🚀 migrate total

pkg/consts/consts.go

@@ -14,7 +14,8 @@ const (
 	DEFAULT_VLB_ID_PIECE_LENGTH       = 8
 	DEFAULT_HASH_NAME_LENGTH          = 5
 	DEFAULT_NAME_DEFAULT_POOL         = "vks_default_pool"
-	DEFAULT_PACKAGE_ID                = "lbp-f562b658-0fd4-4fa6-9c57-c1a803ccbf86"
+	DEFAULT_L7_PACKAGE_ID             = "lbp-f562b658-0fd4-4fa6-9c57-c1a803ccbf86"
+	DEFAULT_L4_PACKAGE_ID             = "lbp-96b6b072-aadb-4b58-9d5f-c16ad69d36aa" // ...............................
 	DEFAULT_HTTPS_LISTENER_NAME       = "vks_https_listener"
 	DEFAULT_HTTP_LISTENER_NAME        = "vks_http_listener"
 

pkg/ingress/controller/annotation.go

@@ -69,7 +69,7 @@ func PointerOf[T any](t T) *T {
 func CreateLoadbalancerOptions(ing *nwv1.Ingress) *loadbalancer.CreateOpts {
 	opt := &loadbalancer.CreateOpts{
 		Name:      "",
-		PackageID: consts.DEFAULT_PACKAGE_ID,
+		PackageID: consts.DEFAULT_L7_PACKAGE_ID,
 		Scheme:    loadbalancer.CreateOptsSchemeOptInternal,
 		SubnetID:  "",
 		Type:      loadbalancer.CreateOptsTypeOptLayer7,

pkg/ingress/controller/controller.go

@@ -356,7 +356,7 @@ func (c *Controller) nodeSyncLoop() {
 	if len(reapplyIngress) > 0 {
 		isReApply = true
 		klog.Infof("Detected change in load balancer update tracker")
-
+		c.trackLBUpdate = utils.NewUpdateTracker()
 	}
 
 	if !isReApply {
@@ -1002,7 +1002,7 @@ func (c *Controller) ensureCompareIngress(oldIng, ing *nwv1.Ingress) (*lObjects.
 	if lbID != "" {
 		newIngExpander.LbID = lbID
 	}
-	lbID, err = c.ensureLoadBalancer(newIngExpander)
+	lbID, err = c.ensureLoadBalancerInstance(newIngExpander)
 	if err != nil {
 		klog.Errorln("error when ensure loadbalancer", err)
 		return nil, err
@@ -1017,7 +1017,7 @@ func (c *Controller) ensureCompareIngress(oldIng, ing *nwv1.Ingress) (*lObjects.
 }
 
 // find or create lb
-func (c *Controller) ensureLoadBalancer(inspect *utils.IngressInspect) (string, error) {
+func (c *Controller) ensureLoadBalancerInstance(inspect *utils.IngressInspect) (string, error) {
 	if inspect.LbID == "" {
 		lb, err := vngcloudutil.CreateLB(c.vLBSC, c.getProjectID(), inspect.LbOptions)
 		if err != nil {
@@ -1471,7 +1471,7 @@ func (c *Controller) ensureSecurityGroups(secgroups, instances []string) error {
 	}
 	// validate security groups
 	validSecgroups := make([]string, 0)
-	getSecgroups, err := vngcloudutil.ListSecurityGroups(c.vLBSC, c.getProjectID())
+	getSecgroups, err := vngcloudutil.ListSecurityGroups(c.vServerSC, c.getProjectID())
 	if err != nil {
 		klog.Errorln("error when list security groups", err)
 		return err
@@ -1490,7 +1490,7 @@ func (c *Controller) ensureSecurityGroups(secgroups, instances []string) error {
 
