Merge pull request #1141 from CecileRobertMichon/lb-reconcile-merge

k8s-ci-robot · web-flow · commit e8f327d183af · 2021-01-26T13:20:32.000-08:00
🐛   Merge load balancer properties with existing properties to avoid overwriting cloud provider rules
diff --git a/cloud/services/loadbalancers/client.go b/cloud/services/loadbalancers/client.go
@@ -66,14 +66,32 @@ func (ac *AzureClient) CreateOrUpdate(ctx context.Context, resourceGroupName str
 	ctx, span := tele.Tracer().Start(ctx, "loadbalancers.AzureClient.CreateOrUpdate")
 	defer span.End()
 
-	future, err := ac.loadbalancers.CreateOrUpdate(ctx, resourceGroupName, lbName, lb)
+	var etag string
+	if lb.Etag != nil {
+		etag = *lb.Etag
+	}
+
+	req, err := ac.loadbalancers.CreateOrUpdatePreparer(ctx, resourceGroupName, lbName, lb)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "network.LoadBalancersClient", "CreateOrUpdate", nil, "Failure preparing request")
+		return err
+	}
+
+	if etag != "" {
+		req.Header.Add("If-Match", etag)
+	}
+
+	future, err := ac.loadbalancers.CreateOrUpdateSender(req)
 	if err != nil {
+		err = autorest.NewErrorWithError(err, "network.LoadBalancersClient", "CreateOrUpdate", future.Response(), "Failure sending request")
 		return err
 	}
+
 	err = future.WaitForCompletionRef(ctx, ac.loadbalancers.Client)
 	if err != nil {
 		return err
 	}
+
 	_, err = future.Result(ac.loadbalancers)
 	return err
 }
diff --git a/cloud/services/loadbalancers/loadbalancers.go b/cloud/services/loadbalancers/loadbalancers.go
@@ -31,6 +31,12 @@ import (
 	"sigs.k8s.io/cluster-api-provider-azure/util/tele"
 )
 
+const (
+	httpsProbe  = "HTTPSProbe"
+	lbRuleHTTPS = "LBRuleHTTPS"
+	outboundNAT = "OutboundNATAllProtocols"
+)
+
 // LBScope defines the scope interface for a load balancer service.
 type LBScope interface {
 	logr.Logger
@@ -61,14 +67,85 @@ func (s *Service) Reconcile(ctx context.Context) error {
 	defer span.End()
 
 	for _, lbSpec := range s.Scope.LBSpecs() {
-		s.Scope.V(2).Info("creating load balancer", "load balancer", lbSpec.Name)
+		var (
+			etag                *string
+			frontendIDs         []network.SubResource
+			frontendIPConfigs   = make([]network.FrontendIPConfiguration, 0)
+			loadBalancingRules  = make([]network.LoadBalancingRule, 0)
+			backendAddressPools = make([]network.BackendAddressPool, 0)
+			outboundRules       = make([]network.OutboundRule, 0)
+			probes              = make([]network.Probe, 0)
+		)
 
