Skip to content

Commit

Permalink
[DualStack] Support NSG and clean LBs
Browse files Browse the repository at this point in the history
* Support NSG and clean LBs for dualstack
* Support related UTs for dualstack
* Refactor

Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
  • Loading branch information
lzhecheng committed May 30, 2023
1 parent e20de36 commit a81bbfd
Show file tree
Hide file tree
Showing 12 changed files with 1,171 additions and 1,159 deletions.
1 change: 1 addition & 0 deletions hack/test-ccm-e2e.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,5 @@ LABEL_FILTER="${LABEL_FILTER:-${DEFAULT_LABEL_FILTER}}"

source "${REPO_ROOT}/hack/ensure-ginkgo-v2.sh"

LABEL_FILTER="Test"
ginkgo -flake-attempts 2 -skip "${SKIP_ARGS}" -label-filter "${LABEL_FILTER}" "${REPO_ROOT}"/tests/e2e/
5 changes: 0 additions & 5 deletions pkg/consts/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ import (
"strings"

v1 "k8s.io/api/core/v1"
"k8s.io/utils/net"
)

// IsK8sServiceHasHAModeEnabled return if HA Mode is enabled in kubernetes service annotations
Expand All @@ -36,10 +35,6 @@ func IsK8sServiceUsingInternalLoadBalancer(service *v1.Service) bool {
return expectAttributeInSvcAnnotationBeEqualTo(service.Annotations, ServiceAnnotationLoadBalancerInternal, TrueAnnotationValue)
}

func IsK8sServiceInternalIPv6(service *v1.Service) bool {
return IsK8sServiceUsingInternalLoadBalancer(service) && net.IsIPv6String(service.Spec.ClusterIP)
}

// IsK8sServiceDisableLoadBalancerFloatingIP return if floating IP in load balancer is disabled in kubernetes service annotations
func IsK8sServiceDisableLoadBalancerFloatingIP(service *v1.Service) bool {
return expectAttributeInSvcAnnotationBeEqualTo(service.Annotations, ServiceAnnotationDisableLoadBalancerFloatingIP, TrueAnnotationValue)
Expand Down
440 changes: 245 additions & 195 deletions pkg/provider/azure_loadbalancer.go

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions pkg/provider/azure_loadbalancer_backendpool.go
Original file line number Diff line number Diff line change
Expand Up @@ -710,6 +710,7 @@ func newBackendPool(lb *network.LoadBalancer, isBackendPoolPreConfigured bool, p
BackendAddressPoolPropertiesFormat: &network.BackendAddressPoolPropertiesFormat{},
})

// Always returns false
return isBackendPoolPreConfigured
}

Expand Down
366 changes: 230 additions & 136 deletions pkg/provider/azure_loadbalancer_test.go

Large diffs are not rendered by default.

10 changes: 8 additions & 2 deletions pkg/provider/azure_privatelinkservice.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,15 @@ func (az *Cloud) reconcilePrivateLinkService(
klog.Errorf("reconcilePrivateLinkService for service(%s): failed to get FIP IP family: %v", service, err)
return err
}
isDualStack := isServiceDualStack(service)
if isIPv6 {
klog.V(2).Infof("IPv6 is not supported for private link service, skip reconcilePrivateLinkService for service(%s)", service)
return nil
if isDualStack || !wantPLS {
klog.V(2).Infof("IPv6 is not supported for private link service, skip reconcilePrivateLinkService for service(%s)", service)
return nil
}
if !isDualStack {
return fmt.Errorf("IPv6 is not supported for private link service")
}
}

createPLS := wantPLS && serviceRequiresPLS(service)
Expand Down
12 changes: 7 additions & 5 deletions pkg/provider/azure_standard.go
Original file line number Diff line number Diff line change
Expand Up @@ -334,15 +334,17 @@ func (az *Cloud) getloadbalancerHAmodeRuleName(service *v1.Service, isIPv6 bool)
}

func (az *Cloud) getSecurityRuleName(service *v1.Service, port v1.ServicePort, sourceAddrPrefix string, isIPv6 bool) string {
isDualStack := isServiceDualStack(service)
safePrefix := strings.Replace(sourceAddrPrefix, "/", "_", -1)
safePrefix = strings.Replace(safePrefix, ":", ".", -1) // Consider IPv6 address
var name string
if useSharedSecurityRule(service) {
return fmt.Sprintf("shared-%s-%d-%s", port.Protocol, port.Port, safePrefix)
name = fmt.Sprintf("shared-%s-%d-%s", port.Protocol, port.Port, safePrefix)
} else {
rulePrefix := az.getRulePrefix(service)
name = fmt.Sprintf("%s-%s-%d-%s", rulePrefix, port.Protocol, port.Port, safePrefix)
}
rulePrefix := az.getRulePrefix(service)
name := fmt.Sprintf("%s-%s-%d-%s", rulePrefix, port.Protocol, port.Port, safePrefix)
// TODO: Use getResourceByIPFamily
return name
return getResourceByIPFamily(name, isDualStack, isIPv6)
}

// This returns a human-readable version of the Service used to tag some resources.
Expand Down
Loading

0 comments on commit a81bbfd

Please sign in to comment.