feat(loadbalancer): add healthCheckNodePort opt-in support

Signed-off-by: Zadkiel AHARONIAN <hello@zadkiel.fr>

Author: aslafy-z

docs/loadbalancer-annotations.md

@@ -72,9 +72,12 @@ The default value is `5`.
 ### `service.beta.kubernetes.io/scw-loadbalancer-health-check-port`
 This is the annotation to explicitly define the port used for health checks.
 It is possible to set a single port for all backends like `18080` or per port like `80:10080;443:10443`.
-The port must be a valid TCP/UDP port (1-65535).
+The special value `auto` will use the service's `spec.healthCheckNodePort` when `externalTrafficPolicy` is `Local`.
+The port must be a valid TCP/UDP port (1-65535) or `auto`.
 If not set, the service port is used as the health check port.
 
+> **Note**: In a future major release, `auto` will become the default behavior when not explicitly set.
+
 ### `service.beta.kubernetes.io/scw-loadbalancer-health-check-http-uri`
 This is the annotation to set the URI that is used by the `http` health check.
 It is possible to set the uri per port, like `80:/;443,8443:mydomain.tld/healthz`.

scaleway/loadbalancers_annotations.go

@@ -88,8 +88,10 @@ const (
 
 	// serviceAnnotationLoadBalancerHealthCheckPort is the annotation to explicitly define the port used for health checks
 	// It is possible to set a single port for all backends like "18080" or per port like "80:10080;443:10443"
-	// The port must be a valid TCP/UDP port (1-65535)
+	// The special value "auto" will use the service's spec.healthCheckNodePort when externalTrafficPolicy is Local
+	// The port must be a valid TCP/UDP port (1-65535) or "auto"
 	// If not set, the service port is used as the health check port
+	// Note: In a future major release, "auto" will become the default behavior
 	serviceAnnotationLoadBalancerHealthCheckPort = "service.beta.kubernetes.io/scw-loadbalancer-health-check-port"
 
 	// serviceAnnotationLoadBalancerSendProxyV2 is the annotation that enables PROXY protocol version 2 (must be supported by backend servers)
@@ -637,6 +639,7 @@ func getHealthCheckTransientCheckDelay(service *v1.Service) (*scw.Duration, erro
 
 // getHealthCheckPort returns the port to use for health checks.
 // It supports per-port configuration with the format "80:10080;443:10443" or a single port like "18080".
+// The special value "auto" will use the service's spec.healthCheckNodePort when externalTrafficPolicy is Local.
 // If the annotation is not set, it returns the provided nodePort as default.
 func getHealthCheckPort(service *v1.Service, nodePort int32) (int32, error) {
 	annotation, ok := service.Annotations[serviceAnnotationLoadBalancerHealthCheckPort]
@@ -654,6 +657,14 @@ func getHealthCheckPort(service *v1.Service, nodePort int32) (int32, error) {
 		return nodePort, nil
 	}
 
+	if strings.ToLower(portStr) == "auto" {
+		if service.Spec.ExternalTrafficPolicy == v1.ServiceExternalTrafficPolicyTypeLocal && service.Spec.HealthCheckNodePort != 0 {
+			return service.Spec.HealthCheckNodePort, nil
+		}
+		klog.V(4).Infof("health-check-port set to 'auto' but externalTrafficPolicy is not Local or healthCheckNodePort is not set, using nodePort %d", nodePort)
+		return nodePort, nil
+	}
+
 	port, err := strconv.ParseInt(portStr, 10, 32)
 	if err != nil {
 		klog.Errorf("invalid value for annotation %s: %s is not a valid port number", serviceAnnotationLoadBalancerHealthCheckPort, portStr)

scaleway/loadbalancers_test.go

@@ -434,6 +434,98 @@ func TestGetHealthCheckPort(t *testing.T) {
 			result:     0,
 			errMessage: "load balancer invalid annotation",
 		},
+		// Auto value tests
+		{
+			name: "auto with externalTrafficPolicy Local and healthCheckNodePort set",
+			svc: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/scw-loadbalancer-health-check-port": "auto",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					ExternalTrafficPolicy: v1.ServiceExternalTrafficPolicyTypeLocal,
+					HealthCheckNodePort:   32000,
+					Ports: []v1.ServicePort{
+						{
+							NodePort: 30080,
+							Port:     80,
+						},
+					},
+				},
+			},
+			nodePort:   30080,
+			result:     32000,
+			errMessage: "",
+		},
+		{
+			name: "AUTO (uppercase) with externalTrafficPolicy Local and healthCheckNodePort set",
+			svc: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/scw-loadbalancer-health-check-port": "AUTO",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					ExternalTrafficPolicy: v1.ServiceExternalTrafficPolicyTypeLocal,
+					HealthCheckNodePort:   32000,
+					Ports: []v1.ServicePort{
+						{
+							NodePort: 30080,
+							Port:     80,
+						},
+					},
+				},
+			},
+			nodePort:   30080,
+			result:     32000,
+			errMessage: "",
+		},
+		{
+			name: "auto with externalTrafficPolicy Cluster, fallback to nodePort",
+			svc: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/scw-loadbalancer-health-check-port": "auto",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					ExternalTrafficPolicy: v1.ServiceExternalTrafficPolicyTypeCluster,
+					Ports: []v1.ServicePort{
+						{
+							NodePort: 30080,
+							Port:     80,
+						},
+					},
+				},
+			},
+			nodePort:   30080,
+			result:     30080,
+			errMessage: "",
+		},
+		{
+			name: "auto with externalTrafficPolicy Local but healthCheckNodePort is 0, fallback to nodePort",
+			svc: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						"service.beta.kubernetes.io/scw-loadbalancer-health-check-port": "auto",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					ExternalTrafficPolicy: v1.ServiceExternalTrafficPolicyTypeLocal,
+					HealthCheckNodePort:   0,
+					Ports: []v1.ServicePort{
+						{
+							NodePort: 30080,
+							Port:     80,
+						},
+					},
+				},
+			},
+			nodePort:   30080,
+			result:     30080,
+			errMessage: "",
+		},
 	}
 
 	for _, tc := range testCases {