-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
L4 RBS External LB NEG support #2565
base: master
Are you sure you want to change the base?
Conversation
e6b84dd
to
2117076
Compare
/assign @cezarygerard |
df95f72
to
c9795fc
Compare
/assign @swetharepakula |
/unassign @swetharepakula |
/unassign @sawsa307 |
/hold let's not merge this before the next code freeze ends |
f2e439f
to
cb279cf
Compare
cb279cf
to
dcff02d
Compare
@@ -191,15 +191,15 @@ func NewTransactionSyncer( | |||
return syncer | |||
} | |||
|
|||
func GetEndpointsCalculator(podLister, nodeLister, serviceLister cache.Indexer, zoneGetter *zonegetter.ZoneGetter, syncerKey negtypes.NegSyncerKey, mode negtypes.EndpointsCalculatorMode, logger klog.Logger, enableDualStackNEG bool, syncMetricsCollector *metricscollector.SyncerMetrics, networkInfo *network.NetworkInfo) negtypes.NetworkEndpointsCalculator { | |||
func GetEndpointsCalculator(podLister, nodeLister, serviceLister cache.Indexer, zoneGetter *zonegetter.ZoneGetter, syncerKey negtypes.NegSyncerKey, mode negtypes.EndpointsCalculatorMode, logger klog.Logger, enableDualStackNEG bool, syncMetricsCollector *metricscollector.SyncerMetrics, networkInfo *network.NetworkInfo, l4LBType negtypes.L4LBType) negtypes.NetworkEndpointsCalculator { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this arg list begs for refactor in the future
// Max number of subsets for NetLB in ExternalTrafficPolicy:Local | ||
maxSubsetSizeNetLBLocal = 1000 | ||
// Max number of subsets for NetLB in ExternalTrafficPolicy:Cluster | ||
maxSubsetSizeNetLBCluster = 250 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what subsets sizes were used for netlb multinetworking?
does this change sizes used for netlb multinetworking now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
multinet uses the same sizes as ILB.
I see no harm in changing this, actually this whole effort will improve multinet
// It exposes methods to calculate Network endpoints for GCE_VM_IP NEGs when the service | ||
// uses "ExternalTrafficPolicy: Local" mode. | ||
// In this mode, the endpoints of the NEG are calculated by listing the nodes that host the service endpoints(pods) | ||
// for the given service. These candidate nodes picked as is, if the count is less than the subset size limit(250). | ||
// Otherwise, a subset of nodes is selected. | ||
// In a cluster with nodes node1... node 50. If nodes node10 to node 45 run the pods for a given ILB service, all these | ||
// nodes - node10, node 11 ... node45 will be part of the subset. | ||
type LocalL4ILBEndpointsCalculator struct { | ||
type LocalL4EndpointsCalculator struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
struct name is changing now, but we could have done it in multintworking change, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
pkg/l4lb/l4netlbcontroller.go
Outdated
return &loadbalancers.L4NetLBSyncResult{Error: fmt.Errorf("Failed to attach L4 External LoadBalancer finalizer to service %s/%s, err %w", service.Namespace, service.Name, err)} | ||
usesNegBackends := false | ||
|
||
if lc.enableNEGSupport || utils.HasL4NetLBFinalizerV3(service) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if we enabled neg support, but there is v2 finalizer?
