From 4c8f739c238b7a0a445e129953815fb9aa81c3df Mon Sep 17 00:00:00 2001
From: Daishan Peng <daishan@acorn.io>
Date: Thu, 2 Nov 2023 12:51:12 -0700
Subject: [PATCH] Address comments

Signed-off-by: Daishan Peng <daishan@acorn.io>
---
 controllers/service/service_controller.go |  4 +++-
 main.go                                   | 22 +++++++++++++---------
 pkg/service/model_builder.go              |  4 +---
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/controllers/service/service_controller.go b/controllers/service/service_controller.go
index 2a3b135257..4ce15141a8 100644
--- a/controllers/service/service_controller.go
+++ b/controllers/service/service_controller.go
@@ -111,6 +111,7 @@ func (r *serviceReconciler) reconcile(ctx context.Context, req ctrl.Request) err
 		return client.IgnoreNotFound(err)
 	}
 	if svc.Annotations[service.LoadBalancerAllocatingPortKey] == "true" {
+		// AllocateService has to be locked to gaurantee thread-safe since it read/writes map concurrently
 		r.lock.Lock()
 		if err := r.allocatedService(ctx, svc); err != nil {
 			r.lock.Unlock()
@@ -129,7 +130,8 @@ func (r *serviceReconciler) reconcile(ctx context.Context, req ctrl.Request) err
 	return r.reconcileLoadBalancerResources(ctx, svc, stack, lb, backendSGRequired)
 }
 
-// allocatedService allocates a stack to a service so that it can share load balancer resources with other services.
+// AllocateService makes sure that each service is allocated to a virtual stack, and a stack will not have more than 50 service/listener(the limit of listener on NLB).
+// It maintains an in-memory cache to be able to track the usage. If no stack is available, it will create a new stack.
 func (r *serviceReconciler) allocatedService(ctx context.Context, svc *corev1.Service) error {
 	if !r.initialized {
 		var serviceList corev1.ServiceList
diff --git a/main.go b/main.go
index 810a44d444..f690a069e4 100644
--- a/main.go
+++ b/main.go
@@ -33,11 +33,15 @@ import (
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/throttle"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/config"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/inject"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/networking"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/runtime"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/targetgroupbinding"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/version"
+	corewebhook "sigs.k8s.io/aws-load-balancer-controller/webhooks/core"
+	elbv2webhook "sigs.k8s.io/aws-load-balancer-controller/webhooks/elbv2"
+	networkingwebhook "sigs.k8s.io/aws-load-balancer-controller/webhooks/networking"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -87,7 +91,7 @@ func main() {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
-	//config.ConfigureWebhookServer(controllerCFG.RuntimeConfig, mgr)
+	config.ConfigureWebhookServer(controllerCFG.RuntimeConfig, mgr)
 	clientSet, err := kubernetes.NewForConfig(mgr.GetConfig())
 	if err != nil {
 		setupLog.Error(err, "unable to obtain clientSet")
@@ -145,14 +149,14 @@ func main() {
 		os.Exit(1)
 	}
 
-	//podReadinessGateInjector := inject.NewPodReadinessGate(controllerCFG.PodWebhookConfig,
-	//	mgr.GetClient(), ctrl.Log.WithName("pod-readiness-gate-injector"))
-	//corewebhook.NewPodMutator(podReadinessGateInjector).SetupWithManager(mgr)
-	//corewebhook.NewServiceMutator(controllerCFG.ServiceConfig.LoadBalancerClass, ctrl.Log).SetupWithManager(mgr)
-	//elbv2webhook.NewIngressClassParamsValidator().SetupWithManager(mgr)
-	//elbv2webhook.NewTargetGroupBindingMutator(cloud.ELBV2(), ctrl.Log).SetupWithManager(mgr)
-	//elbv2webhook.NewTargetGroupBindingValidator(mgr.GetClient(), cloud.ELBV2(), ctrl.Log).SetupWithManager(mgr)
-	//networkingwebhook.NewIngressValidator(mgr.GetClient(), controllerCFG.IngressConfig, ctrl.Log).SetupWithManager(mgr)
+	podReadinessGateInjector := inject.NewPodReadinessGate(controllerCFG.PodWebhookConfig,
+		mgr.GetClient(), ctrl.Log.WithName("pod-readiness-gate-injector"))
+	corewebhook.NewPodMutator(podReadinessGateInjector).SetupWithManager(mgr)
+	corewebhook.NewServiceMutator(controllerCFG.ServiceConfig.LoadBalancerClass, ctrl.Log).SetupWithManager(mgr)
+	elbv2webhook.NewIngressClassParamsValidator().SetupWithManager(mgr)
+	elbv2webhook.NewTargetGroupBindingMutator(cloud.ELBV2(), ctrl.Log).SetupWithManager(mgr)
+	elbv2webhook.NewTargetGroupBindingValidator(mgr.GetClient(), cloud.ELBV2(), ctrl.Log).SetupWithManager(mgr)
+	networkingwebhook.NewIngressValidator(mgr.GetClient(), controllerCFG.IngressConfig, ctrl.Log).SetupWithManager(mgr)
 	//+kubebuilder:scaffold:builder
 
 	go func() {
diff --git a/pkg/service/model_builder.go b/pkg/service/model_builder.go
index 49212ba644..43f81fa77b 100644
--- a/pkg/service/model_builder.go
+++ b/pkg/service/model_builder.go
@@ -121,12 +121,10 @@ func (b *defaultModelBuilder) Build(ctx context.Context, service *corev1.Service
 					Namespace: "stack",
 					Name:      svc.Annotations[LoadBalancerStackKey],
 				})
+				b.lock.Lock()
 				if b.stackGlobalCache[stackID] == nil {
-					b.lock.Lock()
 					b.stackGlobalCache[stackID] = core.NewDefaultStack(stackID)
-					b.lock.Unlock()
 				}
-				b.lock.Lock()
 				b.stackGlobalCache[stackID].AddService(&svc)
 				b.lock.Unlock()
 			}