NE-408: Allow configuring ELB connection idle timeout

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/go-logr/zapr v1.2.0
 	github.com/google/go-cmp v0.5.6
 	github.com/kevinburke/go-bindata v3.11.0+incompatible
-	github.com/openshift/api v0.0.0-20220429082003-1469fac35c75
+	github.com/openshift/api v0.0.0-20220429222041-b25f69a603a7
 	github.com/openshift/library-go v0.0.0-20220401140922-0716d0ba0657
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.11.0

go.sum

@@ -608,8 +608,8 @@ github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQ
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/openshift/api v0.0.0-20211209135129-c58d9f695577/go.mod h1:DoslCwtqUpr3d/gsbq4ZlkaMEdYqKxuypsDjorcHhME=
 github.com/openshift/api v0.0.0-20220315184754-d7c10d0b647e/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4=
-github.com/openshift/api v0.0.0-20220429082003-1469fac35c75 h1:pPQx0SKvxsVb02NaBNKS3yPT/rwoCIsVO/Et4F7cI14=
-github.com/openshift/api v0.0.0-20220429082003-1469fac35c75/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4=
+github.com/openshift/api v0.0.0-20220429222041-b25f69a603a7 h1:G9EAAWcAzv2+eWN2wlpDQJ4OFbgkmfAg4ppzvE3k2xs=
+github.com/openshift/api v0.0.0-20220429222041-b25f69a603a7/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4=
 github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3/go.mod h1:cwhyki5lqBmrT0m8Im+9I7PGFaraOzcYPtEz93RcsGY=

manifests/00-custom-resource-definition.yaml

@@ -233,6 +233,19 @@ spec:
                                 description: classicLoadBalancerParameters holds configuration
                                   parameters for an AWS classic load balancer. Present
                                   only if type is Classic.
+                                properties:
+                                  connectionIdleTimeout:
+                                    description: connectionIdleTimeout specifies the
+                                      maximum time period that a connection may be
+                                      idle before the load balancer closes the connection.  The
+                                      value must be parseable as a time duration value;
+                                      see <https://pkg.go.dev/time#ParseDuration>.  A
+                                      nil or zero value means no opinion, in which
+                                      case a default value is used.  The default value
+                                      for this field is 60s.  This default is subject
+                                      to change.
+                                    format: duration
+                                    type: string
                                 type: object
                               networkLoadBalancer:
                                 description: networkLoadBalancerParameters holds configuration
@@ -1439,6 +1452,19 @@ spec:
                                 description: classicLoadBalancerParameters holds configuration
                                   parameters for an AWS classic load balancer. Present
                                   only if type is Classic.
+                                properties:
+                                  connectionIdleTimeout:
+                                    description: connectionIdleTimeout specifies the
+                                      maximum time period that a connection may be
+                                      idle before the load balancer closes the connection.  The
+                                      value must be parseable as a time duration value;
+                                      see <https://pkg.go.dev/time#ParseDuration>.  A
+                                      nil or zero value means no opinion, in which
+                                      case a default value is used.  The default value
+                                      for this field is 60s.  This default is subject
+                                      to change.
+                                    format: duration
+                                    type: string
                                 type: object
                               networkLoadBalancer:
                                 description: networkLoadBalancerParameters holds configuration

pkg/operator/controller/ingress/controller.go

@@ -414,7 +414,7 @@ func setDefaultPublishingStrategy(ic *operatorv1.IngressController, infraConfig
 	// operator can safely update.
 	switch effectiveStrategy.Type {
 	case operatorv1.LoadBalancerServiceStrategyType:
-		// Update if GCP LB provider parameters changed.
+		// Update if LB provider parameters changed.
 		statusLB := ic.Status.EndpointPublishingStrategy.LoadBalancer
 		specLB := effectiveStrategy.LoadBalancer
 		if specLB != nil && statusLB != nil {
@@ -426,19 +426,70 @@ func setDefaultPublishingStrategy(ic *operatorv1.IngressController, infraConfig
 				changed = true
 			}
 
