Skip to content

Commit

Permalink
Merge pull request #1220 from spencerhance/cp-1209-release-1-9
Browse files Browse the repository at this point in the history
Cherry-pick  #1209 [Expose custom health check ports in the firewall] into release-1-9
  • Loading branch information
k8s-ci-robot authored Aug 20, 2020
2 parents 72bc41c + 007bf05 commit 11f4c48
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 1 deletion.
22 changes: 21 additions & 1 deletion pkg/firewalls/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"errors"
"fmt"
"reflect"
"strconv"
"time"

apiv1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -181,8 +182,15 @@ func (fwc *FirewallController) sync(key string) error {
}
}

var additionalPorts []string
if flags.F.EnableBackendConfigHealthCheck {
hcPorts := fwc.getCustomHealthCheckPorts(gceSvcPorts)
additionalPorts = append(additionalPorts, hcPorts...)
}
additionalPorts = append(additionalPorts, negPorts...)

// Ensure firewall rule for the cluster and pass any NEG endpoint ports.
if err := fwc.firewallPool.Sync(nodeNames, negPorts, additionalRanges); err != nil {
if err := fwc.firewallPool.Sync(nodeNames, additionalPorts, additionalRanges); err != nil {
if fwErr, ok := err.(*FirewallXPNError); ok {
// XPN: Raise an event on each ingress
for _, ing := range gceIngresses {
Expand Down Expand Up @@ -217,3 +225,15 @@ func (fwc *FirewallController) ilbFirewallSrcRange(gceIngresses []*v1beta1.Ingre

return "", ErrNoILBIngress
}

func (fwc *FirewallController) getCustomHealthCheckPorts(svcPorts []utils.ServicePort) []string {
var result []string

for _, svcPort := range svcPorts {
if svcPort.BackendConfig != nil && svcPort.BackendConfig.Spec.HealthCheck != nil && svcPort.BackendConfig.Spec.HealthCheck.Port != nil {
result = append(result, strconv.FormatInt(*svcPort.BackendConfig.Spec.HealthCheck.Port, 10))
}
}

return result
}
38 changes: 38 additions & 0 deletions pkg/firewalls/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,12 @@ import (
"testing"
"time"

"github.com/google/go-cmp/cmp"
api_v1 "k8s.io/api/core/v1"
"k8s.io/api/networking/v1beta1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes/fake"
v1 "k8s.io/ingress-gce/pkg/apis/backendconfig/v1"
backendconfigclient "k8s.io/ingress-gce/pkg/backendconfig/client/clientset/versioned/fake"
test "k8s.io/ingress-gce/pkg/test"
"k8s.io/ingress-gce/pkg/utils"
Expand Down Expand Up @@ -102,3 +104,39 @@ func TestFirewallCreateDelete(t *testing.T) {
t.Fatalf("cloud.GetFirewall(%v) = _, %v, want _, 404 error", ruleName, err)
}
}

func TestGetCustomHealthCheckPorts(t *testing.T) {
t.Parallel()

testCases := []struct {
desc string
svcPorts []utils.ServicePort
expect []string
}{
{
desc: "One service port with custom port",
svcPorts: []utils.ServicePort{utils.ServicePort{BackendConfig: &v1.BackendConfig{Spec: v1.BackendConfigSpec{HealthCheck: &v1.HealthCheckConfig{Port: utils.NewInt64Pointer(8000)}}}}},
expect: []string{"8000"},
},
{
desc: "Two service ports with custom port",
svcPorts: []utils.ServicePort{utils.ServicePort{BackendConfig: &v1.BackendConfig{Spec: v1.BackendConfigSpec{HealthCheck: &v1.HealthCheckConfig{Port: utils.NewInt64Pointer(8000)}}}},
utils.ServicePort{BackendConfig: &v1.BackendConfig{Spec: v1.BackendConfigSpec{HealthCheck: &v1.HealthCheckConfig{Port: utils.NewInt64Pointer(9000)}}}}},
expect: []string{"8000", "9000"},
},
{
desc: "No service ports",
expect: nil,
},
}

for _, tc := range testCases {
t.Run(tc.desc, func(t *testing.T) {
fwc := newFirewallController()
result := fwc.getCustomHealthCheckPorts(tc.svcPorts)
if diff := cmp.Diff(tc.expect, result); diff != "" {
t.Errorf("unexpected diff of ports (-want +got): \n%s", diff)
}
})
}
}
5 changes: 5 additions & 0 deletions pkg/utils/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -563,3 +563,8 @@ func MakeL4ILBServiceDescription(svcName, ip string, version meta.Version) (stri
func NewStringPointer(s string) *string {
return &s
}

// NewInt64Pointer returns a pointer to the provided int64 literal
func NewInt64Pointer(i int64) *int64 {
return &i
}

0 comments on commit 11f4c48

Please sign in to comment.