 	ensureSecGroupsForInstance := func(instanceID string, secgroups []string) error {
 		// get security groups of instance
-		instance, err := vngcloudutil.GetServer(c.vLBSC, c.getProjectID(), instanceID)
+		instance, err := vngcloudutil.GetServer(c.vServerSC, c.getProjectID(), instanceID)
 		if err != nil {
 			klog.Errorln("error when get instance", err)
 			return err
@@ -1516,7 +1516,7 @@ func (c *Controller) ensureSecurityGroups(secgroups, instances []string) error {
 		for secgroup := range secgroupMap {
 			secgroupArr = append(secgroupArr, secgroup)
 		}
-		_, err = vngcloudutil.UpdateSecGroups(c.vLBSC, c.getProjectID(), instanceID, secgroupArr)
+		_, err = vngcloudutil.UpdateSecGroups(c.vServerSC, c.getProjectID(), instanceID, secgroupArr)
 		return err
 	}
 	for _, instanceID := range instances {
@@ -1533,7 +1533,7 @@ func (c *Controller) ensureTags(lbID string, tags map[string]string) error {
 		return nil
 	}
 	// get tags of lb
-	getTags, err := vngcloudutil.GetTags(c.vLBSC, c.getProjectID(), lbID)
+	getTags, err := vngcloudutil.GetTags(c.vServerSC, c.getProjectID(), lbID)
 	if err != nil {
 		klog.Errorln("error when get tags", err)
 		return err
@@ -1555,7 +1555,7 @@ func (c *Controller) ensureTags(lbID string, tags map[string]string) error {
 		return nil
 	}
 	// update tags
-	err = vngcloudutil.UpdateTags(c.vLBSC, c.getProjectID(), lbID, tagMap)
+	err = vngcloudutil.UpdateTags(c.vServerSC, c.getProjectID(), lbID, tagMap)
 	return err
 }
 

pkg/utils/expander.go

@@ -31,7 +31,8 @@ type PolicyExpander struct {
 }
 
 type ListenerExpander struct {
-	UUID string
+	UUID            string
+	DefaultPoolName string // use for L4 only
 	listener.CreateOpts
 }
 type CertificateExpander struct {
@@ -47,7 +48,6 @@ type IngressInspect struct {
 	Namespace   string
 	LbID        string                   // store the lb id
 	LbName      string                   // auto generate or pass by user through annotation
-	// LbPostfix   string                   // a hash id
 	LbOptions   *loadbalancer.CreateOpts // create options for lb
 
 	PolicyExpander      []*PolicyExpander

pkg/utils/updateTracker.go

@@ -66,6 +66,7 @@ func (c *UpdateTracker) GetReapplyIngress(lbs []*objects.LoadBalancer) []string
 			if c.tracker[lb.UUID].updateAt != lb.UpdatedAt {
 				klog.V(3).Infof("Loadbalancer %s has been updated, sync now.", lb.UUID)
 				reapplyIngress = append(reapplyIngress, c.tracker[lb.UUID].ingress...)
+				delete(c.tracker, lb.UUID)
 			}
 		}
 	}

pkg/utils/vngcloud/loadbalancer_utils.go

@@ -9,6 +9,8 @@ import (
 	"github.com/vngcloud/vngcloud-controller-manager/pkg/utils/errors"
 	"github.com/vngcloud/vngcloud-go-sdk/client"
 	lObjects "github.com/vngcloud/vngcloud-go-sdk/vngcloud/objects"
+	"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/loadbalancer/v2/listener"
+	"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/loadbalancer/v2/pool"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/klog/v2"
 )
@@ -64,10 +66,10 @@ func FindListenerByPort(client *client.ServiceClient, projectID string, lbID str
 	}
 	for _, listener := range listeners {
 		if listener.ProtocolPort == port {
-			if (port == 443 && listener.Protocol != "HTTPS") || (port == 80 && listener.Protocol != "HTTP") {
-				klog.Infof("listener %s has wrong protocol %s or wrong port %d", listener.UUID, listener.Protocol, listener.ProtocolPort)
-				return nil, fmt.Errorf("listener %s has wrong protocol %s or wrong port %d", listener.UUID, listener.Protocol, listener.ProtocolPort)
-			}
+			// if (port == 443 && listener.Protocol != "HTTPS") || (port == 80 && listener.Protocol != "HTTP") {
+			// 	klog.Infof("listener %s has wrong protocol %s or wrong port %d", listener.UUID, listener.Protocol, listener.ProtocolPort)
+			// 	return nil, fmt.Errorf("listener %s has wrong protocol %s or wrong port %d", listener.UUID, listener.Protocol, listener.ProtocolPort)
+			// } ......................................
 			return listener, nil
 		}
 	}
@@ -111,3 +113,132 @@ func WaitForLBActive(client *client.ServiceClient, projectID string, lbID string
 
