Enhance LoadBalancer status updates with conditions handling and refactor related functions

Author: 08volt

cmd/glbc/main.go

@@ -365,6 +365,7 @@ func main() {
 		EnableL4ILBZonalAffinity:                  flags.F.EnableL4ILBZonalAffinity,
 		EnableL4NetLBForwardingRulesOptimizations: flags.F.EnableL4NetLBForwardingRulesOptimizations,
 		ReadOnlyMode:                              flags.F.ReadOnlyMode,
+		EnableL4LBConditions:                      flags.F.EnableL4LBConditions,
 	}
 	ctx, err := ingctx.NewControllerContext(kubeClient, backendConfigClient, frontendConfigClient, firewallCRClient, svcNegClient, svcAttachmentClient, networkClient, nodeTopologyClient, eventRecorderKubeClient, cloud, namer, kubeSystemUID, ctxConfig, rootLogger)
 	if err != nil {

pkg/context/context.go

@@ -138,6 +138,7 @@ type ControllerContextConfig struct {
 	EnableL4ILBMixedProtocol                  bool
 	EnableL4NetLBMixedProtocol                bool
 	EnableL4NetLBForwardingRulesOptimizations bool
+	EnableL4LBConditions                      bool
 }
 
 // NewControllerContext returns a new shared set of informers.

pkg/flags/flags.go

@@ -149,6 +149,7 @@ var F = struct {
 	EnableNEGsForIngress                      bool
 	L4ILBLegacyHeadStartTime                  time.Duration
 	EnableIPv6NodeNEGEndpoints                bool
+	EnableL4LBConditions                      bool
 
 	// ===============================
 	// DEPRECATED FLAGS
@@ -362,6 +363,7 @@ L7 load balancing. CSV values accepted. Example: -node-port-ranges=80,8080,400-5
 	flag.BoolVar(&F.EnableNEGsForIngress, "enable-negs-for-ingress", true, "Allow the NEG controller to create NEGs for Ingress services.")
 	flag.DurationVar(&F.L4ILBLegacyHeadStartTime, "prevent-legacy-race-l4-ilb", 0*time.Second, "Delay before processing new L4 ILB services without existing finalizers. This gives the legacy controller a head start to claim the service, preventing a race condition upon service creation.")
 	flag.BoolVar(&F.EnableIPv6NodeNEGEndpoints, "enable-ipv6-node-neg-endpoints", false, "Enable populating IPv6 addresses for Node IPs in GCE_VM_IP NEGs.")
+	flag.BoolVar(&F.EnableL4LBConditions, "enable-l4lb-svc-conditions", false, "Enable Conditions on L4 LB Service status to reflect provisioned GCP resources.")
 }
 
