fix: do not compare all svc.spec for user modified scene

[spwangxp]

What type of PR is this?

fix: #1340

What this PR does / why we need it:
if not, the ir will encounter an error when update svc.
for example, user A deployed an envoyproxy, and set the svc type to NodePort instead of LoadBalancer, then the gateway restart, the check will always be error.

Which issue(s) this PR fixes:

Fixes #1340

[codecov]

Codecov Report

Merging #1342 (8f2695c) into main (297fcf1) will increase coverage by 0.11%.
The diff coverage is 70.00%.

@@            Coverage Diff             @@
##             main    #1342      +/-   ##
==========================================
+ Coverage   62.44%   62.55%   +0.11%     
==========================================
  Files          79       79              
  Lines       11084    11088       +4     
==========================================
+ Hits         6921     6936      +15     
+ Misses       3707     3697      -10     
+ Partials      456      455       -1     

Impacted Files	Coverage Δ
...ternal/infrastructure/kubernetes/infra_resource.go	83.69% <40.00%> (ø)
internal/infrastructure/kubernetes/infra_client.go	75.00% <100.00%> (ø)
...nal/infrastructure/kubernetes/resource/resource.go	100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

[zirain]

LGTM

cc @arkodg for second review

[qicz]

#1337 follow-up infrastructure refactoring may be the best choice to follow up this pr. @spwangxp

[arkodg]

there are two bugs associated with this logic

1. we are comparing the entire Spec here, instead we should be comparing all the fields the infra layer sets or skip the fields the infra layer does not set https://pkg.go.dev/k8s.io/api/core/v1#ServiceSpec.

2. when updating the service, we need to set immutable fields like ClusterIP and ClusterIPs

// clusterIP is the IP address of the service and is usually assigned
	// randomly. If an address is specified manually, is in-range (as per
	// system configuration), and is not in use, it will be allocated to the
	// service; otherwise creation of the service will fail. This field may not
	// be changed through updates unless the type field is also being changed
	// to ExternalName (which requires this field to be blank) or the type
	// field is being changed from ExternalName (in which case this field may
	// optionally be specified, as describe above).  Valid values are "None",
	// empty string (""), or a valid IP address. Setting this to "None" makes a
	// "headless service" (no virtual IP), which is useful when direct endpoint
	// connections are preferred and proxying is not required.  Only applies to
	// types ClusterIP, NodePort, and LoadBalancer. If this field is specified
	// when creating a Service of type ExternalName, creation will fail. This
	// field will be wiped when updating a Service to type ExternalName.
	// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
	// +optional
	ClusterIP [string](https://pkg.go.dev/builtin#string) `json:"clusterIP,omitempty" protobuf:"bytes,3,opt,name=clusterIP"`

[spwangxp]

1, ok, i'll add imutable fields compare we set.
2, when updating the svc, is these be better that just patch what we need rather than set everything to the new svc?
3, actually，when we use loadbalacer by default, svc.Spec.ports[*].nodePort will be set an random number by k8s, so it's not just about user modified the svc type.

[arkodg]

Reg 2. Patch is fine, my only request is to keep the code simple so it can be enhanced with more fields in the future
Reg 3. its okay to undo what user did, to solve this, we must

• support Nodeport natively
• support BYO Envoy Svc and Envoy Deployment and disable managed infra

[spwangxp]

raise another pr for support NodePort natively might be a better way?

[arkodg]

sure please go ahead @spwangxp

[arkodg]

the infra layer also sets Type and SessionAffinity

gateway/internal/infrastructure/kubernetes/utils/utils.go

Line 23 in 690a045

func ExpectedServiceSpec(serviceType *egcfgv1a1.ServiceType) corev1.ServiceSpec {

[arkodg]

something for the future, we should find a sane way to ensure we check what we set

[spwangxp]

is there any need to update svc type rather than follow user's setting?

[arkodg]

added some comments above, Patch is fine as long as its easy to mantain

[arkodg]

thanks for highlighting this bug @spwangxp, added some comments

[arkodg]

also @spwangxp if you are using service type NodePort, can you please raise a issue to add support for it ?

[arkodg]

@qicz can you take a first pass ? with the recent refactor want to make sure the logic lives in the right place, TIA

[qicz]

LGTM, pls approve ci @arkodg

[Xunzhuo]

I got this @qicz

[zirain]

@arkodg for final review.

