Change to use ESIPP first class fields and update comments

pkg/cloudprovider/providers/azure/azure_test.go

@@ -66,10 +66,8 @@ func TestReconcileLoadBalancerAddPort(t *testing.T) {
 func TestReconcileLoadBalancerNodeHealth(t *testing.T) {
 	az := getTestCloud()
 	svc := getTestService("servicea", v1.ProtocolTCP, 80)
-	svc.Annotations = map[string]string{
+	svc.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeLocal
-		serviceapi.BetaAnnotationExternalTraffic:     serviceapi.AnnotationValueExternalTrafficLocal,
+	svc.Spec.HealthCheckNodePort = int32(32456)
-		serviceapi.BetaAnnotationHealthCheckNodePort: "32456",
-	}
 	configProperties := getTestPublicFipConfigurationProperties()
 	lb := getTestLoadBalancer()
 

pkg/cloudprovider/providers/gce/gce_loadbalancer.go

@@ -311,9 +311,9 @@ func (gce *GCECloud) EnsureLoadBalancer(clusterName string, apiService *v1.Servi
 	}
 
 	// Ensure health checks are created for this target pool to pass to createTargetPool for health check links
-	// Alternately, if the annotation on the service was removed, we need to recreate the target pool without
+	// Alternately, if the service has ExternalTrafficPolicy field set from Local to Global, we need to recreate
-	// health checks. This needs to be prior to the forwarding rule deletion below otherwise it is not possible
+	// the target pool without health checks. This needs to be prior to the forwarding rule deletion below otherwise
-	// to delete just the target pool or http health checks later.
+	// it is not possible to delete just the target pool or http health checks later.
 	var hcToCreate *compute.HttpHealthCheck
 	hcExisting, err := gce.GetHttpHealthCheck(loadBalancerName)
 	if err != nil && !isHTTPErrorCode(err, http.StatusNotFound) {
@@ -325,7 +325,7 @@ func (gce *GCECloud) EnsureLoadBalancer(clusterName string, apiService *v1.Servi
 			// This logic exists to detect a transition for a pre-existing service and turn on
 			// the tpNeedsUpdate flag to delete/recreate fwdrule/tpool adding the health check
 			// to the target pool.
-			glog.V(2).Infof("Annotation external-traffic=OnlyLocal added to new or pre-existing service")
+			glog.V(2).Infof("ExternalTrafficPolicy field set to Local on new or pre-existing service")
 			tpNeedsUpdate = true
 		}
 		hcToCreate, err = gce.ensureHttpHealthCheck(loadBalancerName, path, healthCheckNodePort)

pkg/proxy/iptables/proxier.go

@@ -1069,7 +1069,7 @@ func (proxier *Proxier) syncProxyRules(reason syncReason) {
 
 		svcXlbChain := serviceLBChainName(svcNameString, protocol)
 		if svcInfo.onlyNodeLocalEndpoints {
-			// Only for services with the externalTraffic annotation set to OnlyLocal
+			// Only for services request OnlyLocal traffic
 			// create the per-service LB chain, retaining counters if possible.
 			if lbChain, ok := existingNATChains[svcXlbChain]; ok {
 				writeLine(natChains, lbChain)
@@ -1385,7 +1385,7 @@ func (proxier *Proxier) syncProxyRules(reason syncReason) {
 			continue
 		}
 
-		// Now write ingress loadbalancing & DNAT rules only for services that have a localOnly annotation
+		// Now write ingress loadbalancing & DNAT rules only for services that request OnlyLocal traffic.
 		// TODO - This logic may be combinable with the block above that creates the svc balancer chain
 		localEndpoints := make([]*endpointsInfo, 0)
 		localEndpointChains := make([]utiliptables.Chain, 0)

test/e2e/firewall.go

@@ -60,7 +60,7 @@ var _ = framework.KubeDescribe("Firewall rule", func() {
 		nodesSet := sets.NewString(nodesNames...)
 
 		// OnlyLocal service is needed to examine which exact nodes the requests are being forwarded to by the Load Balancer on GCE
-		By("Creating a LoadBalancer type service with onlyLocal annotation")
+		By("Creating a LoadBalancer type service with ExternalTrafficPolicy=Local")
 		svc := jig.CreateOnlyLocalLoadBalancerService(ns, serviceName,
 			framework.LoadBalancerCreateTimeoutDefault, false, func(svc *v1.Service) {
 				svc.Spec.Ports = []v1.ServicePort{{Protocol: "TCP", Port: framework.FirewallTestHttpPort}}

test/e2e/framework/service_util.go

@@ -34,7 +34,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/kubernetes/pkg/api/v1"
-	"k8s.io/kubernetes/pkg/api/v1/service"
 	"k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
 	"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 	"k8s.io/kubernetes/pkg/client/retry"
@@ -189,15 +188,15 @@ func (j *ServiceTestJig) ChangeServiceType(namespace, name string, newType v1.Se
 	}
 }
 
