add information on load balancer lifecycle #2703
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @geoffcline. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/S
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: geoffcline The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/ok-to-test I'm an org member now? |
k8s-ci-robot
added
ok-to-test
| @@ -12,6 +12,7 @@ You can add annotations to kubernetes Ingress and Service objects to customize t | |||
| - Annotations that configures LoadBalancer / Listener behaviors have different merge behavior when IngressGroup feature is been used. `MergeBehavior` column below indicates how such annotation will be merged. | |||
| - Exclusive: such annotation should only be specified on a single Ingress within IngressGroup or specified with same value across all Ingresses within IngressGroup. | |||
| - Merge: such annotation can be specified on all Ingresses within IngressGroup, and will be merged together. | |||
| - The controller may not update the configuration of an *existing* load balancer if an annotation is added/updated. New load balancers will be have an appropriate configuration. | |||
There was a problem hiding this comment.
This controller should update the existing load balancer. In certain case, for example when the load balancer scheme gets modified from internal to internet-facing or vice-versa, controller deletes existing lb and recreates a new one.
There was a problem hiding this comment.
I commented my issue on the other PR (#2680 (comment)) -- let's discuss there
| @@ -7,6 +7,7 @@ | |||
| - stringList: `"s1,s2,s3"` | |||
| - stringMap: `"k1=v1,k2=v2"` | |||
| - json: `"{ \"key\": \"value\" }"` | |||
| - The controller may not update the configuration of an *existing* load balancer if an annotation is added/updated. New load balancers will be have an appropriate configuration. | |||
There was a problem hiding this comment.
Barring some limitations, controller does update the existing load balancer. There are some issues with the kube-controller-manager provisioned load balancer, but this controller should be able to update most of the configuration.
Limitations:
- modifying/adding the annotation
service.beta.kubernetes.io/aws-load-balancer-typeafter service creation is not recommended as there is a potential for leaking the AWS LB resource in case both kcm and this controller act on the service - if user modifies the lb scheme, controller deletes and creates a new lb with the new scheme
- updating subnets may not work - this is due to any temporary limitation put in by the AWS
| ## Lifecycle of AWS Load Balancers | ||
|
|
||
| !!! warning | ||
| The controller, generally, does not update load balancers after creation. |
There was a problem hiding this comment.
load balancer does get updated, this warning is not accurate.
k8s-ci-robot
added
the
do-not-merge/work-in-progress
Issue
Description
Customers may be confused or surprised when an annotation on a service is updated, and the configuration of the corresponding load balancer is not updated. Customers may also be surprised when the controller deletes and recreates a load balancer instead of attempting an in place update.
This new section on load balancer lifecycle raises awareness of this issue, and offers some best practice reccommendations.
Checklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