we should not migrate automatically
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah this is actually wrong, thanks for pointing it out. It's a leftover of changing the logic of how we introduce the NEG variant
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok I changed this
I have 1 major comment you should take V2 finalizer into account and not migrate to V3 event if negs are supported. |
dcff02d
to
24e11c3
Compare
pkg/l4lb/l4netlbcontroller.go
Outdated
if err := common.EnsureServiceFinalizer(service, common.NetLBFinalizerV2, lc.ctx.KubeClient, svcLogger); err != nil { | ||
return &loadbalancers.L4NetLBSyncResult{Error: fmt.Errorf("Failed to attach L4 External LoadBalancer finalizer to service %s/%s, err %w", service.Namespace, service.Name, err)} | ||
usesNegBackends := false | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIT: please add comment above this if explaining why we usesNegBackends
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should not orphan sevices with NetLBFinalizerV3
in casewe had to rollback the feature
if utils.HasL4NetLBFinalizerV3(service) || (lc.enableNEGSupport && !utils.HasL4NetLBFinalizerV2(service) )
please don't hesitate to use brackets, even if they are redundant
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I extracted this to a separate function which should be easier to follow, it was becoming a mess.
@@ -560,6 +560,101 @@ func TestProcessMultinetServiceCreate(t *testing.T) { | |||
deleteNetLBService(lc, svc) | |||
} | |||
|
|||
func TestProcessNEGServiceCreate(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does it make sense to add quick test on scenario with service using V3 finalizer but lc.enableNEGSupport = false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a few tests including one for what you describe.
Others are mostly testing 'rollback like' scenarios
good job Michał! lgtm overall please read my comments |
24e11c3
to
528fadb
Compare
pkg/l4lb/l4netlbcontroller.go
Outdated
if usesNegBackends { | ||
ensureFinalizer = common.NetLBFinalizerV3 | ||
} | ||
if err := common.EnsureServiceFinalizer(service, ensureFinalizer, lc.ctx.KubeClient, svcLogger); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will change finalizer on existing multinet services, did you consider it?
OTOH probably there is no way to avoid it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it won't, multinet is treated differently for now - usesNegBackends
won't be true for them, there is a separate condition below. But it would be good to move them to V3 at some point and unify that logic.
linkType = negLink | ||
} | ||
|
||
if err = lc.ensureBackendLinking(service, linkType, svcLogger); err != nil { | ||
lc.ctx.Recorder(service.Namespace).Eventf(service, v1.EventTypeWarning, "SyncExternalLoadBalancerFailed", | ||
"Error linking instance groups to backend service, err: %v", err) | ||
"Error linking backends to backend service, err: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if Neg is not provisioned yet?
syncInternal should fail and retry immediately, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, the same mechanism as for ILB
pkg/utils/common/finalizer.go
Outdated
@@ -123,3 +125,26 @@ func EnsureDeleteServiceFinalizer(service *corev1.Service, key string, kubeClien | |||
svcLogger.V(2).Info("Removing finalizer from service", "finalizerKey", key) | |||
return patch.PatchServiceObjectMetadata(kubeClient.CoreV1(), service, *updatedObjectMeta) | |||
} | |||
|
|||
// EnsureServiceDeleteFinalizers patches the service to ensure the specified finalizers are not present in the service finalizers list. | |||
// This function is needed if more than one finalikzer has to be removed since you can't invoke the 1 param version multiple times. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// This function is needed if more than one finalizer has to be removed since it is very inefficient to invoke 1-param version multiple times.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
modified, discussed offline
I only have few readability comments the logic looks good to me |
528fadb
to
9265ae3
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cezarygerard, mmamczur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
9265ae3
to
34f18ff
Compare
New changes are detected. LGTM label has been removed. |
Adds 2 new flags related to NetLB RBS NEG support. `--enable-l4-netlb-neg` that will allow to create NEGs for L4 NetLBs. `--enable-l4-netlb-neg-default` which will make all new RBS services use NEG backends.
NetLBFinalizerV3 will be added to the L4 RBS NetLBs that opt-in for NEG support.
When enabled, the NEG controller will create NEGs for L4 RBS NetLBs that are marked by the L4 NetLB controller to be NEG based.
When the feature is enabled the controller can create NEG backed LBs. When the 'NEG default flag' is enabled, all new RBS NetLB services will be created with NEG backends.
34f18ff
to
d196aa1
Compare
This PR contains the implementation of NEG variant of the L4 RBS LoadBalancer