From 10c2de0a391abe4bf14b763281a65581cc9a3c68 Mon Sep 17 00:00:00 2001 From: l-technicore Date: Fri, 16 Feb 2024 17:29:43 +0530 Subject: [PATCH] Documentation updated and version update in Makefile --- Makefile | 2 +- README.md | 2 +- VERSION | 2 +- docs/load-balancer-annotations.md | 78 ++++++++++--------- .../providers/oci/load_balancer.go | 1 - 5 files changed, 43 insertions(+), 42 deletions(-) diff --git a/Makefile b/Makefile index 4c8b62275..7ed17120c 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ else VERSION ?= ${VERSION} endif -RELEASE = v1.27.0 +RELEASE = v1.28.0 GOOS ?= linux ARCH ?= amd64 diff --git a/README.md b/README.md index e7895c7de..ee721707d 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ cloud-provider specific code out of the Kubernetes codebase. Note: -Versions older than v1.25.2 are no longer supported, new features / bug fixes will be available in v1.25.2 and later. +Versions older than v1.26.3 are no longer supported, new features / bug fixes will be available in v1.26.3 and later. ## Implementation Currently `oci-cloud-controller-manager` implements: diff --git a/VERSION b/VERSION index b0c101e63..e0250ea3c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.27 +1.28 diff --git a/docs/load-balancer-annotations.md b/docs/load-balancer-annotations.md index bbba6f644..5839c991e 100644 --- a/docs/load-balancer-annotations.md +++ b/docs/load-balancer-annotations.md @@ -31,27 +31,29 @@ spec: ## Load balancer Specific Annotations -| Name | Description | Default | -|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------| -| `service.beta.kubernetes.io/oci-load-balancer-internal` | Create an [internal load balancer][1]. Cannot be modified after load balancer creation. | `false` | -| `service.beta.kubernetes.io/oci-load-balancer-shape` | A template that determines the load balancer's total pre-provisioned capacity (bandwidth) for ingress plus egress traffic. Available shapes include `100Mbps`, `400Mbps`, `8000Mbps` and `flexible`. Use `oci lb shape list` to get the list of shapes supported on your account | `"100Mbps"` | -| `service.beta.kubernetes.io/oci-load-balancer-shape-flex-min` | A template that determines the load balancer's minimum pre-provisioned capacity (bandwidth) for ingress plus egress traffic. Only used when `oci-load-balancer-shape` is set to `flexible` | `N/A` | -| `service.beta.kubernetes.io/oci-load-balancer-shape-flex-max` | A template that determines the load balancer's maximum pre-provisioned capacity (bandwidth) for ingress plus egress traffic. Only used when `oci-load-balancer-shape` is set to `flexible` | `N/A` | -| `service.beta.kubernetes.io/oci-load-balancer-subnet1` | The OCID of the one required regional subnet to attach the load balancer to OR The OCID of the first [subnet][2] of the two required Availability Domain specific subnets to attach the load balancer to. Must be in separate Availability Domains. | Value provided in config file | -| `service.beta.kubernetes.io/oci-load-balancer-subnet2` | The OCID of the second [subnet][2] of the two required subnets to attach the load balancer to. Must be in separate Availability Domains. | Value provided in config file | -| `service.beta.kubernetes.io/oci-load-balancer-health-check-retries` | The number of retries to attempt before a backend server is considered "unhealthy". | `3` | -| `service.beta.kubernetes.io/oci-load-balancer-health-check-timeout` | The maximum time, in milliseconds, to wait for a reply to a [health check][6]. A [health check][6] is successful only if a reply returns within this timeout period. | `3000` | -| `service.beta.kubernetes.io/oci-load-balancer-health-check-interval` | The interval between [health checks][6] requests, in milliseconds. | `10000` | -| `service.beta.kubernetes.io/oci-load-balancer-connection-idle-timeout` | The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. | `300` for TCP listeners, `60` for HTTP listeners | -| `service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode` | Specifies the [security list mode](##security-list-management-modes) (`"All"`, `"Frontend"`,`"None"`) to configure how security lists are managed by the CCM. | `"All"` | -| `service.beta.kubernetes.io/oci-load-balancer-backend-protocol` | Specifies protocol on