F5Networks · vklohiya · Jul 10, 2024
diff --git a/cmd/k8s-bigip-ctlr/main.go b/cmd/k8s-bigip-ctlr/main.go
@@ -79,9 +79,11 @@ var (
 	disableTeems    *bool
 	useNodeInternal *bool
 
-	kubeConfig            *string
-	manageCustomResources *bool
-	manageRoutes          *bool
+	kubeConfig                  *string
+	manageCustomResources       *bool
+	manageRoutes                *bool
+	loadBalancerClass           *string
+	manageLoadBalancerClassOnly *bool
 
 	cmURL       *string
 	cmUsername  *string
@@ -164,6 +166,14 @@ func _init() {
 	}
 	manageCustomResources = kubeFlags.Bool("manage-custom-resources", true,
 		"Optional, specify whether or not to manage custom resources i.e. transportserver")
+	// load balancer class
+	loadBalancerClass = kubeFlags.String("load-balancer-class", "",
+		"Optional, If you specify load-balancer-class, CIS considers services only that matches the specified class."+
+			"CIS will ignore services that have this field set and does not match with the provided load-balancer-class")
+	manageLoadBalancerClassOnly = kubeFlags.Bool("manage-load-balancer-class-only", false,
+		"Optional, default `false`. Process all load balancer services with loadBalancerClass only."+
+			"If set to false, CIS process all the load balancer service without loadBalancerClass and service that have the loadBalancerClass specified by the load-balancer-class parameter")
+
 	// setting manageRoutes to false by default
 	tmpval := false
 	manageRoutes = &tmpval
@@ -391,14 +401,16 @@ func initController(
 				UserName: *cmUsername,
 				Password: *cmPassword,
 			},
-			CMTrustedCerts:        getBIGIPTrustedCerts(),
-			CMSSLInsecure:         *sslInsecure,
-			CISConfigCRKey:        *CISConfigCR,
-			HttpAddress:           *httpAddress,
-			ManageCustomResources: *manageCustomResources,
-			UseNodeInternal:       *useNodeInternal,
-			MultiClusterMode:      *multiClusterMode,
-			IPAM:                  *ipam,
+			CMTrustedCerts:              getBIGIPTrustedCerts(),
+			CMSSLInsecure:               *sslInsecure,
+			CISConfigCRKey:              *CISConfigCR,
+			HttpAddress:                 *httpAddress,
+			ManageCustomResources:       *manageCustomResources,
+			UseNodeInternal:             *useNodeInternal,
+			MultiClusterMode:            *multiClusterMode,
+			LoadBalancerClass:           *loadBalancerClass,
+			ManageLoadBalancerClassOnly: *manageLoadBalancerClassOnly,
+			IPAM:                        *ipam,
 		},
 	)
 

diff --git a/...is-3.x/config_examples/customResource/serviceTypeLB/loadBalancerClass/README.md b/...is-3.x/config_examples/customResource/serviceTypeLB/loadBalancerClass/README.md
@@ -0,0 +1,22 @@
+# Load Balancer Class Support
+
+Kubernetes 1.24 and later have introduced the standard .spec.loadBalancerClass field in the service spec to be able to distinguish between the types of load balancing services available to the cluster, so that you can specify which load balancing class you would like to use. [See here](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class)
+
+This document describes the CIS support for Load Balancer Class.
+
+## Overview
+
+By default, CIS will process all the services that do not have the loadBalancerClass field set in the service spec. CIS will not process the services that have the loadBalancerClass field set in the service spec.
+If you have configured the loadBalancerClass field in the service for TS/IngressLink/SvcLB, then configure the CIS deployment parameter `load-balancer-class` to the same value, Otherwise CIS will not process the service with loadBalancerClass field configured in the service for TS/VS/IngressLink/SvcLB.
+
+Note:
+* Load Balancer Class is supported for all the Custom Resources (VirtualServer, TransportServer and IngressLink) and loadBalancer service by default and can not be disabled at all. You need to either remove the loadBalancerClass field from the service or configure the CIS deployment parameter `load-balancer-class` to the same value as the loadBalancerClass field in the service.
+
+## CIS Deployment parameters for Load Balancer Class
+
+CIS supports two deployment parameters for Load Balancer Class.
+
+| Deployment Parameter            | Type    | Required | Default Value | Description                                                                                                                                                                                                                                                                | Allowed Value |
+|---------------------------------|---------|----------|---------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|
+| load-balancer-class             | String  | Optional | ""            | CIS considers services only that matches the specified class. CIS will ignore services that have this field set and does not match with the provided load-balancer-class                                                                                                   |               | 
+| manage-load-balancer-class-only | Boolean | Optional | false         | If set to true, CIS processes all load balancer services with loadBalancerClass only. <br> If set to false, CIS process all the load balancer service without loadBalancerClass and service that have the loadBalancerClass specified by the load-balancer-class parameter | true, false   |
diff --git a/...s/customResource/serviceTypeLB/loadBalancerClass/example-service-load-balancer-class.yaml b/...s/customResource/serviceTypeLB/loadBalancerClass/example-service-load-balancer-class.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    cis.f5.com/ip: 10.8.3.1
+  labels:
+    app: pytest-svc-1
+  name: pytest-svc-1
+  namespace: default
+spec:
+  loadBalancerClass: f5
+  allocateLoadBalancerNodePorts: true
+  clusterIP: 10.98.30.14
+  clusterIPs:
+    - 10.98.30.14
+  externalTrafficPolicy: Cluster
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+    - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+    - name: pytest-svc-1-1344
+      nodePort: 32574
+      port: 1344
+      protocol: TCP
+      targetPort: 1344
+  selector:
+    app: pytest-svc-1
+  sessionAffinity: None
+  type: LoadBalancer
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -87,16 +87,18 @@ func RunController(params Params) *Controller {
 func NewController(params Params, statusManager *statusmanager.StatusManager) *Controller {
 
