🐛 fix(loadbalancer): use subnet in different subregion as a fallback

Author: jfbus

ccm/cloud/loadbalancer.go

@@ -623,13 +623,22 @@ func (c *Cloud) ensureSubnet(ctx context.Context, l *LoadBalancer) error {
 
 	l.SubnetID = make([]string, l.Instances)
 	ensureByTag := func(key, subregion string, i int) bool {
+		// right tag, right subregion
 		for _, subnet := range *resp.Subnets {
 			if tags.Has(subnet.Tags, key) && subnet.SubregionName == subregion {
 				l.SubnetID[i] = subnet.SubnetId
 				l.NetID = subnet.NetId
 				return true
 			}
 		}
+		// fallback: right tag, other subregion
+		for _, subnet := range *resp.Subnets {
+			if tags.Has(subnet.Tags, key) {
+				l.SubnetID[i] = subnet.SubnetId
+				l.NetID = subnet.NetId
+				return true
+			}
+		}
 		return false
 	}
 

ccm/helpers_test.go

@@ -341,6 +341,19 @@ func expectFindLBSubnetWithRole(mock *mocks_osc.MockClient) {
 		}}, nil)
 }
 
+func expectFindLBSubnetWithRoleButAnotherSubregion(mock *mocks_osc.MockClient) {
+	mock.EXPECT().
+		ReadSubnets(gomock.Any(), gomock.Eq(osc.ReadSubnetsRequest{
+			Filters: &osc.FiltersSubnet{
+				TagKeys: &[]string{"OscK8sClusterID/foo"},
+			},
+		})).
+		Return(&osc.ReadSubnetsResponse{Subnets: &[]osc.Subnet{
+			{SubnetId: "subnet-service", NetId: "net-foo", SubregionName: "eu-west-2b", Tags: []osc.ResourceTag{{Key: tags.RoleKey(role.Service)}}},
+			{SubnetId: "subnet-service.internal", NetId: "net-foo", SubregionName: "eu-west-2b", Tags: []osc.ResourceTag{{Key: tags.RoleKey(role.InternalService)}}},
+		}}, nil)
+}
+
 func expectFindLBSubnetWithRoleWithNetFallback(mock *mocks_osc.MockClient) {
 	mock.EXPECT().
 		ReadSubnets(gomock.Any(), gomock.Eq(osc.ReadSubnetsRequest{
@@ -491,12 +504,14 @@ func expectFindExistingWorkerSG(mock *mocks_osc.MockClient) {
 			},
 		})).
 		Return(&osc.ReadSecurityGroupsResponse{SecurityGroups: &[]osc.SecurityGroup{
-			{SecurityGroupId: "sg-worker", Tags: []osc.ResourceTag{{Key: tags.RoleKey(role.Worker)}},
+			{
+				SecurityGroupId: "sg-worker", Tags: []osc.ResourceTag{{Key: tags.RoleKey(role.Worker)}},
 				InboundRules: []osc.SecurityGroupRule{
 					{IpProtocol: "tcp", FromPortRange: 8080, ToPortRange: 8080, SecurityGroupsMembers: []osc.SecurityGroupsMember{{
 						SecurityGroupId: "sg-foo",
 					}}},
-				}},
+				},
+			},
 			{SecurityGroupId: "sg-controlplane", Tags: []osc.ResourceTag{{Key: tags.RoleKey(role.ControlPlane)}}},
 			{SecurityGroupId: "sg-node", Tags: []osc.ResourceTag{{Key: tags.RoleKey(role.Worker)}, {Key: tags.RoleKey(role.ControlPlane)}}},
 		}}, nil)

ccm/loadbalancer_test.go

@@ -231,7 +231,28 @@ func TestEnsureLoadBalancer_Create(t *testing.T) {
 		_, err := p.EnsureLoadBalancer(t.Context(), "foo", svc, []*corev1.Node{&vmNode})
 		require.ErrorIs(t, err, cloud.ErrLoadBalancerIsNotReady)
 	})
-	t.Run("A subnet is found, event if subnets are not tagged by owner", func(t *testing.T) {
+	t.Run("A subnet is found, even if no subnet exists in the right subregion", func(t *testing.T) {
+		svc := testSvc()
+		c, oapimock, lbmock := newAPI(t, self, []string{"foo"})
+		expectVMs(oapimock, sdkSelf, sdkVM)
+		expectNoLoadbalancer(oapimock)
+		expectFindLBSubnetWithRoleButAnotherSubregion(oapimock)
+		expectSGAlreadyExists(oapimock)
+		expectFindWorkerSGByRole(oapimock)
+		expectAddIngressSGRule(oapimock, []string{"0.0.0.0/0"}, "sg-foo")
+		expectAddInternalSGRule(oapimock, "sg-foo", "sg-worker")
+		expectCreateLoadBalancer(oapimock, func(clbr *osc.CreateLoadBalancerRequest) {
+			clbr.Subnets = &[]string{"subnet-service"}
+		})
+		expectConfigureHealthCheck(oapimock)
+		expectDescribeProxyProtocol(lbmock, false)
+		expectDescribeLoadBalancerAttributes(lbmock)
+		expectRegisterInstances(oapimock, sdkVM.VmId)
+		p := ccm.NewProviderWith(c, staticDNSResolver{}, ccm.Options{})
+		_, err := p.EnsureLoadBalancer(t.Context(), "foo", svc, []*corev1.Node{&vmNode})
+		require.Error(t, err)
+	})
+	t.Run("A subnet is found, even if subnets are not tagged by owner", func(t *testing.T) {
 		svc := testSvc()
 		c, oapimock, lbmock := newAPI(t, self, []string{"foo"})
 		expectVMs(oapimock, sdkSelf, sdkVM)