-			// If the ProviderParameters field does not exist for spec or status,
-			// just propagate (or remove) ProviderParameters in its entirety
-			// (as long as GCP parameters are specified one way or the other).
-			if specLB.ProviderParameters == nil && statusLB.ProviderParameters != nil && statusLB.ProviderParameters.GCP != nil ||
-				specLB.ProviderParameters != nil && specLB.ProviderParameters.GCP != nil && statusLB.ProviderParameters == nil {
-				ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters = specLB.ProviderParameters
-				changed = true
+			// Detect changes to provider-specific parameters.
+			// Currently the only platforms with configurable
+			// provider-specific parameters are AWS and GCP.
+			var lbType operatorv1.LoadBalancerProviderType
+			if specLB.ProviderParameters != nil {
+				lbType = specLB.ProviderParameters.Type
 			}
-
-			if specLB.ProviderParameters != nil && statusLB.ProviderParameters != nil &&
-				specLB.ProviderParameters.GCP != statusLB.ProviderParameters.GCP {
-				ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.GCP = specLB.ProviderParameters.GCP
-				changed = true
+			switch lbType {
+			case operatorv1.AWSLoadBalancerProvider:
+				// The only provider parameter that is supported
+				// for AWS is the connection idle timeout for
+				// classic ELBs.
+				var specIdleTimeout, statusIdleTimeout metav1.Duration
+				if specLB.ProviderParameters != nil && specLB.ProviderParameters.AWS != nil && specLB.ProviderParameters.AWS.ClassicLoadBalancerParameters != nil {
+					specIdleTimeout = specLB.ProviderParameters.AWS.ClassicLoadBalancerParameters.ConnectionIdleTimeout
+				}
+				if statusLB.ProviderParameters != nil && statusLB.ProviderParameters.AWS != nil && statusLB.ProviderParameters.AWS.ClassicLoadBalancerParameters != nil {
+					statusIdleTimeout = statusLB.ProviderParameters.AWS.ClassicLoadBalancerParameters.ConnectionIdleTimeout
+				}
+				if specIdleTimeout != statusIdleTimeout {
+					if statusLB.ProviderParameters == nil {
+						statusLB.ProviderParameters = &operatorv1.ProviderLoadBalancerParameters{}
+					}
+					if len(statusLB.ProviderParameters.Type) == 0 {
+						statusLB.ProviderParameters.Type = operatorv1.AWSLoadBalancerProvider
+					}
+					if statusLB.ProviderParameters.AWS == nil {
+						statusLB.ProviderParameters.AWS = &operatorv1.AWSLoadBalancerParameters{}
+					}
+					if len(statusLB.ProviderParameters.AWS.Type) == 0 {
+						statusLB.ProviderParameters.AWS.Type = operatorv1.AWSClassicLoadBalancer
+					}
+					if statusLB.ProviderParameters.AWS.ClassicLoadBalancerParameters == nil {
+						statusLB.ProviderParameters.AWS.ClassicLoadBalancerParameters = &operatorv1.AWSClassicLoadBalancerParameters{}
+					}
+					var v metav1.Duration
+					if specIdleTimeout.Duration > 0 {
+						v = specIdleTimeout
+					}
+					statusLB.ProviderParameters.AWS.ClassicLoadBalancerParameters.ConnectionIdleTimeout = v
+					changed = true
+				}
+			case operatorv1.GCPLoadBalancerProvider:
+				// The only provider parameter that is supported
+				// for GCP is the ClientAccess parameter.
+				var specClientAccess, statusClientAccess operatorv1.GCPClientAccess
+				if specLB.ProviderParameters != nil && specLB.ProviderParameters.GCP != nil {
+					specClientAccess = specLB.ProviderParameters.GCP.ClientAccess
+				}
+				if statusLB.ProviderParameters != nil && statusLB.ProviderParameters.GCP != nil {
+					statusClientAccess = statusLB.ProviderParameters.GCP.ClientAccess
+				}
+				if specClientAccess != statusClientAccess {
+					if statusLB.ProviderParameters == nil {
+						statusLB.ProviderParameters = &operatorv1.ProviderLoadBalancerParameters{
+							Type: operatorv1.GCPLoadBalancerProvider,
+						}
+					}
+					if statusLB.ProviderParameters.GCP == nil {
+						statusLB.ProviderParameters.GCP = &operatorv1.GCPLoadBalancerParameters{}
+					}
+					statusLB.ProviderParameters.GCP.ClientAccess = specClientAccess
+					changed = true
+				}
 			}
 
 			return changed

pkg/operator/controller/ingress/controller_test.go

@@ -3,11 +3,14 @@ package ingress
 import (
 	"reflect"
 	"testing"
+	"time"
 
