Mixed protocol support for Services with type=LoadBalancer (#94028)

* Mixed protocol support for Services with type=LoadBalancer

KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/20200103-mixed-protocol-lb.md
Add new feature gate to control the support of mixed protocols in Services with type=LoadBalancer
Add new fields to the ServiceStatus
  Add Ports to the LoadBalancerIngress, so cloud provider implementations can report the status of the requested load balanc
er ports
  Add ServiceCondition to the ServiceStatus so Service controllers can indicate the conditions of the Service

* regenerate conflicting stuff

pkg/apis/core/types.go

@@ -3475,12 +3475,23 @@ const (
 	ServiceExternalTrafficPolicyTypeCluster ServiceExternalTrafficPolicyType = "Cluster"
 )
 
+// These are the valid conditions of a service.
+const (
+	// LoadBalancerPortsError represents the condition of the requested ports
+	// on the cloud load balancer instance.
+	LoadBalancerPortsError = "LoadBalancerPortsError"
+)
+
 // ServiceStatus represents the current status of a service
 type ServiceStatus struct {
 	// LoadBalancer contains the current status of the load-balancer,
 	// if one is present.
 	// +optional
 	LoadBalancer LoadBalancerStatus
+
+	// Current service condition
+	// +optional
+	Conditions []metav1.Condition
 }
 
 // LoadBalancerStatus represents the status of a load-balancer
@@ -3503,6 +3514,11 @@ type LoadBalancerIngress struct {
 	// (typically AWS load-balancers)
 	// +optional
 	Hostname string
+
+	// Ports is a list of records of service ports
+	// If used, every port defined in the service should have an entry in it
+	// +optional
+	Ports []PortStatus
 }
 
 const (
@@ -5395,3 +5411,32 @@ type TopologySpreadConstraint struct {
 	// +optional
 	LabelSelector *metav1.LabelSelector
 }
+
+// These are the built-in errors for PortStatus.
+const (
+	// MixedProtocolNotSupported error in PortStatus means that the cloud provider
+	// can't ensure the port on the load balancer because mixed values of protocols
+	// on the same LoadBalancer type of Service are not supported by the cloud provider.
+	MixedProtocolNotSupported = "MixedProtocolNotSupported"
+)
+
+// PortStatus represents the error condition of a service port
+type PortStatus struct {
+	// Port is the port number of the service port of which status is recorded here
+	Port int32
+	// Protocol is the protocol of the service port of which status is recorded here
+	Protocol Protocol
+	// Error is to record the problem with the service port
+	// The format of the error shall comply with the following rules:
+	// - built-in error values shall be specified in this file and those shall use
+	//   CamelCase names
+	// - cloud provider specific error values must have names that comply with the
+	//   format foo.example.com/CamelCase.
+	// ---
+	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+	// +optional
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
+	// +kubebuilder:validation:MaxLength=316
+	Error *string
+}

pkg/apis/core/validation/BUILD

@@ -7,6 +7,7 @@ load(
 go_library(
     name = "go_default_library",
     srcs = [
+        "conditional_validation.go",
         "doc.go",
         "events.go",
         "validation.go",
@@ -48,6 +49,7 @@ go_library(
 go_test(
     name = "go_default_test",
     srcs = [
+        "conditional_validation_test.go",
         "events_test.go",
         "validation_test.go",
     ],

pkg/apis/core/validation/conditional_validation.go

@@ -0,0 +1,61 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	api "k8s.io/kubernetes/pkg/apis/core"
+	"k8s.io/kubernetes/pkg/features"
+)
+
+// ValidateConditionalService validates conditionally valid fields.
+func ValidateConditionalService(service, oldService *api.Service) field.ErrorList {
+	var errs field.ErrorList
+
+	errs = append(errs, validateMixedProtocolLBService(service, oldService)...)
+
+	return errs
+}
+
+// validateMixedProtocolLBService checks if the old Service has type=LoadBalancer and whether the Service has different Protocols
+// on its ports. If the MixedProtocolLBService feature flag is disabled the usage of different Protocols in the new Service is
+// valid only if the old Service has different Protocols, too.
+func validateMixedProtocolLBService(service, oldService *api.Service) (errs field.ErrorList) {
+	if service.Spec.Type != api.ServiceTypeLoadBalancer {
+		return
+	}
+	if utilfeature.DefaultFeatureGate.Enabled(features.MixedProtocolLBService) {
+		return
+	}
+
+	if serviceHasMixedProtocols(service) && !serviceHasMixedProtocols(oldService) {
+		errs = append(errs, field.Invalid(field.NewPath("spec", "ports"), service.Spec.Ports, "may not contain more than 1 protocol when type is 'LoadBalancer'"))
+	}
+	return
+}
+
+func serviceHasMixedProtocols(service *api.Service) bool {
+	if service == nil {
+		return false
+	}
+	protos := map[string]bool{}
+	for _, port := range service.Spec.Ports {
+		protos[string(port.Protocol)] = true
+	}
+	return len(protos) > 1
+}