-// CreateOnlyLocalNodePortService creates a loadbalancer service and sanity checks its
+// CreateOnlyLocalNodePortService creates a NodePort service with
-// nodePort. If createPod is true, it also creates an RC with 1 replica of
+// ExternalTrafficPolicy set to Local and sanity checks its nodePort.
+// If createPod is true, it also creates an RC with 1 replica of
 // the standard netexec container used everywhere in this test.
 func (j *ServiceTestJig) CreateOnlyLocalNodePortService(namespace, serviceName string, createPod bool) *v1.Service {
-	By("creating a service " + namespace + "/" + serviceName + " with type=NodePort and annotation for local-traffic-only")
+	By("creating a service " + namespace + "/" + serviceName + " with type=NodePort and ExternalTrafficPolicy=Local")
 	svc := j.CreateTCPServiceOrFail(namespace, func(svc *v1.Service) {
 		svc.Spec.Type = v1.ServiceTypeNodePort
-		svc.ObjectMeta.Annotations = map[string]string{
+		svc.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeLocal
-			service.BetaAnnotationExternalTraffic: service.AnnotationValueExternalTrafficLocal}
 		svc.Spec.Ports = []v1.ServicePort{{Protocol: "TCP", Port: 80}}
 	})
 
@@ -209,18 +208,18 @@ func (j *ServiceTestJig) CreateOnlyLocalNodePortService(namespace, serviceName s
 	return svc
 }
 
-// CreateOnlyLocalLoadBalancerService creates a loadbalancer service and waits for it to
+// CreateOnlyLocalLoadBalancerService creates a loadbalancer service with
-// acquire an ingress IP. If createPod is true, it also creates an RC with 1
+// ExternalTrafficPolicy set to Local and waits for it to acquire an ingress IP.
-// replica of the standard netexec container used everywhere in this test.
+// If createPod is true, it also creates an RC with 1 replica of
+// the standard netexec container used everywhere in this test.
 func (j *ServiceTestJig) CreateOnlyLocalLoadBalancerService(namespace, serviceName string, timeout time.Duration, createPod bool,
 	tweak func(svc *v1.Service)) *v1.Service {
-	By("creating a service " + namespace + "/" + serviceName + " with type=LoadBalancer and annotation for local-traffic-only")
+	By("creating a service " + namespace + "/" + serviceName + " with type=LoadBalancer and ExternalTrafficPolicy=Local")
 	svc := j.CreateTCPServiceOrFail(namespace, func(svc *v1.Service) {
 		svc.Spec.Type = v1.ServiceTypeLoadBalancer
 		// We need to turn affinity off for our LB distribution tests
 		svc.Spec.SessionAffinity = v1.ServiceAffinityNone
-		svc.ObjectMeta.Annotations = map[string]string{
+		svc.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeLocal
-			service.BetaAnnotationExternalTraffic: service.AnnotationValueExternalTrafficLocal}
 		if tweak != nil {
 			tweak(svc)
 		}

test/e2e/service.go

@@ -1441,7 +1441,7 @@ var _ = framework.KubeDescribe("ESIPP [Slow]", func() {
 		}
 	})
 
-	It("should handle updates to source ip annotation", func() {
+	It("should handle updates to ExternalTrafficPolicy field", func() {
 		namespace := f.Namespace.Name
 		serviceName := "external-local"
 		jig := framework.NewServiceTestJig(cs, serviceName)
@@ -1458,16 +1458,15 @@ var _ = framework.KubeDescribe("ESIPP [Slow]", func() {
 			Expect(cs.Core().Services(svc.Namespace).Delete(svc.Name, nil)).NotTo(HaveOccurred())
 		}()
 
-		// save the health check node port because it disappears when lift the annotation.
+		// save the health check node port because it disappears when ESIPP is turned off.
 		healthCheckNodePort := int(service.GetServiceHealthCheckNodePort(svc))
 
 		By("turning ESIPP off")
 		svc = jig.UpdateServiceOrFail(svc.Namespace, svc.Name, func(svc *v1.Service) {
-			svc.ObjectMeta.Annotations[service.BetaAnnotationExternalTraffic] =
+			svc.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeGlobal
-				service.AnnotationValueExternalTrafficGlobal
 		})
 		if service.GetServiceHealthCheckNodePort(svc) > 0 {
-			framework.Failf("Service HealthCheck NodePort annotation still present")
+			framework.Failf("Service HealthCheck NodePort still present")
 		}
 
 		endpointNodeMap := jig.GetEndpointNodes(svc)
@@ -1525,13 +1524,11 @@ var _ = framework.KubeDescribe("ESIPP [Slow]", func() {
 		// If the health check nodePort has NOT been freed, the new service
 		// creation will fail.
 
-		By("turning ESIPP annotation back on")
+		By("setting ExternalTraffic field back to OnlyLocal")
 		svc = jig.UpdateServiceOrFail(svc.Namespace, svc.Name, func(svc *v1.Service) {
-			svc.ObjectMeta.Annotations[service.BetaAnnotationExternalTraffic] =
+			svc.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeLocal
-				service.AnnotationValueExternalTrafficLocal
 			// Request the same healthCheckNodePort as before, to test the user-requested allocation path
-			svc.ObjectMeta.Annotations[service.BetaAnnotationHealthCheckNodePort] =
+			svc.Spec.HealthCheckNodePort = int32(healthCheckNodePort)
-				fmt.Sprintf("%d", healthCheckNodePort)
 		})
 		pollErr = wait.PollImmediate(framework.Poll, framework.KubeProxyLagTimeout, func() (bool, error) {
 			content := jig.GetHTTPContent(ingressIP, svcTCPPort, framework.KubeProxyLagTimeout, path)