From ca0a537b783664976154b3cc9af46bedbd8fbcfe Mon Sep 17 00:00:00 2001 From: Kelly Yan Date: Fri, 28 Mar 2025 14:46:05 -0700 Subject: [PATCH] Update Go to version 1.24.1, update base image to AL2023 --- .go-version | 2 +- Makefile | 2 +- go.mod | 2 +- pkg/networking/utils.go | 28 ++--- pkg/service/model_build_target_group.go | 120 +++++++++---------- pkg/service/model_build_target_group_test.go | 16 +-- 6 files changed, 85 insertions(+), 85 deletions(-) diff --git a/.go-version b/.go-version index d8c40e539..f9e8384bb 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.23.6 +1.24.1 diff --git a/Makefile b/Makefile index 45bc62968..30d5fb746 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ IMG ?= public.ecr.aws/eks/aws-load-balancer-controller:v2.12.0 GOLANG_VERSION ?= $(shell cat .go-version) BUILD_IMAGE ?= public.ecr.aws/docker/library/golang:$(GOLANG_VERSION) # Image URL to use for base layer in Docker build -BASE_IMAGE ?= public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2024-08-13-1723575672.2 +BASE_IMAGE ?= public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2025-01-01-1735689705.2023 IMG_PLATFORM ?= linux/amd64,linux/arm64 # ECR doesn't appear to support SPDX SBOM IMG_SBOM ?= none diff --git a/go.mod b/go.mod index 203417adc..312c9d12b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module sigs.k8s.io/aws-load-balancer-controller -go 1.23.6 +go 1.24.1 require ( github.com/aws/aws-sdk-go v1.55.5 diff --git a/pkg/networking/utils.go b/pkg/networking/utils.go index 6cec2fd3b..c87eb53cf 100644 --- a/pkg/networking/utils.go +++ b/pkg/networking/utils.go @@ -1,13 +1,13 @@ package networking import ( - "fmt" + "net/netip" + "strings" + awssdk "github.com/aws/aws-sdk-go-v2/aws" ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/pkg/errors" - "net/netip" elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2" - "strings" ) // ParseCIDRs will parse CIDRs in string format into parsed IPPrefix @@ -80,7 +80,7 @@ func GetSubnetAssociatedIPv6CIDRs(subnet ec2types.Subnet) ([]netip.Prefix, error // ValidateEnablePrefixForIpv6SourceNat function returns the validation error if error exists for EnablePrefixForIpv6SourceNat annotation value func ValidateEnablePrefixForIpv6SourceNat(EnablePrefixForIpv6SourceNat string, ipAddressType elbv2model.IPAddressType, ec2Subnets []ec2types.Subnet) error { if EnablePrefixForIpv6SourceNat != string(elbv2model.EnablePrefixForIpv6SourceNatOn) && EnablePrefixForIpv6SourceNat != string(elbv2model.EnablePrefixForIpv6SourceNatOff) { - return errors.Errorf(fmt.Sprintf("Invalid enable-prefix-for-ipv6-source-nat value: %v. Valid values are ['on', 'off'].", EnablePrefixForIpv6SourceNat)) + return errors.Errorf("Invalid enable-prefix-for-ipv6-source-nat value: %v. Valid values are ['on', 'off'].", EnablePrefixForIpv6SourceNat) } if EnablePrefixForIpv6SourceNat != string(elbv2model.EnablePrefixForIpv6SourceNatOn) { @@ -88,14 +88,14 @@ func ValidateEnablePrefixForIpv6SourceNat(EnablePrefixForIpv6SourceNat string, i } if ipAddressType == elbv2model.IPAddressTypeIPV4 { - return errors.Errorf(fmt.Sprintf("enable-prefix-for-ipv6-source-nat annotation is only applicable to Network Load Balancers using Dualstack IP address type.")) + return errors.Errorf("enable-prefix-for-ipv6-source-nat annotation is only applicable to Network Load Balancers using Dualstack IP address type.") } var subnetsWithoutIPv6CIDR []string for _, subnet := range ec2Subnets { subnetIPv6CIDRs, err := GetSubnetAssociatedIPv6CIDRs(subnet) if err != nil { - return errors.Errorf(fmt.Sprintf("%v", err)) + return errors.Errorf("%v", err) } if len(subnetIPv6CIDRs) < 1 { subnetsWithoutIPv6CIDR = append(subnetsWithoutIPv6CIDR, awssdk.ToString(subnet.SubnetId)) @@ -103,7 +103,7 @@ func ValidateEnablePrefixForIpv6SourceNat(EnablePrefixForIpv6SourceNat string, i } } if len(subnetsWithoutIPv6CIDR) > 0 { - return errors.Errorf(fmt.Sprintf("To enable prefix for source NAT, all associated subnets must have an IPv6 CIDR. Subnets without IPv6 CIDR: %v.", subnetsWithoutIPv6CIDR)) + return errors.Errorf("To enable prefix for source NAT, all associated subnets must have an IPv6 CIDR. Subnets without IPv6 CIDR: %v.", subnetsWithoutIPv6CIDR) } return nil @@ -120,7 +120,7 @@ func ValidateSourceNatPrefixes(sourceNatIpv6Prefixes []string, ipAddressType elb } if len(sourceNatIpv6Prefixes) != len(ec2Subnets) { - return errors.Errorf(fmt.Sprintf("Number of values in source-nat-ipv6-prefixes (%d) must match the number of subnets (%d).", len(sourceNatIpv6Prefixes), len(ec2Subnets))) + return errors.Errorf("Number of values in source-nat-ipv6-prefixes (%d) must match the number of subnets (%d).", len(sourceNatIpv6Prefixes), len(ec2Subnets)) } for idx, sourceNatIpv6Prefix := range sourceNatIpv6Prefixes { var subnet = ec2Subnets[idx] @@ -128,28 +128,28 @@ func ValidateSourceNatPrefixes(sourceNatIpv6Prefixes []string, ipAddressType elb if sourceNatIpv6Prefix != elbv2model.SourceNatIpv6PrefixAutoAssigned { subStrings := strings.Split(sourceNatIpv6Prefix, "/") if len(subStrings) < 2 { - return errors.Errorf(fmt.Sprintf("Invalid value in source-nat-ipv6-prefixes: %v.", sourceNatIpv6Prefix)) + return errors.Errorf("Invalid value in source-nat-ipv6-prefixes: %v.", sourceNatIpv6Prefix) } var ipAddressPart = subStrings[0] var prefixLengthPart = subStrings[1] if prefixLengthPart != requiredPrefixLengthForSourceNatCidr { - return errors.Errorf(fmt.Sprintf("Invalid value in source-nat-ipv6-prefixes: %v. Prefix length must be %v, but %v is specified.", sourceNatIpv6Prefix, requiredPrefixLengthForSourceNatCidr, prefixLengthPart)) + return errors.Errorf("Invalid value in source-nat-ipv6-prefixes: %v. Prefix length must be %v, but %v is specified.", sourceNatIpv6Prefix, requiredPrefixLengthForSourceNatCidr, prefixLengthPart) } sourceNatIpv6PrefixNetIpParsed, err := netip.ParseAddr(ipAddressPart) if err != nil { - return errors.Errorf(fmt.Sprintf("Invalid value in source-nat-ipv6-prefixes: %v. Value must be a valid IPv6 CIDR.", sourceNatIpv6Prefix)) + return errors.Errorf("Invalid value in source-nat-ipv6-prefixes: %v. Value must be a valid IPv6 CIDR.", sourceNatIpv6Prefix) } sourceNatIpv6PrefixParsedList = append(sourceNatIpv6PrefixParsedList, sourceNatIpv6PrefixNetIpParsed) if !sourceNatIpv6PrefixNetIpParsed.Is6() { - return errors.Errorf(fmt.Sprintf("Invalid value in source-nat-ipv6-prefixes: %v. Value must be a valid IPv6 CIDR.", sourceNatIpv6Prefix)) + return errors.Errorf("Invalid value in source-nat-ipv6-prefixes: %v. Value must be a valid IPv6 CIDR.", sourceNatIpv6Prefix) } subnetIPv6CIDRs, err := GetSubnetAssociatedIPv6CIDRs(subnet) if err != nil { - return errors.Errorf(fmt.Sprintf("Subnet has invalid IPv6 CIDRs: %v. Subnet must have valid IPv6 CIDRs.", subnetIPv6CIDRs)) + return errors.Errorf("Subnet has invalid IPv6 CIDRs: %v. Subnet must have valid IPv6 CIDRs.", subnetIPv6CIDRs) } sourceNatIpv6PrefixWithinSubnet := FilterIPsWithinCIDRs(sourceNatIpv6PrefixParsedList, subnetIPv6CIDRs) if len(sourceNatIpv6PrefixWithinSubnet) != 1 { - return errors.Errorf(fmt.Sprintf("Invalid value in source-nat-ipv6-prefixes: %v. Value must be within subnet CIDR range: %v.", sourceNatIpv6Prefix, subnetIPv6CIDRs)) + return errors.Errorf("Invalid value in source-nat-ipv6-prefixes: %v. Value must be within