[qicz]

LGTM, thanks

[arkodg]

/hold can we compare the entire Spec here, and ignore any fields (NodePort) . This approach will be easier to maintain in the future

I've raised two issues to track your use case @spwangxp

• Support NodePort Support NodePort Type Envoy Proxy service #1378
• Support user provisioned envoy fleet Support User Provisioned Envoy Proxy fleet #1379

[spwangxp]

/hold can we compare the entire Spec here, and ignore any fields (NodePort) . This approach will be easier to maintain in the future

I've raised two issues to track your use case @spwangxp

• Support NodePort Support NodePort Type Envoy Proxy service #1378
• Support user provisioned envoy fleet Support User Provisioned Envoy Proxy fleet #1379

1, actual gw just need ensure the field unchanged we set before.
2, field should exclude more than need compare, compare entire spec is harder to maintain.

[arkodg]

/hold can we compare the entire Spec here, and ignore any fields (NodePort) . This approach will be easier to maintain in the future
I've raised two issues to track your use case @spwangxp

• Support NodePort Support NodePort Type Envoy Proxy service #1378
• Support user provisioned envoy fleet Support User Provisioned Envoy Proxy fleet #1379

1, actual gw just need ensure the field unchanged we set before. 2, field should exclude more than need compare, compare entire spec is harder to maintain.

every time an API change is made to the KubernetesServiceSpec, the reviewer/maintainer will need to ensure that the comparison field is added in the infra layer which is extra cognitive load for the reviewer, else it will cause a bug
Moving the compare to Spec is simpler to maintain long term

[spwangxp]

/hold can we compare the entire Spec here, and ignore any fields (NodePort) . This approach will be easier to maintain in the future
I've raised two issues to track your use case @spwangxp

• Support NodePort Support NodePort Type Envoy Proxy service #1378
• Support user provisioned envoy fleet Support User Provisioned Envoy Proxy fleet #1379

1, actual gw just need ensure the field unchanged we set before. 2, field should exclude more than need compare, compare entire spec is harder to maintain.

every time an API change is made to the KubernetesServiceSpec, the reviewer/maintainer will need to ensure that the comparison field is added in the infra layer which is extra cognitive load for the reviewer, else it will cause a bug Moving the compare to Spec is simpler to maintain long term

check and remove ignored field should de done when KubernetesServiceSpec changed, so there is no difference.
or u hava a ignore field list already？

[arkodg]

The ignore list shouldnt change in the codebase, but should only only increase whenever upstream K8s API adds a dynamic field into the Spec, and shouldnt change whenever a contributor updates the internal KubernetesServiceSpec struct in this project

[spwangxp]

1, add some comment on KubernetesServiceSpec to notice that.
2, pls help check the below list, will use cmp.Equal(newSvc.Spec, oldSvc.Spec, cmpopts.IgnoreFields(ignore list)) to compare two svc.
ignore list:

• Ports.NodePort
• ClusterIP
• ClusterIPs
• ExternalIPs
• SessionAffinity
• LoadBalancerIP
• LoadBalancerSourceRanges
• ExternalTrafficPolicy
• HealthCheckNodePort
• SessionAffinityConfig
• IPFamilies
• IPFamilyPolicy
• AllocateLoadBalancerNodePorts
• LoadBalancerClass
• InternalTrafficPolicy

check list:

• Ports
• Selector
• Type
• ExternalName
• PublishNotReadyAddresses

The ignore list shouldnt change in the codebase, but should only only increase whenever upstream K8s API adds a dynamic field into the Spec, and shouldnt change whenever a contributor updates the internal KubernetesServiceSpec struct in this project

[arkodg]

afaik we should only ignore

Ports.NodePort
ClusterIP
ClusterIPs

since they are generated by K8s
LoadBalancerIP has been deprecated, so we can ignore it

[Alice-Lilith]

/hold can we compare the entire Spec here, and ignore any fields (NodePort) . This approach will be easier to maintain in the future

afaik we should only ignore

Ports.NodePort
ClusterIP
ClusterIPs

since they are generated by K8s LoadBalancerIP has been deprecated, so we can ignore it

+1 since this makes it easy to maintain / not need to remember this, otherwise lgtm

[qicz]

pls @Xunzhuo @zirain @arkodg approve the ci

[Xunzhuo]

done

[Xunzhuo]

/lgtm
/approve

Thanks for working on it @spwangxp

[qicz]

ci needs to retrigger

[arkodg]

LGTM thanks for considering all the suggestions !