which the listener accepts connection requests. To get a list of valid protocols, use the [`ListProtocols`][5] operation. | `"TCP"` | -| `service.beta.kubernetes.io/oci-load-balancer-ssl-ports` | The ports to enable SSL termination on the corresponding load balancer listener | `443` | -| `service.beta.kubernetes.io/oci-load-balancer-tls-secret` | The TLS secret to install on the load balancer listeners which have SSL enabled. | `N/A` | -| `oci.oraclecloud.com/oci-network-security-groups` | Specifies Network Security Groups' OCIDs to be associated with the loadbalancer. Please refer [here][8] for NSG details. | `N/A` | -| `oci.oraclecloud.com/loadbalancer-policy` | Specifies loadbalancer traffic policy for the loadbalancer. To get a list of valid policies, use the [`ListPolicies`][7] operation. | `"ROUND_ROBIN"` | -| `oci.oraclecloud.com/initial-defined-tags-override` | Specifies one or more Defined tags to apply to the OCI Load Balancer. Valid values: `'{"namespace1": {"tag1": "value1", "tag2": "value2"}}'` | `N/A` | -| `oci.oraclecloud.com/initial-freeform-tags-override` | Specifies one or more Freeform tags to apply to the OCI Load Balancer. Valid values: '{"tag1": "value1", "tag2": "value2"}'` | `N/A` | -| `oci.oraclecloud.com/node-label-selector` | Specifies which nodes to add as a backend to the OCI Load Balancer. | `N/A` | +| Name | Description | Default | Example | +|------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|:--------------------------------------------------------:| +| `service.beta.kubernetes.io/oci-load-balancer-internal` | Create an [internal load balancer][1]. Cannot be modified after load balancer creation. | `false` | `false` | +| `service.beta.kubernetes.io/oci-load-balancer-shape` | A template that determines the load balancer's total pre-provisioned capacity (bandwidth) for ingress plus egress traffic. Available shapes include `100Mbps`, `400Mbps`, `8000Mbps` and `flexible`. Use `oci lb shape list` to get the list of shapes supported on your account | `"100Mbps"` | `"100Mbps"` | +| `service.beta.kubernetes.io/oci-load-balancer-shape-flex-min` | A template that determines the load balancer's minimum pre-provisioned capacity (bandwidth) for ingress plus egress traffic. Only used when `oci-load-balancer-shape` is set to `flexible`. | `N/A` | `"100"` | +| `service.beta.kubernetes.io/oci-load-balancer-shape-flex-max` | A template that determines the load balancer's maximum pre-provisioned capacity (bandwidth) for ingress plus egress traffic. Only used when `oci-load-balancer-shape` is set to `flexible`. | `N/A` | `"100"` | +| `service.beta.kubernetes.io/oci-load-balancer-subnet1` | The OCID of the one required regional subnet to attach the load balancer to OR The OCID of the first [subnet][2] of the two required Availability Domain specific subnets to attach the load balancer to. Must be in separate Availability Domains. | Value provided in config file | `"ocid1..."` | +| `service.beta.kubernetes.io/oci-load-balancer-subnet2` | The OCID of the second [subnet][2] of the two required subnets to attach the load balancer to. Must be in separate Availability Domains. | Value provided in config file | `"ocid1..."` | +| `service.beta.kubernetes.io/oci-load-balancer-health-check-retries` | The number of retries to attempt before a backend server is considered "unhealthy". | `3` | | +| `service.beta.kubernetes.io/oci-load-balancer-health-check-timeout` | The maximum time, in milliseconds, to wait for a reply to a [health check][6]. A [health check][6] is successful only if a reply returns within this timeout period. | `3000` | | +| `service.beta.kubernetes.io/oci-load-balancer-health-check-interval` | The interval between [health checks][6] requests, in milliseconds. | `10000` | | +| `service.beta.kubernetes.io/oci-load-balancer-connection-idle-timeout` | The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. | `300` for TCP listeners, `60` for HTTP listeners | | +| `service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode` | Specifies the [security list mode](##security-list-management-modes) (`"All"`, `"Frontend"`,`"None"`) to configure how security lists are managed by the CCM. | `"All"` | | +| `service.beta.kubernetes.io/oci-load-balancer-backend-protocol` | Specifies