-		frontendIPConfigs, frontendIDs, err := s.getFrontendIPConfigs(lbSpec)
-		if err != nil {
-			return err
+		existingLB, err := s.Client.Get(ctx, s.Scope.ResourceGroup(), lbSpec.Name)
+		switch {
+		case err != nil && !azure.ResourceNotFound(err):
+			return errors.Wrapf(err, "failed to get LB %s in %s", lbSpec.Name, s.Scope.ResourceGroup())
+		case err == nil:
+			// LB already exists
+			s.Scope.V(2).Info("found existing load balancer, checking if updates are needed", "load balancer", lbSpec.Name)
+			// We append the existing LB etag to the header to ensure we only apply the updates if the LB has not been modified.
+			etag = existingLB.Etag
+			update := false
+
+			// merge existing LB properties with desired properties
+			frontendIPConfigs = *existingLB.FrontendIPConfigurations
+			wantedIPs, wantedFrontendIDs := s.getFrontendIPConfigs(lbSpec)
+			for _, ip := range wantedIPs {
+				if !ipExists(frontendIPConfigs, ip) {
+					update = true
+					frontendIPConfigs = append(frontendIPConfigs, ip)
+				}
+			}
+
+			loadBalancingRules = *existingLB.LoadBalancingRules
+			for _, rule := range s.getLoadBalancingRules(lbSpec, wantedFrontendIDs) {
+				if !lbRuleExists(loadBalancingRules, rule) {
+					update = true
+					loadBalancingRules = append(loadBalancingRules, rule)
+				}
+			}
+
+			backendAddressPools = *existingLB.BackendAddressPools
+			for _, pool := range s.getBackendAddressPools(lbSpec) {
+				if !poolExists(backendAddressPools, pool) {
+					update = true
+					backendAddressPools = append(backendAddressPools, pool)
+				}
+			}
+
+			outboundRules = *existingLB.OutboundRules
+			for _, rule := range s.getOutboundRules(lbSpec, wantedFrontendIDs) {
+				if !outboundRuleExists(outboundRules, rule) {
+					update = true
+					outboundRules = append(outboundRules, rule)
+				}
+			}
+
+			probes = *existingLB.Probes
+			for _, probe := range s.getProbes(lbSpec) {
+				if !probeExists(probes, probe) {
+					update = true
+					probes = append(probes, probe)
+				}
+			}
+
+			if !update {
+				// Skip update for LB as the required defaults are present
+				s.Scope.V(2).Info("LB exists and no defaults are missing, skipping update", "load balancer", lbSpec.Name)
+				continue
+			}
+		default:
+			s.Scope.V(2).Info("creating load balancer", "load balancer", lbSpec.Name)
+			frontendIPConfigs, frontendIDs = s.getFrontendIPConfigs(lbSpec)
+			loadBalancingRules = s.getLoadBalancingRules(lbSpec, frontendIDs)
+			backendAddressPools = s.getBackendAddressPools(lbSpec)
+			outboundRules = s.getOutboundRules(lbSpec, frontendIDs)
+			probes = s.getProbes(lbSpec)
 		}
 
 		lb := network.LoadBalancer{
+			Etag:     etag,
 			Sku:      &network.LoadBalancerSku{Name: converters.SKUtoSDK(lbSpec.SKU)},
 			Location: to.StringPtr(s.Scope.Location()),
 			Tags: converters.TagsToMap(infrav1.Build(infrav1.BuildParams{
@@ -79,73 +156,13 @@ func (s *Service) Reconcile(ctx context.Context) error {
 			})),
 			LoadBalancerPropertiesFormat: &network.LoadBalancerPropertiesFormat{
 				FrontendIPConfigurations: &frontendIPConfigs,
-				BackendAddressPools: &[]network.BackendAddressPool{
-					{
-						Name: to.StringPtr(lbSpec.BackendPoolName),
-					},
-				},
-				OutboundRules: &[]network.OutboundRule{
-					{
-						Name: to.StringPtr("OutboundNATAllProtocols"),
-						OutboundRulePropertiesFormat: &network.OutboundRulePropertiesFormat{
-							Protocol:                 network.LoadBalancerOutboundRuleProtocolAll,
-							IdleTimeoutInMinutes:     to.Int32Ptr(4),
-							FrontendIPConfigurations: &frontendIDs,
-							BackendAddressPool: &network.SubResource{
-								ID: to.StringPtr(azure.AddressPoolID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, lbSpec.BackendPoolName)),
-							},
-						},
-					},
-				},
+				BackendAddressPools:      &backendAddressPools,
+				OutboundRules:            &outboundRules,
+				Probes:                   &probes,
+				LoadBalancingRules:       &loadBalancingRules,
 			},
 		}
 
