Added conditions to load balancer services

- Refactor ensureInternalLoadBalancer to return ServiceStatus and update error handling
- Changed the return type of ensureInternalLoadBalancer from (*v1.LoadBalancerStatus, error) to (*v1.ServiceStatus, error).
- Introduced expectedConditions to manage service status conditions effectively.
- Added patch to update conditions in the service

Author: 08volt

cmd/cloud-controller-manager/main.go

@@ -28,7 +28,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	cloudprovider "k8s.io/cloud-provider"
 	"k8s.io/cloud-provider-gcp/providers/gce"
-	_ "k8s.io/cloud-provider-gcp/providers/gce"
 	"k8s.io/cloud-provider/app"
 	"k8s.io/cloud-provider/app/config"
 	"k8s.io/cloud-provider/names"
@@ -67,6 +66,8 @@ var enableDiscretePortForwarding bool
 // LoadBalancerClass
 var enableRBSDefaultForL4NetLB bool
 
+var enableLBServiceConditions bool
+
 func main() {
 	rand.Seed(time.Now().UnixNano())
 
@@ -85,6 +86,7 @@ func main() {
 	cloudProviderFS.BoolVar(&enableMultiProject, "enable-multi-project", false, "Enables project selection from Node providerID for GCE API calls. CAUTION: Only enable if Node providerID is configured by a trusted source.")
 	cloudProviderFS.BoolVar(&enableDiscretePortForwarding, "enable-discrete-port-forwarding", false, "Enables forwarding of individual ports instead of port ranges for GCE external load balancers.")
 	cloudProviderFS.BoolVar(&enableRBSDefaultForL4NetLB, "enable-rbs-default-l4-netlb", false, "Enables RBS defaulting for GCE L4 NetLB")
+	cloudProviderFS.BoolVar(&enableLBServiceConditions, "enable-l4lb-svc-conditions", false, "Enables Conditions on L4 LB Service status to reflect provisioned GCP resources.")
 
 	// add new controllers and initializers
 	nodeIpamController := nodeIPAMController{}
@@ -172,5 +174,15 @@ func cloudInitializer(config *config.CompletedConfig) cloudprovider.Interface {
 		gceCloud.SetEnableRBSDefaultForL4NetLB(true)
 	}
 
+	if enableLBServiceConditions {
+		gceCloud, ok := (cloud).(*gce.Cloud)
+		if !ok {
+			// Fail-fast: If enableLBServiceConditions is set, the cloud
+			// provider MUST be GCE.
+			klog.Fatalf("enable-l4lb-svc-conditions requires GCE cloud provider, but got %T", cloud)
+		}
+		gceCloud.SetEnableL4LBServiceConditions(true)
+	}
+
 	return cloud
 }

providers/gce/BUILD

@@ -13,6 +13,7 @@ go_library(
         "gce_cert.go",
         "gce_clusterid.go",
         "gce_clusters.go",
+        "gce_conditions.go",
         "gce_disks.go",
         "gce_fake.go",
         "gce_firewall.go",
@@ -61,6 +62,8 @@ go_library(
         "//vendor/google.golang.org/api/tpu/v1:tpu",
         "//vendor/gopkg.in/gcfg.v1:gcfg_v1",
         "//vendor/k8s.io/api/core/v1:core",
+        "//vendor/k8s.io/apimachinery/pkg/api/equality",
+        "//vendor/k8s.io/apimachinery/pkg/api/meta",
         "//vendor/k8s.io/apimachinery/pkg/api/resource",
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:meta",
         "//vendor/k8s.io/apimachinery/pkg/fields",

providers/gce/gce.go

@@ -30,8 +30,6 @@ import (
 	"sync"
 	"time"
 
-	gcfg "gopkg.in/gcfg.v1"
-
 	"cloud.google.com/go/compute/metadata"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
@@ -40,6 +38,7 @@ import (
 	compute "google.golang.org/api/compute/v1"
 	container "google.golang.org/api/container/v1"
 	"google.golang.org/api/option"
+	gcfg "gopkg.in/gcfg.v1"
 