 func Validate() {

pkg/l4conditions/conditions.go

@@ -0,0 +1,95 @@
+package l4conditions
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	BackendServiceConditionType = "ServiceLoadBalancerBackendService"
+
+	TCPForwardingRuleConditionType = "ServiceLoadBalancerTCPForwardingRule"
+	UDPForwardingRuleConditionType = "ServiceLoadBalancerUDPForwardingRule"
+	L3ForwardingRuleConditionType  = "ServiceLoadBalancerL3ForwardingRule"
+
+	TCPIPv6ForwardingRuleConditionType = "ServiceLoadBalancerTCPIPv6ForwardingRule"
+	UDPIPv6ForwardingRuleConditionType = "ServiceLoadBalancerUDPIPv6ForwardingRule"
+	L3IPv6ForwardingRuleConditionType  = "ServiceLoadBalancerL3IPv6ForwardingRule"
+
+	HealthCheckConditionType             = "ServiceLoadBalancerHealthCheck"
+	FirewallRuleConditionType            = "ServiceLoadBalancerFirewallRule"
+	IPv6FirewallRuleConditionType        = "ServiceLoadBalancerIPv6FirewallRule"
+	FirewallHealthCheckConditionType     = "ServiceLoadBalancerFirewallRuleForHealthCheck"
+	FirewallHealthCheckIPv6ConditionType = "ServiceLoadBalancerFirewallRuleForHealthCheckIPv6"
+
+	ConditionReason = "GCEResourceAllocated"
+)
+
+func NewConditionResourceAllocated(conditionType string, resourceName string) metav1.Condition {
+	return metav1.Condition{
+		LastTransitionTime: metav1.Now(),
+		Type:               conditionType,
+		Status:             metav1.ConditionTrue,
+		Reason:             ConditionReason,
+		Message:            resourceName,
+	}
+}
+
+// NewBackendServiceCondition creates a condition for the backend service.
+func NewBackendServiceCondition(bsName string) metav1.Condition {
+	return NewConditionResourceAllocated(BackendServiceConditionType, bsName)
+}
+
+// NewTCPForwardingRuleCondition creates a condition for the TCP forwarding rule.
+func NewTCPForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(TCPForwardingRuleConditionType, frName)
+}
+
+// NewUDPForwardingRuleCondition creates a condition for the UDP forwarding rule.
+func NewUDPForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(UDPForwardingRuleConditionType, frName)
+}
+
+// NewL3ForwardingRuleCondition creates a condition for the L3 forwarding rule.
+func NewL3ForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(L3ForwardingRuleConditionType, frName)
+}
+
+// NewTCPIPv6ForwardingRuleCondition creates a condition for the TCP forwarding rule.
+func NewTCPIPv6ForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(TCPIPv6ForwardingRuleConditionType, frName)
+}
+
+// NewUDPIPv6ForwardingRuleCondition creates a condition for the UDP forwarding rule.
+func NewUDPIPv6ForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(UDPIPv6ForwardingRuleConditionType, frName)
+}
+
+// NewL3IPv6ForwardingRuleCondition creates a condition for the L3 forwarding rule.
+func NewL3IPv6ForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(L3IPv6ForwardingRuleConditionType, frName)
+}
+
+// NewHealthCheckCondition creates a condition for the health check.
+func NewHealthCheckCondition(hcName string) metav1.Condition {
+	return NewConditionResourceAllocated(HealthCheckConditionType, hcName)
+}
+
+// NewFirewallCondition creates a condition for the firewall.
+func NewFirewallCondition(fwName string) metav1.Condition {
+	return NewConditionResourceAllocated(FirewallRuleConditionType, fwName)
+}
+
+// NewIPv6FirewallCondition creates a condition for the IPv6 firewall.
+func NewIPv6FirewallCondition(fwName string) metav1.Condition {
+	return NewConditionResourceAllocated(IPv6FirewallRuleConditionType, fwName)
+}
+
+// NewFirewallHealthCheckCondition creates a condition for the firewall health check.
+func NewFirewallHealthCheckCondition(fwName string) metav1.Condition {
+	return NewConditionResourceAllocated(FirewallHealthCheckConditionType, fwName)
+}
+
+// NewFirewallHealthCheckIPv6Condition creates a condition for the firewall health check IPv6.
+func NewFirewallHealthCheckIPv6Condition(fwName string) metav1.Condition {
+	return NewConditionResourceAllocated(FirewallHealthCheckIPv6ConditionType, fwName)
+}

pkg/l4lb/l4controller.go

@@ -28,6 +28,7 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
@@ -390,7 +391,11 @@ func (l4c *L4Controller) processServiceCreateOrUpdate(service *v1.Service, svcLo
 		syncResult.Error = err
 		return syncResult
 	}
-	err = updateServiceStatus(l4c.ctx, service, syncResult.Status, svcLogger)
+	expectedConditions := []metav1.Condition{}
+	if l4c.ctx.EnableL4LBConditions {
+		expectedConditions = syncResult.Conditions
+	}
+	err = updateServiceStatus(l4c.ctx, service, syncResult.Status, expectedConditions, svcLogger)
 	if err != nil {
 		l4c.ctx.Recorder(service.Namespace).Eventf(service, v1.EventTypeWarning, "SyncLoadBalancerFailed",
 			"Error updating load balancer status: %v", err)
@@ -460,7 +465,7 @@ func (l4c *L4Controller) processServiceDeletion(key string, svc *v1.Service, svc
 	// Reset the loadbalancer status first, before resetting annotations.
 	// Other controllers(like service-controller) will process the service update if annotations change, but will ignore a service status change.
 	// Following this order avoids a race condition when a service is changed from LoadBalancer type Internal to External.
-	if err := updateServiceStatus(l4c.ctx, svc, &v1.LoadBalancerStatus{}, svcLogger); err != nil {
+	if err := updateServiceStatus(l4c.ctx, svc, &v1.LoadBalancerStatus{}, []metav1.Condition{}, svcLogger); err != nil {
 		l4c.ctx.Recorder(svc.Namespace).Eventf(svc, v1.EventTypeWarning, "DeleteLoadBalancer",
 			"Error resetting load balancer status to empty: %v", err)
 		result.Error = fmt.Errorf("failed to reset ILB status, err: %w", err)