protocol on which the listener accepts connection requests. To get a list of valid protocols, use the [`ListProtocols`][5] operation. | `"TCP"` | | +| `service.beta.kubernetes.io/oci-load-balancer-ssl-ports` | The ports to enable SSL termination on the corresponding load balancer listener | `443` | | +| `service.beta.kubernetes.io/oci-load-balancer-tls-secret` | The TLS secret to install on the load balancer listeners which have SSL enabled. | `N/A` | | +| `oci.oraclecloud.com/oci-network-security-groups` | Specifies Network Security Groups' OCIDs to be associated with the loadbalancer. Please refer [here][8] for NSG details. Example NSG OCID: `ocid1.networksecuritygroup.oc1.iad.aaa` | `N/A` | `"ocid1...aaa, ocid1...bbb"` | +| `oci.oraclecloud.com/loadbalancer-policy` | Specifies loadbalancer traffic policy for the loadbalancer. To get a list of valid policies, use the [`ListPolicies`][7] operation. | `"ROUND_ROBIN"` | | +| `oci.oraclecloud.com/initial-defined-tags-override` | Specifies one or more Defined tags to apply to the OCI Load Balancer. | `N/A` | `'{"namespace1": {"tag1": "value1", "tag2": "value2"}}'` | +| `oci.oraclecloud.com/initial-freeform-tags-override` | Specifies one or more Freeform tags to apply to the OCI Load Balancer. | `N/A` | `'{"tag1": "value1", "tag2": "value2"}'` | +| `oci.oraclecloud.com/node-label-selector` | Specifies which nodes to add as a backend to the OCI Load Balancer. | `N/A` | | +| `oci.oraclecloud.com/security-rule-management-mode` | Specifies the security rule management mode ("SL-All", "SL-Frontend", "NSG", "None") that configures how security lists are managed by the CCM | `N/A` | `"NSG"` | +| `oci.oraclecloud.com/oci-backend-network-security-group` | Specifies backend Network Security Group(s)' OCID(s) for management of ingress / egress security rules for the LB/NLB by the CCM. Example NSG OCID: `ocid1.networksecuritygroup.oc1.iad.aaa` | `N/A` | `"ocid1...aaa, ocid1...bbb"` | Note: @@ -78,20 +80,22 @@ Note: ## Network Load Balancer Specific Annotations -| Name | Description | Default | -|-----------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| `oci-network-load-balancer.oraclecloud.com/internal` | Create an [internal network load balancer][1]. Cannot be modified after load balancer creation. | `false` | -| `oci-network-load-balancer.oraclecloud.com/subnet` | The OCID of the required regional or AD specific subnet to attach the network load balancer. | Value set for the cluster | -| `oci-network-load-balancer.oraclecloud.com/oci-network-security-groups` | Specifies Network Security Groups' OCIDs to be associated with the network load balancer. | `""` | -| `oci-network-load-balancer.oraclecloud.com/initial-freeform-tags-override` | Specifies one or multiple Freeform tags to apply to the OCI Network Load Balancer. Valid values: `'{"tag1": "value1", "tag2": "value2"}'` | `""` | -| `oci-network-load-balancer.oraclecloud.com/initial-defined-tags-override` | Specifies one or multiple Defined tags to apply to the OCI Network Load Balancer. Valid values: `'{"namespace1": {"tag1": "value1", "tag2": "value2"}}'` | `""` | -| `oci-network-load-balancer.oraclecloud.com/health-check-retries` | The number of retries to attempt before a backend server is considered "unhealthy". | `3` | -| `oci-network-load-balancer.oraclecloud.com/health-check-timeout` | The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. | `3000 ms` | -| `oci-network-load-balancer.oraclecloud.com/health-check-interval` | The interval between health checks requests, in milliseconds. | `3000 ms` | -| `oci-network-load-balancer.oraclecloud.com/backend-policy` | The network load balancer policy for the backend set. Valid values: "TWO_TUPLE", "THREE_TUPLE", or "FIVE_TUPLE" | `"FIVE_TUPLE"` | -| `oci-network-load-balancer.oraclecloud.com/security-list-management-mode` | Specifies the security list mode ("All", "Frontend","None") to configure how security lists are managed. | `"None"` | -| `oci-network-load-balancer.oraclecloud.com/node-label-selector` | Specifies which nodes to add as a backend to the OCI Network Load Balancer. | `"None"` | -| `oci-network-load-balancer.oraclecloud.com/is-preserve-source` | Enable or disable the network load balancer to preserve source address of incoming