fix documents, and correct typo

2025-07-23 11:50:44 +00:00 · 2017-11-15 09:41:13 -08:00 · 2017-11-15 09:41:13 -08:00 · 443339da0a
commit 443339da0a
parent edfb2ad552
3 changed files with 41 additions and 35 deletions
--- a/pkg/cloudprovider/providers/azure/azure_loadbalancer.go
+++ b/pkg/cloudprovider/providers/azure/azure_loadbalancer.go
@ -62,7 +62,6 @@ func (az *Cloud) GetLoadBalancer(clusterName string, service *v1.Service) (statu
 		glog.V(5).Infof("getloadbalancer (cluster:%s) (service:%s)- IP doesn't exist in any of the lbs", clusterName, serviceName)
 		return nil, false, fmt.Errorf("Service(%s) - Loadbalancer not found", serviceName)
 	}
-
 	return status, true, nil
 }

@ -320,17 +319,17 @@ func (az *Cloud) ensurePublicIPExists(serviceName, pipName, domainNameLabel stri
 // This ensures load balancer exists and the frontend ip config is setup.
 // This also reconciles the Service's Ports  with the LoadBalancer config.
 // This entails adding rules/probes for expected Ports and removing stale rules/ports.
-// nodes only used if wantLB is true
+// nodes only used if wantLb is true
 func (az *Cloud) reconcileLoadBalancer(clusterName string, service *v1.Service, nodes []*v1.Node, wantLb bool) (*network.LoadBalancer, error) {
 	isInternal := requiresInternalLoadBalancer(service)
 	serviceName := getServiceName(service)
-	glog.V(2).Infof("reconcileLoadBalancer(%s) - wantLB(%t): started", serviceName, wantLb)
+	glog.V(2).Infof("reconcileLoadBalancer(%s) - wantLb(%t): started", serviceName, wantLb)
 	lb, _, _, err := az.getServiceLoadBalancer(service, clusterName, nodes, wantLb)
 	if err != nil {
 		return nil, err
 	}
 	lbName := *lb.Name
-	glog.V(2).Infof("reconcileLoadBalancer(%s): lb(%s) wantLB(%t) resolved load balancer name", serviceName, lbName, wantLb)
+	glog.V(2).Infof("reconcileLoadBalancer(%s): lb(%s) wantLb(%t) resolved load balancer name", serviceName, lbName, wantLb)
 	lbFrontendIPConfigName := getFrontendIPConfigName(service, subnet(service))
 	lbFrontendIPConfigID := az.getFrontendIPConfigID(lbName, lbFrontendIPConfigName)
 	lbBackendPoolName := getBackendPoolName(clusterName)
--- a/pkg/cloudprovider/providers/azure/azure_loadbalancer.md
+++ b/pkg/cloudprovider/providers/azure/azure_loadbalancer.md
@ -1,8 +1,10 @@
 # Azure LoadBalancer

-The way azure define LoadBalancer is different with GCE or AWS. Azure's LB can have multiple frontend IP refs. The GCE and AWS can only allow one, if you want more, you better to have another LB. Because of the fact, Public IP is not part of the LB in Azure. NSG is not part of LB in Azure as well. However, you cannot delete them in parallel, Public IP can only be delete after LB's frontend IP ref is removed. 
+The way azure define LoadBalancer is different with GCE or AWS. Azure's LB can have multiple frontend IP refs. The GCE and AWS can only allow one, if you want more, you better to have another LB. Because of the fact, Public IP is not part of the LB in Azure. NSG is not part of LB in Azure either. However, you cannot delete them in parallel, Public IP can only be delete after LB's frontend IP ref is removed. 

-For different Azure Resources, such as LB, Public IP, NSG. They are the same tier azure resourceS. We need to make sure there is no connection in their own ensure loops. In another words, They would be eventually reconciled regardless of other resources' state. They should only depends on service state.
+For different Azure Resources, such as LB, Public IP, NSG. They are the same tier azure resources. We need to make sure there is no connection in their own ensure loops. In another words, They would be eventually reconciled regardless of other resources' state. They should only depends on service state.
+
+Despite the ideal philosophy above, we have to face the reality. NSG depends on LB's frontend ip to adjust NSG rules. So when we want to reconcile NSG, the LB should contain the corresponding frontend ip config.

