Allow using existing NEG when specifying name in the annotation

[petomalina]

This issue connects to #919. Since we have the ability to choose the name it would make things simpler to have the ability to attach to an existing NEG.

The behavior could be explicit, like another key next to the name called useExisting, that would not create a NEG but rather attach to an existing one.

This would simplify the creation of NEGs with Terraform, where we could build the whole infra in a single go instead of deploying pods just to connect NEGs to LBs.

[freehan]

Thank you for filing this issue.

The main concern here is that multiple NEG controllers on different clusters would fight over the same NEG. They each will in turn wipe out other's endpoints and add their own ones into the NEG. We have brainstormed a few ideas to implement this feature. One way is to utilize the per endpoint metadata in the NEG to store which cluster the endpoint belongs to. This way multiple NEG controller can effectively manage its own endpoint and would not touch others. This also allows merging endpoints from multiple clusters into one NEG.

One more caveat is GC. If useExisting annotation is specified, NEG controller would not conduct any NEG GC. However, user can remove this annotation and trick NEG controller into doing the GC.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-gce/issues/1497#issuecomment-976057416): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues and PRs according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue or PR with `/reopen` >- Mark this issue or PR as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[lucasteligioridis]

Just re-opening this because this is still a problem for me and just wanted a general opinion on a few things.

It would be pretty awesome to have this work as the issue describes, or at least a discussion on workaround that is "neat". At the moment I create the service within Kubernetes and the backend services within GCP outside of the scope of Kubernetes (configuration as code such as terraform for example). But because of the asynchronous nature of creation it does get a bit messy when knowing or even trying to associate the neg that was created this way.

Valid implications on NEGs fighting each other too @freehan as you have mentioned. Doesn't sound like an "easy" problem anyway.

Would you not get the "fighting" behavior if you had 2 separate services with the same NEG annotation or does the controller prioritize the annotation that was there "first"? Because if that were the case it sounds like we'd have the same behavior whether we provided one or it was created ahead of time and it's name passed in.

/reopen /remove-lifecycle rotten

[k8s-ci-robot]

@lucasteligioridis: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to [this](https://github.com/kubernetes/ingress-gce/issues/1497#issuecomment-995349874): >Just re-opening this because this is still a problem for me and just wanted a general opinion on a few things. > >It would be pretty awesome to have this work as issue describe, or at least a discussion on workaround that is "neat". >At the moment I create the `service` within Kubernetes and the `backend` services within GCP outside of the scope of Kubernetes (configuration as code such as terraform for example). But because of the asynchronous nature of creation it does get a bit messy when knowing or even trying to associate the neg that was created this way. > >Valid implications on NEGs fighting each other too @freehan as you have mentioned. Doesn't sound like an "easy" problem anyway. > >Would you not get the "fighting" behavior if you had 2 separate services with the same NEG annotation or does the controller prioritize the annotation that was there "first"? Because if that were the case it sounds like we'd have the same behavior whether we provided one or it was created ahead of time and it's name passed in. > >/reopen >/remove-lifecycle rotten Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.