diff --git a/providers/gce/gce_loadbalancer_internal.go b/providers/gce/gce_loadbalancer_internal.go index 562d417127..afb7ec8250 100644 --- a/providers/gce/gce_loadbalancer_internal.go +++ b/providers/gce/gce_loadbalancer_internal.go @@ -125,23 +125,31 @@ func (g *Cloud) ensureInternalLoadBalancer(clusterName, clusterID string, svc *v } } - // Lock the sharedResourceLock to prevent any deletions of shared resources while assembling shared resources here - g.sharedResourceLock.Lock() - defer g.sharedResourceLock.Unlock() + hc, hcPort, sharedHealthCheck, err := func() (*compute.HealthCheck, int32, bool, error) { + // Lock the sharedResourceLock to prevent any deletions of shared resources while assembling shared resources here + g.sharedResourceLock.Lock() + klog.V(2).Infof("ensureInternalLoadBalancer(%v): Locked shared resource lock to assemble shared health check", loadBalancerName) + defer func() { + g.sharedResourceLock.Unlock() + klog.V(2).Infof("ensureInternalLoadBalancer(%v): Unlocked shared resource lock after assembling shared health check", loadBalancerName) + }() - // Ensure health check exists before creating the backend service. The health check is shared - // if externalTrafficPolicy=Cluster. - sharedHealthCheck := !servicehelpers.RequestsOnlyLocalTraffic(svc) - hcName := makeHealthCheckName(loadBalancerName, clusterID, sharedHealthCheck) - hcPath, hcPort := GetNodesHealthCheckPath(), GetNodesHealthCheckPort() - if !sharedHealthCheck { - // Service requires a special health check, retrieve the OnlyLocal port & path - hcPath, hcPort = servicehelpers.GetServiceHealthCheckPathPort(svc) - } - hc, err := g.ensureInternalHealthCheck(hcName, nm, sharedHealthCheck, hcPath, hcPort) + // Ensure health check exists before creating the backend service. The health check is shared + // if externalTrafficPolicy=Cluster. + sharedHealthCheck := !servicehelpers.RequestsOnlyLocalTraffic(svc) + hcName := makeHealthCheckName(loadBalancerName, clusterID, sharedHealthCheck) + hcPath, hcPort := GetNodesHealthCheckPath(), GetNodesHealthCheckPort() + if !sharedHealthCheck { + // Service requires a special health check, retrieve the OnlyLocal port & path + hcPath, hcPort = servicehelpers.GetServiceHealthCheckPathPort(svc) + } + hc, err := g.ensureInternalHealthCheck(hcName, nm, sharedHealthCheck, hcPath, hcPort) + return hc, hcPort, sharedHealthCheck, err + }() if err != nil { return nil, err } + hcName := hc.Name subnetworkURL := g.SubnetworkURL() // Any subnet specified using the subnet annotation will be picked up and reflected in the forwarding rule. @@ -388,9 +396,6 @@ func (g *Cloud) ensureInternalLoadBalancerDeleted(clusterName, clusterID string, sharedBackend := shareBackendService(svc) sharedHealthCheck := !servicehelpers.RequestsOnlyLocalTraffic(svc) - g.sharedResourceLock.Lock() - defer g.sharedResourceLock.Unlock() - klog.V(2).Infof("ensureInternalLoadBalancerDeleted(%v): attempting delete of region internal address", loadBalancerName) ensureAddressDeleted(g, loadBalancerName, g.region) @@ -468,6 +473,10 @@ func (g *Cloud) teardownInternalBackendService(bsName string) error { } func (g *Cloud) teardownInternalHealthCheckAndFirewall(svc *v1.Service, hcName string) error { + // Health Check is a shared resource + g.sharedResourceLock.Lock() + defer g.sharedResourceLock.Unlock() + if err := g.DeleteHealthCheck(hcName); err != nil { if isNotFound(err) { klog.V(2).Infof("teardownInternalHealthCheckAndFirewall(%v): health check does not exist.", hcName) @@ -1046,8 +1055,9 @@ func ilbIPToUse(svc *v1.Service, fwdRule *compute.ForwardingRule, requestedSubne } func getILBOptions(svc *v1.Service) ILBOptions { - return ILBOptions{AllowGlobalAccess: GetLoadBalancerAnnotationAllowGlobalAccess(svc), - SubnetName: GetLoadBalancerAnnotationSubnet(svc), + return ILBOptions{ + AllowGlobalAccess: GetLoadBalancerAnnotationAllowGlobalAccess(svc), + SubnetName: GetLoadBalancerAnnotationSubnet(svc), } }