CFE-1133: Watch Infrastructure and update AWS tags

[chiragkyal]

This PR adds support for AWS user tags specified in the platform status. Tags can be managed centrally in the PlatformStatus and have them automatically applied to resources managed by the ALBC.

• Adds a watch on the Infrastructure object to detect changes in the platformStatus.AWS.ResourceTags field.
• Merges tags from both the AWSLoadBalancerController.Spec.AdditionalResourceTags and the PlatformStatus.AWS.ResourceTags into a single list, prioritizing tags from the operator spec.
• Ensures that the combined tag list does not exceed the maximum allowed limit of 24 tags for the ALBC's --default-tags argument.

Implements CFE-1133

[openshift-ci-robot]

@chiragkyal: This pull request references CFE-1133 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[chiragkyal]

/test images

[chiragkyal]

/retest-required

[chiragkyal]

/test all

[openshift-ci-robot]

@chiragkyal: This pull request references CFE-1133 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

This PR adds support for AWS user tags specified in the platform status. Tags can be managed centrally in the PlatformStatus and have them automatically applied to resources managed by the ALBC.

• Adds a watch on the Infrastructure object to detect changes in the platformStatus.AWS.ResourceTags field.
• Merges tags from both the AWSLoadBalancerController.Spec.AdditionalResourceTags and the PlatformStatus.AWS.ResourceTags into a single list, prioritizing tags from the operator spec.
• Ensures that the combined tag list does not exceed the maximum allowed limit of 24 tags for the ALBC's --default-tags argument.

Implements CFE-1133

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[chiragkyal]

/retest-required

[chiragkyal]

/retest

[chiragkyal]

/assign @alebedev87

[chiragkyal]

/retest

[chiragkyal]

/retest-required

[chiragkyal]

/retest-required

[chiragkyal]

/test e2e-aws-proxy-operator

[chiragkyal]

/test e2e-aws-rosa-operator

[chiragkyal]

/test e2e-aws-rosa-operator

[chiragkyal]

/test e2e-aws-rosa-operator

[chiragkyal]

@alebedev87 It Looks like the e2e-aws-rosa-operator is failing with something new, which seems unrelated to this PR. Any idea why it's complaining ?

An error occurred (WAFNonexistentItemException) when calling the GetWebACL operation: AWS WAF couldn’t perform the operation because your resource doesn’t exist.
{"component":"entrypoint","error":"wrapped process failed: exit status 254","file":"sigs.k8s.io/prow/pkg/entrypoint/run.go:84","func":"sigs.k8s.io/prow/pkg/entrypoint.Options.internalRun","level":"error","msg":"Error executing test process","severity":"error","time":"2024-12-12T07:24:42Z"}

[chiragkyal]

openshift/release#59728 could fix the e2e problem

[alebedev87]

@chiragkyal : Thanks a lot for your work!

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alebedev87

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [alebedev87]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[alebedev87]

/retest

[Senthamilarasu-STA]

/label px-approved

[openshift-ci]

@chiragkyal: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[lihongan]

@chiragkyal I'm doing pre-merge test, after updating the resourceTags in infrastructure status, I observed that the controller pod is recreated, it that expected behavior?

aws-load-balancer-controller-cluster-6dd8859687-tzrpv             1/1     Running     0          2s
aws-load-balancer-controller-cluster-8b6c677cc-sz499              0/1     Completed   0          26m

And another finding is: looks it doesn't update the alb.ingress.kubernetes.io/tags annotation (refer to https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#resource-tags), it that expected?
cc @alebedev87

[chiragkyal]

Hey, Yeah this is an expected behaviour because updating tags on infrastructure status will change the --default-tags container argument of the controller, necessitating pod recreation.

[chiragkyal]

And another finding is: looks it doesn't update the alb.ingress.kubernetes.io/tags annotation (refer to https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#resource-tags), it that expected?

We're feeding the infrastructure tags directly into the --default-tags container arguments and not using alb.ingress.kubernetes.io/tags annotation. So, the annotation not getting updated in the event of updating infrastructure tags is also an expected behaviour. It's similar to what happens if we update the AdditionalResourceTags field.

Users may wish to use this annotation if they want to add more tags.

[lihongan]

Thank you @chiragkyal and @alebedev87 for the detailed explanations.

I tested this PR and it looks good, after configuring the tags we got

$ aws elbv2 describe-tags --resource-arns "arn:aws:elasticloadbalancing:us-west-1:******:loadbalancer/app/k8s-hongli-ingresst-75f3b8f32d/1be0df7a277bdeab" --output yaml
TagDescriptions:
- ResourceArn: arn:aws:elasticloadbalancing:us-west-1:******:loadbalancer/app/k8s-hongli-ingresst-75f3b8f32d/1be0df7a277bdeab
  Tags:
  - Key: albc                                    <<<--- tags from AWSLoadBalancerController.spec
    Value: albc-tags
  - Key: ingress.k8s.aws/stack
    Value: hongli/ingress-test
  - Key: Owner                                    <<<--- tags from infrastructure.status
    Value: infra-tags
  - Key: ingress.k8s.aws/resource
    Value: LoadBalancer
  - Key: elbv2.k8s.aws/cluster
    Value: ci-ln-22g21zb-76ef8-mf6mh

note: similar tags for targetgroup, listener and listener-rule 

[subhtk]

/label docs-approved

[lihongan]

/label qe-approved

[openshift-ci-robot]

@chiragkyal: This pull request references CFE-1133 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

This PR adds support for AWS user tags specified in the platform status. Tags can be managed centrally in the PlatformStatus and have them automatically applied to resources managed by the ALBC.

• Adds a watch on the Infrastructure object to detect changes in the platformStatus.AWS.ResourceTags field.
• Merges tags from both the AWSLoadBalancerController.Spec.AdditionalResourceTags and the PlatformStatus.AWS.ResourceTags into a single list, prioritizing tags from the operator spec.
• Ensures that the combined tag list does not exceed the maximum allowed limit of 24 tags for the ALBC's --default-tags argument.

Implements CFE-1133

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.