subnet CIDR range: %v.", sourceNatIpv6Prefix, subnetIPv6CIDRs) } } } diff --git a/pkg/service/model_build_target_group.go b/pkg/service/model_build_target_group.go index 0b14f4545..d566ad3b1 100644 --- a/pkg/service/model_build_target_group.go +++ b/pkg/service/model_build_target_group.go @@ -205,65 +205,65 @@ func (t *defaultModelBuildTask) buildTargetGroupName(_ context.Context, svcPort } func (t *defaultModelBuildTask) buildTargetGroupAttributes(_ context.Context, port corev1.ServicePort) ([]elbv2model.TargetGroupAttribute, error) { - var rawAttributes map[string]string - if _, err := t.annotationParser.ParseStringMapAnnotation(annotations.SvcLBSuffixTargetGroupAttributes, &rawAttributes, t.service.Annotations); err != nil { - return nil, err - } - if rawAttributes == nil { - rawAttributes = make(map[string]string) - } - if _, ok := rawAttributes[tgAttrsProxyProtocolV2Enabled]; !ok { - rawAttributes[tgAttrsProxyProtocolV2Enabled] = strconv.FormatBool(t.defaultProxyProtocolV2Enabled) - } - - var proxyProtocolPerTG string - if t.annotationParser.ParseStringAnnotation(annotations.SvcLBSuffixProxyProtocolPerTargetGroup, &proxyProtocolPerTG, t.service.Annotations) { - ports := strings.Split(proxyProtocolPerTG, ",") - enabledPorts := make(map[string]struct{}) - for _, p := range ports { - trimmedPort := strings.TrimSpace(p) - if trimmedPort != "" { - if _, err := strconv.Atoi(trimmedPort); err != nil { - return nil, errors.Errorf("invalid port number in proxy-protocol-per-target-group: %v", trimmedPort) - } - enabledPorts[trimmedPort] = struct{}{} - } - } - - currentPortStr := strconv.FormatInt(int64(port.Port), 10) - if _, enabled := enabledPorts[currentPortStr]; enabled { - rawAttributes[tgAttrsProxyProtocolV2Enabled] = "true" - } else { - rawAttributes[tgAttrsProxyProtocolV2Enabled] = "false" - } - } - - proxyV2Annotation := "" - if exists := t.annotationParser.ParseStringAnnotation(annotations.SvcLBSuffixProxyProtocol, &proxyV2Annotation, t.service.Annotations); exists { - if proxyV2Annotation != "*" { - return []elbv2model.TargetGroupAttribute{}, errors.Errorf("invalid value %v for Load Balancer proxy protocol v2 annotation, only value currently supported is *", proxyV2Annotation) - } - rawAttributes[tgAttrsProxyProtocolV2Enabled] = "true" - } - - if rawPreserveIPEnabled, ok := rawAttributes[tgAttrsPreserveClientIPEnabled]; ok { - _, err := strconv.ParseBool(rawPreserveIPEnabled) - if err != nil { - return nil, errors.Wrapf(err, "failed to parse attribute %v=%v", tgAttrsPreserveClientIPEnabled, rawPreserveIPEnabled) - } - } - - attributes := make([]elbv2model.TargetGroupAttribute, 0, len(rawAttributes)) - for attrKey, attrValue := range rawAttributes { - attributes = append(attributes, elbv2model.TargetGroupAttribute{ - Key: attrKey, - Value: attrValue, - }) - } - sort.Slice(attributes, func(i, j int) bool { - return attributes[i].Key < attributes[j].Key - }) - return attributes, nil + var rawAttributes map[string]string + if _, err := t.annotationParser.ParseStringMapAnnotation(annotations.SvcLBSuffixTargetGroupAttributes, &rawAttributes, t.service.Annotations); err != nil { + return nil, err + } + if rawAttributes == nil { + rawAttributes = make(map[string]string) + } + if _, ok := rawAttributes[tgAttrsProxyProtocolV2Enabled]; !ok { + rawAttributes[tgAttrsProxyProtocolV2Enabled] = strconv.FormatBool(t.defaultProxyProtocolV2Enabled) + } + + var proxyProtocolPerTG string + if t.annotationParser.ParseStringAnnotation(annotations.SvcLBSuffixProxyProtocolPerTargetGroup, &proxyProtocolPerTG, t.service.Annotations) { + ports := strings.Split(proxyProtocolPerTG, ",") + enabledPorts := make(map[string]struct{}) + for _, p := range ports { + trimmedPort := strings.TrimSpace(p) + if trimmedPort != "" { + if _, err := strconv.Atoi(trimmedPort); err != nil { + return nil, errors.Errorf("invalid port number in proxy-protocol-per-target-group: %v", trimmedPort) + } + enabledPorts[trimmedPort] = struct{}{} + } + } + + currentPortStr := strconv.FormatInt(int64(port.Port), 10) + if _, enabled := enabledPorts[currentPortStr]; enabled { + rawAttributes[tgAttrsProxyProtocolV2Enabled] = "true" + } else { + rawAttributes[tgAttrsProxyProtocolV2Enabled] = "false" + } + } + + proxyV2Annotation := "" + if exists := t.annotationParser.ParseStringAnnotation(annotations.SvcLBSuffixProxyProtocol, &proxyV2Annotation, t.service.Annotations); exists { + if proxyV2Annotation != "*" { + return []elbv2model.TargetGroupAttribute{}, errors.Errorf("invalid value %v for Load Balancer proxy protocol v2 annotation, only value currently supported is *", proxyV2Annotation) + } + rawAttributes[tgAttrsProxyProtocolV2Enabled] = "true" + } + + if rawPreserveIPEnabled, ok := rawAttributes[tgAttrsPreserveClientIPEnabled]; ok { + _, err := strconv.ParseBool(rawPreserveIPEnabled) + if err != nil { + return nil, errors.Wrapf(err, "failed to parse attribute %v=%v", tgAttrsPreserveClientIPEnabled, rawPreserveIPEnabled) + } + } + + attributes := make([]elbv2model.TargetGroupAttribute, 0, len(rawAttributes)) + for attrKey, attrValue := range rawAttributes { + attributes = append(attributes, elbv2model.TargetGroupAttribute{ + Key: attrKey, + Value: attrValue, + }) + } + sort.Slice(attributes, func(i, j int) bool { + return attributes[i].Key < attributes[j].Key + }) + return attributes, nil } func (t *defaultModelBuildTask) buildPreserveClientIPFlag(_ context.Context, targetType elbv2model.TargetType, tgAttrs []elbv2model.TargetGroupAttribute) (bool, error) { @@ -736,4 +736,4 @@ func (t *defaultModelBuildTask) buildTargetGroupBindingMultiClusterFlag(svc *cor return rawEnabled, nil } return false, nil -} \ No newline at end of file +} diff --git a/pkg/service/model_build_target_group_test.go b/pkg/service/model_build_target_group_test.go index 3a0422eff..83ca491eb 100644 --- a/pkg/service/model_build_target_group_test.go +++ b/pkg/service/model_build_target_group_test.go @@ -3,13 +3,14 @@ package service import ( "context" "errors" + "sort" + "strconv" + "testing" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/golang/mock/gomock" "sigs.k8s.io/aws-load-balancer-controller/pkg/model/core" "sigs.k8s.io/aws-load-balancer-controller/pkg/networking" - "sort" - "strconv" - "testing" "github.com/aws/aws-sdk-go-v2/aws" "github.com/stretchr/testify/assert" @@ -146,7 +147,7 @@ func Test_defaultModelBuilderTask_targetGroupAttrs(t *testing.T) { svc: &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "80", + "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "80", }, }, }, @@ -154,7 +155,7 @@ func Test_defaultModelBuilderTask_targetGroupAttrs(t *testing.T) { wantError: false, wantValue: []elbv2.TargetGroupAttribute{ { - Key: tgAttrsProxyProtocolV2Enabled, + Key: tgAttrsProxyProtocolV2Enabled, Value: "true", }, }, @@ -165,8 +166,7 @@ func Test_defaultModelBuilderTask_targetGroupAttrs(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "443, 22", - "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*", - + "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*", }, }, }, @@ -174,7 +174,7 @@ func Test_defaultModelBuilderTask_targetGroupAttrs(t *testing.T) { wantError: false, wantValue: []elbv2.TargetGroupAttribute{ { - Key: tgAttrsProxyProtocolV2Enabled, + Key: tgAttrsProxyProtocolV2Enabled, Value: "true", }, },