-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: NSG destination IP version same as LB IP for floating ip disabled services #2230
Conversation
✅ Deploy Preview for kubernetes-sigs-cloud-provide-azure ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jwtty The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test pull-cloud-provider-azure-e2e-ccm-vmss-capz |
/test pull-cloud-provider-azure-e2e-ccm-vmss-basic-lb |
1 similar comment
/test pull-cloud-provider-azure-e2e-ccm-vmss-basic-lb |
@@ -2309,6 +2308,22 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service, | |||
disableFloatingIP = true | |||
} | |||
|
|||
backendIPAddresses := make([]string, 0) | |||
if disableFloatingIP { | |||
lb, exist, err := az.getAzureLoadBalancer(to.String(lbName), azcache.CacheReadTypeDefault) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think updated slb is returned in the previous function call. Do we need to invoke get slb again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That was my first implementation. But then I found when the service was first created, that lb returned from the previous function call has an empty backendpool. (nodes are added later and that variable does not contain them.) And the getPrivateIPs
would return nothing. That's why I call a getLB here.
/test pull-cloud-provider-azure-e2e-ccm-vmss-basic-lb |
/lgtm |
/cherrypick release-1.0 |
/cherrypick release-1.1 |
/cherrypick release-1.23 |
/cherrypick release-1.24 |
@jwtty: #2230 failed to apply on top of branch "release-1.0":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@jwtty: #2230 failed to apply on top of branch "release-1.1":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@jwtty: new pull request created: #2238 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@jwtty: new pull request created: #2239 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What type of PR is this?
/kind bug
What this PR does / why we need it:
When service has floating ip disabled, all backend private IPs are added in nsg rule as destination addresses.
In a dual stack cluster, this includes both IPv4 and IPv6 addresses that nsg does not support.
So in this scenario, we only select private IPs with the same version as service LB IP to be included in nsg.
Which issue(s) this PR fixes:
Fixes #2218
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: