rename flag to resource-tracking-configuration

controllers/ingress/group_controller.go

@@ -52,7 +52,7 @@ func NewGroupReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorder
 	authConfigBuilder := ingress.NewDefaultAuthConfigBuilder(annotationParser)
 	enhancedBackendBuilder := ingress.NewDefaultEnhancedBackendBuilder(k8sClient, annotationParser, authConfigBuilder, controllerConfig.IngressConfig.TolerateNonExistentBackendService, controllerConfig.IngressConfig.TolerateNonExistentBackendAction)
 	referenceIndexer := ingress.NewDefaultReferenceIndexer(enhancedBackendBuilder, authConfigBuilder, logger)
-	trackingProvider := tracking.NewDefaultProvider(controllerConfig.ResourcePrefix[config.ClusterTagPrefixKey], controllerConfig.ResourcePrefix[config.IngressTagPrefixKey], controllerConfig.ClusterName)
+	trackingProvider := tracking.NewDefaultProvider(controllerConfig.ResourceTrackingConfiguration[config.ClusterTagPrefixKey], controllerConfig.ResourceTrackingConfiguration[config.IngressTagPrefixKey], controllerConfig.ClusterName)
 	modelBuilder := ingress.NewDefaultModelBuilder(k8sClient, eventRecorder,
 		cloud.EC2(), cloud.ELBV2(), cloud.ACM(),
 		annotationParser, subnetsResolver,
@@ -62,7 +62,7 @@ func NewGroupReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorder
 		controllerConfig.EnableBackendSecurityGroup, controllerConfig.DisableRestrictedSGRules, controllerConfig.IngressConfig.AllowedCertificateAuthorityARNs, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), logger)
 	stackMarshaller := deploy.NewDefaultStackMarshaller()
 	stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler, elbv2TaggingManager,
-		controllerConfig, controllerConfig.ResourcePrefix[config.ClusterTagPrefixKey], controllerConfig.ResourcePrefix[config.IngressTagPrefixKey], logger)
+		controllerConfig, controllerConfig.ResourceTrackingConfiguration[config.ClusterTagPrefixKey], controllerConfig.ResourceTrackingConfiguration[config.IngressTagPrefixKey], logger)
 	classLoader := ingress.NewDefaultClassLoader(k8sClient, true)
 	classAnnotationMatcher := ingress.NewDefaultClassAnnotationMatcher(controllerConfig.IngressConfig.IngressClass)
 	manageIngressesWithoutIngressClass := controllerConfig.IngressConfig.IngressClass == ""

controllers/service/service_controller.go

@@ -40,14 +40,14 @@ func NewServiceReconciler(cloud aws.Cloud, k8sClient client.Client, eventRecorde
 	backendSGProvider networking.BackendSGProvider, sgResolver networking.SecurityGroupResolver, logger logr.Logger) *serviceReconciler {
 
 	annotationParser := annotations.NewSuffixAnnotationParser(serviceAnnotationPrefix)
-	trackingProvider := tracking.NewDefaultProvider(controllerConfig.ResourcePrefix[config.ClusterTagPrefixKey], controllerConfig.ResourcePrefix[config.ServiceTagPrefixKey], controllerConfig.ClusterName)
+	trackingProvider := tracking.NewDefaultProvider(controllerConfig.ResourceTrackingConfiguration[config.ClusterTagPrefixKey], controllerConfig.ResourceTrackingConfiguration[config.ServiceTagPrefixKey], controllerConfig.ClusterName)
 	serviceUtils := service.NewServiceUtils(annotationParser, serviceFinalizer, controllerConfig.ServiceConfig.LoadBalancerClass, controllerConfig.FeatureGates)
 	modelBuilder := service.NewDefaultModelBuilder(annotationParser, subnetsResolver, vpcInfoProvider, cloud.VpcID(), trackingProvider,
 		elbv2TaggingManager, cloud.EC2(), controllerConfig.FeatureGates, controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags,
 		controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), serviceUtils,
 		backendSGProvider, sgResolver, controllerConfig.EnableBackendSecurityGroup, controllerConfig.DisableRestrictedSGRules, logger)
 	stackMarshaller := deploy.NewDefaultStackMarshaller()
-	stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler, elbv2TaggingManager, controllerConfig, controllerConfig.ResourcePrefix[config.ClusterTagPrefixKey], controllerConfig.ResourcePrefix[config.ServiceTagPrefixKey], logger)
+	stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingSGManager, networkingSGReconciler, elbv2TaggingManager, controllerConfig, controllerConfig.ResourceTrackingConfiguration[config.ClusterTagPrefixKey], controllerConfig.ResourceTrackingConfiguration[config.ServiceTagPrefixKey], logger)
 	return &serviceReconciler{
 		k8sClient:         k8sClient,
 		eventRecorder:     eventRecorder,

