gce: Set labels on ForwardingRules

We add the cluster-name label, now that labels are supported on
ForwardingRules.

cloudmock/gce/mockcompute/forwarding_rule.go

@@ -71,6 +71,26 @@ func (c *forwardingRuleClient) Insert(project, region string, fr *compute.Forwar
 	return doneOperation(), nil
 }
 
+func (c *forwardingRuleClient) SetLabels(ctx context.Context, project, region, name string, req *compute.RegionSetLabelsRequest) (*compute.Operation, error) {
+	c.Lock()
+	defer c.Unlock()
+	regions, ok := c.forwardingRules[project]
+	if !ok {
+		return nil, notFoundError()
+	}
+	frs, ok := regions[region]
+	if !ok {
+		return nil, notFoundError()
+	}
+	fr, ok := frs[name]
+	if !ok {
+		return nil, notFoundError()
+	}
+
+	fr.Labels = req.Labels
+	return doneOperation(), nil
+}
+
 func (c *forwardingRuleClient) Delete(project, region, name string) (*compute.Operation, error) {
 	c.Lock()
 	defer c.Unlock()

pkg/model/gcemodel/api_loadbalancer.go

@@ -77,6 +77,10 @@ func (b *APILoadBalancerBuilder) createPublicLB(c *fi.CloudupModelBuilderContext
 		TargetPool: targetPool,
 		IPAddress:  ipAddress,
 		IPProtocol: "TCP",
+		Labels: map[string]string{
+			gce.GceLabelNameKubernetesCluster: gce.SafeClusterName(b.ClusterName()),
+			"name":                            "api",
+		},
 	})
 	if b.Cluster.UsesNoneDNS() {
 		c.AddTask(&gcetasks.ForwardingRule{
@@ -86,6 +90,10 @@ func (b *APILoadBalancerBuilder) createPublicLB(c *fi.CloudupModelBuilderContext
 			TargetPool: targetPool,
 			IPAddress:  ipAddress,
 			IPProtocol: "TCP",
+			Labels: map[string]string{
+				gce.GceLabelNameKubernetesCluster: gce.SafeClusterName(b.ClusterName()),
+				"name":                            "kops-controller",
+			},
 		})
 	}
 
@@ -204,6 +212,10 @@ func (b *APILoadBalancerBuilder) createInternalLB(c *fi.CloudupModelBuilderConte
 			LoadBalancingScheme: s("INTERNAL"),
 			Network:             network,
 			Subnetwork:          subnet,
+			Labels: map[string]string{
+				gce.GceLabelNameKubernetesCluster: gce.SafeClusterName(b.ClusterName()),
+				"name":                            "api-" + sn.Name,
+			},
 		})
 		if b.Cluster.UsesNoneDNS() {
 			c.AddTask(&gcetasks.ForwardingRule{
@@ -216,6 +228,10 @@ func (b *APILoadBalancerBuilder) createInternalLB(c *fi.CloudupModelBuilderConte
 				LoadBalancingScheme: s("INTERNAL"),
 				Network:             network,
 				Subnetwork:          subnet,
+				Labels: map[string]string{
+					gce.GceLabelNameKubernetesCluster: gce.SafeClusterName(b.ClusterName()),
+					"name":                            "kops-controller-" + sn.Name,
+				},
 			})
 		}
 	}

upup/pkg/fi/cloudup/gce/compute.go

@@ -366,6 +366,7 @@ type ForwardingRuleClient interface {
 	Delete(project, region, name string) (*compute.Operation, error)
 	Get(project, region, name string) (*compute.ForwardingRule, error)
 	List(ctx context.Context, project, region string) ([]*compute.ForwardingRule, error)
+	SetLabels(ctx context.Context, project, region, resource string, request *compute.RegionSetLabelsRequest) (*compute.Operation, error)
 }
 
 type forwardingRuleClientImpl struct {
@@ -386,6 +387,10 @@ func (c *forwardingRuleClientImpl) Get(project, region, name string) (*compute.F
 	return c.srv.Get(project, region, name).Do()
 }
 
