Add support for idle connection timeout (#179)

* Add support for idle connection timeout
* Upgrade oci-go-sdk to v1.2.0
* Add failure test
* Document idle timeout annotation

Fixes: #134

Author: jhorwit2

Gopkg.lock

@@ -74,7 +74,7 @@
 
 [[constraint]]
   name = "github.com/oracle/oci-go-sdk"
-  version = "1.0.0"
+  version = "1.2.0"
 
 [prune]
   non-go = true

Gopkg.toml

@@ -20,12 +20,13 @@ spec:
 
 ## Load balancer properties
 
-| Name | Description | Default |
-| ---- | ----------- | ------- |
-| `oci-load-balancer-internal` | Create an [internal load balancer][1]. Cannot be modified after load balancer creation. | `false` |
-| `oci-load-balancer-shape` | A template that determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include `100Mbps`, `400Mbps`, and `8000Mbps.` Cannot be modified after load balancer creation. | `"100Mbps"` |
-| `oci-load-balancer-subnet1` | The OCID of the first [subnet][2] of the two required subnets to attach the load balancer to. Must be in separate Availability Domains. | Value provided in config file |
-| `oci-load-balancer-subnet2` | The OCID of the second [subnet][2] of the two required subnets to attach the load balancer to. Must be in separate Availability Domains. | Value provided in config file |
+| Name                                        | Description                                                                                                                                                                                                                                        | Default                                          |
+| -----                                       | -----------                                                                                                                                                                                                                                        | -------                                          |
+| `oci-load-balancer-internal`                | Create an [internal load balancer][1]. Cannot be modified after load balancer creation.                                                                                                                                                            | `false`                                          |
+| `oci-load-balancer-shape`                   | A template that determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include `100Mbps`, `400Mbps`, and `8000Mbps.` Cannot be modified after load balancer creation. | `"100Mbps"`                                      |
+| `oci-load-balancer-subnet1`                 | The OCID of the first [subnet][2] of the two required subnets to attach the load balancer to. Must be in separate Availability Domains.                                                                                                            | Value provided in config file                    |
+| `oci-load-balancer-subnet2`                 | The OCID of the second [subnet][2] of the two required subnets to attach the load balancer to. Must be in separate Availability Domains.                                                                                                           | Value provided in config file                    |
+| `oci-load-balancer-connection-idle-timeout` | The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers.                                                                                                | `300` for TCP listeners, `60` for HTTP listeners |
 
 ## TLS-related
 

docs/load-balancer-annotations.md

@@ -62,6 +62,10 @@ const (
 	// have SSL enabled.
 	// See: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
 	ServiceAnnotationLoadBalancerTLSSecret = "service.beta.kubernetes.io/oci-load-balancer-tls-secret"
+
+	// ServiceAnnotationLoadBalancerConnectionIdleTimeout is the annotation used
+	// on the service to specify the idle connection timeout.
+	ServiceAnnotationLoadBalancerConnectionIdleTimeout = "service.beta.kubernetes.io/oci-load-balancer-connection-idle-timeout"
 )
 
 // DefaultLoadBalancerPolicy defines the default traffic policy for load

pkg/oci/load_balancer.go

@@ -16,6 +16,7 @@ package oci
 
 import (
 	"fmt"
+	"strconv"
 
 	"github.com/oracle/oci-go-sdk/common"
 	"github.com/oracle/oci-go-sdk/loadbalancer"
@@ -120,12 +121,17 @@ func NewLBSpec(svc *v1.Service, nodes []*v1.Node, defaultSubnets []string, sslCf
 		subnets = subnets[:1]
 	}
 
+	listeners, err := getListeners(svc, sslCfg)
+	if err != nil {
+		return nil, err
+	}
+
 	return &LBSpec{
 		Name:        GetLoadBalancerName(svc),
 		Shape:       shape,
 		Internal:    internal,
 		Subnets:     subnets,
-		Listeners:   getListeners(svc, sslCfg),
+		Listeners:   listeners,
 		BackendSets: getBackendSets(svc, nodes),
 
 		Ports:       getPorts(svc),
@@ -268,19 +274,44 @@ func getSSLConfiguration(cfg *SSLConfig, port int) *loadbalancer.SslConfiguratio
 	}
 }
 