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
 
@@ -209,6 +208,9 @@ type Cloud struct {
 
 	// enableRBSDefaultForL4NetLB disable Service controller from picking up services by default
 	enableRBSDefaultForL4NetLB bool
+
+	// enableL4LBServiceConditions enable conditions on service status
+	enableL4LBServiceConditions bool
 }
 
 // ConfigGlobal is the in memory representation of the gce.conf config data
@@ -870,6 +872,10 @@ func (g *Cloud) SetEnableRBSDefaultForL4NetLB(enabled bool) {
 	g.enableRBSDefaultForL4NetLB = enabled
 }
 
+func (g *Cloud) SetEnableL4LBServiceConditions(enabled bool) {
+	g.enableL4LBServiceConditions = enabled
+}
+
 // getProjectsBasePath returns the compute API endpoint with the `projects/` element.
 // The suffix must be added when generating compute resource urls.
 func getProjectsBasePath(basePath string) string {

providers/gce/gce_conditions.go

@@ -0,0 +1,58 @@
+package gce
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	L4LBBackendServiceConditionType = "ServiceLoadBalancerBackendService"
+
+	L4LBTargetPoolConditionType = "ServiceLoadBalancerTargetPool"
+
+	L4LBForwardingRuleConditionType          = "ServiceLoadBalancerForwardingRule"
+	L4LBHealthCheckConditionType             = "ServiceLoadBalancerHealthCheck"
+	L4LBFirewallRuleConditionType            = "ServiceLoadBalancerFirewallRule"
+	L4LBFirewallRuleHealthCheckConditionType = "ServiceLoadBalancerFirewallRuleForHealthCheck"
+
+	L4LBConditionReason = "GCEResourceAllocated"
+)
+
+func NewConditionResourceAllocated(conditionType string, resourceName string) metav1.Condition {
+	return metav1.Condition{
+		LastTransitionTime: metav1.Now(),
+		Type:               conditionType,
+		Status:             metav1.ConditionTrue,
+		Reason:             L4LBConditionReason,
+		Message:            resourceName,
+	}
+}
+
+// NewBackendServiceCondition creates a condition for the backend service.
+func NewBackendServiceCondition(bsName string) metav1.Condition {
+	return NewConditionResourceAllocated(L4LBBackendServiceConditionType, bsName)
+}
+
+// NewTargetPoolCondition creates a condition for the backend service.
+func NewTargetPoolCondition(tpName string) metav1.Condition {
+	return NewConditionResourceAllocated(L4LBTargetPoolConditionType, tpName)
+}
+
+// NewForwardingRuleCondition creates a condition for the TCP forwarding rule.
+func NewForwardingRuleCondition(frName string) metav1.Condition {
+	return NewConditionResourceAllocated(L4LBForwardingRuleConditionType, frName)
+}
+
+// NewHealthCheckCondition creates a condition for the health check.
+func NewHealthCheckCondition(hcName string) metav1.Condition {
+	return NewConditionResourceAllocated(L4LBHealthCheckConditionType, hcName)
+}
+
+// NewFirewallCondition creates a condition for the firewall.
+func NewFirewallCondition(fwName string) metav1.Condition {
+	return NewConditionResourceAllocated(L4LBFirewallRuleConditionType, fwName)
+}
+
+// NewFirewallHealthCheckCondition creates a condition for the firewall health check.
+func NewFirewallHealthCheckCondition(fwName string) metav1.Condition {
+	return NewConditionResourceAllocated(L4LBFirewallRuleHealthCheckConditionType, fwName)
+}

providers/gce/gce_loadbalancer.go

@@ -27,6 +27,7 @@ import (
 	"strings"
 
 	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/equality"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1apply "k8s.io/client-go/applyconfigurations/core/v1"
 	metav1apply "k8s.io/client-go/applyconfigurations/meta/v1"
@@ -197,7 +198,7 @@ func (g *Cloud) EnsureLoadBalancer(ctx context.Context, clusterName string, svc
 		}
 	}
 