traffic. Can be set only when externalTrafficPolicy is set to Local. | `"true" (if externalTrafficPolicy=Local)` | +| Name | Description | Default | +|----------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------| +| `oci-network-load-balancer.oraclecloud.com/internal` | Create an [internal network load balancer][1]. Cannot be modified after load balancer creation. | `false` | +| `oci-network-load-balancer.oraclecloud.com/subnet` | The OCID of the required regional or AD specific subnet to attach the network load balancer. | Value set for the cluster | +| `oci-network-load-balancer.oraclecloud.com/oci-network-security-groups` | Specifies Network Security Groups' OCIDs to be associated with the network load balancer. | `""` | +| `oci-network-load-balancer.oraclecloud.com/initial-freeform-tags-override` | Specifies one or multiple Freeform tags to apply to the OCI Network Load Balancer. Valid values: `'{"tag1": "value1", "tag2": "value2"}'` | `""` | +| `oci-network-load-balancer.oraclecloud.com/initial-defined-tags-override` | Specifies one or multiple Defined tags to apply to the OCI Network Load Balancer. Valid values: `'{"namespace1": {"tag1": "value1", "tag2": "value2"}}'` | `""` | +| `oci-network-load-balancer.oraclecloud.com/health-check-retries` | The number of retries to attempt before a backend server is considered "unhealthy". | `3` | +| `oci-network-load-balancer.oraclecloud.com/health-check-timeout` | The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. | `3000 ms` | +| `oci-network-load-balancer.oraclecloud.com/health-check-interval` | The interval between health checks requests, in milliseconds. | `3000 ms` | +| `oci-network-load-balancer.oraclecloud.com/backend-policy` | The network load balancer policy for the backend set. Valid values: "TWO_TUPLE", "THREE_TUPLE", or "FIVE_TUPLE" | `"FIVE_TUPLE"` | +| `oci-network-load-balancer.oraclecloud.com/security-list-management-mode` | Specifies the security list mode ("All", "Frontend","None") to configure how security lists are managed. | `"None"` | +| `oci-network-load-balancer.oraclecloud.com/node-label-selector` | Specifies which nodes to add as a backend to the OCI Network Load Balancer. | `"None"` | +| `oci-network-load-balancer.oraclecloud.com/is-preserve-source` | Enable or disable the network load balancer to preserve source address of incoming traffic. Can be set only when externalTrafficPolicy is set to Local. | `"true" (if externalTrafficPolicy=Local)` | +| `oci.oraclecloud.com/security-rule-management-mode` | Specifies the security rule management mode ("SL-All", "SL-Frontend", "NSG", "None") that configures how security lists are managed by the CCM | `N/A` | +| `oci.oraclecloud.com/oci-backend-network-security-group` | Specifies backend Network Security Group(s)' OCID(s) for management of ingress / egress security rules for the LB/NLB by the CCM. Example NSG OCID: `ocid1.networksecuritygroup.oc1.iad.aaa` | `N/A` | Note: - The only security list management mode allowed when backend protocol is UDP is "None" @@ -122,9 +126,7 @@ Note: - The only security list management mode allowed when backend protocol is UDP is "None" - `externalTrafficPolicy` should be "Local" for preserving source IP - We recommend to set the `security-list-management-mode` as "None" and configure NSG / Security rules on your own. - -Note: -- The only security list management mode allowed when backend protocol is UDP is "None" +- The new `security-rule-management-mode`: `"NSG"` provides a better way to manage your Load Balancer/NLB Security Rules via CCM. [1]: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer diff --git a/pkg/cloudprovider/providers/oci/load_balancer.go b/pkg/cloudprovider/providers/oci/load_balancer.go index 9fad45916..18589246e 100644 --- a/pkg/cloudprovider/providers/oci/load_balancer.go +++ b/pkg/cloudprovider/providers/oci/load_balancer.go @@ -784,7 +784,6 @@ func (cp *CloudProvider) EnsureLoadBalancer(ctx context.Context, clusterName str } // Service controller provided empty nodes list - // TODO: Revisit this condition when clusters with mixed node pools are introduced, possibly add len(virtualPods) == 0 check if len(nodes) == 0 { // List all nodes in the cluster nodeList, err := cp.NodeLister.List(labels.Everything())