a new NLB with a name that's used before, overrides the existing NLB configurations

kubernetes-sigs / aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers

https://kubernetes-sigs.github.io/aws-load-balancer-controller/

Apache License 2.0

3.89k stars 1.44k forks source link

a new NLB with a name that's used before, overrides the existing NLB configurations #3027

Open eslam-gomaa opened 1 year ago

eslam-gomaa commented 1 year ago

Describe the bug A concise description of what the bug is.

a new NLB with a name that's used before, overrides the existing NLB configurations .. making the currently used port not reachable.

Steps to reproduce

create 2 NLBs with the same name

Expected outcome A concise description of what you expected to happen.

Should fail if the the NLB's name is already used.

Environment

Creating NLBs with K8s LoadBalancer services.

AWS Load Balancer controller version: v2
Kubernetes version
Using EKS (yes/no), if so version?

Additional Context:

More about my use case;

I created a new set of NLBs (with the same name of existing NLBs)

that overriden the existing NLBs configurations, resulting in making the NLBs not reachable on the preconfigured port anymore.

In the screenshoot, both the highlighted K8s svc LBs have the same names, but only listening on the new service port "9096" .. making "9095" not reachable.

eslam-gomaa commented 1 year ago

https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/2533 related

M00nF1sh commented 1 year ago

/kind bug we should check whether ELBv2 CreateLoadBalancer API returns an existing LB's ARN when create a new LB with the existing LB's name. (what's the behavior if same settings, e.g. tags is provided, and what's the behavior if different settings tags is provided) And if that's the case, when using the LB name feature(or we always do the validation), we should check whether a existing LB exists with same name and validate the tags.

rdcarrera commented 1 year ago

Hi everyone,

I find myself in the same situation of being able to reuse the NLB with multiple services. I need to expose approximately 1800 services from my EKS cluster, and for orchestrating these services, I have a wrapper that manages the creation of deployments and services for them.

If the integration with NLB were similar to ALB's, I would only need to integrate with the Kubernetes API, which would make the management of everything very convenient. Otherwise, I would need to integrate with the AWS API to manage the creation of NLBs, target groups, associate the target group bindings, and so on.

After analyzing the code, I have noticed that the loop responsible for cleaning up the old listeners is located in:

pkg/deploy/elbv2/listener_synthesizer.go (lines 61-65)

matchedResAndSDKLSs, unmatchedResLSs, _ := matchResAndSDKListeners(resLSs, sdkLSs)
// for _, sdkLS := range unmatchedSDKLSs {
//  if err := s.lsManager.Delete(ctx, sdkLS); err != nil {
//      return err
//  }
// }

By commenting out the loop and build the controller, I have managed to reuse the NLB as expected. However, I would prefer a solution that does not break future updates or the correct functionality of the controller.

Thank you, Best regards!

M00nF1sh commented 1 year ago

/kind good-first-issue

k8s-ci-robot commented 1 year ago

@M00nF1sh: The label(s) kind/good-first-issue cannot be applied, because the repository doesn't have them.

In response to [this](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3027#issuecomment-1675218622): >/kind good-first-issue Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

k8s-triage-robot commented 7 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

tculp commented 7 months ago

/remove-lifecycle stale

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

tculp commented 4 months ago

/remove-lifecycle stale

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

tculp commented 1 month ago

/remove-lifecycle stale