Add New Environment Variables for Load Balancer Configuration

docs/guides/load-balancer/configuration.md

@@ -6,8 +6,17 @@ Load Balancers are configured via Kubernetes [annotations](https://kubernetes.io
 
 For convenience, you can set the following environment variables as cluster-wide defaults, so you don't have to set them on each load balancer service. If a load balancer service has the corresponding annotation set, it overrides the default.
 
+- `HCLOUD_LOAD_BALANCERS_ALGORITHM_TYPE`
+- `HCLOUD_LOAD_BALANCERS_DISABLE_IPV6`
+- `HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS`
+- `HCLOUD_LOAD_BALANCERS_DISABLE_PUBLIC_NETWORK`
+- `HCLOUD_LOAD_BALANCERS_ENABLED`
+- `HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_INTERVAL`
+- `HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_RETRIES`
+- `HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_TIMEOUT`
 - `HCLOUD_LOAD_BALANCERS_LOCATION` (mutually exclusive with `HCLOUD_LOAD_BALANCERS_NETWORK_ZONE`)
 - `HCLOUD_LOAD_BALANCERS_NETWORK_ZONE` (mutually exclusive with `HCLOUD_LOAD_BALANCERS_LOCATION`)
-- `HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS`
+- `HCLOUD_LOAD_BALANCERS_PRIVATE_SUBNET_IP_RANGE`
+- `HCLOUD_LOAD_BALANCERS_TYPE`
 - `HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP`
-- `HCLOUD_LOAD_BALANCERS_ENABLED`
+- `HCLOUD_LOAD_BALANCERS_USES_PROXYPROTOCOL`

internal/config/config.go

@@ -5,10 +5,12 @@ import (
 	"fmt"
 	"os"
 	"strconv"
+	"strings"
 	"time"
 
 	"k8s.io/klog/v2"
 
+	"github.com/hetznercloud/hcloud-go/v2/hcloud"
 	"github.com/hetznercloud/hcloud-go/v2/hcloud/exp/kit/envutil"
 )
 
@@ -31,12 +33,20 @@ const (
 	hcloudNetworkDisableAttachedCheck = "HCLOUD_NETWORK_DISABLE_ATTACHED_CHECK"
 	hcloudNetworkRoutesEnabled        = "HCLOUD_NETWORK_ROUTES_ENABLED"
 
+	hcloudLoadBalancersAlgorithmType         = "HCLOUD_LOAD_BALANCERS_ALGORITHM_TYPE"
+	hcloudLoadBalancersDisableIPv6           = "HCLOUD_LOAD_BALANCERS_DISABLE_IPV6"
+	hcloudLoadBalancersDisablePrivateIngress = "HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS"
+	hcloudLoadBalancersDisablePublicNetwork  = "HCLOUD_LOAD_BALANCERS_DISABLE_PUBLIC_NETWORK"
 	hcloudLoadBalancersEnabled               = "HCLOUD_LOAD_BALANCERS_ENABLED"
+	hcloudLoadBalancersHealthCheckInterval   = "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_INTERVAL"
+	hcloudLoadBalancersHealthCheckRetries    = "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_RETRIES"
+	hcloudLoadBalancersHealthCheckTimeout    = "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_TIMEOUT"
 	hcloudLoadBalancersLocation              = "HCLOUD_LOAD_BALANCERS_LOCATION"
 	hcloudLoadBalancersNetworkZone           = "HCLOUD_LOAD_BALANCERS_NETWORK_ZONE"
-	hcloudLoadBalancersDisablePrivateIngress = "HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS"
+	hcloudLoadBalancersPrivateSubnetIPRange  = "HCLOUD_LOAD_BALANCERS_PRIVATE_SUBNET_IP_RANGE"
+	hcloudLoadBalancersType                  = "HCLOUD_LOAD_BALANCERS_TYPE"
 	hcloudLoadBalancersUsePrivateIP          = "HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP"
-	hcloudLoadBalancersDisableIPv6           = "HCLOUD_LOAD_BALANCERS_DISABLE_IPV6"
+	hcloudLoadBalancersUsesProxyProtocol     = "HCLOUD_LOAD_BALANCERS_USES_PROXYPROTOCOL"
 
 	hcloudMetricsEnabled = "HCLOUD_METRICS_ENABLED"
 	hcloudMetricsAddress = ":8233"
@@ -76,12 +86,21 @@ type InstanceConfiguration struct {
 }
 
 type LoadBalancerConfiguration struct {
-	Enabled               bool
-	Location              string
-	NetworkZone           string
-	PrivateIngressEnabled bool
-	PrivateIPEnabled      bool
-	IPv6Enabled           bool
+	AlgorithmType           hcloud.LoadBalancerAlgorithmType
+	DisablePublicNetwork    bool
+	Enabled                 bool
+	HealthCheckInterval     time.Duration
+	HealthCheckRetries      int
+	HealthCheckTimeout      time.Duration
+	IPv6Enabled             bool
+	Location                string
+	NetworkZone             string
+	PrivateIngressEnabled   bool
+	PrivateIPEnabled        bool
+	PrivateSubnetIPRange    string
+	ProxyProtocolEnabled    bool
+	ProxyProtocolEnabledSet bool
+	Type                    string
 }
 
 type NetworkConfiguration struct {
@@ -183,12 +202,70 @@ func Read() (HCCMConfiguration, error) {
 		errs = append(errs, err)
 	}
 
+	cfg.LoadBalancer.ProxyProtocolEnabled, err = getEnvBool(hcloudLoadBalancersUsesProxyProtocol, false)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	// Workaround to keep bug https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/876
+	if _, exists := os.LookupEnv(hcloudLoadBalancersUsesProxyProtocol); exists {
+		cfg.LoadBalancer.ProxyProtocolEnabledSet = true
+	}
+
 	disableIPv6, err := getEnvBool(hcloudLoadBalancersDisableIPv6, false)
 	if err != nil {
 		errs = append(errs, err)
 	}
 	cfg.LoadBalancer.IPv6Enabled = !disableIPv6 // Invert the logic, as the env var is prefixed with DISABLE_.
 