+func (c *forwardingRuleClientImpl) SetLabels(ctx context.Context, project string, region string, resource string, request *compute.RegionSetLabelsRequest) (*compute.Operation, error) {
+	return c.srv.SetLabels(project, region, resource, request).Context(ctx).Do()
+}
+
 func (c *forwardingRuleClientImpl) List(ctx context.Context, project, region string) ([]*compute.ForwardingRule, error) {
 	var frs []*compute.ForwardingRule
 	if err := c.srv.List(project, region).Pages(ctx, func(p *compute.ForwardingRuleList) error {

upup/pkg/fi/cloudup/gcetasks/forwardingrule.go

@@ -17,7 +17,9 @@ limitations under the License.
 package gcetasks
 
 import (
+	"context"
 	"fmt"
+	"reflect"
 
 	compute "google.golang.org/api/compute/v1"
 	"k8s.io/klog/v2"
@@ -47,6 +49,13 @@ type ForwardingRule struct {
 	Network             *Network
 	Subnetwork          *Subnet
 	BackendService      *BackendService
+
+	// Labels to set on the resource.
+	Labels map[string]string
+
+	// Fingerprint of the labels, used to avoid race-conditions on updates.
+	// Only set on the actual resource returned by Find.
+	labelFingerprint string
 }
 
 var _ fi.CompareWithID = &ForwardingRule{}
@@ -109,6 +118,9 @@ func (e *ForwardingRule) Find(c *fi.CloudupContext) (*ForwardingRule, error) {
 		}
 	}
 
+	actual.Labels = r.Labels
+	actual.labelFingerprint = r.LabelFingerprint
+
 	// Ignore "system" fields
 	actual.Lifecycle = e.Lifecycle
 
@@ -127,6 +139,8 @@ func (_ *ForwardingRule) CheckChanges(a, e, changes *ForwardingRule) error {
 }
 
 func (_ *ForwardingRule) RenderGCE(t *gce.GCEAPITarget, a, e, changes *ForwardingRule) error {
+	ctx := context.TODO()
+
 	name := fi.ValueOf(e.Name)
 
 	o := &compute.ForwardingRule{
@@ -207,8 +221,47 @@ func (_ *ForwardingRule) RenderGCE(t *gce.GCEAPITarget, a, e, changes *Forwardin
 			return fmt.Errorf("error creating forwarding rule: %v", err)
 		}
 
+		if e.Labels != nil {
+			// We can't set labels on creation; we have to read the object to get the fingerprint
+			r, err := t.Cloud.Compute().ForwardingRules().Get(t.Cloud.Project(), t.Cloud.Region(), name)
+			if err != nil {
+				return fmt.Errorf("reading created ForwardingRule %q: %v", name, err)
+			}
+
+			req := compute.RegionSetLabelsRequest{
+				LabelFingerprint: r.LabelFingerprint,
+				Labels:           e.Labels,
+			}
+			op, err := t.Cloud.Compute().ForwardingRules().SetLabels(ctx, t.Cloud.Project(), t.Cloud.Region(), o.Name, &req)
+			if err != nil {
+				return fmt.Errorf("setting ForwardingRule labels: %w", err)
+			}
+
+			if err := t.Cloud.WaitForOp(op); err != nil {
+				return fmt.Errorf("setting ForwardRule labels: %w", err)
+			}
+		}
 	} else {
-		return fmt.Errorf("cannot apply changes to ForwardingRule: %v", changes)
+		if changes.Labels != nil {
+			req := compute.RegionSetLabelsRequest{
+				LabelFingerprint: a.labelFingerprint,
+				Labels:           e.Labels,
+			}
+			op, err := t.Cloud.Compute().ForwardingRules().SetLabels(ctx, t.Cloud.Project(), t.Cloud.Region(), o.Name, &req)
+			if err != nil {
+				return fmt.Errorf("setting ForwardingRule labels: %w", err)
+			}
+
+			if err := t.Cloud.WaitForOp(op); err != nil {
+				return fmt.Errorf("setting ForwardRule labels: %w", err)
+			}
+
+			changes.Labels = nil
+		}
+
+		if !reflect.DeepEqual(changes, &ForwardingRule{}) {
+			return fmt.Errorf("cannot apply changes to ForwardingRule: %v", changes)
+		}
 	}
 
 	return nil
@@ -225,6 +278,7 @@ type terraformForwardingRule struct {
 	Network             *terraformWriter.Literal `cty:"network"`
 	Subnetwork          *terraformWriter.Literal `cty:"subnetwork"`
 	BackendService      *terraformWriter.Literal `cty:"backend_service"`
+	Labels              map[string]string        `cty:"labels"`
 }
 
 func (_ *ForwardingRule) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *ForwardingRule) error {
@@ -236,6 +290,7 @@ func (_ *ForwardingRule) RenderTerraform(t *terraform.TerraformTarget, a, e, cha
 		LoadBalancingScheme: e.LoadBalancingScheme,
 		Ports:               e.Ports,
 		PortRange:           e.PortRange,
+		Labels:              e.Labels,
 	}
 
 	if e.TargetPool != nil {