 	ctlr := &Controller{
-		resources:             NewResourceStore(),
-		UseNodeInternal:       params.UseNodeInternal,
-		initState:             true,
-		defaultRouteDomain:    params.DefaultRouteDomain,
-		multiClusterConfigs:   clustermanager.NewMultiClusterConfig(),
-		multiClusterResources: newMultiClusterResourceStore(),
-		multiClusterMode:      params.MultiClusterMode,
-		clusterRatio:          make(map[string]*int),
-		clusterAdminState:     make(map[string]cisapiv1.AdminState),
-		respChan:              make(chan *agentConfig, 1),
+		resources:                   NewResourceStore(),
+		UseNodeInternal:             params.UseNodeInternal,
+		initState:                   true,
+		defaultRouteDomain:          params.DefaultRouteDomain,
+		multiClusterConfigs:         clustermanager.NewMultiClusterConfig(),
+		multiClusterResources:       newMultiClusterResourceStore(),
+		multiClusterMode:            params.MultiClusterMode,
+		loadBalancerClass:           params.LoadBalancerClass,
+		manageLoadBalancerClassOnly: params.ManageLoadBalancerClassOnly,
+		clusterRatio:                make(map[string]*int),
+		clusterAdminState:           make(map[string]cisapiv1.AdminState),
+		respChan:                    make(chan *agentConfig, 1),
 		CMTokenManager: tokenmanager.NewTokenManager(
 			params.CMConfigDetails.URL,
 			tokenmanager.Credentials{Username: params.CMConfigDetails.UserName, Password: params.CMConfigDetails.Password},

diff --git a/pkg/controller/responseHandler.go b/pkg/controller/responseHandler.go
@@ -1,7 +1,6 @@
 package controller
 
 import (
-	v1 "k8s.io/api/core/v1"
 	"strings"
 	"sync"
 	"time"
@@ -100,7 +99,7 @@ func (ctlr *Controller) responseHandler(respChan chan *agentConfig) {
 					//					svcNamespace = virtual.Namespace
 					//				}
 					//				svc := ctlr.GetService(svcNamespace, pool.Service)
-					//				if svc != nil && svc.Spec.Type == v1.ServiceTypeLoadBalancer {
+					//				if svc != nil {
 					//					ctlr.setLBServiceIngressStatus(svc, virtual.Status.VSAddress)
 					//				}
 					//			}
@@ -136,7 +135,7 @@ func (ctlr *Controller) responseHandler(respChan chan *agentConfig) {
 									svcNamespace = virtual.Namespace
 								}
 								svc := ctlr.GetService(svcNamespace, virtual.Spec.Pool.Service)
-								if svc != nil && svc.Spec.Type == v1.ServiceTypeLoadBalancer {
+								if svc != nil {
 									ctlr.setLBServiceIngressStatus(svc, virtual.Status.VSAddress)
 								}
 							}

