L4 RBS External LB NEG support #2565
Conversation
k8s-ci-robot
added
cncf-cla: yes
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
2 times, most recently
from
e6b84dd
to
2117076
Compare
|
/assign @cezarygerard |
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
3 times, most recently
from
df95f72
to
c9795fc
Compare
|
/assign @swetharepakula |
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
|
/unassign @swetharepakula |
|
/unassign @sawsa307 |
|
/hold let's not merge this before the next code freeze ends |
k8s-ci-robot
added
do-not-merge/hold
k8s-ci-robot
removed
the
needs-rebase
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
2 times, most recently
from
f2e439f
to
cb279cf
Compare
k8s-ci-robot
added
the
needs-rebase
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
from
cb279cf
to
dcff02d
Compare
k8s-ci-robot
removed
the
needs-rebase
| @@ -191,15 +191,15 @@ func NewTransactionSyncer( | |||
| return syncer | |||
| } | |||
|
|
|||
| func GetEndpointsCalculator(podLister, nodeLister, serviceLister cache.Indexer, zoneGetter *zonegetter.ZoneGetter, syncerKey negtypes.NegSyncerKey, mode negtypes.EndpointsCalculatorMode, logger klog.Logger, enableDualStackNEG bool, syncMetricsCollector *metricscollector.SyncerMetrics, networkInfo *network.NetworkInfo) negtypes.NetworkEndpointsCalculator { | |||
| func GetEndpointsCalculator(podLister, nodeLister, serviceLister cache.Indexer, zoneGetter *zonegetter.ZoneGetter, syncerKey negtypes.NegSyncerKey, mode negtypes.EndpointsCalculatorMode, logger klog.Logger, enableDualStackNEG bool, syncMetricsCollector *metricscollector.SyncerMetrics, networkInfo *network.NetworkInfo, l4LBType negtypes.L4LBType) negtypes.NetworkEndpointsCalculator { | |||
There was a problem hiding this comment.
this arg list begs for refactor in the future
| // Max number of subsets for NetLB in ExternalTrafficPolicy:Local | ||
| maxSubsetSizeNetLBLocal = 1000 | ||
| // Max number of subsets for NetLB in ExternalTrafficPolicy:Cluster | ||
| maxSubsetSizeNetLBCluster = 250 |
There was a problem hiding this comment.
what subsets sizes were used for netlb multinetworking?
does this change sizes used for netlb multinetworking now?
There was a problem hiding this comment.
multinet uses the same sizes as ILB.
I see no harm in changing this, actually this whole effort will improve multinet
| // It exposes methods to calculate Network endpoints for GCE_VM_IP NEGs when the service | ||
| // uses "ExternalTrafficPolicy: Local" mode. | ||
| // In this mode, the endpoints of the NEG are calculated by listing the nodes that host the service endpoints(pods) | ||
| // for the given service. These candidate nodes picked as is, if the count is less than the subset size limit(250). | ||
| // Otherwise, a subset of nodes is selected. | ||
| // In a cluster with nodes node1... node 50. If nodes node10 to node 45 run the pods for a given ILB service, all these | ||
| // nodes - node10, node 11 ... node45 will be part of the subset. | ||
| type LocalL4ILBEndpointsCalculator struct { | ||
| type LocalL4EndpointsCalculator struct { |
There was a problem hiding this comment.
struct name is changing now, but we could have done it in multintworking change, right?
pkg/l4lb/l4netlbcontroller.go
Outdated
| return &loadbalancers.L4NetLBSyncResult{Error: fmt.Errorf("Failed to attach L4 External LoadBalancer finalizer to service %s/%s, err %w", service.Namespace, service.Name, err)} | ||
| usesNegBackends := false | ||
|
|
||
| if lc.enableNEGSupport || utils.HasL4NetLBFinalizerV3(service) { |
There was a problem hiding this comment.
what if we enabled neg support, but there is v2 finalizer?
we should not migrate automatically
There was a problem hiding this comment.
yeah this is actually wrong, thanks for pointing it out. It's a leftover of changing the logic of how we introduce the NEG variant
|
I have 1 major comment you should take V2 finalizer into account and not migrate to V3 event if negs are supported. |
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
from
dcff02d
to
24e11c3
Compare
pkg/l4lb/l4netlbcontroller.go
Outdated
| if err := common.EnsureServiceFinalizer(service, common.NetLBFinalizerV2, lc.ctx.KubeClient, svcLogger); err != nil { | ||
| return &loadbalancers.L4NetLBSyncResult{Error: fmt.Errorf("Failed to attach L4 External LoadBalancer finalizer to service %s/%s, err %w", service.Namespace, service.Name, err)} | ||
| usesNegBackends := false | ||
|
|
There was a problem hiding this comment.
