Refactor: Split out NLB Listener into its own task

This allows us to use more of our task machinery, including dependency analysis. The intent is that we'll be able to support multiple LoadBalancers and TargetGroups.
kubernetes · Feb 3, 2024 · 2e0ca41 · 2e0ca41
1 parent 1867006
commit 2e0ca41
Show file tree

Hide file tree

Showing 6 changed files with 375 additions and 213 deletions.
diff --git a/pkg/model/awsmodel/api_loadbalancer.go b/pkg/model/awsmodel/api_loadbalancer.go
@@ -135,32 +135,49 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 			"443": {InstancePort: 443},
 		}
 
-		nlbListeners := []*awstasks.NetworkLoadBalancerListener{
-			{
-				Port:            443,
-				TargetGroupName: b.NLBTargetGroupName("tcp"),
-			},
-		}
-		if b.Cluster.UsesNoneDNS() {
-			nlbListeners = append(nlbListeners, &awstasks.NetworkLoadBalancerListener{
-				Port:            wellknownports.KopsControllerPort,
-				TargetGroupName: b.NLBTargetGroupName("kops-controller"),
-			})
-		}
+		if lbSpec.SSLCertificate == "" {
+			listener443 := &awstasks.NetworkLoadBalancerListener{
+				Name:                fi.PtrTo(b.NLBListenerName("api", 443)),
+				Lifecycle:           b.Lifecycle,
+				NetworkLoadBalancer: b.LinkToNLB("api"),
+				Port:                443,
+				TargetGroup:         b.LinkToTargetGroup("tcp"),
+			}
+			c.AddTask(listener443)
+		} else {
+			listener8443 := &awstasks.NetworkLoadBalancerListener{
+				Name:                fi.PtrTo(b.NLBListenerName("api", 8443)),
+				Lifecycle:           b.Lifecycle,
+				NetworkLoadBalancer: b.LinkToNLB("api"),
+				Port:                8443,
+				TargetGroup:         b.LinkToTargetGroup("tcp"),
+			}
+			c.AddTask(listener8443)
 
-		if lbSpec.SSLCertificate != "" {
 			listeners["443"].SSLCertificateID = lbSpec.SSLCertificate
-			nlbListeners[0].Port = 8443
-
-			nlbListener := &awstasks.NetworkLoadBalancerListener{
-				Port:             443,
-				TargetGroupName:  b.NLBTargetGroupName("tls"),
-				SSLCertificateID: lbSpec.SSLCertificate,
+			listener443 := &awstasks.NetworkLoadBalancerListener{
+				Name:                fi.PtrTo(b.NLBListenerName("api", 443)),
+				Lifecycle:           b.Lifecycle,
+				NetworkLoadBalancer: b.LinkToNLB("api"),
+				Port:                443,
+				TargetGroup:         b.LinkToTargetGroup("tls"),
+				SSLCertificateID:    lbSpec.SSLCertificate,
 			}
 			if lbSpec.SSLPolicy != nil {
-				nlbListener.SSLPolicy = *lbSpec.SSLPolicy
+				listener443.SSLPolicy = *lbSpec.SSLPolicy
+			}
+			c.AddTask(listener443)
+		}
+
+		if b.Cluster.UsesNoneDNS() {
+			nlbListener := &awstasks.NetworkLoadBalancerListener{
+				Name:                fi.PtrTo(b.NLBListenerName("api", wellknownports.KopsControllerPort)),
+				Lifecycle:           b.Lifecycle,
+				NetworkLoadBalancer: b.LinkToNLB("api"),
+				Port:                wellknownports.KopsControllerPort,
+				TargetGroup:         b.LinkToTargetGroup("kops-controller"),
 			}
-			nlbListeners = append(nlbListeners, nlbListener)
+			c.AddTask(nlbListener)
 		}
 
 		if lbSpec.SecurityGroupOverride != nil {
@@ -184,7 +201,6 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 				b.LinkToELBSecurityGroup("api"),
 			},
 			SubnetMappings: nlbSubnetMappings,
-			Listeners:      nlbListeners,
 			TargetGroups:   make([]*awstasks.TargetGroup, 0),
 
 			Tags:              tags,

diff --git a/pkg/model/awsmodel/bastion.go b/pkg/model/awsmodel/bastion.go
@@ -328,12 +328,15 @@ func (b *BastionModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 		// Override the returned name to be the expected ELB name
 		tags["Name"] = "bastion." + b.ClusterName()
 
-		nlbListeners := []*awstasks.NetworkLoadBalancerListener{
-			{
-				Port:            22,
-				TargetGroupName: b.NLBTargetGroupName("bastion"),
-			},
+		nlbListener := &awstasks.NetworkLoadBalancerListener{
+			Name:                fi.PtrTo(b.NLBListenerName("bastion", 22)),
+			Lifecycle:           b.Lifecycle,
+			NetworkLoadBalancer: b.LinkToNLB("bastion"),
+			Port:                22,
+			TargetGroup:         b.LinkToTargetGroup("bastion"),
 		}
+		c.AddTask(nlbListener)
+
 		nlb = &awstasks.NetworkLoadBalancer{
 			Name:      fi.PtrTo(b.NLBName("bastion")),
 			Lifecycle: b.Lifecycle,
@@ -344,7 +347,6 @@ func (b *BastionModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 			SecurityGroups: []*awstasks.SecurityGroup{
 				b.LinkToELBSecurityGroup("bastion"),
 			},
-			Listeners:    nlbListeners,
 			TargetGroups: make([]*awstasks.TargetGroup, 0),
 
 			Tags:          tags,

diff --git a/pkg/model/names.go b/pkg/model/names.go
@@ -19,6 +19,7 @@ package model
 import (
 	"fmt"
 	"regexp"
+	"strconv"
 	"strings"
 
 	"k8s.io/klog/v2"
@@ -115,6 +116,11 @@ func (b *KopsModelContext) LinkToNLB(prefix string) *awstasks.NetworkLoadBalance
 	return &awstasks.NetworkLoadBalancer{Name: &name}
 }
 
+func (b *KopsModelContext) NLBListenerName(loadBalancerPrefix string, port int) string {
+	name := b.NLBName(loadBalancerPrefix)
+	return name + "-" + strconv.Itoa(port)
+}
+
 func (b *KopsModelContext) LinkToTargetGroup(prefix string) *awstasks.TargetGroup {
 	name := b.NLBTargetGroupName(prefix)
 	return &awstasks.TargetGroup{Name: &name}