-		if lbSpec.Role == infrav1.APIServerRole {
-			probeName := "HTTPSProbe"
-			lb.LoadBalancerPropertiesFormat.Probes = &[]network.Probe{
-				{
-					Name: to.StringPtr(probeName),
-					ProbePropertiesFormat: &network.ProbePropertiesFormat{
-						Protocol:          network.ProbeProtocolHTTPS,
-						RequestPath:       to.StringPtr("/healthz"),
-						Port:              to.Int32Ptr(lbSpec.APIServerPort),
-						IntervalInSeconds: to.Int32Ptr(15),
-						NumberOfProbes:    to.Int32Ptr(4),
-					},
-				},
-			}
-			// We disable outbound SNAT explicitly in the HTTPS LB rule and enable TCP and UDP outbound NAT with an outbound rule.
-			// For more information on Standard LB outbound connections see https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections.
-			var frontendIPConfig network.SubResource
-			if len(frontendIDs) != 0 {
-				frontendIPConfig = frontendIDs[0]
-			}
-			lb.LoadBalancerPropertiesFormat.LoadBalancingRules = &[]network.LoadBalancingRule{
-				{
-					Name: to.StringPtr("LBRuleHTTPS"),
-					LoadBalancingRulePropertiesFormat: &network.LoadBalancingRulePropertiesFormat{
-						DisableOutboundSnat:     to.BoolPtr(true),
-						Protocol:                network.TransportProtocolTCP,
-						FrontendPort:            to.Int32Ptr(lbSpec.APIServerPort),
-						BackendPort:             to.Int32Ptr(lbSpec.APIServerPort),
-						IdleTimeoutInMinutes:    to.Int32Ptr(4),
-						EnableFloatingIP:        to.BoolPtr(false),
-						LoadDistribution:        network.LoadDistributionDefault,
-						FrontendIPConfiguration: &frontendIPConfig,
-						BackendAddressPool: &network.SubResource{
-							ID: to.StringPtr(azure.AddressPoolID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, lbSpec.BackendPoolName)),
-						},
-						Probe: &network.SubResource{
-							ID: to.StringPtr(azure.ProbeID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, probeName)),
-						},
-					},
-				},
-			}
-			if lbSpec.Type == infrav1.Internal {
-				lb.LoadBalancerPropertiesFormat.OutboundRules = nil
-			}
-		}
-
 		err = s.Client.CreateOrUpdate(ctx, s.Scope.ResourceGroup(), lbSpec.Name, lb)
 
 		if err != nil {
@@ -178,7 +195,7 @@ func (s *Service) Delete(ctx context.Context) error {
 	return nil
 }
 