pkg/l4lb/l4lbcommon.go

@@ -100,13 +100,21 @@ func deleteAnnotation(ctx *context.ControllerContext, svc *v1.Service, annotatio
 }
 
 // updateServiceStatus this faction checks if LoadBalancer status changed and patch service if needed.
-func updateServiceStatus(ctx *context.ControllerContext, svc *v1.Service, newStatus *v1.LoadBalancerStatus, svcLogger klog.Logger) error {
-	svcLogger.V(2).Info("Updating service status", "newStatus", fmt.Sprintf("%+v", newStatus))
-	if helpers.LoadBalancerStatusEqual(&svc.Status.LoadBalancer, newStatus) {
-		svcLogger.V(2).Info("New and old statuses are equal, skipping patch")
-		return nil
+func updateServiceStatus(ctx *context.ControllerContext, svc *v1.Service, newStatus *v1.LoadBalancerStatus, newConditions []metav1.Condition, svcLogger klog.Logger) error {
+	svcLogger.V(2).Info("Updating service status and conditions", "newStatus", fmt.Sprintf("%+v", newStatus), "newConditions", fmt.Sprintf("%+v", newConditions))
+
+	lbStatusEqual := helpers.LoadBalancerStatusEqual(&svc.Status.LoadBalancer, newStatus)
+	lbConditionsEqual := conditionsEqual(svc.Status.Conditions, newConditions)
+
+	if !lbStatusEqual || !lbConditionsEqual {
+		svcLogger.V(2).Info("Patching LoadBalancer status and Conditions", "newStatus", fmt.Sprintf("%+v", newStatus), "newConditions", fmt.Sprintf("%+v", newConditions))
+		return patch.PatchServiceStatus(ctx.KubeClient.CoreV1(), svc, v1.ServiceStatus{
+			LoadBalancer: *newStatus,
+			Conditions:   newConditions,
+		})
 	}
-	return patch.PatchServiceLoadBalancerStatus(ctx.KubeClient.CoreV1(), svc, *newStatus)
+	svcLogger.V(3).Info("Service status not changed, skipping patch for service")
+	return nil
 }
 
 // isHealthCheckDeleted checks if given health check exists in GCE
@@ -155,3 +163,24 @@ func finalizerWasRemovedUnexpectedly(oldService, newService *v1.Service, finaliz
 	svcToBeDeleted := newService.ObjectMeta.DeletionTimestamp != nil
 	return oldSvcHasLegacyFinalizer && !newSvcHasLegacyFinalizer && !svcToBeDeleted
 }
+
+// conditionsEqual checks if load balancer conditions are equal
+func conditionsEqual(l, r []metav1.Condition) bool {
+	if len(l) != len(r) {
+		return false
+	}
+	lMap := make(map[string]metav1.Condition)
+	for _, cond := range l {
+		lMap[cond.Type] = cond
+	}
+	for _, condR := range r {
+		condL, found := lMap[condR.Type]
+		if !found {
+			return false
+		}
+		if condL.Status != condR.Status || condL.Reason != condR.Reason || condL.Message != condR.Message {
+			return false
+		}
+	}
+	return true
+}

