Merge pull request kubernetes#81549 from prameshj/ilb-globalaccess

Support GlobalAccess for gce Internal Loadbalancers

Author: k8s-ci-robot

staging/src/k8s.io/legacy-cloud-providers/gce/gce_annotations.go

@@ -33,8 +33,11 @@ type LoadBalancerType string
 const (
 	// ServiceAnnotationLoadBalancerType is annotated on a service with type LoadBalancer
 	// dictates what specific kind of GCP LB should be assembled.
-	// Currently, only "internal" is supported.
-	ServiceAnnotationLoadBalancerType = "cloud.google.com/load-balancer-type"
+	// Currently, only "Internal" is supported.
+	ServiceAnnotationLoadBalancerType = "networking.gke.io/load-balancer-type"
+
+	// Deprecating the old-style naming of LoadBalancerType annotation
+	deprecatedServiceAnnotationLoadBalancerType = "cloud.google.com/load-balancer-type"
 
 	// LBTypeInternal is the constant for the official internal type.
 	LBTypeInternal LoadBalancerType = "Internal"
@@ -50,6 +53,11 @@ const (
 	// This annotation did not correctly specify "alpha", so both annotations will be checked.
 	deprecatedServiceAnnotationILBBackendShare = "cloud.google.com/load-balancer-backend-share"
 
+	// ServiceAnnotationILBAllowGlobalAccess is annotated on a service with "true" when users
+	// want to access the Internal LoadBalancer globally, and not restricted to the region it is
+	// created in.
+	ServiceAnnotationILBAllowGlobalAccess = "networking.gke.io/internal-load-balancer-allow-global-access"
+
 	// NetworkTierAnnotationKey is annotated on a Service object to indicate which
 	// network tier a GCP LB should use. The valid values are "Standard" and
 	// "Premium" (default).
@@ -63,23 +71,23 @@ const (
 )
 
 // GetLoadBalancerAnnotationType returns the type of GCP load balancer which should be assembled.
-func GetLoadBalancerAnnotationType(service *v1.Service) (LoadBalancerType, bool) {
-	v := LoadBalancerType("")
-	if service.Spec.Type != v1.ServiceTypeLoadBalancer {
-		return v, false
-	}
-
-	l, ok := service.Annotations[ServiceAnnotationLoadBalancerType]
-	v = LoadBalancerType(l)
-	if !ok {
-		return v, false
+func GetLoadBalancerAnnotationType(service *v1.Service) LoadBalancerType {
+	var lbType LoadBalancerType
+	for _, ann := range []string{
+		ServiceAnnotationLoadBalancerType,
+		deprecatedServiceAnnotationLoadBalancerType,
+	} {
+		if v, ok := service.Annotations[ann]; ok {
+			lbType = LoadBalancerType(v)
+			break
+		}
 	}
 
-	switch v {
+	switch lbType {
 	case LBTypeInternal, deprecatedTypeInternalLowerCase:
-		return LBTypeInternal, true
+		return LBTypeInternal
 	default:
-		return v, false
+		return lbType
 	}
 }
 
@@ -118,3 +126,16 @@ func GetServiceNetworkTier(service *v1.Service) (cloud.NetworkTier, error) {
 		return cloud.NetworkTierDefault, fmt.Errorf("unsupported network tier: %q", v)
 	}
 }
+
+// ILBOptions represents the extra options specified when creating a
+// load balancer.
+type ILBOptions struct {
+	// AllowGlobalAccess Indicates whether global access is allowed for the LoadBalancer
+	AllowGlobalAccess bool
+}
+
+// GetLoadBalancerAnnotationAllowGlobalAccess returns if global access is enabled
+// for the given loadbalancer service.
+func GetLoadBalancerAnnotationAllowGlobalAccess(service *v1.Service) bool {
+	return service.Annotations[ServiceAnnotationILBAllowGlobalAccess] == "true"
+}

staging/src/k8s.io/legacy-cloud-providers/gce/gce_forwardingrule.go

@@ -23,6 +23,7 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/filter"
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta"
 	computealpha "google.golang.org/api/compute/v0.alpha"
+	computebeta "google.golang.org/api/compute/v0.beta"
 	compute "google.golang.org/api/compute/v1"
 )
 
@@ -102,6 +103,16 @@ func (g *Cloud) GetAlphaRegionForwardingRule(name, region string) (*computealpha
 	return v, mc.Observe(err)
 }
 