 And also, For Azure, we cannot afford to have more than 1 worker of service_controller. Because, different services could operate on the same LB, concurrent execution could result in conflict or unexpected result. For AWS and GCE, they apparently doesn't have the problem, they use one LB per service, no such conflict.

@ -14,24 +16,25 @@ Service Annotation for Auto and specific load balancer mode

 ## Introduce Functions

- reconcileLoadBalancer(lb network.LoadBalancer, clusterName string, service *v1.Service, nodes []*v1.Node, wantLB bool) (network.LoadBalancer, error)
-  - Go through lb's properties, update based on wantLB
+- reconcileLoadBalancer(clusterName string, service *v1.Service, nodes []*v1.Node, wantLb bool) (*network.LoadBalancer, error)
+  - Go through lb's properties, update based on wantLb
  - If any change on the lb, no matter if the lb exists or not
    - Call az cloud to CreateOrUpdate on this lb, or Delete if nothing left
  - return lb, err

- reconcileSecurityGroup(sg network.SecurityGroup, clusterName string, service *v1.Service, wantLb bool) (network.SecurityGroup, error)
-  - Go though NSG' properties, update based on wantLB
+- reconcileSecurityGroup(clusterName string, service *v1.Service, lbStatus *v1.LoadBalancerStatus, wantLb bool) (*network.SecurityGroup, error)
+  - Go though NSG' properties, update based on wantLb
  - If any change on the NSG, (the NSG should always exists)
    - Call az cloud to CreateOrUpdate on this NSG
  - return sg, err

- reconcilePublicIP(pipName string, clusterName string, service *v1.Service, wantLB bool) (error)
-  - if wantLB and external LB, 
-    - ensure Azure Public IP resource is there
-    - when we ensure Public IP, it needs to be both Name and Tag match with the convention
-      - remove dangling Public IP that could have Name or Tag match with the service, but not both
-  - else, ensure Azure Public IP resource is not there
+- reconcilePublicIP(clusterName string, service *v1.Service, wantLb bool) (*network.PublicIPAddress, error)
+  - List all the public ip in the resource group
+  - Make sure we only touch Public IP resources has tags[service] = "namespace/serviceName"
+    - skip for wantLb && !isInternal && pipName == desiredPipName
+    - delete other public ip resources if any
+  - if !isInternal && wantLb 
+    - ensure Public IP with desiredPipName exists

 - getServiceLoadBalancer(service *v1.Service, clusterName string, nodes []*v1.Node, wantLb bool) (lb, status, exists, error)
  - gets the loadbalancer for the service if it already exits
@ -44,15 +47,19 @@ Service Annotation for Auto and specific load balancer mode
 ### GetLoadBalancer

 - Get LoadBalancer status, return status, error
-  - If not exist, ensure it is there
+  - return the load balancer status for this service
+  - it will not create or update or delete any resource

 ### EnsureLoadBalancer

- Reconcile LB's related but not owned resources, such as Public IP, NSG rules
-  - Call reconcileSecurityGroup(sg, clusterName, service, true)
-  - Call reconcilePublicIP(pipName, cluster, service, true)
+- Reconcile LB for the fliped service
+  - Call reconcileLoadBalancer(clusterName, flipedService, nil, false/* wantLb */)
+- Reconcile Public IP
+  - Call reconcilePublicIP(cluster, service, true)
 - Reconcile LB's related and owned resources, such as FrontEndIPConfig, Rules, Probe.
-  - Call reconcileLoadBalancer(lb, clusterName, service, nodes, true)
+  - Call reconcileLoadBalancer(clusterName, service, nodes, true /* wantLb */)
+- Reconcile NSG rules, it need to be called after reconcileLB
+  - Call reconcileSecurityGroup(clusterName, service, lbStatus, true /* wantLb */)

 ### UpdateLoadBalancer

@ -61,8 +68,8 @@ Service Annotation for Auto and specific load balancer mode
 ### EnsureLoadBalancerDeleted