-func (s *Service) getFrontendIPConfigs(lbSpec azure.LBSpec) ([]network.FrontendIPConfiguration, []network.SubResource, error) {
+func (s *Service) getFrontendIPConfigs(lbSpec azure.LBSpec) ([]network.FrontendIPConfiguration, []network.SubResource) {
 	frontendIPConfigurations := make([]network.FrontendIPConfiguration, 0)
 	frontendIDs := make([]network.SubResource, 0)
 	for _, ipConfig := range lbSpec.FrontendIPConfigs {
@@ -206,5 +223,128 @@ func (s *Service) getFrontendIPConfigs(lbSpec azure.LBSpec) ([]network.FrontendI
 			ID: to.StringPtr(azure.FrontendIPConfigID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, ipConfig.Name)),
 		})
 	}
-	return frontendIPConfigurations, frontendIDs, nil
+	return frontendIPConfigurations, frontendIDs
+}
+
+func (s *Service) getOutboundRules(lbSpec azure.LBSpec, frontendIDs []network.SubResource) []network.OutboundRule {
+	if lbSpec.Type == infrav1.Internal {
+		return []network.OutboundRule{}
+	}
+	return []network.OutboundRule{
+		{
+			Name: to.StringPtr(outboundNAT),
+			OutboundRulePropertiesFormat: &network.OutboundRulePropertiesFormat{
+				Protocol:                 network.LoadBalancerOutboundRuleProtocolAll,
+				IdleTimeoutInMinutes:     to.Int32Ptr(4),
+				FrontendIPConfigurations: &frontendIDs,
+				BackendAddressPool: &network.SubResource{
+					ID: to.StringPtr(azure.AddressPoolID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, lbSpec.BackendPoolName)),
+				},
+			},
+		},
+	}
+}
+
+func (s *Service) getLoadBalancingRules(lbSpec azure.LBSpec, frontendIDs []network.SubResource) []network.LoadBalancingRule {
+	if lbSpec.Role == infrav1.APIServerRole {
+		// We disable outbound SNAT explicitly in the HTTPS LB rule and enable TCP and UDP outbound NAT with an outbound rule.
+		// For more information on Standard LB outbound connections see https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections.
+		var frontendIPConfig network.SubResource
+		if len(frontendIDs) != 0 {
+			frontendIPConfig = frontendIDs[0]
+		}
+		return []network.LoadBalancingRule{
+			{
+				Name: to.StringPtr(lbRuleHTTPS),
+				LoadBalancingRulePropertiesFormat: &network.LoadBalancingRulePropertiesFormat{
+					DisableOutboundSnat:     to.BoolPtr(true),
+					Protocol:                network.TransportProtocolTCP,
+					FrontendPort:            to.Int32Ptr(lbSpec.APIServerPort),
+					BackendPort:             to.Int32Ptr(lbSpec.APIServerPort),
+					IdleTimeoutInMinutes:    to.Int32Ptr(4),
+					EnableFloatingIP:        to.BoolPtr(false),
+					LoadDistribution:        network.LoadDistributionDefault,
+					FrontendIPConfiguration: &frontendIPConfig,
+					BackendAddressPool: &network.SubResource{
+						ID: to.StringPtr(azure.AddressPoolID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, lbSpec.BackendPoolName)),
+					},
+					Probe: &network.SubResource{
+						ID: to.StringPtr(azure.ProbeID(s.Scope.SubscriptionID(), s.Scope.ResourceGroup(), lbSpec.Name, httpsProbe)),
+					},
+				},
+			},
+		}
+	}
+	return []network.LoadBalancingRule{}
+}
+
+func (s *Service) getBackendAddressPools(lbSpec azure.LBSpec) []network.BackendAddressPool {
+	return []network.BackendAddressPool{
+		{
+			Name: to.StringPtr(lbSpec.BackendPoolName),
+		},
+	}
+}
+
+func (s *Service) getProbes(lbSpec azure.LBSpec) []network.Probe {
+	if lbSpec.Role == infrav1.APIServerRole {
+		return []network.Probe{
+			{
+				Name: to.StringPtr(httpsProbe),
+				ProbePropertiesFormat: &network.ProbePropertiesFormat{
+					Protocol:          network.ProbeProtocolHTTPS,
+					RequestPath:       to.StringPtr("/healthz"),
+					Port:              to.Int32Ptr(lbSpec.APIServerPort),
+					IntervalInSeconds: to.Int32Ptr(15),
+					NumberOfProbes:    to.Int32Ptr(4),
+				},
+			},
+		}
+	}
+	return []network.Probe{}
+}
+
+func probeExists(probes []network.Probe, probe network.Probe) bool {
+	for _, p := range probes {
+		if to.String(p.Name) == to.String(probe.Name) {
+			return true
+		}
+	}
+	return false
+}
+
+func outboundRuleExists(rules []network.OutboundRule, rule network.OutboundRule) bool {
+	for _, r := range rules {
+		if to.String(r.Name) == to.String(rule.Name) {
+			return true
+		}
+	}
+	return false
+}
+
+func poolExists(pools []network.BackendAddressPool, pool network.BackendAddressPool) bool {
+	for _, p := range pools {
+		if to.String(p.Name) == to.String(pool.Name) {
+			return true
+		}
+	}
+	return false
+}
+
+func lbRuleExists(rules []network.LoadBalancingRule, rule network.LoadBalancingRule) bool {
+	for _, r := range rules {
+		if to.String(r.Name) == to.String(rule.Name) {
+			return true
+		}
+	}
+	return false
+}
+
+func ipExists(configs []network.FrontendIPConfiguration, config network.FrontendIPConfiguration) bool {
+	for _, ip := range configs {
+		if to.String(ip.Name) == to.String(config.Name) {
+			return true
+		}
+	}
+	return false
 }
diff --git a/cloud/services/loadbalancers/loadbalancers_test.go b/cloud/services/loadbalancers/loadbalancers_test.go