+	if subnetRange, ok := os.LookupEnv(hcloudLoadBalancersPrivateSubnetIPRange); ok {
+		cfg.LoadBalancer.PrivateSubnetIPRange = subnetRange
+	}
+
+	if algorithmType, ok := os.LookupEnv(hcloudLoadBalancersAlgorithmType); ok {
+		alg, parseErr := parseLoadBalancerAlgorithmType(algorithmType)
+		if parseErr != nil {
+			errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersAlgorithmType, parseErr))
+		} else {
+			cfg.LoadBalancer.AlgorithmType = alg
+		}
+	}
+
+	if interval, ok := os.LookupEnv(hcloudLoadBalancersHealthCheckInterval); ok {
+		d, parseErr := time.ParseDuration(interval)
+		if parseErr != nil {
+			errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersHealthCheckInterval, parseErr))
+		} else {
+			cfg.LoadBalancer.HealthCheckInterval = d
+		}
+	}
+
+	if timeout, ok := os.LookupEnv(hcloudLoadBalancersHealthCheckTimeout); ok {
+		d, parseErr := time.ParseDuration(timeout)
+		if parseErr != nil {
+			errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersHealthCheckTimeout, parseErr))
+		} else {
+			cfg.LoadBalancer.HealthCheckTimeout = d
+		}
+	}
+
+	if retries, ok := os.LookupEnv(hcloudLoadBalancersHealthCheckRetries); ok {
+		v, parseErr := strconv.Atoi(retries)
+		if parseErr != nil {
+			errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersHealthCheckRetries, parseErr))
+		} else {
+			cfg.LoadBalancer.HealthCheckRetries = v
+		}
+	}
+
+	cfg.LoadBalancer.DisablePublicNetwork, err = getEnvBool(hcloudLoadBalancersDisablePublicNetwork, false)
+	if err != nil {
+		errs = append(errs, err)
+	}
+
+	if lbType, ok := os.LookupEnv(hcloudLoadBalancersType); ok {
+		cfg.LoadBalancer.Type = lbType
+	}
+
 	cfg.Network.NameOrID = os.Getenv(hcloudNetwork)
 	disableAttachedCheck, err := getEnvBool(hcloudNetworkDisableAttachedCheck, false)
 	if err != nil {
@@ -280,3 +357,12 @@ func getEnvDuration(key string) (time.Duration, error) {
 
 	return b, nil
 }
+
+func parseLoadBalancerAlgorithmType(value string) (hcloud.LoadBalancerAlgorithmType, error) {
+	v := strings.ToLower(strings.TrimSpace(value))
+	alg := hcloud.LoadBalancerAlgorithmType(v)
+	if alg == hcloud.LoadBalancerAlgorithmTypeRoundRobin || alg == hcloud.LoadBalancerAlgorithmTypeLeastConnections {
+		return alg, nil
+	}
+	return "", fmt.Errorf("unsupported value %q", value)
+}

internal/config/config_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/hetznercloud/hcloud-cloud-controller-manager/internal/testsupport"
+	"github.com/hetznercloud/hcloud-go/v2/hcloud"
 )
 
 func TestRead(t *testing.T) {
@@ -123,6 +124,14 @@ failed to read ROBOT_PASSWORD_FILE: open /tmp/hetzner-password: no such file or
 				"HCLOUD_TOKEN", "jr5g7ZHpPptyhJzZyHw2Pqu4g9gTqDvEceYpngPf79jN_NOT_VALID_dzhepnahq",
 				"HCLOUD_ENDPOINT", "https://api.example.com",
 				"HCLOUD_DEBUG", "true",
+				"HCLOUD_LOAD_BALANCERS_PRIVATE_SUBNET_IP_RANGE", "10.1.0.0/24",
+				"HCLOUD_LOAD_BALANCERS_USES_PROXYPROTOCOL", "true",
+				"HCLOUD_LOAD_BALANCERS_ALGORITHM_TYPE", "least_connections",
+				"HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_INTERVAL", "30s",
+				"HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_TIMEOUT", "5s",
+				"HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_RETRIES", "5",
+				"HCLOUD_LOAD_BALANCERS_DISABLE_PUBLIC_NETWORK", "true",
+				"HCLOUD_LOAD_BALANCERS_TYPE", "lb21",
 			},
 			want: HCCMConfiguration{
 				HCloudClient: HCloudClientConfiguration{
@@ -137,9 +146,18 @@ failed to read ROBOT_PASSWORD_FILE: open /tmp/hetzner-password: no such file or
 					AttachedCheckEnabled: true,
 				},
 				LoadBalancer: LoadBalancerConfiguration{
-					Enabled:               true,
-					PrivateIngressEnabled: true,
-					IPv6Enabled:           true,
+					Enabled:                 true,
+					PrivateIngressEnabled:   true,
+					IPv6Enabled:             true,
+					PrivateSubnetIPRange:    "10.1.0.0/24",
+					ProxyProtocolEnabled:    true,
+					ProxyProtocolEnabledSet: true,
+					AlgorithmType:           hcloud.LoadBalancerAlgorithmTypeLeastConnections,
+					HealthCheckInterval:     30 * time.Second,
+					HealthCheckTimeout:      5 * time.Second,
+					HealthCheckRetries:      5,
+					DisablePublicNetwork:    true,
+					Type:                    "lb21",
 				},
 			},
 			wantErr: nil,