 	return resultLb, err
 }
+
+func ComparePoolOptions(ipool *lObjects.Pool, poolOptions *pool.CreateOpts) *pool.UpdateOpts {
+	isNeedUpdate := false
+	updateOptions := &pool.UpdateOpts{
+		Algorithm:     poolOptions.Algorithm,
+		Stickiness:    poolOptions.Stickiness,
+		TLSEncryption: poolOptions.TLSEncryption,
+		HealthMonitor: poolOptions.HealthMonitor,
+	}
+	if ipool.LoadBalanceMethod != string(poolOptions.Algorithm) ||
+		(poolOptions.Stickiness != nil && ipool.Stickiness != *poolOptions.Stickiness) ||
+		(poolOptions.TLSEncryption != nil && ipool.TLSEncryption != *poolOptions.TLSEncryption) {
+		isNeedUpdate = true
+	}
+	if ipool.HealthMonitor.HealthyThreshold != poolOptions.HealthMonitor.HealthyThreshold ||
+		ipool.HealthMonitor.UnhealthyThreshold != poolOptions.HealthMonitor.UnhealthyThreshold ||
+		ipool.HealthMonitor.Interval != poolOptions.HealthMonitor.Interval ||
+		ipool.HealthMonitor.Timeout != poolOptions.HealthMonitor.Timeout {
+		isNeedUpdate = true
+	}
+	if ipool.HealthMonitor.HealthCheckProtocol == "HTTP" && poolOptions.HealthMonitor.HealthCheckProtocol == pool.CreateOptsHealthCheckProtocolOptHTTP {
+		// domain may return nil
+		if ipool.HealthMonitor.HealthCheckPath == nil || *ipool.HealthMonitor.HealthCheckPath != *poolOptions.HealthMonitor.HealthCheckPath ||
+			ipool.HealthMonitor.DomainName == nil || *ipool.HealthMonitor.DomainName != *poolOptions.HealthMonitor.DomainName ||
+			ipool.HealthMonitor.HttpVersion == nil || *ipool.HealthMonitor.HttpVersion != string(*poolOptions.HealthMonitor.HttpVersion) ||
+			ipool.HealthMonitor.HealthCheckMethod == nil || *ipool.HealthMonitor.HealthCheckMethod != string(*poolOptions.HealthMonitor.HealthCheckMethod) ||
+			ipool.HealthMonitor.SuccessCode == nil || *ipool.HealthMonitor.SuccessCode != *poolOptions.HealthMonitor.SuccessCode {
+			isNeedUpdate = true
+		}
+	} else if ipool.HealthMonitor.HealthCheckProtocol == "HTTP" && poolOptions.HealthMonitor.HealthCheckProtocol == pool.CreateOptsHealthCheckProtocolOptTCP {
+		updateOptions.HealthMonitor.HealthCheckProtocol = pool.CreateOptsHealthCheckProtocolOptHTTP
+		updateOptions.HealthMonitor.HealthCheckPath = ipool.HealthMonitor.HealthCheckPath
+		updateOptions.HealthMonitor.DomainName = ipool.HealthMonitor.DomainName
+		*updateOptions.HealthMonitor.HttpVersion = pool.CreateOptsHealthCheckHttpVersionOpt(*ipool.HealthMonitor.HttpVersion)
+		*updateOptions.HealthMonitor.HealthCheckMethod = pool.CreateOptsHealthCheckMethodOpt(*ipool.HealthMonitor.HealthCheckMethod)
+	} else if ipool.HealthMonitor.HealthCheckProtocol == "TCP" && poolOptions.HealthMonitor.HealthCheckProtocol == pool.CreateOptsHealthCheckProtocolOptHTTP {
+		updateOptions.HealthMonitor.HealthCheckProtocol = pool.CreateOptsHealthCheckProtocolOptTCP
+		updateOptions.HealthMonitor.HealthCheckPath = nil
+		updateOptions.HealthMonitor.DomainName = nil