pkg/l4lb/l4lbcommon_test.go

@@ -141,3 +141,118 @@ func TestFinalizerWasRemovedUnexpectedly(t *testing.T) {
 		})
 	}
 }
+
+func TestConditionsEqual(t *testing.T) {
+	testCases := []struct {
+		desc           string
+		left           []metav1.Condition
+		right          []metav1.Condition
+		expectedResult bool
+	}{
+		{
+			desc:           "Both empty",
+			left:           []metav1.Condition{},
+			right:          []metav1.Condition{},
+			expectedResult: true,
+		},
+		{
+			desc:           "One nil, one empty",
+			left:           nil,
+			right:          []metav1.Condition{},
+			expectedResult: true,
+		},
+		{
+			desc: "Different lengths",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue},
+			},
+			right:          []metav1.Condition{},
+			expectedResult: false,
+		},
+		{
+			desc: "Same conditions, same order",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, Reason: "ReasonA", Message: "MsgA"},
+				{Type: "Synced", Status: metav1.ConditionFalse, Reason: "ReasonB", Message: "MsgB"},
+			},
+			right: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, Reason: "ReasonA", Message: "MsgA"},
+				{Type: "Synced", Status: metav1.ConditionFalse, Reason: "ReasonB", Message: "MsgB"},
+			},
+			expectedResult: true,
+		},
+		{
+			desc: "Same conditions, different order",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue},
+				{Type: "Synced", Status: metav1.ConditionFalse},
+			},
+			right: []metav1.Condition{
+				{Type: "Synced", Status: metav1.ConditionFalse},
+				{Type: "Ready", Status: metav1.ConditionTrue},
+			},
+			expectedResult: true,
+		},
+		{
+			desc: "Missing condition type in right",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue},
+				{Type: "Synced", Status: metav1.ConditionTrue},
+			},
+			right: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue},
+				{Type: "Other", Status: metav1.ConditionTrue},
+			},
+			expectedResult: false,
+		},
+		{
+			desc: "Different Status",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue},
+			},
+			right: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionFalse},
+			},
+			expectedResult: false,
+		},
+		{
+			desc: "Different Reason",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, Reason: "Foo"},
+			},
+			right: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, Reason: "Bar"},
+			},
+			expectedResult: false,
+		},
+		{
+			desc: "Different Message",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, Message: "Foo"},
+			},
+			right: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, Message: "Bar"},
+			},
+			expectedResult: false,
+		},
+		{
+			desc: "Extra fields in left ignored (LastTransitionTime is not checked)",
+			left: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue, LastTransitionTime: metav1.Now()},
+			},
+			right: []metav1.Condition{
+				{Type: "Ready", Status: metav1.ConditionTrue},
+			},
+			expectedResult: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			gotResult := conditionsEqual(tc.left, tc.right)
+			if gotResult != tc.expectedResult {
+				t.Errorf("conditionsEqual() = %v, expected %v", gotResult, tc.expectedResult)
+			}
+		})
+	}
+}

pkg/l4lb/l4netlbcontroller.go

@@ -29,6 +29,7 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta"
 	"github.com/google/go-cmp/cmp"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/tools/cache"
@@ -685,7 +686,12 @@ func (lc *L4NetLBController) syncInternal(service *v1.Service, svcLogger klog.Lo
 		return syncResult
 	}
 
-	err = updateServiceStatus(lc.ctx, service, syncResult.Status, svcLogger)
+	expectedConditions := []metav1.Condition{}
+	if lc.ctx.EnableL4LBConditions {
+		expectedConditions = syncResult.Conditions
+	}
+
+	err = updateServiceStatus(lc.ctx, service, syncResult.Status, expectedConditions, svcLogger)
 	if err != nil {
 		lc.ctx.Recorder(service.Namespace).Eventf(service, v1.EventTypeWarning, "SyncExternalLoadBalancerFailed",
 			"Error updating L4 External LoadBalancer, err: %v", err)
@@ -894,7 +900,7 @@ func (lc *L4NetLBController) garbageCollectRBSNetLB(key string, svc *v1.Service,
 		return result
 	}
 
-	if err := updateServiceStatus(lc.ctx, svc, &v1.LoadBalancerStatus{}, svcLogger); err != nil {
+	if err := updateServiceStatus(lc.ctx, svc, &v1.LoadBalancerStatus{}, []metav1.Condition{}, svcLogger); err != nil {
 		lc.ctx.Recorder(svc.Namespace).Eventf(svc, v1.EventTypeWarning, "DeleteLoadBalancer",
 			"Error resetting L4 External LoadBalancer status to empty, err: %v", err)
 		result.Error = fmt.Errorf("Failed to reset L4 External LoadBalancer status, err: %w", err)