NIT: please add comment above this if explaining why we usesNegBackends
There was a problem hiding this comment.
we should not orphan sevices with NetLBFinalizerV3
in casewe had to rollback the feature
if utils.HasL4NetLBFinalizerV3(service) || (lc.enableNEGSupport && !utils.HasL4NetLBFinalizerV2(service) )
please don't hesitate to use brackets, even if they are redundant
There was a problem hiding this comment.
I extracted this to a separate function which should be easier to follow, it was becoming a mess.
| @@ -560,6 +560,101 @@ func TestProcessMultinetServiceCreate(t *testing.T) { | |||
| deleteNetLBService(lc, svc) | |||
| } | |||
|
|
|||
| func TestProcessNEGServiceCreate(t *testing.T) { | |||
There was a problem hiding this comment.
does it make sense to add quick test on scenario with service using V3 finalizer but lc.enableNEGSupport = false
There was a problem hiding this comment.
I added a few tests including one for what you describe.
Others are mostly testing 'rollback like' scenarios
|
good job Michał! lgtm overall please read my comments |
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
from
24e11c3
to
528fadb
Compare
k8s-ci-robot
added
size/XL
pkg/l4lb/l4netlbcontroller.go
Outdated
| if usesNegBackends { | ||
| ensureFinalizer = common.NetLBFinalizerV3 | ||
| } | ||
| if err := common.EnsureServiceFinalizer(service, ensureFinalizer, lc.ctx.KubeClient, svcLogger); err != nil { |
There was a problem hiding this comment.
this will change finalizer on existing multinet services, did you consider it?
OTOH probably there is no way to avoid it
There was a problem hiding this comment.
it won't, multinet is treated differently for now - usesNegBackends won't be true for them, there is a separate condition below. But it would be good to move them to V3 at some point and unify that logic.
| linkType = negLink | ||
| } | ||
|
|
||
| if err = lc.ensureBackendLinking(service, linkType, svcLogger); err != nil { | ||
| lc.ctx.Recorder(service.Namespace).Eventf(service, v1.EventTypeWarning, "SyncExternalLoadBalancerFailed", | ||
| "Error linking instance groups to backend service, err: %v", err) | ||
| "Error linking backends to backend service, err: %v", err) |
There was a problem hiding this comment.
what if Neg is not provisioned yet?
syncInternal should fail and retry immediately, right?
There was a problem hiding this comment.
yes, the same mechanism as for ILB
pkg/utils/common/finalizer.go
Outdated
| @@ -123,3 +125,26 @@ func EnsureDeleteServiceFinalizer(service *corev1.Service, key string, kubeClien | |||
| svcLogger.V(2).Info("Removing finalizer from service", "finalizerKey", key) | |||
| return patch.PatchServiceObjectMetadata(kubeClient.CoreV1(), service, *updatedObjectMeta) | |||
| } | |||
|
|
|||
| // EnsureServiceDeleteFinalizers patches the service to ensure the specified finalizers are not present in the service finalizers list. | |||
| // This function is needed if more than one finalikzer has to be removed since you can't invoke the 1 param version multiple times. | |||
There was a problem hiding this comment.
// This function is needed if more than one finalizer has to be removed since it is very inefficient to invoke 1-param version multiple times.
There was a problem hiding this comment.
modified, discussed offline
|
I only have few readability comments the logic looks good to me |
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
from
528fadb
to
9265ae3
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cezarygerard, mmamczur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
from
9265ae3
to
34f18ff
Compare
k8s-ci-robot
removed
the
lgtm
|
New changes are detected. LGTM label has been removed. |
k8s-ci-robot
added
the
needs-rebase
Adds 2 new flags related to NetLB RBS NEG support. `--enable-l4-netlb-neg` that will allow to create NEGs for L4 NetLBs. `--enable-l4-netlb-neg-default` which will make all new RBS services use NEG backends.
NetLBFinalizerV3 will be added to the L4 RBS NetLBs that opt-in for NEG support.
When enabled, the NEG controller will create NEGs for L4 RBS NetLBs that are marked by the L4 NetLB controller to be NEG based.
When the feature is enabled the controller can create NEG backed LBs. When the 'NEG default flag' is enabled, all new RBS NetLB services will be created with NEG backends.
mmamczur
force-pushed
the
ext_l4_lb_negs
branch
from
34f18ff
to
d196aa1
Compare
k8s-ci-robot
removed
the
needs-rebase
This PR contains the implementation of NEG variant of the L4 RBS LoadBalancer