+		updateOptions.HealthMonitor.HttpVersion = nil
+		updateOptions.HealthMonitor.HealthCheckMethod = nil
+	}
+
+	if !isNeedUpdate {
+		return nil
+	}
+	return updateOptions
+}
+
+func CheckIfPoolMemberExist(mems []*pool.Member, mem *pool.Member) bool {
+	for _, r := range mems {
+		if r.IpAddress == mem.IpAddress &&
+			r.Port == mem.Port &&
+			r.MonitorPort == mem.MonitorPort &&
+			r.Backup == mem.Backup &&
+			// r.Name == mem.Name &&
+			r.Weight == mem.Weight {
+			return true
+		}
+	}
+	return false
+}
+
+func ConvertObjectToPoolMember(obj *lObjects.Member) *pool.Member {
+	return &pool.Member{
+		IpAddress:   obj.Address,
+		Port:        obj.ProtocolPort,
+		MonitorPort: obj.MonitorPort,
+		Backup:      obj.Backup,
+		Weight:      obj.Weight,
+		Name:        obj.Name,
+	}
+}
+
+func ConvertObjectToPoolMemberArray(obj []*lObjects.Member) []*pool.Member {
+	ret := make([]*pool.Member, len(obj))
+	for i, m := range obj {
+		ret[i] = ConvertObjectToPoolMember(m)
+	}
+	return ret
+}
+
+func ComparePoolMembers(p1, p2 []*pool.Member) bool {
+	if len(p1) != len(p2) {
+		return false
+	}
+	for _, m := range p2 {
+		if !CheckIfPoolMemberExist(p1, m) {
+			klog.Infof("member in pool not exist: %v", m)
+			return false
+		}
+	}
+	return true
+}
+
+func CompareListenerOptions(ilis *lObjects.Listener, lisOptions *listener.CreateOpts) *listener.UpdateOpts {
+	isNeedUpdate := false
+	updateOptions := &listener.UpdateOpts{
+		AllowedCidrs:                lisOptions.AllowedCidrs,
+		TimeoutClient:               lisOptions.TimeoutClient,
+		TimeoutMember:               lisOptions.TimeoutMember,
+		TimeoutConnection:           lisOptions.TimeoutConnection,
+		DefaultPoolId:               lisOptions.DefaultPoolId,
+		DefaultCertificateAuthority: lisOptions.DefaultCertificateAuthority,
+		// Headers:                     lisOptions.Headers,
+		// ClientCertificate:           lisOptions.ClientCertificateAuthentication,
+		// ......................................... update later
+	}
+	if ilis.AllowedCidrs != lisOptions.AllowedCidrs ||
+		ilis.TimeoutClient != lisOptions.TimeoutClient ||
+		ilis.TimeoutMember != lisOptions.TimeoutMember ||
+		ilis.TimeoutConnection != lisOptions.TimeoutConnection {
+		isNeedUpdate = true
+	}
+
+	if ilis.DefaultPoolId != lisOptions.DefaultPoolId {
+		klog.Infof("listener need update default pool id: %s", lisOptions.DefaultPoolId)
+		isNeedUpdate = true
+	}
+	if lisOptions.DefaultCertificateAuthority != nil && (ilis.DefaultCertificateAuthority == nil || *(ilis.DefaultCertificateAuthority) != *(lisOptions.DefaultCertificateAuthority)) {
+		klog.Infof("listener need update default certificate authority: %s", *lisOptions.DefaultCertificateAuthority)
+		isNeedUpdate = true
+	}
+	// update cert SNI here .......................................................
+	if !isNeedUpdate {
+		return nil
+	}
+	return updateOptions
+}