeAutoScalingGroupOutput(map[string]fake.ASGtags{"asg1": { + clusterIDTagPrefix + clusterID: "owned", + }}), nil), + DescribeLoadBalancerTargetGroups: fake.R(&autoscaling.DescribeLoadBalancerTargetGroupsOutput{ + LoadBalancerTargetGroups: []autoScalingTypes.LoadBalancerTargetGroupState{}, + }, nil), + AttachLoadBalancerTargetGroups: fake.R(nil, nil), + }, + responsesELBv2: fake.ELBv2Outputs{ + DescribeTargetGroups: fake.R(fake.MockDescribeTargetGroupsOutput(), nil), + DescribeTags: fake.R(nil, nil), + DescribeLoadBalancers: fake.R(fake.MockDescribeLoadBalancersOutput(), nil), + }, + responsesCF: fake.CFOutputs{ + DescribeStacks: fake.R(fake.MockDescribeStacksOutput(nil), nil), + CreateStack: fake.R(fake.MockCSOutput("42"), nil), + }, + certsProvider: certsProvider, + }, + { + name: "ingress_alb_dualstack", + typeLB: aws.LoadBalancerTypeApplication, + ipAddressType: aws.IPAddressTypeDualstack, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -114,8 +170,115 @@ func TestResourceConversionOneToOne(tt *testing.T) { certsProvider: certsProvider, }, { - name: "ingress_nlb", - typeLB: aws.LoadBalancerTypeNetwork, + name: "ingress_nlb", + typeLB: aws.LoadBalancerTypeNetwork, + ipAddressType: aws.IPAddressTypeIPV4, + responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( + fake.TestInstance{ + Id: "i0", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.3", + VpcId: vpcID, + State: running, + }, + fake.TestInstance{ + Id: "i1", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.4", + VpcId: vpcID, + State: running, + }, + fake.TestInstance{ + Id: "i2", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.5", + VpcId: vpcID, + State: running, + }), nil), + DescribeSecurityGroups: fake.R(fake.MockDescribeSecurityGroupsOutput(map[string]string{"id": securityGroupID}), nil), + DescribeSubnets: fake.R(fake.MockDescribeSubnetsOutput( + fake.TestSubnet{Id: "foo1", Name: "bar1", Az: "baz1", Tags: map[string]string{"kubernetes.io/role/elb": ""}}), nil), + DescribeRouteTables: fake.R(fake.MockDescribeRouteTableOutput( + fake.TestRouteTable{SubnetID: "foo1", GatewayIds: []string{"igw-foo1"}}, + fake.TestRouteTable{SubnetID: "mismatch", GatewayIds: []string{"igw-foo2"}, Main: true}, + ), nil), + }, + responsesASG: fake.ASGOutputs{ + DescribeAutoScalingGroups: fake.R(fake.MockDescribeAutoScalingGroupOutput(map[string]fake.ASGtags{"asg1": { + clusterIDTagPrefix + clusterID: "owned", + }}), nil), + DescribeLoadBalancerTargetGroups: fake.R(&autoscaling.DescribeLoadBalancerTargetGroupsOutput{ + LoadBalancerTargetGroups: []autoScalingTypes.LoadBalancerTargetGroupState{}, + }, nil), + AttachLoadBalancerTargetGroups: fake.R(nil, nil), + }, + responsesELBv2: fake.ELBv2Outputs{ + DescribeTargetGroups: fake.R(fake.MockDescribeTargetGroupsOutput(), nil), + DescribeTags: fake.R(nil, nil), + DescribeLoadBalancers: fake.R(fake.MockDescribeLoadBalancersOutput(), nil), + }, + responsesCF: fake.CFOutputs{ + DescribeStacks: fake.R(fake.MockDescribeStacksOutput(nil), nil), + CreateStack: fake.R(fake.MockCSOutput("42"), nil), + }, + certsProvider: certsProvider, + }, { + name: "ingress_nlb_dualstack", + typeLB: aws.LoadBalancerTypeNetwork, + ipAddressType: aws.IPAddressTypeDualstack, + responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( + fake.TestInstance{ + Id: "i0", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.3", + VpcId: vpcID, + State: running, + }, + fake.TestInstance{ + Id: "i1", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.4", + VpcId: vpcID, + State: running, + }, + fake.TestInstance{ + Id: "i2", + Tags: fake.Tags{"aws:autoscaling:groupName": "asg1", clusterIDTagPrefix + clusterID: "owned"}, + PrivateIp: "1.2.3.5", + VpcId: vpcID, + State: running, + }), nil), + DescribeSecurityGroups: fake.R(fake.MockDescribeSecurityGroupsOutput(map[string]string{"id": securityGroupID}), nil), + DescribeSubnets: fake.R(fake.MockDescribeSubnetsOutput( + fake.TestSubnet{Id: "foo1", Name: "bar1", Az: "baz1", Tags: map[string]string{"kubernetes.io/role/elb": ""}}), nil), + DescribeRouteTables: fake.R(fake.MockDescribeRouteTableOutput( + fake.TestRouteTable{SubnetID: "foo1", GatewayIds: []string{"igw-foo1"}}, + fake.TestRouteTable{SubnetID: "mismatch", GatewayIds: []string{"igw-foo2"}, Main: true}, + ), nil), + }, + responsesASG: fake.ASGOutputs{ + DescribeAutoScalingGroups: fake.R(fake.MockDescribeAutoScalingGroupOutput(map[string]fake.ASGtags{"asg1": { + clusterIDTagPrefix + clusterID: "owned", + }}), nil), + DescribeLoadBalancerTargetGroups: fake.R(&autoscaling.DescribeLoadBalancerTargetGroupsOutput{ + LoadBalancerTargetGroups: []autoScalingTypes.LoadBalancerTargetGroupState{}, + }, nil), + AttachLoadBalancerTargetGroups: fake.R(nil, nil), + }, + responsesELBv2: fake.ELBv2Outputs{ + DescribeTargetGroups: fake.R(fake.MockDescribeTargetGroupsOutput(), nil), + DescribeTags: fake.R(nil, nil), + DescribeLoadBalancers: fake.R(fake.MockDescribeLoadBalancersOutput(), nil), + }, + responsesCF: fake.CFOutputs{ + DescribeStacks: fake.R(fake.MockDescribeStacksOutput(nil), nil), + CreateStack: fake.R(fake.MockCSOutput("42"), nil), + }, + certsProvider: certsProvider, + }, { + name: "ingress_nlb_dualstack_annotation", + typeLB: aws.LoadBalancerTypeNetwork, + ipAddressType: aws.IPAddressTypeIPV4, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -166,8 +329,9 @@ func TestResourceConversionOneToOne(tt *testing.T) { }, certsProvider: certsProvider, }, { - name: "rg_alb", - typeLB: aws.LoadBalancerTypeApplication, + name: "rg_alb", + typeLB: aws.LoadBalancerTypeApplication, + ipAddressType: aws.IPAddressTypeIPV4, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -218,8 +382,9 @@ func TestResourceConversionOneToOne(tt *testing.T) { }, certsProvider: certsProvider, }, { - name: "rg_nlb", - typeLB: aws.LoadBalancerTypeNetwork, + name: "rg_nlb", + typeLB: aws.LoadBalancerTypeNetwork, + ipAddressType: aws.IPAddressTypeIPV4, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -270,8 +435,9 @@ func TestResourceConversionOneToOne(tt *testing.T) { }, certsProvider: certsProvider, }, { - name: "ing_shared_rg_notshared_alb", - typeLB: aws.LoadBalancerTypeApplication, + name: "ing_shared_rg_notshared_alb", + typeLB: aws.LoadBalancerTypeApplication, + ipAddressType: aws.IPAddressTypeIPV4, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -323,8 +489,9 @@ func TestResourceConversionOneToOne(tt *testing.T) { certsProvider: certsProvider, }, { - name: "no_certificates", - typeLB: aws.LoadBalancerTypeApplication, + name: "no_certificates", + typeLB: aws.LoadBalancerTypeApplication, + ipAddressType: aws.IPAddressTypeIPV4, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -366,8 +533,9 @@ func TestResourceConversionOneToOne(tt *testing.T) { problems: []string{"failed to get certificates: something went wrong"}, }, { - name: "no_certificates", - typeLB: aws.LoadBalancerTypeApplication, + name: "no_certificates", + typeLB: aws.LoadBalancerTypeApplication, + ipAddressType: aws.IPAddressTypeIPV4, responsesEC2: fake.EC2Outputs{DescribeInstances: fake.R(fake.MockDescribeInstancesOutput( fake.TestInstance{ Id: "i0", @@ -424,6 +592,7 @@ func TestResourceConversionOneToOne(tt *testing.T) { WithCustomEc2Client(clientEC2). WithCustomElbv2Client(clientELBv2). WithCustomCloudFormationClient(clientCF). + WithIpAddressType(scenario.ipAddressType). WithNLBZoneAffinity(aws.DefaultZoneAffinity) a, err = a.UpdateManifest(ctx, clusterID, vpcID) @@ -469,6 +638,7 @@ func TestResourceConversionOneToOne(tt *testing.T) { sslPolicy, scenario.typeLB, clusterLocalDomain, + scenario.ipAddressType, true) if err != nil { t.Fatal(err)