refactor: remove lb to service annotations (#933)

The cloudprovider interface defines the service object as read-only.
Therefore, we should not, and don't need to, copy data from the load
balancer to the service annotations.

---------

Co-authored-by: Julian Tölle <julian.toelle@hetzner-cloud.de>

Author: lukasmetzner

hcloud/load_balancers.go

@@ -196,10 +196,6 @@ func (l *loadBalancers) EnsureLoadBalancer(
 		}
 	}
 
-	if err := annotation.LBToService(svc, lb); err != nil {
-		return nil, fmt.Errorf("%s: %w", op, err)
-	}
-
 	// Either set the Hostname or the IPs (below).
 	// See: https://github.com/kubernetes/kubernetes/issues/66607
 	if v, ok := annotation.LBHostname.StringFromService(svc); ok {
@@ -232,12 +228,7 @@ func (l *loadBalancers) buildLoadBalancerStatusIngress(lb *hcloud.LoadBalancer,
 		ipMode = corev1.LoadBalancerIPModeProxy
 	}
 
-	disablePubNet, err := annotation.LBDisablePublicNetwork.BoolFromService(svc)
-	if err != nil && !errors.Is(err, annotation.ErrNotSet) {
-		return nil, fmt.Errorf("%s: %w", op, err)
-	}
-
-	if !disablePubNet {
+	if lb.PublicNet.Enabled {
 		ingress = append(ingress, corev1.LoadBalancerIngress{
 			IP:     lb.PublicNet.IPv4.IP.String(),
 			IPMode: &ipMode,

hcloud/load_balancers_test.go

@@ -29,14 +29,16 @@ func TestLoadBalancers_GetLoadBalancer(t *testing.T) {
 		{
 			Name:       "get load balancer without host name IPv6 disabled",
 			ServiceUID: "1",
-			ServiceAnnotations: map[annotation.Name]interface{}{
-				annotation.LBIPv6Disabled: true,
+			ServiceAnnotations: map[annotation.Name]string{
+				annotation.LBIPv6Disabled: "true",
 			},
 			LB: &hcloud.LoadBalancer{
 				ID:   1,
 				Name: "no-host-name",
 				PublicNet: hcloud.LoadBalancerPublicNet{
-					IPv4: hcloud.LoadBalancerPublicNetIPv4{IP: net.ParseIP("1.2.3.4")},
+					Enabled: true,
+					IPv4:    hcloud.LoadBalancerPublicNetIPv4{IP: net.ParseIP("1.2.3.4")},
+					IPv6:    hcloud.LoadBalancerPublicNetIPv6{IP: net.ParseIP("fe80::1")},
 				},
 			},
 			Mock: func(_ *testing.T, tt *LoadBalancerTestCase) {
@@ -62,8 +64,9 @@ func TestLoadBalancers_GetLoadBalancer(t *testing.T) {
 				ID:   1,
 				Name: "no-host-name",
 				PublicNet: hcloud.LoadBalancerPublicNet{
-					IPv4: hcloud.LoadBalancerPublicNetIPv4{IP: net.ParseIP("1.2.3.4")},
-					IPv6: hcloud.LoadBalancerPublicNetIPv6{IP: net.ParseIP("fe80::1")},
+					Enabled: true,
+					IPv4:    hcloud.LoadBalancerPublicNetIPv4{IP: net.ParseIP("1.2.3.4")},
+					IPv6:    hcloud.LoadBalancerPublicNetIPv6{IP: net.ParseIP("fe80::1")},
 				},
 			},
 			Mock: func(_ *testing.T, tt *LoadBalancerTestCase) {
@@ -91,7 +94,7 @@ func TestLoadBalancers_GetLoadBalancer(t *testing.T) {
 					On("GetByK8SServiceUID", tt.Ctx, tt.Service).
 					Return(tt.LB, nil)
 			},
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBHostname: "hostname",
 			},
 			Perform: func(t *testing.T, tt *LoadBalancerTestCase) {
@@ -261,9 +264,9 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 		{
 			Name:       "public network only no ipv6",
 			ServiceUID: "2",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName:         "pub-net-only-no-ipv6",
-				annotation.LBIPv6Disabled: true,
+				annotation.LBIPv6Disabled: "true",
 			},
 			LB: &hcloud.LoadBalancer{
 				ID:               1,
@@ -292,7 +295,7 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 		{
 			Name:       "public network only",
 			ServiceUID: "2",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "pub-net-only",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -325,7 +328,7 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 			Name:       "attach Load Balancer to public and private network",
 			NetworkID:  4711,
 			ServiceUID: "3",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "with-priv-net",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -368,7 +371,7 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 			Name:       "disable private ingress via default",
 			NetworkID:  4711,
 			ServiceUID: "5",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "with-priv-net-no-priv-ingress",
 			},
 			DisablePrivateIngressDefault: true,
@@ -411,9 +414,9 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 			Name:       "disable private ingress via annotation",
 			NetworkID:  4711,
 			ServiceUID: "5",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName:                  "with-priv-net-no-priv-ingress",
-				annotation.LBDisablePrivateIngress: true,
+				annotation.LBDisablePrivateIngress: "true",
 			},
 			LB: &hcloud.LoadBalancer{
 				ID:               1,
@@ -454,9 +457,9 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 			Name:       "attach Load Balancer to private network only",
 			NetworkID:  4711,
 			ServiceUID: "6",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName:                 "priv-net-only",
-				annotation.LBDisablePublicNetwork: true,
+				annotation.LBDisablePublicNetwork: "true",
 			},
 			LB: &hcloud.LoadBalancer{
 				ID:               1,
@@ -508,7 +511,7 @@ func TestLoadBalancers_EnsureLoadBalancer_CreateLoadBalancer(t *testing.T) {
 			Name:       "attach Load Balancer to public and private network (with proxy protocol)",
 			NetworkID:  4711,
 			ServiceUID: "3",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName:             "with-priv-net",
 				annotation.LBSvcProxyProtocol: "true",
 			},
@@ -558,7 +561,7 @@ func TestLoadBalancer_EnsureLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "Load balancer unchanged",
 			ServiceUID: "1",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "test-lb",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -580,7 +583,7 @@ func TestLoadBalancer_EnsureLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "Load balancer changed",
 			ServiceUID: "2",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "test-lb",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -603,7 +606,7 @@ func TestLoadBalancer_EnsureLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "Load balancer targets changed",
 			ServiceUID: "3",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "test-lb",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -626,7 +629,7 @@ func TestLoadBalancer_EnsureLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "Load balancer services changed",
 			ServiceUID: "4",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "test-lb",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -649,7 +652,7 @@ func TestLoadBalancer_EnsureLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "fall back to load balancer name",
 			ServiceUID: "5",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "pre-existing-lb",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -681,7 +684,7 @@ func TestLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "Load Balancer not found",
 			ServiceUID: "1",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "test-lb",
 			},
 			Mock: func(_ *testing.T, tt *LoadBalancerTestCase) {
@@ -696,7 +699,7 @@ func TestLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "calls all reconcilement ops",
 			ServiceUID: "2",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "test-lb",
 			},
 			LB: &hcloud.LoadBalancer{
@@ -718,7 +721,7 @@ func TestLoadBalancer_UpdateLoadBalancer(t *testing.T) {
 		{
 			Name:       "fall back to load balancer name",
 			ServiceUID: "3",
-			ServiceAnnotations: map[annotation.Name]interface{}{
+			ServiceAnnotations: map[annotation.Name]string{
 				annotation.LBName: "previously-created-lb",
 			},
 			LB: &hcloud.LoadBalancer{