-func getListeners(svc *v1.Service, sslCfg *SSLConfig) map[string]loadbalancer.ListenerDetails {
+func getListeners(svc *v1.Service, sslCfg *SSLConfig) (map[string]loadbalancer.ListenerDetails, error) {
+	// Determine if connection idle timeout has been specified
+	var connectionIdleTimeout int
+	connectionIdleTimeoutAnnotation := svc.Annotations[ServiceAnnotationLoadBalancerConnectionIdleTimeout]
+	if connectionIdleTimeoutAnnotation != "" {
+		timeout, err := strconv.ParseInt(connectionIdleTimeoutAnnotation, 10, 64)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing service annotation: %s=%s",
+				ServiceAnnotationLoadBalancerConnectionIdleTimeout,
+				connectionIdleTimeoutAnnotation,
+			)
+		}
+
+		connectionIdleTimeout = int(timeout)
+	}
+
 	listeners := make(map[string]loadbalancer.ListenerDetails)
 	for _, servicePort := range svc.Spec.Ports {
 		protocol := string(servicePort.Protocol)
 		port := int(servicePort.Port)
 		sslConfiguration := getSSLConfiguration(sslCfg, port)
 		name := getListenerName(protocol, port, sslConfiguration)
-		listeners[name] = loadbalancer.ListenerDetails{
+
+		listener := loadbalancer.ListenerDetails{
 			DefaultBackendSetName: common.String(getBackendSetName(string(servicePort.Protocol), int(servicePort.Port))),
 			Protocol:              &protocol,
 			Port:                  &port,
 			SslConfiguration:      sslConfiguration,
 		}
+
+		if connectionIdleTimeout > 0 {
+			listener.ConnectionConfiguration = &loadbalancer.ConnectionConfiguration{
+				IdleTimeout: common.Int(int(connectionIdleTimeout)),
+			}
+		}
+
+		listeners[name] = listener
 	}
-	return listeners
+
+	return listeners, nil
 }

pkg/oci/load_balancer_spec.go

@@ -248,6 +248,63 @@ func TestNewLBSpecSuccess(t *testing.T) {
 				},
 			},
 		},
+		"custom idle connection timeout": {
+			defaultSubnetOne: "one",
+			defaultSubnetTwo: "two",
+			service: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "kube-system",
+					Name:      "testservice",
+					UID:       "test-uid",
+					Annotations: map[string]string{
+						ServiceAnnotationLoadBalancerConnectionIdleTimeout: "404",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					SessionAffinity: v1.ServiceAffinityNone,
+					Ports: []v1.ServicePort{
+						v1.ServicePort{
+							Protocol: v1.ProtocolTCP,
+							Port:     int32(80),
+						},
+					},
+				},
+			},
+			expected: &LBSpec{
+				Name:     "test-uid",
+				Shape:    "100Mbps",
+				Internal: false,
+				Subnets:  []string{"one", "two"},
+				Listeners: map[string]loadbalancer.ListenerDetails{
+					"TCP-80": loadbalancer.ListenerDetails{
+						DefaultBackendSetName: common.String("TCP-80"),
+						Port:     common.Int(80),
+						Protocol: common.String("TCP"),
+						ConnectionConfiguration: &loadbalancer.ConnectionConfiguration{
+							IdleTimeout: common.Int(404),
+						},
+					},
+				},
+				BackendSets: map[string]loadbalancer.BackendSetDetails{
+					"TCP-80": loadbalancer.BackendSetDetails{
+						Backends: []loadbalancer.BackendDetails{},
+						HealthChecker: &loadbalancer.HealthCheckerDetails{
+							Protocol: common.String("HTTP"),
+							Port:     common.Int(10256),
+							UrlPath:  common.String("/healthz"),
+						},
+						Policy: common.String("ROUND_ROBIN"),
+					},
+				},
+				SourceCIDRs: []string{"0.0.0.0/0"},
+				Ports: map[string]portSpec{
+					"TCP-80": portSpec{
+						ListenerPort:      80,
+						HealthCheckerPort: 10256,
+					},
+				},
+			},
+		},
 	}
 
 	for name, tc := range testCases {
@@ -266,6 +323,7 @@ func TestNewLBSpecSuccess(t *testing.T) {
 		})
 	}
 }
+
 func TestNewLBSpecFailure(t *testing.T) {
 	testCases := map[string]struct {
 		defaultSubnetOne string
@@ -307,6 +365,25 @@ func TestNewLBSpecFailure(t *testing.T) {
 			},
 			expectedErrMsg: "invalid service: OCI only supports SessionAffinity \"None\" currently",
 		},
+		"invalid idle connection timeout": {
+			service: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "kube-system",
+					Name:      "testservice",
+					UID:       "test-uid",
+					Annotations: map[string]string{
+						ServiceAnnotationLoadBalancerConnectionIdleTimeout: "whoops",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					SessionAffinity: v1.ServiceAffinityNone,
+					Ports: []v1.ServicePort{
+						{Protocol: v1.ProtocolTCP},
+					},
+				},
+			},
+			expectedErrMsg: "error parsing service annotation: service.beta.kubernetes.io/oci-load-balancer-connection-idle-timeout=whoops",
+		},
 	}
 
 	for name, tc := range testCases {