Implement NodeExcludeBalancers to exclude nodes as external loadbalancer

[cyclinder]

The label specifies that the node should not be considered as a target for external load-balancers which use nodes as a second hop.

Fixed #2021

[cyclinder]

@fedepaol I'm not sure this change is in the right place, Can you check it for me？Thanks

[fedepaol]

@fedepaol I'm not sure this change is in the right place, Can you check it for me？Thanks

I'd follow what we do for the networknotavailablecondition:

metallb/speaker/bgp_controller.go

Line 169 in 1f0fdf3

if k8snodes.IsNetworkUnavailable(nodes[c.myNode]) {

metallb/speaker/layer2_controller.go

Line 234 in 1f0fdf3

if k8snodes.IsNetworkUnavailable(nodes[s]) {

should be pretty easy.

Also, please add a couple of e2e tests.

[fedepaol]

Also also, please fix the commit message

[fedepaol]

@cyclinder still interested in working on this (no rush, just checking)?

[cyclinder]

@fedepaol hey，sorry for the delay. yes, but I am sucked in working these days. I'll working on this next weekend.

[fedepaol]

@fedepaol hey，sorry for the delay. yes, but I am sucked in working these days. I'll working on this next weekend.

no problem, I know the feeling :-)
Thanks again!

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. This issue will be closed in 10 days unless you do one of the following:

• respond or perform some activity on this PR
• have one of these labels applied: hold

[onesb23]

This problem is relevant for me.

[cyclinder]

I apologize for the delay. I will work on this in the next few days and address the CI failures.

[onesb23]

@cyclinder Thanks, I appreciate it 🤝

[cyclinder]

Sorry for the delay again.

Before adding the go.work at the root of the project, it was really hard to add code for e2etests, and it was challenging to run inv e2etest locally. I'm not sure if it's an issue with my local environment or something else. After adding the go.work file as follows, everything went smoothly.

go 1.21.4

use (
	.
	./e2etest
)

The previous CI failures were because when creating a cluster with kind, it labels the control-plane node with "node.kubernetes.io/exclude-from-external-load-balancers" by default., and this PR implements the value of this label, causing some specs to fail.

I would like to manually remove this label after starting the Kind cluster (to avoid affecting existing e2e tests), and then separately add an e2e test specifically for testing this PR. This e2e will include the following steps:

• Create a service with ETP=Local and announce it to the control-plane node.
• Label the control-plane node with label: "" and manually trigger a configuration update.
• Verify if it is re-announced to other nodes.

To avoid impacting other e2e tests, this e2e must run serially. WDYT?

[fedepaol]

this is the wrong place to add the logic, as the function is "selected nodes".

I'd rather do the filtering in the controller (when we build the resources structure), or on top of config.For and carrying around the filtered node slices.

[fedepaol]

Or, you can even add the filter in the config controller's predicate.

[cyclinder]

How about the latest changes? I prefer to do these filters in the speaker's shouldAnnoce, it's simply and we can easily add logs to see what happed.

[cyclinder]

I tested it on my local machine, It works well:

➜  metallb git:(exclude_nodes) ✗ kubectl describe svc -n l2-6976 external-local-lb | grep nodeAssigned
  Normal  nodeAssigned  24m (x6 over 45m)  metallb-speaker  announcing from node "kind-worker2" with protocol "layer2"

➜  metallb git:(exclude_nodes) ✗ kubectl label nodes kind-worker2 node.kubernetes.io/exclude-from-external-load-balancers=""
node/kind-worker2 labeled
➜  metallb git:(exclude_nodes) ✗ kubectl describe svc -n l2-6976 external-local-lb | grep nodeAssigned                      
  Normal  nodeAssigned  24m (x6 over 45m)  metallb-speaker  announcing from node "kind-worker2" with protocol "layer2"
  Normal  nodeAssigned  3s (x2 over 38m)   metallb-speaker  announcing from node "kind-control-plane" with protocol "layer2"

➜  metallb git:(exclude_nodes) ✗ kubectl label nodes kind-worker2 node.kubernetes.io/exclude-from-external-load-balancers-  
node/kind-worker2 unlabeled
➜  metallb git:(exclude_nodes) ✗ kubectl describe svc -n l2-6976 external-local-lb | grep nodeAssigned                    
  Normal  nodeAssigned  55s (x2 over 39m)  metallb-speaker  announcing from node "kind-control-plane" with protocol "layer2"
  Normal  nodeAssigned  4s (x7 over 46m)   metallb-speaker  announcing from node "kind-worker2" with protocol "layer2"

[fedepaol]

Sorry for the delay again.