+// GetBetaRegionForwardingRule returns the Beta forwarding rule by name & region.
+func (g *Cloud) GetBetaRegionForwardingRule(name, region string) (*computebeta.ForwardingRule, error) {
+	ctx, cancel := cloud.ContextWithCallTimeout()
+	defer cancel()
+
+	mc := newForwardingRuleMetricContextWithVersion("get", region, computeBetaVersion)
+	v, err := g.c.BetaForwardingRules().Get(ctx, meta.RegionalKey(name, region))
+	return v, mc.Observe(err)
+}
+
 // ListRegionForwardingRules lists all RegionalForwardingRules in the project & region.
 func (g *Cloud) ListRegionForwardingRules(region string) ([]*compute.ForwardingRule, error) {
 	ctx, cancel := cloud.ContextWithCallTimeout()
@@ -122,6 +133,16 @@ func (g *Cloud) ListAlphaRegionForwardingRules(region string) ([]*computealpha.F
 	return v, mc.Observe(err)
 }
 
+// ListBetaRegionForwardingRules lists all RegionalForwardingRules in the project & region.
+func (g *Cloud) ListBetaRegionForwardingRules(region string) ([]*computebeta.ForwardingRule, error) {
+	ctx, cancel := cloud.ContextWithCallTimeout()
+	defer cancel()
+
+	mc := newForwardingRuleMetricContextWithVersion("list", region, computeBetaVersion)
+	v, err := g.c.BetaForwardingRules().List(ctx, region, filter.None)
+	return v, mc.Observe(err)
+}
+
 // CreateRegionForwardingRule creates and returns a
 // RegionalForwardingRule that points to the given BackendService
 func (g *Cloud) CreateRegionForwardingRule(rule *compute.ForwardingRule, region string) error {
@@ -133,7 +154,7 @@ func (g *Cloud) CreateRegionForwardingRule(rule *compute.ForwardingRule, region
 }
 
 // CreateAlphaRegionForwardingRule creates and returns an Alpha
-// forwarding fule in the given region.
+// forwarding rule in the given region.
 func (g *Cloud) CreateAlphaRegionForwardingRule(rule *computealpha.ForwardingRule, region string) error {
 	ctx, cancel := cloud.ContextWithCallTimeout()
 	defer cancel()
@@ -142,6 +163,16 @@ func (g *Cloud) CreateAlphaRegionForwardingRule(rule *computealpha.ForwardingRul
 	return mc.Observe(g.c.AlphaForwardingRules().Insert(ctx, meta.RegionalKey(rule.Name, region), rule))
 }
 
+// CreateBetaRegionForwardingRule creates and returns a Beta
+// forwarding rule in the given region.
+func (g *Cloud) CreateBetaRegionForwardingRule(rule *computebeta.ForwardingRule, region string) error {
+	ctx, cancel := cloud.ContextWithCallTimeout()
+	defer cancel()
+
+	mc := newForwardingRuleMetricContextWithVersion("create", region, computeBetaVersion)
+	return mc.Observe(g.c.BetaForwardingRules().Insert(ctx, meta.RegionalKey(rule.Name, region), rule))
+}
+
 // DeleteRegionForwardingRule deletes the RegionalForwardingRule by name & region.
 func (g *Cloud) DeleteRegionForwardingRule(name, region string) error {
 	ctx, cancel := cloud.ContextWithCallTimeout()

staging/src/k8s.io/legacy-cloud-providers/gce/gce_loadbalancer.go

@@ -152,7 +152,11 @@ func (g *Cloud) EnsureLoadBalancer(ctx context.Context, clusterName string, svc
 	default:
 		status, err = g.ensureExternalLoadBalancer(clusterName, clusterID, svc, existingFwdRule, nodes)
 	}
-	klog.V(4).Infof("EnsureLoadBalancer(%v, %v, %v, %v, %v): done ensuring loadbalancer. err: %v", clusterName, svc.Namespace, svc.Name, loadBalancerName, g.region, err)
+	if err != nil {
+		klog.Errorf("Failed to EnsureLoadBalancer(%s, %s, %s, %s, %s), err: %v", clusterName, svc.Namespace, svc.Name, loadBalancerName, g.region, err)
+		return status, err
+	}
+	klog.V(4).Infof("EnsureLoadBalancer(%s, %s, %s, %s, %s): done ensuring loadbalancer.", clusterName, svc.Namespace, svc.Name, loadBalancerName, g.region)
 	return status, err
 }
 
@@ -199,7 +203,7 @@ func (g *Cloud) EnsureLoadBalancerDeleted(ctx context.Context, clusterName strin
 }
 
 func getSvcScheme(svc *v1.Service) cloud.LbScheme {
-	if typ, ok := GetLoadBalancerAnnotationType(svc); ok && typ == LBTypeInternal {
+	if t := GetLoadBalancerAnnotationType(svc); t == LBTypeInternal {
 		return cloud.SchemeInternal
 	}
 	return cloud.SchemeExternal