 - Reconcile NSG first, before reconcile LB, because SG need LB to be there
-  - Call reconcileSecurityGroup(sg, clusterName, service, false)
+  - Call reconcileSecurityGroup(clusterName, service, nil, false /* wantLb */)
 - Reconcile LB's related and owned resources, such as FrontEndIPConfig, Rules, Probe.
-  - Call reconcileLoadBalancer(lb, clusterName, service, nodes, false)
- Reconcile LB's related but not owned resources, such as Public IP
-  - Call reconcilePublicIP(pipName, cluster, service, false)
+  - Call reconcileLoadBalancer(clusterName, service, nodes, false)
+- Reconcile Public IP, public IP needs related LB reconciled first
+  - Call reconcilePublicIP(cluster, service, false)
--- a/pkg/cloudprovider/providers/azure/azure_test.go
+++ b/pkg/cloudprovider/providers/azure/azure_test.go
@ -727,13 +727,13 @@ func TestReconcilePublicIPWithNewService(t *testing.T) {
 	az := getTestCloud()
 	svc := getTestService("servicea", v1.ProtocolTCP, 80, 443)

-	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLB*/)
+	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLb*/)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
 	validatePublicIP(t, pip, &svc, true)

-	pip2, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLB */)
+	pip2, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLb */)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
@ -748,7 +748,7 @@ func TestReconcilePublicIPRemoveService(t *testing.T) {
 	az := getTestCloud()
 	svc := getTestService("servicea", v1.ProtocolTCP, 80, 443)

-	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLB*/)
+	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLb*/)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
@ -756,7 +756,7 @@ func TestReconcilePublicIPRemoveService(t *testing.T) {
 	validatePublicIP(t, pip, &svc, true)

 	// Remove the service
-	pip, err = az.reconcilePublicIP(testClusterName, &svc, false /* wantLB */)
+	pip, err = az.reconcilePublicIP(testClusterName, &svc, false /* wantLb */)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
@ -768,7 +768,7 @@ func TestReconcilePublicIPWithInternalService(t *testing.T) {
 	az := getTestCloud()
 	svc := getInternalTestService("servicea", 80, 443)

-	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLB*/)
+	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLb*/)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
@ -780,7 +780,7 @@ func TestReconcilePublicIPWithExternalAndInternalSwitch(t *testing.T) {
 	az := getTestCloud()
 	svc := getInternalTestService("servicea", 80, 443)

-	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLB*/)
+	pip, err := az.reconcilePublicIP(testClusterName, &svc, true /* wantLb*/)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
@ -788,14 +788,14 @@ func TestReconcilePublicIPWithExternalAndInternalSwitch(t *testing.T) {

 	// Update to external service
 	svcUpdated := getTestService("servicea", v1.ProtocolTCP, 80)
-	pip, err = az.reconcilePublicIP(testClusterName, &svcUpdated, true /* wantLB*/)
+	pip, err = az.reconcilePublicIP(testClusterName, &svcUpdated, true /* wantLb*/)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
 	validatePublicIP(t, pip, &svcUpdated, true)

 	// Update to internal service again
-	pip, err = az.reconcilePublicIP(testClusterName, &svc, true /* wantLB*/)
+	pip, err = az.reconcilePublicIP(testClusterName, &svc, true /* wantLb*/)
 	if err != nil {
 		t.Errorf("Unexpected error: %q", err)
 	}
@ -1214,9 +1214,9 @@ func describeFIPs(frontendIPs []network.FrontendIPConfiguration) string {
 	return description
 }

-func validatePublicIP(t *testing.T, publicIP *network.PublicIPAddress, service *v1.Service, wantLB bool) {
+func validatePublicIP(t *testing.T, publicIP *network.PublicIPAddress, service *v1.Service, wantLb bool) {
 	isInternal := requiresInternalLoadBalancer(service)
-	if isInternal || !wantLB {
+	if isInternal || !wantLb {
 		if publicIP != nil {
 			t.Errorf("Expected publicIP resource to be nil, when it is an internal service or doesn't want LB")
 		}