feat(lb): implement ConnectionRateLimit, EnableAccessLogs and EnableHTTP3

Signed-off-by: Aurelien GASTON <[email protected]>

Author: nox-404

scaleway/loadbalancers.go

@@ -1025,11 +1025,32 @@ func servicePortToFrontend(service *v1.Service, loadbalancer *scwlb.LB, port v1.
 		return nil, fmt.Errorf("error getting certificate IDs for loadbalancer %s: %v", loadbalancer.ID, err)
 	}
 
+	connectionRateLimit, err := getConnectionRateLimit(service)
+	if err != nil {
+		return nil, fmt.Errorf("error getting %s annotation for loadbalancer %s: %v",
+			serviceAnnotationLoadBalancerConnectionRateLimit, loadbalancer.ID, err)
+	}
+
+	enableAccessLogs, err := getEnableAccessLogs(service)
+	if err != nil {
+		return nil, fmt.Errorf("error getting %s annotation for loadbalancer %s: %v",
+			serviceAnnotationLoadBalancerEnableAccessLogs, loadbalancer.ID, err)
+	}
+
+	enableHTTP3, err := getEnableHTTP3(service)
+	if err != nil {
+		return nil, fmt.Errorf("error getting %s annotation for loadbalancer %s: %v",
+			serviceAnnotationLoadBalancerEnableHTTP3, loadbalancer.ID, err)
+	}
+
 	return &scwlb.Frontend{
-		Name:           fmt.Sprintf("%s_tcp_%d", string(service.UID), port.Port),
-		InboundPort:    port.Port,
-		TimeoutClient:  &timeoutClient,
-		CertificateIDs: certificateIDs,
+		Name:                fmt.Sprintf("%s_tcp_%d", string(service.UID), port.Port),
+		InboundPort:         port.Port,
+		TimeoutClient:       &timeoutClient,
+		ConnectionRateLimit: connectionRateLimit,
+		CertificateIDs:      certificateIDs,
+		EnableAccessLogs:    enableAccessLogs,
+		EnableHTTP3:         enableHTTP3,
 	}, nil
 }
 
@@ -1281,6 +1302,21 @@ func frontendEquals(got, want *scwlb.Frontend) bool {
 		return false
 	}
 
+	if !uint32PtrEqual(got.ConnectionRateLimit, want.ConnectionRateLimit) {
+		klog.V(3).Infof("frontend.ConnectionRateLimit: %s - %s", ptrUint32ToString(got.ConnectionRateLimit), ptrUint32ToString(want.ConnectionRateLimit))
+		return false
+	}
+
+	if got.EnableAccessLogs != want.EnableAccessLogs {
+		klog.V(3).Infof("frontend.EnableAccessLogs: %t - %t", got.EnableAccessLogs, want.EnableAccessLogs)
+		return false
+	}
+
+	if got.EnableHTTP3 != want.EnableHTTP3 {
+		klog.V(3).Infof("frontend.EnableHTTP3: %t - %t", got.EnableHTTP3, want.EnableHTTP3)
+		return false
+	}
+
 	return true
 }
 
@@ -1609,14 +1645,16 @@ func (l *loadbalancers) updateBackend(service *v1.Service, loadbalancer *scwlb.L
 // createFrontend creates a frontend on the load balancer
 func (l *loadbalancers) createFrontend(service *v1.Service, loadbalancer *scwlb.LB, frontend *scwlb.Frontend, backend *scwlb.Backend) (*scwlb.Frontend, error) {
 	f, err := l.api.CreateFrontend(&scwlb.ZonedAPICreateFrontendRequest{
-		Zone:           loadbalancer.Zone,
-		LBID:           loadbalancer.ID,
-		Name:           frontend.Name,
-		InboundPort:    frontend.InboundPort,
-		BackendID:      backend.ID,
-		TimeoutClient:  frontend.TimeoutClient,
-		CertificateIDs: &frontend.CertificateIDs,
-		EnableHTTP3:    frontend.EnableHTTP3,
+		Zone:                loadbalancer.Zone,
+		LBID:                loadbalancer.ID,
+		Name:                frontend.Name,
+		InboundPort:         frontend.InboundPort,
+		BackendID:           backend.ID,
+		TimeoutClient:       frontend.TimeoutClient,
+		CertificateIDs:      &frontend.CertificateIDs,
+		ConnectionRateLimit: frontend.ConnectionRateLimit,
+		EnableAccessLogs:    frontend.EnableAccessLogs,
+		EnableHTTP3:         frontend.EnableHTTP3,
 	})
 
 	return f, err
@@ -1625,14 +1663,16 @@ func (l *loadbalancers) createFrontend(service *v1.Service, loadbalancer *scwlb.
 // updateFrontend updates a frontend on the load balancer
 func (l *loadbalancers) updateFrontend(service *v1.Service, loadbalancer *scwlb.LB, frontend *scwlb.Frontend, backend *scwlb.Backend) (*scwlb.Frontend, error) {
 	f, err := l.api.UpdateFrontend(&scwlb.ZonedAPIUpdateFrontendRequest{
-		Zone:           loadbalancer.Zone,
-		FrontendID:     frontend.ID,
-		Name:           frontend.Name,
-		InboundPort:    frontend.InboundPort,
-		BackendID:      backend.ID,
-		TimeoutClient:  frontend.TimeoutClient,
-		CertificateIDs: &frontend.CertificateIDs,
-		EnableHTTP3:    frontend.EnableHTTP3,
+		Zone:                loadbalancer.Zone,
+		FrontendID:          frontend.ID,
+		Name:                frontend.Name,
+		InboundPort:         frontend.InboundPort,
+		BackendID:           backend.ID,
+		TimeoutClient:       frontend.TimeoutClient,
+		CertificateIDs:      &frontend.CertificateIDs,
+		ConnectionRateLimit: frontend.ConnectionRateLimit,
+		EnableAccessLogs:    &frontend.EnableAccessLogs,
+		EnableHTTP3:         frontend.EnableHTTP3,
 	})
 
 	return f, err
@@ -1696,6 +1736,17 @@ func int32PtrEqual(got, want *int32) bool {
 	return *got == *want
 }
 
+// uint32PtrEqual returns true if both integers are equal
+func uint32PtrEqual(got, want *uint32) bool {
+	if got == nil && want == nil {
+		return true
+	}
+	if got == nil || want == nil {
+		return false
+	}
+	return *got == *want
+}
+
 // chunkArray takes an array and split it in chunks of a given size
 func chunkArray(array []string, maxChunkSize int) [][]string {
 	result := [][]string{}
@@ -1779,6 +1830,13 @@ func ptrInt32ToString(i *int32) string {
 	return fmt.Sprintf("%d", *i)
 }
 
+func ptrUint32ToString(i *uint32) string {
+	if i == nil {
+		return "<nil>"
+	}
+	return fmt.Sprintf("%d", *i)
+}
+
 func ptrBoolToString(b *bool) string {
 	if b == nil {
 		return "<nil>"

scaleway/loadbalancers_annotations.go

@@ -108,6 +108,18 @@ const (
 	// serviceAnnotationLoadBalancerZone is the zone to create the load balancer
 	serviceAnnotationLoadBalancerZone = "service.beta.kubernetes.io/scw-loadbalancer-zone"
 
+	// serviceAnnotationLoadBalancerConnectionRateLimit is the annotation to set the incoming connection rate limit per second.
+	// Set to 0 to disable the rate limit
+	serviceAnnotationLoadBalancerConnectionRateLimit = "service.beta.kubernetes.io/scw-loadbalancer-connection-rate-limit"
+
+	// serviceAnnotationLoadBalancerEnableAccessLogs is the annotation to enable access logs for the load balancer.
+	// The default value is "false". The possible values are "false" or "true".
+	serviceAnnotationLoadBalancerEnableAccessLogs = "service.beta.kubernetes.io/scw-loadbalancer-enable-access-logs"
+
+	// serviceAnnotationLoadBalancerEnableHTTP3 is the annotation to enable HTTP/3 protocol for the load balancer.
+	// The default value is "false". The possible values are "false" or "true".
+	serviceAnnotationLoadBalancerEnableHTTP3 = "service.beta.kubernetes.io/scw-loadbalancer-enable-http3"
+
 	// serviceAnnotationLoadBalancerTimeoutClient is the maximum client connection inactivity time
 	// The default value is "10m". The duration are go's time.Duration (ex: "1s", "2m", "4h", ...)
 	serviceAnnotationLoadBalancerTimeoutClient = "service.beta.kubernetes.io/scw-loadbalancer-timeout-client"
@@ -994,3 +1006,33 @@ func getKeyValueFromAnnotation(annotation string) map[string]string {
 
 	return additionalTags
 }
+
+func getConnectionRateLimit(service *v1.Service) (*uint32, error) {
+	connectionRateLimit, ok := service.Annotations[serviceAnnotationLoadBalancerConnectionRateLimit]
+	if !ok {
+		return nil, nil
+	}
+	connectionRateLimitInt, err := strconv.Atoi(connectionRateLimit)
+	if err != nil {
+		klog.Errorf("invalid value for annotation %s", serviceAnnotationLoadBalancerConnectionRateLimit)
+		return nil, errLoadBalancerInvalidAnnotation
+	}
+	connectionRateLimitUint32 := uint32(connectionRateLimitInt)
+	return &connectionRateLimitUint32, nil
+}
+
+func getEnableAccessLogs(service *v1.Service) (bool, error) {
+	enableAccessLogs, ok := service.Annotations[serviceAnnotationLoadBalancerEnableAccessLogs]
+	if !ok {
+		return false, nil
+	}
+	return strconv.ParseBool(enableAccessLogs)
+}
+
+func getEnableHTTP3(service *v1.Service) (bool, error) {
+	enableHTTP3, ok := service.Annotations[serviceAnnotationLoadBalancerEnableHTTP3]
+	if !ok {
+		return false, nil
+	}
+	return strconv.ParseBool(enableHTTP3)
+}