main.go

@@ -115,9 +115,9 @@ func main() {
 	tgbResManager := targetgroupbinding.NewDefaultResourceManager(mgr.GetClient(), cloud.ELBV2(), cloud.EC2(),
 		podInfoRepo, sgManager, sgReconciler, vpcInfoProvider, multiClusterManager,
 		cloud.VpcID(), controllerCFG.ClusterName, controllerCFG.FeatureGates.Enabled(config.EndpointsFailOpen), controllerCFG.EnableEndpointSlices, controllerCFG.DisableRestrictedSGRules,
-		controllerCFG.ServiceTargetENISGTags, controllerCFG.ResourcePrefix[config.ClusterSgRuleLabelPrefixKey], mgr.GetEventRecorderFor("targetGroupBinding"), ctrl.Log)
+		controllerCFG.ServiceTargetENISGTags, controllerCFG.ResourceTrackingConfiguration[config.ClusterSgRuleLabelPrefixKey], mgr.GetEventRecorderFor("targetGroupBinding"), ctrl.Log)
 	backendSGProvider := networking.NewBackendSGProvider(controllerCFG.ClusterName, controllerCFG.BackendSecurityGroup,
-		cloud.VpcID(), cloud.EC2(), mgr.GetClient(), controllerCFG.ResourcePrefix[config.ClusterTagPrefixKey], controllerCFG.ResourcePrefix[config.BackendSGNamePrefixKey], controllerCFG.DefaultTags, ctrl.Log.WithName("backend-sg-provider"))
+		cloud.VpcID(), cloud.EC2(), mgr.GetClient(), controllerCFG.ResourceTrackingConfiguration[config.ClusterTagPrefixKey], controllerCFG.ResourceTrackingConfiguration[config.BackendSGNamePrefixKey], controllerCFG.DefaultTags, ctrl.Log.WithName("backend-sg-provider"))
 	sgResolver := networking.NewDefaultSecurityGroupResolver(cloud.EC2(), cloud.VpcID())
 	elbv2TaggingManager := elbv2deploy.NewDefaultTaggingManager(cloud.ELBV2(), cloud.VpcID(), controllerCFG.FeatureGates, cloud.RGT(), ctrl.Log)
 	ingGroupReconciler := ingress.NewGroupReconciler(cloud, mgr.GetClient(), mgr.GetEventRecorderFor("ingress"),

pkg/config/controller_config.go

@@ -17,7 +17,7 @@ const (
 	flagLogLevel                                     = "log-level"
 	flagK8sClusterName                               = "cluster-name"
 	flagDefaultTags                                  = "default-tags"
-	flagResourcePrefix                               = "resource-prefix"
+	flagResourceTrackingConfiguration                = "resource-tracking-configuration"
 	flagDefaultTargetType                            = "default-target-type"
 	flagExternalManagedTags                          = "external-managed-tags"
 	flagServiceTargetENISGTags                       = "service-target-eni-security-group-tags"
@@ -89,8 +89,8 @@ type ControllerConfig struct {
 	// Default AWS Tags that will be applied to all AWS resources managed by this controller.
 	DefaultTags map[string]string
 
-	// ResourcePrefix provides prefix for resource tags, backend SG name and worker node SG rules label.
-	ResourcePrefix map[string]string
+	// ResourceTrackingConfiguration provides tracking prefix for resource tags, backend SG name and worker node SG rules label.
+	ResourceTrackingConfiguration map[string]string
 
 	// Default target type for Ingress and Service objects
 	DefaultTargetType string
@@ -157,7 +157,7 @@ func (cfg *ControllerConfig) BindFlags(fs *pflag.FlagSet) {
 		"Disable the usage of restricted security group rules")
 	fs.StringToStringVar(&cfg.ServiceTargetENISGTags, flagServiceTargetENISGTags, nil,
 		"AWS Tags, in addition to cluster tags, for finding the target ENI security group to which to add inbound rules from NLBs")
-	fs.StringToStringVar(&cfg.ResourcePrefix, flagResourcePrefix, defaultResourcePrefix,
+	fs.StringToStringVar(&cfg.ResourceTrackingConfiguration, flagResourceTrackingConfiguration, defaultResourcePrefix,
 		"the prefixes for resource tags, backend SG name and worker node SG rules label.")
 
 	cfg.FeatureGates.BindFlags(fs)
@@ -180,12 +180,12 @@ func (cfg *ControllerConfig) Validate() error {
 	}
 
 	trackingTagKeys := sets.New[string](
-		cfg.ResourcePrefix[ClusterTagPrefixKey]+"/cluster",
-		cfg.ResourcePrefix[ClusterTagPrefixKey]+"/resource",
-		cfg.ResourcePrefix[IngressTagPrefixKey]+"/stack",
-		cfg.ResourcePrefix[IngressTagPrefixKey]+"/resource",
-		cfg.ResourcePrefix[ServiceTagPrefixKey]+"/stack",
-		cfg.ResourcePrefix[ServiceTagPrefixKey]+"/resource",
+		cfg.ResourceTrackingConfiguration[ClusterTagPrefixKey]+"/cluster",
+		cfg.ResourceTrackingConfiguration[ClusterTagPrefixKey]+"/resource",
+		cfg.ResourceTrackingConfiguration[IngressTagPrefixKey]+"/stack",
+		cfg.ResourceTrackingConfiguration[IngressTagPrefixKey]+"/resource",
+		cfg.ResourceTrackingConfiguration[ServiceTagPrefixKey]+"/stack",
+		cfg.ResourceTrackingConfiguration[ServiceTagPrefixKey]+"/resource",
 	)
 
 	if err := cfg.validateDefaultTagsCollisionWithTrackingTags(trackingTagKeys); err != nil {
@@ -254,8 +254,8 @@ func (cfg *ControllerConfig) validateBackendSecurityGroupConfiguration() error {
 }
 
 func (cfg *ControllerConfig) validateResourcePrefixKeys() error {
-	keys := make([]string, 0, len(cfg.ResourcePrefix))
-	for key := range cfg.ResourcePrefix {
+	keys := make([]string, 0, len(cfg.ResourceTrackingConfiguration))
+	for key := range cfg.ResourceTrackingConfiguration {
 		if !validPrefixKeys.Has(key) {
 			return fmt.Errorf("invalid key: %s. Valid keys are: %v", key, validPrefixKeys.List())
 		}

pkg/config/controller_config_test.go

@@ -184,7 +184,7 @@ func TestControllerConfig_validateExternalManagedTagsCollisionWithDefaultTags(t
 
 func TestControllerConfig_validateResourcePrefixKeys(t *testing.T) {
 	type fields struct {
-		ResourcePrefix map[string]string
+		ResourceTrackingConfiguration map[string]string
 	}
 	tests := []struct {
 		name    string
@@ -194,7 +194,7 @@ func TestControllerConfig_validateResourcePrefixKeys(t *testing.T) {
 		{
 			name: "resource prefix has all keys",
 			fields: fields{
-				ResourcePrefix: map[string]string{
+				ResourceTrackingConfiguration: map[string]string{
 					"clusterTagPrefix":         "elbv2.k8s.aws",
 					"ingressTagPrefix":         "ingress.k8s.aws",
 					"serviceTagPrefix":         "service.k8s.aws",
@@ -207,7 +207,7 @@ func TestControllerConfig_validateResourcePrefixKeys(t *testing.T) {
 		{
 			name: "resource prefix has some invalid keys",
 			fields: fields{
-				ResourcePrefix: map[string]string{
+				ResourceTrackingConfiguration: map[string]string{
 					"clusterTagPrefix":    "elbv2.k8s.aws",
 					"ingressTagPrefix":    "ingress.k8s.aws",
 					"serviceTagPrefix":    "service.k8s.aws",
@@ -220,7 +220,7 @@ func TestControllerConfig_validateResourcePrefixKeys(t *testing.T) {
 		{
 			name: "resource prefix is missing some valid keys",
 			fields: fields{
-				ResourcePrefix: map[string]string{
+				ResourceTrackingConfiguration: map[string]string{
 					"clusterTagPrefix":    "elbv2.k8s.aws",
 					"ingressTagPrefix":    "ingress.k8s.aws",
 					"serviceTagPrefix":    "service.k8s.aws",
@@ -233,7 +233,7 @@ func TestControllerConfig_validateResourcePrefixKeys(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg := &ControllerConfig{
-				ResourcePrefix: tt.fields.ResourcePrefix,
+				ResourceTrackingConfiguration: tt.fields.ResourceTrackingConfiguration,
 			}
 			err := cfg.validateResourcePrefixKeys()
 			if tt.wantErr != nil {

pkg/networking/backend_sg_provider.go

@@ -324,13 +324,15 @@ func (p *defaultBackendSGProvider) releaseSG(ctx context.Context) error {
 		p.logger.V(1).Info("releaseSG ignore delete", "required", required, "err", err)
 		return err
 	}
+	p.logger.V(0).Info("releaseSG deleting sg %v", p.autoGeneratedSG)
 	req := &ec2sdk.DeleteSecurityGroupInput{
 		GroupId: awssdk.String(p.autoGeneratedSG),
 	}
 	if err := runtime.RetryImmediateOnError(p.defaultDeletionPollInterval, p.defaultDeletionTimeout, isSecurityGroupDependencyViolationError, func() error {
 		_, err := p.ec2Client.DeleteSecurityGroupWithContext(ctx, req)
 		return err
 	}); err != nil {
+		p.logger.V(0).Info("releaseSG failed to delete securityGroup", "sgID", p.autoGeneratedSG)
 		return errors.Wrap(err, "failed to delete securityGroup")
 	}
 	p.logger.Info("deleted securityGroup", "ID", p.autoGeneratedSG)