Neg crd feature gate

[swetharepakula]

Add feature gate for NEG CRDs and propagate flag to neg controller and manager.

• Manager creates NEG CRs when NEG CRD is enabled
• Controller deletes neg crds when deleting negs when NEG CRD is enabled

Depends on #1154 being merged

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: login-issues@jira.linuxfoundation.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

Hi @swetharepakula. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[freehan]

/ok-to-test

[freehan]

NegClient -> NegCrdClient?

[swetharepakula]

Since the other clients other than kube client are backendconfigclient and frontendconfigclient I am leaning towards NegClient or SvcNegClient.

[freehan]

I think this can stay as private function. This can be trigger within other public facing interfaces

[freehan]

This should also be ensureDeleteNegServiceCRs.
It should first check if the deleteionTimestamp is set, then proceed to delete if necessary.

[swetharepakula]

Made this a private function and called it from StopSyncer, and also checks for deletion timestamp before deleting.

[freehan]

You might want to do a get and validate if the object is in the desired state. Then create or update

[swetharepakula]

In what situations can we update the existing CR? If any of the ObjectMeta differs, I am thinking that an error should be raised. In other cases, Initialized and Synced conditions are harder to update since we don't really know the state. I am thinking to leave the Initialized condition unchanged, and change the Synced Condition to ConditionUnknown if we find an existing CR that matches the Neg we wish to create. What do you think?

[freehan]

I think you need to mirror this behavior for removes. So that you can clean up the CRs that needs to be deleted.

[freehan]

you should not add this.

You might just need to modify the StopSyncer interface.

[freehan]

I suggest you do not add the finalizer in this PR because it would break HEAD if NEG CRD is enabled.

Add a TODO here and remember to add the finalizer in the following PR that handles GC.
Maybe just comment out this line and add TODO

[swetharepakula]

The initial pull request was quite big, so splitting it into two. This now will only cover the feature gate and the utils changes necessary to start using custom names.

[freehan]

There is one corner case I want to confirm:

Let us say the NEG annotation is {"ingress": "true", "exposed_ports": {80:{"name": "foo"}}}. Ingress and standalone NEG shared the same service port 80.

Should we allow this config? I think disallowing this config might be good enough. But want to see if it makes things easier for allowing it.

[swetharepakula]

A few small improvements to the ingress controller and the helper utils and structs are necessary to support the change. One benefit we would gain from supporting it, would not having to do any error handling for that situation.

[swetharepakula]

After discussing with @freehan, I think for now we should not support the config where Ingress is true with a custom named neg, as it would require the Ingress controller to also parse and store the information in service annotations. The custom named standalone neg implementation will not limit opening this restriction up in the future if desired.

[freehan]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: freehan, swetharepakula

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [freehan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment