Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for clusters running in private VPC #627

Merged
merged 4 commits into from
May 23, 2024
Merged

Add support for clusters running in private VPC #627

merged 4 commits into from
May 23, 2024

Conversation

aaroniscode
Copy link
Contributor

@aaroniscode aaroniscode commented Apr 29, 2024
edited
Loading

NOTE: This is a draft PR for review by the team. If the design of the feature is approved, I will add any required tests.

What type of PR is this?
feature

Which issue does this PR fix:
no open Issue

What does this PR do / Why do we need it:
Add support for clusters running in private VPC. Today the controller won't function in a fully private VPC as there is no PrivateLink support for the ResourceTagging API

If an issue # is not available please add repro steps and logs from aws-gateway-controller showing the issue:
Create a private VPC (one that cannot access the Internet) and try to the Getting Started Guide

Testing done on this change:
ran the controller locally and tested the Getting Started Guide

Automation added to e2e:
none at this time

Will this PR introduce any new dependencies?:
No

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No breakage

Does this PR introduce any user-facing change?:
Yes.

New `DISABLE_TAGGING_SERVICE_API` environment variable. If you are running a cluster in a Private VPC, this will allow Tag queries using the Lattice API which can be accessed using a PrivateLink endpoint.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@aaroniscode aaroniscode force-pushed the enable_private_vpc branch 3 times, most recently from 5e8d935 to c733a75 Compare April 29, 2024 22:17
erikfuller
erikfuller reviewed May 3, 2024
View reviewed changes
Copy link
Contributor

@erikfuller erikfuller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting this together! I think we can move forward with some minor tweaks. Please let me know if you have any questions or concerns on my feedback. Please also be sure to include unit tests for the new logic.

pkg/aws/cloud.go Outdated Show resolved Hide resolved
pkg/aws/cloud.go Outdated Show resolved Hide resolved
@aaroniscode aaroniscode force-pushed the enable_private_vpc branch 2 times, most recently from 81ba681 to 78f4936 Compare May 8, 2024 23:30
erikfuller
erikfuller requested changes May 13, 2024
View reviewed changes
Copy link
Contributor

@erikfuller erikfuller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looking good. Added suggestions for unit tests, but we can also talk more over Slack if you need more details.

While this will unblock the "private VPC" use case, I am concerned about the performance implications for this approach, since these O(1) operations are now O(N) in terms of number of remote API calls. I suppose when performance becomes an issue we can address that too - there are other places in the codebase we'll also likely have to revisit from a performance standpoint.

pkg/aws/services/tagging.go Show resolved Hide resolved
pkg/config/controller_config.go Outdated Show resolved Hide resolved
pkg/aws/services/tagging.go Outdated Show resolved Hide resolved
@aaroniscode aaroniscode force-pushed the enable_private_vpc branch from 97e1520 to 0119392 Compare May 19, 2024 20:15
@aaroniscode aaroniscode marked this pull request as ready for review May 19, 2024 20:16
@aaroniscode aaroniscode requested a review from erikfuller May 19, 2024 20:17
@aaroniscode
Copy link
Contributor Author

@erikfuller I think the PR has addresses all your feedback and I appreciate the test guidance. Also rebased as there was a conflict.

erikfuller
erikfuller requested changes May 21, 2024
View reviewed changes
Copy link
Contributor

@erikfuller erikfuller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @aaroniscode, tests are looking good. Just a typo and a couple small adjustments and we'll be good to merge.

pkg/aws/services/tagging_test.go Outdated
"Key2": aws.String("Value2"),
"Key3": aws.String("Value3"),
},
testName: "match subnet of tags from source's multiple tags",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"subset"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

pkg/aws/services/tagging_test.go Outdated Show resolved Hide resolved
pkg/aws/services/tagging_test.go Show resolved Hide resolved
pkg/aws/services/tagging_test.go Outdated Show resolved Hide resolved
@aaroniscode aaroniscode force-pushed the enable_private_vpc branch from c0cb66f to 5886139 Compare May 23, 2024 16:27
@aaroniscode aaroniscode requested a review from erikfuller May 23, 2024 16:33
@erikfuller erikfuller merged commit 6c25553 into aws:main May 23, 2024
2 checks passed
@aaroniscode aaroniscode deleted the enable_private_vpc branch May 23, 2024 23:17
@aaroniscode aaroniscode restored the enable_private_vpc branch May 23, 2024 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erikfuller erikfuller erikfuller approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aaroniscode @erikfuller