cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

✨ Feat/Add ELBv2/TGs health check customization

Open mtulio opened this issue 1 year ago • 5 comments
trafficstars

WIP PR

What type of PR is this?

/kind feature /kind api-change

What this PR does / why we need it:

This change exposes the health check configuration for listeners of both load balancers, primary and secundary.

It will allow providers to customize the API and additional listeners' target health checks to ensure existing implementations.

A significant improvement will be in the additional listeners which is currently set with basic health checks following the same protocol of the listener (TCP). Exposing this value will allow customized health check.

The example below shows how we are using to customize the API target group (from the default provided by CAPA), alongside setting custom health check parameters for additional listeners, like overriding the protocol to HTTPS, check path /healthz and custom probe timers:

awsCluster := &capa.AWSCluster{
  ObjectMeta: metav1.ObjectMeta{
	Name:      clusterID.InfraID,
	Namespace: capiutils.Namespace,
  },
  Spec: capa.AWSClusterSpec{
	ControlPlaneLoadBalancer: &capa.AWSLoadBalancerSpec{
		Name:                ptr.To(clusterID.InfraID + "-int"),
		LoadBalancerType:    capa.LoadBalancerTypeNLB,
		Scheme:              &capa.ELBSchemeInternal,
		HealthCheck: &capa.TargetGroupHealthCheck{
			Protocol:                ptr.To("HTTPS"),
                        Path:                    ptr.To("/readyz"),
			IntervalSeconds:         ptr.To(int64(10)),
			TimeoutSeconds:          ptr.To(int64(10)),
			ThresholdCount:          ptr.To(int64(2)),
			UnhealthyThresholdCount: ptr.To(int64(2)),
		},
		AdditionalListeners: []capa.AdditionalListenerSpec{
			{
				Port:     22623,
				Protocol: capa.ELBProtocolTCP,
				HealthCheck: &capa.TargetGroupHealthCheck{
					Protocol:                ptr.To("HTTPS"),
					Path:                    ptr.To("/healthz"),
					IntervalSeconds:         ptr.To(int64(10)),
					TimeoutSeconds:          ptr.To(int64(10)),
					ThresholdCount:          ptr.To(int64(2)),
					UnhealthyThresholdCount: ptr.To(int64(2)),
				},
			},
		},
	},
	SecondaryControlPlaneLoadBalancer: &capa.AWSLoadBalancerSpec{
		Name:                ptr.To(clusterID.InfraID + "-ext"),
		LoadBalancerType:    capa.LoadBalancerTypeNLB,
		Scheme:              &capa.ELBSchemeInternetFacing,
		HealthCheck: &capa.TargetGroupHealthCheck{
			Protocol:                ptr.To("HTTPS"),
                        Path:                    ptr.To("/readyz"),
			IntervalSeconds:         ptr.To(int64(10)),
			TimeoutSeconds:          ptr.To(int64(10)),
			ThresholdCount:          ptr.To(int64(2)),
			UnhealthyThresholdCount: ptr.To(int64(2)),
		},
        },
  },
}

Open questions:

  • The option HealthCheckProtocol may become duplicated. If that proposal has been accepted to expose the entire health check structure, should we need to deprecate it?

Which issue(s) this PR fixes:

Fixes #4884

Special notes for your reviewer:

Checklist:

  • [ ] squashed commits
  • [ ] includes documentation
  • [x] includes emojis
  • [ ] adds unit tests
  • [ ] adds or updates e2e tests

Release note:

Exposing the health check attributes for the target group for the control plane load balancers, allowing customized health checks for API or additional listeners.

mtulio avatar Mar 06 '24 02:03 mtulio