 	"github.com/google/go-cmp/cmp"
 
 	configv1 "github.com/openshift/api/config/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // TestSetDefaultDomain verifies that setDefaultDomain behaves correctly.
@@ -267,6 +270,30 @@ func TestSetDefaultPublishingStrategyHandlesUpdates(t *testing.T) {
 			}
 			return eps
 		}
+		elbWithNullParameters = func() *operatorv1.EndpointPublishingStrategy {
+			eps := lb(operatorv1.ExternalLoadBalancer)
+			eps.LoadBalancer.ProviderParameters = &operatorv1.ProviderLoadBalancerParameters{
+				Type: operatorv1.AWSLoadBalancerProvider,
+				AWS: &operatorv1.AWSLoadBalancerParameters{
+					Type:                          operatorv1.AWSClassicLoadBalancer,
+					ClassicLoadBalancerParameters: &operatorv1.AWSClassicLoadBalancerParameters{},
+				},
+			}
+			return eps
+		}
+		elbWithIdleTimeout = func(timeout metav1.Duration) *operatorv1.EndpointPublishingStrategy {
+			eps := lb(operatorv1.ExternalLoadBalancer)
+			eps.LoadBalancer.ProviderParameters = &operatorv1.ProviderLoadBalancerParameters{
+				Type: operatorv1.AWSLoadBalancerProvider,
+				AWS: &operatorv1.AWSLoadBalancerParameters{
+					Type: operatorv1.AWSClassicLoadBalancer,
+					ClassicLoadBalancerParameters: &operatorv1.AWSClassicLoadBalancerParameters{
+						ConnectionIdleTimeout: timeout,
+					},
+				},
+			}
+			return eps
+		}
 		nlb = func() *operatorv1.EndpointPublishingStrategy {
 			eps := lb(operatorv1.ExternalLoadBalancer)
 			eps.LoadBalancer.ProviderParameters = &operatorv1.ProviderLoadBalancerParameters{
@@ -359,6 +386,30 @@ func TestSetDefaultPublishingStrategyHandlesUpdates(t *testing.T) {
 			expectedResult: false,
 			expectedIC:     makeIC(spec(elb()), status(nlb())),
 		},
+		{
+			name:           "loadbalancer ELB connection idle timeout changed from unset with null provider parameters to 2m",
+			ic:             makeIC(spec(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute})), status(elbWithNullParameters())),
+			expectedResult: true,
+			expectedIC:     makeIC(spec(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute})), status(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute}))),
+		},
+		{
+			name:           "loadbalancer ELB connection idle timeout changed from unset with empty provider parameters to 2m",
+			ic:             makeIC(spec(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute})), status(elbWithIdleTimeout(metav1.Duration{}))),
+			expectedResult: true,
+			expectedIC:     makeIC(spec(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute})), status(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute}))),
+		},
+		{
+			name:           "loadbalancer ELB connection idle timeout changed from unset to -1s",
+			ic:             makeIC(spec(elbWithIdleTimeout(metav1.Duration{Duration: -1 * time.Second})), status(elb())),
+			expectedResult: true,
+			expectedIC:     makeIC(spec(elbWithIdleTimeout(metav1.Duration{Duration: -1 * time.Second})), status(elbWithIdleTimeout(metav1.Duration{}))),
+		},
+		{
+			name:           "loadbalancer ELB connection idle timeout changed from 2m to unset",
+			ic:             makeIC(spec(elb()), status(elbWithIdleTimeout(metav1.Duration{Duration: 2 * time.Minute}))),
+			expectedResult: true,
+			expectedIC:     makeIC(spec(elb()), status(elbWithIdleTimeout(metav1.Duration{}))),
+		},
 		{
 			name:           "loadbalancer GCP Global Access changed from unset to global",
 			ic:             makeIC(spec(gcpLB(operatorv1.GCPGlobalAccess)), status(lb(operatorv1.ExternalLoadBalancer))),

pkg/operator/controller/ingress/load_balancer_service.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
@@ -80,6 +81,10 @@ const (
 	awsLBHealthCheckHealthyThresholdAnnotation = "service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold"
 	awsLBHealthCheckHealthyThresholdDefault    = "2"
 