-	var status *v1.LoadBalancerStatus
+	var status *v1.ServiceStatus
 	switch desiredScheme {
 	case cloud.SchemeInternal:
 		status, err = g.ensureInternalLoadBalancer(clusterName, clusterID, svc, existingFwdRule, nodes)
@@ -206,10 +207,17 @@ func (g *Cloud) EnsureLoadBalancer(ctx context.Context, clusterName string, svc
 	}
 	if err != nil {
 		klog.Errorf("Failed to EnsureLoadBalancer(%s, %s, %s, %s, %s), err: %v", clusterName, svc.Namespace, svc.Name, loadBalancerName, g.region, err)
-		return status, err
+		return &status.LoadBalancer, err
 	}
+
+	if g.enableL4LBServiceConditions && status != nil && !ConditionsEqual(svc.Status.Conditions, status.Conditions) {
+		if err := g.patchServiceStatusConditions(ctx, svc, status.Conditions); err != nil {
+			return &status.LoadBalancer, err
+		}
+	}
+
 	klog.V(4).Infof("EnsureLoadBalancer(%s, %s, %s, %s, %s): done ensuring loadbalancer.", clusterName, svc.Namespace, svc.Name, loadBalancerName, g.region)
-	return status, err
+	return &status.LoadBalancer, err
 }
 
 // UpdateLoadBalancer is an implementation of LoadBalancer.UpdateLoadBalancer.
@@ -326,3 +334,65 @@ func hasLoadBalancerPortsError(service *v1.Service) bool {
 	}
 	return false
 }
+
+// patchServiceStatusConditions uses Server-Side Apply to update the conditions.
+func (g *Cloud) patchServiceStatusConditions(ctx context.Context, svc *v1.Service, newConditions []metav1.Condition) error {
+	if len(newConditions) == 0 {
+		return nil
+	}
+
+	// Convert []metav1.Condition to standard ApplyConfigurations
+	var applyConditions []*metav1apply.ConditionApplyConfiguration
+	for _, c := range newConditions {
+		applyConditions = append(applyConditions, metav1apply.Condition().
+			WithType(c.Type).
+			WithStatus(c.Status).
+			WithReason(c.Reason).
+			WithMessage(c.Message).
+			WithLastTransitionTime(c.LastTransitionTime).
+			WithObservedGeneration(svc.Generation),
+		)
+	}
+
+	// Construct the Service ApplyConfiguration.
+	svcApply := corev1apply.Service(svc.Name, svc.Namespace).
+		WithStatus(corev1apply.ServiceStatus().
+			WithConditions(applyConditions...))
+
+	opts := metav1.ApplyOptions{
+		FieldManager: "gce-cloud-controller",
+		Force:        true,
+	}
+
+	klog.V(4).Infof("Patching status conditions for service %s/%s via SSA", svc.Namespace, svc.Name)
+	_, err := g.client.CoreV1().Services(svc.Namespace).ApplyStatus(ctx, svcApply, opts)
+	if err != nil {
+		klog.Errorf("Failed to patch status conditions for service %s/%s: %v", svc.Namespace, svc.Name, err)
+	}
+	return err
+}
+
+// ConditionsEqual checks if two slices of conditions are semantically equal.
+// It ignores order and helps avoid unnecessary patches.
+func ConditionsEqual(current, desired []metav1.Condition) bool {
+	if len(current) != len(desired) {
+		return false
+	}
+
+	currentMap := make(map[string]metav1.Condition, len(current))
+	for _, c := range current {
+		currentMap[c.Type] = c
+	}
+
+	for _, d := range desired {
+		c, exists := currentMap[d.Type]
+		if !exists {
+			return false
+		}
+		if !equality.Semantic.DeepEqual(c, d) {
+			return false
+		}
+	}
+
+	return true
+}