Feature alb subnets

[jerryhe1999]

Issue

#3082

Description

Added a new feature gate named "ALBSingleSubnet" with default value false, once it set to true, the user who get whitelisted by AWS ELB team for using only one subnet for their application load balancer could be processed as expected.

Manual Test Items:

For account which doesn't get whitelisted, creating the ingress resource with only one subnet attached.
Comes up with LBC error message while ALBSIngleSubnet is set to false.
Comes up with ELB error message while ALBSIngleSubnet is set to true.

For account which get whitelisted, creating the ingress resource with only one subnet attached.
Comes up with LBC error message while ALBSIngleSubnet is set to false.
ALB is successfully provisioning while ALBSIngleSubnet is set to true.

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the docs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[k8s-ci-robot]

Hi @jerryhe1999. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[oliviassss]

Maybe reword: whether to allow using only 1 subnet for provisioning ALB, default to false

[oliviassss]

nit: foncigure or configure?

[oliviassss]

Thanks for the contribution. Please also add:

1. doc updates regarding the new feature gate flag: https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/docs/deploy/configurations.md#feature-gates
2. doc updates re subnet discovery: https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/docs/deploy/subnet_discovery.md#subnet-auto-discovery
3. Please add the manual tests in the PR descriptions.

[johngmyers]

Would be much more straightforward as:

Suggested change

	if resolveOpts.LBType == elbv2model.LoadBalancerTypeApplication && subnetLocale == subnetLocaleTypeAvailabilityZone {
	if resolveOpts.LBType == elbv2model.LoadBalancerTypeApplication && subnetLocale == subnetLocaleTypeAvailabilityZone && !resolveOpts.ALBSingleSubnet {

[jerryhe1999]

Thank you for reviewing @johngmyers, the change has been made and submitted.

[johngmyers]

Is there any particular reason this needs to be feature-flagged?

[johngmyers]

To answer my own question, I think this is so that LBC can give better and earlier error messages in the common case where the ALB service requires a minimum of 2.

[oliviassss]

@johngmyers, it's an opt-in feature from ELB side. They are working on lifting the minimal subnet constraint for ALB. AFAIK, in some region like KIX they only require 1 subnet for ALB, but most regions still require 2 subnets as minimal unless the account is allowlisted.

[oliviassss]

/lgtm
/Assign @M00nF1sh

[M00nF1sh]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jerryhe1999, M00nF1sh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [M00nF1sh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-commenter]

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (631041d) 55.75% compared to head (e172a9f) 55.75%.
Report is 10 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3437      +/-   ##
==========================================
- Coverage   55.75%   55.75%   -0.01%     
==========================================
  Files         149      149              
  Lines        8838     8843       +5     
==========================================
+ Hits         4928     4930       +2     
- Misses       3576     3579       +3     
  Partials      334      334              

Files	Coverage Δ
pkg/ingress/model_build_load_balancer.go	72.46% <100.00%> (+0.22%)	⬆️
pkg/config/feature_gates.go	0.00% <0.00%> (ø)
pkg/networking/subnet_resolver.go	87.55% <33.33%> (-0.82%)	⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.