hcloud/testing.go

@@ -21,7 +21,7 @@ type LoadBalancerTestCase struct {
 	ClusterName                  string
 	NetworkID                    int
 	ServiceUID                   string
-	ServiceAnnotations           map[annotation.Name]interface{}
+	ServiceAnnotations           map[annotation.Name]string
 	DisablePrivateIngressDefault bool
 	DisableIPv6Default           bool
 	Nodes                        []*corev1.Node
@@ -54,12 +54,13 @@ func (tt *LoadBalancerTestCase) run(t *testing.T) {
 		tt.ClusterName = "test-cluster"
 	}
 	tt.Service = &corev1.Service{
-		ObjectMeta: metav1.ObjectMeta{UID: types.UID(tt.ServiceUID)},
+		ObjectMeta: metav1.ObjectMeta{
+			UID:         types.UID(tt.ServiceUID),
+			Annotations: map[string]string{},
+		},
 	}
 	for k, v := range tt.ServiceAnnotations {
-		if err := k.AnnotateService(tt.Service, v); err != nil {
-			t.Fatal(err)
-		}
+		tt.Service.Annotations[string(k)] = v
 	}
 	if tt.Ctx == nil {
 		tt.Ctx = context.Background()
@@ -77,7 +78,9 @@ func (tt *LoadBalancerTestCase) run(t *testing.T) {
 }
 
 func RunLoadBalancerTests(t *testing.T, tests []LoadBalancerTestCase) {
+	t.Helper()
+
 	for _, tt := range tests {
-		tt.run(t)
+		t.Run(tt.Name, func(t *testing.T) { tt.run(t) })
 	}
 }

internal/annotation/load_balancer.go

@@ -1,19 +1,6 @@
 package annotation
 
-import (
-	"fmt"
-
-	corev1 "k8s.io/api/core/v1"
-
-	"github.com/hetznercloud/hcloud-cloud-controller-manager/internal/metrics"
-	"github.com/hetznercloud/hcloud-go/v2/hcloud"
-)
-
 const (
-	// LBID is the ID assigned to the Hetzner Cloud Load Balancer by the
-	// backend. Read-only.
-	LBID Name = "load-balancer.hetzner.cloud/id"
-
 	// LBPublicIPv4 is the public IPv4 address assigned to the Load Balancer by
 	// the backend. Read-only.
 	LBPublicIPv4 Name = "load-balancer.hetzner.cloud/ipv4"
@@ -209,95 +196,10 @@ const (
 	// LBSvcHealthCheckHTTPStatusCodes is a comma separated list of HTTP status
 	// codes which we expect.
 	LBSvcHealthCheckHTTPStatusCodes Name = "load-balancer.hetzner.cloud/http-status-codes"
-)
 