Before adding the go.work at the root of the project, it was really hard to add code for e2etests, and it was challenging to run inv e2etest locally. I'm not sure if it's an issue with my local environment or something else. After adding the go.work file as follows, everything went smoothly.

Weird, I did not have any issues, when opening directly the e2etests folder both with vim and vscode. We have a hardcoded go.work file there to fetch the metallb api.

go 1.21.4

use (
	.
	./e2etest
)

The previous CI failures were because when creating a cluster with kind, it labels the control-plane node with "node.kubernetes.io/exclude-from-external-load-balancers" by default., and this PR implements the value of this label, causing some specs to fail.

I would like to manually remove this label after starting the Kind cluster (to avoid affecting existing e2e tests),

I'd do it as part of inv dev-env

and then separately add an e2e test specifically for testing this PR. This e2e will include the following steps:

• Create a service with ETP=Local and announce it to the control-plane node.
• Label the control-plane node with label: "" and manually trigger a configuration update.
• Verify if it is re-announced to other nodes.

Not sure I understood. Here's what I'd do:

• With L2 advertisement:
• Announce the service and check which node is being used
• Add hte label, the service should move
• Remove the label, the service should get back to the original node

To avoid impacting other e2e tests, this e2e must run serially. WDYT?

All the e2e tests run serially.

[fedepaol]

I would also add a filter in the node controller

[cyclinder]

Jan 23 03:18:27.[335](https://github.com/metallb/metallb/actions/runs/7620493254/job/20755437194?pr=2073#step:6:336): INFO: Waiting up to 2m0s for 1 pods to be running and ready: [external-local-lb-g277x]
Jan 23 03:18:29.341: INFO: Wanted all 1 pods to be running and ready. Result: true. Pods: [external-local-lb-g277x]
STEP: getting the advertising node @ 01/23/24 03:18:29.343
STEP: add the NodeExcludeBalancers label of the node @ 01/23/24 03:18:29.345
STEP: event.Message = announcing from node "kind-worker2" with protocol "layer2", event.Time = 1705979909000000000 
 @ 01/23/24 03:18:30.353
STEP: event.Message = announcing from node "kind-worker" with protocol "layer2", event.Time = 1705979909000000000

From the debug logs, this looks strange, the lastTimeStep is the same for different events, which causes k8s.GetSvcNode to return an incorrect node.

[cyclinder]

@fedepaol All the tests have passed, We need the 1s sleep, Otherwise, the lastTimeStep is the same for different events, which causes k8s.GetSvcNode to return an incorrect node.

[fedepaol]

@fedepaol All the tests have passed, We need the 1s sleep, Otherwise, the lastTimeStep is the same for different events, which causes k8s.GetSvcNode to return an incorrect node.

Sorry if I insist, but I am probably missing something. Which GetSvcNode are you referring to? This one (the one after the sleep) should work either way, as it's wrapped by eventually? And the previous one is before the sleep, so it won't be affected.

Also, if we decide the sleep is mandatory, we should add a big comment to explain why.

[cyclinder]

Please the #2073 (comment), The second GetSvcNode actually gets two NodeAssigned events, but their times are the same, causing Eventually to always get the wrong node name. The reason for adding sleep before AddLabelToNode is to make sure that the second Event's time is later than the first Event's time. so we can get the correct node name.

[fedepaol]

Please the #2073 (comment), The second GetSvcNode actually gets two NodeAssigned events, but their times are the same, causing Eventually to always get the wrong node name. The reason for adding sleep before AddLabelToNode is to make sure that the second Event's time is later than the first Event's time. so we can get the correct node name.

Now I get it! So what you are actually delaying is adding the labels so the even has the right granularity.
This will change when we'll (eventually) add the status crds (one day!).
Just add a comment so it's clear, please.

[fedepaol]

LGTM! Sending to merge queue

[howardjohn]

I don't think this is a bug really, but fyi - #2274. This will break any kind users (among others)