+	// awsELBConnectionIdleTimeoutAnnotation specifies the timeout for idle
+	// connections for a Classic ELB.
+	awsELBConnectionIdleTimeoutAnnotation = "service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout"
+
 	// iksLBScopeAnnotation is the annotation used on a service to specify an IBM
 	// load balancer IP type.
 	iksLBScopeAnnotation = "service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type"
@@ -215,6 +220,8 @@ var (
 			// AWS LB health check interval annotation (see
 			// <https://bugzilla.redhat.com/show_bug.cgi?id=1908758>).
 			awsLBHealthCheckIntervalAnnotation,
+			// AWS connection idle timeout annotation.
+			awsELBConnectionIdleTimeoutAnnotation,
 			// GCP Global Access internal Load Balancer annotation
 			// (see <https://issues.redhat.com/browse/NE-447>).
 			GCPGlobalAccessAnnotation,
@@ -336,7 +343,8 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef
 
 	service.Spec.Selector = controller.IngressControllerDeploymentPodSelector(ci).MatchLabels
 
-	isInternal := ci.Status.EndpointPublishingStrategy.LoadBalancer != nil && ci.Status.EndpointPublishingStrategy.LoadBalancer.Scope == operatorv1.InternalLoadBalancer
+	lb := ci.Status.EndpointPublishingStrategy.LoadBalancer
+	isInternal := lb != nil && lb.Scope == operatorv1.InternalLoadBalancer
 
 	if service.Annotations == nil {
 		service.Annotations = map[string]string{}
@@ -356,10 +364,10 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef
 
 			// Set the GCP Global Access annotation for internal load balancers on GCP only
 			if platform.Type == configv1.GCPPlatformType {
-				if ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters != nil &&
-					ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.Type == operatorv1.GCPLoadBalancerProvider &&
-					ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.GCP != nil {
-					globalAccessEnabled := ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.GCP.ClientAccess == operatorv1.GCPGlobalAccess
+				if lb != nil && lb.ProviderParameters != nil &&
+					lb.ProviderParameters.Type == operatorv1.GCPLoadBalancerProvider &&
+					lb.ProviderParameters.GCP != nil {
+					globalAccessEnabled := lb.ProviderParameters.GCP.ClientAccess == operatorv1.GCPGlobalAccess
 					service.Annotations[GCPGlobalAccessAnnotation] = strconv.FormatBool(globalAccessEnabled)
 				}
 			}
@@ -371,16 +379,23 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef
 		}
 		switch platform.Type {
 		case configv1.AWSPlatformType:
-			if ci.Status.EndpointPublishingStrategy.LoadBalancer != nil &&
-				ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters != nil &&
-				ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.Type == operatorv1.AWSLoadBalancerProvider &&
-				ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.AWS != nil &&
-				ci.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.AWS.Type == operatorv1.AWSNetworkLoadBalancer {
-				service.Annotations[AWSLBTypeAnnotation] = AWSNLBAnnotation
-				// NLBs require a different health check interval than CLBs
-				service.Annotations[awsLBHealthCheckIntervalAnnotation] = awsLBHealthCheckIntervalNLB
-			} else {
-				service.Annotations[awsLBHealthCheckIntervalAnnotation] = awsLBHealthCheckIntervalDefault
+			service.Annotations[awsLBHealthCheckIntervalAnnotation] = awsLBHealthCheckIntervalDefault
+			if lb != nil && lb.ProviderParameters != nil {
+				if aws := lb.ProviderParameters.AWS; aws != nil && lb.ProviderParameters.Type == operatorv1.AWSLoadBalancerProvider {
+					switch aws.Type {
+					case operatorv1.AWSNetworkLoadBalancer:
+						service.Annotations[AWSLBTypeAnnotation] = AWSNLBAnnotation
+						// NLBs require a different health check interval than CLBs.
+						// See <https://bugzilla.redhat.com/show_bug.cgi?id=1908758>.
+						service.Annotations[awsLBHealthCheckIntervalAnnotation] = awsLBHealthCheckIntervalNLB
+					case operatorv1.AWSClassicLoadBalancer:
+						if aws.ClassicLoadBalancerParameters != nil {
+							if v := aws.ClassicLoadBalancerParameters.ConnectionIdleTimeout; v.Duration > 0 {
+								service.Annotations[awsELBConnectionIdleTimeoutAnnotation] = strconv.FormatUint(uint64(v.Round(time.Second).Seconds()), 10)
+							}
+						}
+					}
+				}
 			}
 
 			if platform.AWS != nil && len(platform.AWS.ResourceTags) > 0 {