-// LBToService sets the relevant annotations on svc to their respective values
-// from lb.
-func LBToService(svc *corev1.Service, lb *hcloud.LoadBalancer) error {
-	const op = "annotation/LBToService"
-	metrics.OperationCalled.WithLabelValues(op).Inc()
-
-	sa := &serviceAnnotator{Svc: svc}
-
-	sa.Annotate(LBID, lb.ID)
-	sa.Annotate(LBName, lb.Name)
-	sa.Annotate(LBType, lb.LoadBalancerType.Name)
-	sa.Annotate(LBAlgorithmType, lb.Algorithm.Type)
-	sa.Annotate(LBLocation, lb.Location.Name)
-	sa.Annotate(LBNetworkZone, lb.Location.NetworkZone)
-	sa.Annotate(LBPublicIPv4, lb.PublicNet.IPv4.IP)
-	sa.Annotate(LBPublicIPv6, lb.PublicNet.IPv6.IP)
-
-	for _, hclbService := range lb.Services {
-		var found bool
-
-		// Find the HC Load Balancer service that matches our K8S service by
-		// comparing the port numbers.
-		for _, p := range svc.Spec.Ports {
-			if hclbService.ListenPort == int(p.Port) {
-				found = true
-				break
-			}
-		}
-
-		// This hclbService does not match our K8S service. Continue with the
-		// next one.
-		if !found {
-			continue
-		}
-
-		// Once we found a matching service we copy its annotations.
-		sa.Annotate(LBSvcProtocol, hclbService.Protocol)
-		sa.Annotate(LBSvcProxyProtocol, hclbService.Proxyprotocol)
-
-		if isHTTP(hclbService) || isHTTPS(hclbService) {
-			sa.Annotate(LBSvcHTTPCookieName, hclbService.HTTP.CookieName)
-			sa.Annotate(LBSvcHTTPCookieLifetime, hclbService.HTTP.CookieLifetime)
-		}
-
-		if isHTTPS(hclbService) {
-			sa.Annotate(LBSvcRedirectHTTP, hclbService.HTTP.RedirectHTTP)
-			sa.Annotate(LBSvcHTTPCertificates, hclbService.HTTP.Certificates)
-		}
-
-		sa.Annotate(LBSvcHealthCheckProtocol, hclbService.HealthCheck.Protocol)
-		sa.Annotate(LBSvcHealthCheckPort, hclbService.HealthCheck.Port)
-		sa.Annotate(LBSvcHealthCheckInterval, hclbService.HealthCheck.Interval)
-		sa.Annotate(LBSvcHealthCheckTimeout, hclbService.HealthCheck.Timeout)
-		sa.Annotate(LBSvcHealthCheckRetries, hclbService.HealthCheck.Retries)
-
-		if isHTTPHealthCheck(hclbService) || isHTTPSHealthCheck(hclbService) {
-			sa.Annotate(LBSvcHealthCheckHTTPDomain, hclbService.HealthCheck.HTTP.Domain)
-			sa.Annotate(LBSvcHealthCheckHTTPPath, hclbService.HealthCheck.HTTP.Path)
-			sa.Annotate(LBSvcHealthCheckHTTPStatusCodes, hclbService.HealthCheck.HTTP.StatusCodes)
-		}
-		if isHTTPSHealthCheck(hclbService) {
-			sa.Annotate(LBSvcHealthCheckHTTPValidateCertificate, hclbService.HealthCheck.HTTP.TLS)
-		}
-
-		// At most one service matches and we've already found it. There
-		// is no need to bother with the remaining services.
-		break
-	}
-
-	if sa.Err != nil {
-		return fmt.Errorf("%s: %w", op, sa.Err)
-	}
-	return nil
-}
-
-func isHTTP(s hcloud.LoadBalancerService) bool {
-	return s.Protocol == hcloud.LoadBalancerServiceProtocolHTTP
-}
-
-func isHTTPHealthCheck(s hcloud.LoadBalancerService) bool {
-	return s.HealthCheck.HTTP != nil && s.HealthCheck.Protocol == hcloud.LoadBalancerServiceProtocolHTTP
-}
-
-func isHTTPS(s hcloud.LoadBalancerService) bool {
-	return s.Protocol == hcloud.LoadBalancerServiceProtocolHTTPS
-}
-
-func isHTTPSHealthCheck(s hcloud.LoadBalancerService) bool {
-	return s.HealthCheck.HTTP != nil && s.HealthCheck.Protocol == hcloud.LoadBalancerServiceProtocolHTTPS
-}
+	// LBID is the ID assigned to the Hetzner Cloud Load Balancer by the
+	// backend. Read-only.
+	//
+	// Deprecated: This annotation is not used. It is reserved for possible future use.
+	LBID Name = "load-balancer.hetzner.cloud/id"
+)