Create Neg CRs when neg crd is enabled

- when EnableNegCrd flag is set, neg client is created - manager will create neg crs when creating syncers - manager will delete neg crs when deleting syncers - manager throws errors if custom names are specified when ingress is desired or if neg crd is not enabled
kubernetes · Jul 16, 2020 · a907fd8 · a907fd8
1 parent ddcbfef
commit a907fd8
Show file tree

Hide file tree

Showing 7 changed files with 876 additions and 25 deletions.
diff --git a/cmd/glbc/main.go b/cmd/glbc/main.go
@@ -38,6 +38,7 @@ import (
 	"k8s.io/client-go/tools/record"
 	backendconfigclient "k8s.io/ingress-gce/pkg/backendconfig/client/clientset/versioned"
 	frontendconfigclient "k8s.io/ingress-gce/pkg/frontendconfig/client/clientset/versioned"
+	svcnegclient "k8s.io/ingress-gce/pkg/svcneg/client/clientset/versioned"
 
 	ingctx "k8s.io/ingress-gce/pkg/context"
 	"k8s.io/ingress-gce/pkg/controller"
@@ -126,11 +127,18 @@ func main() {
 		}
 	}
 
+	var svcNegClient svcnegclient.Interface
 	if flags.F.EnableNegCrd {
 		negCRDMeta := svcneg.CRDMeta()
 		if _, err := crdHandler.EnsureCRD(negCRDMeta); err != nil {
 			klog.Fatalf("Failed to ensure ServiceNetworkEndpointGroup CRD: %v", err)
 		}
+
+		svcNegClient, err = svcnegclient.NewForConfig(kubeConfig)
+		if err != nil {
+			klog.Fatalf("Failed to create NetworkEndpointGroup client: %v", err)
+		}
+
 	}
 
 	namer, err := app.NewNamer(kubeClient, flags.F.ClusterName, firewalls.DefaultFirewallName)
@@ -160,7 +168,7 @@ func main() {
 		ASMConfigMapNamespace: flags.F.ASMConfigMapBasedConfigNamespace,
 		ASMConfigMapName:      flags.F.ASMConfigMapBasedConfigCMName,
 	}
-	ctx := ingctx.NewControllerContext(kubeConfig, kubeClient, backendConfigClient, frontendConfigClient, nil, cloud, namer, kubeSystemUID, ctxConfig)
+	ctx := ingctx.NewControllerContext(kubeConfig, kubeClient, backendConfigClient, frontendConfigClient, svcNegClient, cloud, namer, kubeSystemUID, ctxConfig)
 	go app.RunHTTPServer(ctx.HealthCheck)
 
 	if !flags.F.LeaderElection.LeaderElect {
@@ -253,7 +261,7 @@ func runControllers(ctx *ingctx.ControllerContext) {
 	}
 
 	// TODO: Refactor NEG to use cloud mocks so ctx.Cloud can be referenced within NewController.
-	negController := neg.NewController(negtypes.NewAdapter(ctx.Cloud), ctx, zoneGetter, ctx.ClusterNamer, flags.F.ResyncPeriod, flags.F.NegGCPeriod, flags.F.EnableReadinessReflector, flags.F.RunIngressController, flags.F.RunL4Controller)
+	negController := neg.NewController(negtypes.NewAdapter(ctx.Cloud), ctx, zoneGetter, ctx.ClusterNamer, flags.F.ResyncPeriod, flags.F.NegGCPeriod, flags.F.EnableReadinessReflector, flags.F.RunIngressController, flags.F.RunL4Controller, flags.F.EnableNegCrd)
 
 	go negController.Run(stopCh)
 	klog.V(0).Infof("negController started")

diff --git a/pkg/neg/controller.go b/pkg/neg/controller.go
@@ -99,6 +99,9 @@ type Controller struct {
 
 	// runL4 indicates whether to run NEG controller that processes L4 ILB services
 	runL4 bool
+
+	// indicates whether neg crd have been enabled
+	enableNegCrd bool
 }
 
 // NewController returns a network endpoint group controller.
@@ -112,6 +115,7 @@ func NewController(
 	enableReadinessReflector bool,
 	runIngress bool,
 	runL4Controller bool,
+	enableNegCrd bool,
 ) *Controller {
 	// init event recorder
 	// TODO: move event recorder initializer to main. Reuse it among controllers.
@@ -123,7 +127,11 @@ func NewController(
 	recorder := eventBroadcaster.NewRecorder(scheme.Scheme,
 		apiv1.EventSource{Component: "neg-controller"})
 
-	manager := newSyncerManager(namer, recorder, cloud, zoneGetter, ctx.PodInformer.GetIndexer(), ctx.ServiceInformer.GetIndexer(), ctx.EndpointInformer.GetIndexer(), ctx.NodeInformer.GetIndexer())
+	var svcNegInformer cache.Indexer
+	if enableNegCrd {
+		svcNegInformer = ctx.SvcNegInformer.GetIndexer()
+	}
+	manager := newSyncerManager(namer, recorder, cloud, zoneGetter, ctx.SvcNegClient, ctx.PodInformer.GetIndexer(), ctx.ServiceInformer.GetIndexer(), ctx.EndpointInformer.GetIndexer(), ctx.NodeInformer.GetIndexer(), svcNegInformer)
 	var reflector readiness.Reflector
 	if enableReadinessReflector {
 		reflector = readiness.NewReadinessReflector(ctx, manager)
@@ -151,6 +159,7 @@ func NewController(
 		reflector:             reflector,
 		collector:             ctx.ControllerMetrics,
 		runL4:                 runL4Controller,
+		enableNegCrd:          enableNegCrd,
 	}
 
 	if runIngress {
@@ -432,6 +441,7 @@ func (c *Controller) processService(key string) error {
 	c.collector.DeleteNegService(key)
 	// neg annotation is not found or NEG is not enabled
 	c.manager.StopSyncer(namespace, name)
+
 	// delete the annotation
 	return c.syncNegStatusAnnotation(namespace, name, make(negtypes.PortInfoMap))
 }
@@ -481,12 +491,19 @@ func (c *Controller) mergeStandaloneNEGsPortInfo(service *apiv1.Service, name ty
 			)
 		}
 
-		exposedNegSvcPort, _, err := negServicePorts(negAnnotation, knowSvcPortSet)
+		exposedNegSvcPort, customNames, err := negServicePorts(negAnnotation, knowSvcPortSet)
 		if err != nil {
 			return err
 		}
 
-		if err := portInfoMap.Merge(negtypes.NewPortInfoMap(name.Namespace, name.Name, exposedNegSvcPort, c.namer /*readinessGate*/, true, nil)); err != nil {
+		if !c.enableNegCrd && len(customNames) != 0 {
+			return fmt.Errorf("custom neg name specified in service (%s) but neg crd is not enabled", name.String())
+		}
+		if negAnnotation.NEGEnabledForIngress() && len(customNames) != 0 {
+			return fmt.Errorf("configuration for negs in service (%s) is invalid, custom neg name cannot be used with ingress enabled", name.String())
+		}
+
+		if err := portInfoMap.Merge(negtypes.NewPortInfoMap(name.Namespace, name.Name, exposedNegSvcPort, c.namer /*readinessGate*/, true, customNames)); err != nil {
 			return fmt.Errorf("failed to merge service ports exposed as standalone NEGs (%v) into ingress referenced service ports (%v): %v", exposedNegSvcPort, portInfoMap, err)
 		}
 	}