diff --git a/pkg/controller/types.go b/pkg/controller/types.go
@@ -48,39 +48,41 @@ import (
 type (
 	// Controller defines the structure of K-Native and Custom Resource Controller
 	Controller struct {
-		resources              *ResourceStore
-		clientsets             *ClientSets
-		namespacesMutex        sync.Mutex
-		namespaces             map[string]bool
-		initialResourceCount   int
-		resourceQueue          workqueue.RateLimitingInterface
-		PostParams             PostParams
-		RequestHandler         *RequestHandler
-		PoolMemberType         string
-		UseNodeInternal        bool
-		initState              bool
-		shareNodes             bool
-		ipamHandler            *ipmanager.IPAMHandler
-		defaultRouteDomain     int
-		TeemData               *teem.TeemsData
-		requestMap             *requestMap
-		StaticRoutingMode      bool
-		OrchestrationCNI       string
-		StaticRouteNodeCIDR    string
-		cacheIPAMHostSpecs     CacheIPAM
-		multiClusterConfigs    *clustermanager.MultiClusterConfig
-		multiClusterResources  *MultiClusterResourceStore
-		multiClusterMode       string
-		haModeType             cisapiv1.HAModeType
-		clusterRatio           map[string]*int
-		clusterAdminState      map[string]cisapiv1.AdminState
-		managedResources       ManagedResources
-		resourceSelectorConfig ResourceSelectorConfig
-		CMTokenManager         *tokenmanager.TokenManager
-		bigIpConfigMap         BigIpConfigMap
-		respChan               chan *agentConfig
-		networkManager         *networkmanager.NetworkManager
-		ControllerIdentifier   string
+		resources                   *ResourceStore
+		clientsets                  *ClientSets
+		namespacesMutex             sync.Mutex
+		namespaces                  map[string]bool
+		initialResourceCount        int
+		resourceQueue               workqueue.RateLimitingInterface
+		PostParams                  PostParams
+		RequestHandler              *RequestHandler
+		PoolMemberType              string
+		UseNodeInternal             bool
+		initState                   bool
+		shareNodes                  bool
+		ipamHandler                 *ipmanager.IPAMHandler
+		defaultRouteDomain          int
+		TeemData                    *teem.TeemsData
+		requestMap                  *requestMap
+		StaticRoutingMode           bool
+		OrchestrationCNI            string
+		StaticRouteNodeCIDR         string
+		cacheIPAMHostSpecs          CacheIPAM
+		multiClusterConfigs         *clustermanager.MultiClusterConfig
+		multiClusterResources       *MultiClusterResourceStore
+		multiClusterMode            string
+		haModeType                  cisapiv1.HAModeType
+		clusterRatio                map[string]*int
+		clusterAdminState           map[string]cisapiv1.AdminState
+		managedResources            ManagedResources
+		resourceSelectorConfig      ResourceSelectorConfig
+		CMTokenManager              *tokenmanager.TokenManager
+		bigIpConfigMap              BigIpConfigMap
+		respChan                    chan *agentConfig
+		networkManager              *networkmanager.NetworkManager
+		ControllerIdentifier        string
+		loadBalancerClass           string
+		manageLoadBalancerClassOnly bool
 		resourceContext
 	}
 	ClientSets struct {
@@ -120,22 +122,24 @@ type (
 
 	// Params defines parameters
 	Params struct {
-		Config                *rest.Config
-		ClientSets            *ClientSets
-		Namespaces            []string
-		UserAgent             string
-		UseNodeInternal       bool
-		NodePollInterval      int
-		IPAM                  bool
-		DefaultRouteDomain    int
-		CISConfigCRKey        string
-		MultiClusterMode      string
-		CMConfigDetails       *CMConfig
-		CMTrustedCerts        string
-		CMSSLInsecure         bool
-		HttpAddress           string
-		ManageCustomResources bool
-		httpClientMetrics     bool
+		Config                      *rest.Config
+		ClientSets                  *ClientSets
+		Namespaces                  []string
+		UserAgent                   string
+		UseNodeInternal             bool
+		NodePollInterval            int
+		IPAM                        bool
+		DefaultRouteDomain          int
+		CISConfigCRKey              string
+		MultiClusterMode            string
+		CMConfigDetails             *CMConfig
+		CMTrustedCerts              string
+		CMSSLInsecure               bool
+		HttpAddress                 string
+		ManageCustomResources       bool
+		httpClientMetrics           bool
+		LoadBalancerClass           string
+		ManageLoadBalancerClassOnly bool
 	}
 
 	// CMConfig defines the Central Manager config