Skip to content

Commit

Permalink
Merge pull request #1174 from spencerhance/internal-static-ip
Browse files Browse the repository at this point in the history
Implement support for Internal/Regional Static IP for L7-ILB
  • Loading branch information
k8s-ci-robot authored Jul 29, 2020
2 parents cf03a25 + d6080dd commit 6c3ddf6
Show file tree
Hide file tree
Showing 14 changed files with 786 additions and 32 deletions.
46 changes: 41 additions & 5 deletions pkg/annotations/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@ limitations under the License.
package annotations

import (
"errors"
"strconv"

"k8s.io/api/networking/v1beta1"
"k8s.io/ingress-gce/pkg/flags"
)

const (
Expand All @@ -34,12 +36,19 @@ const (
// rules for port 443 based on the TLS section.
AllowHTTPKey = "kubernetes.io/ingress.allow-http"

// StaticIPNameKey tells the Ingress controller to use a specific GCE
// GlobalStaticIPNameKey tells the Ingress controller to use a specific GCE
// static ip for its forwarding rules. If specified, the Ingress controller
// assigns the static ip by this name to the forwarding rules of the given
// Ingress. The controller *does not* manage this ip, it is the users
// responsibility to create/delete it.
StaticIPNameKey = "kubernetes.io/ingress.global-static-ip-name"
GlobalStaticIPNameKey = "kubernetes.io/ingress.global-static-ip-name"

// RegionalStaticIPNameKey tells the Ingress controller to use a specific GCE
// internal static ip for its forwarding rules. If specified, the Ingress controller
// assigns the static ip by this name to the forwarding rules of the given
// Ingress. The controller *does not* manage this ip, it is the users
// responsibility to create/delete it.
RegionalStaticIPNameKey = "kubernetes.io/ingress.regional-static-ip-name"

// PreSharedCertKey represents the specific pre-shared SSL
// certificate for the Ingress controller to use. The controller *does not*
Expand All @@ -50,7 +59,7 @@ const (

// IngressClassKey picks a specific "class" for the Ingress. The controller
// only processes Ingresses with this annotation either unset, or set
// to either gceIngessClass or the empty string.
// to either gceIngressClass or the empty string.
IngressClassKey = "kubernetes.io/ingress.class"
GceIngressClass = "gce"
GceMultiIngressClass = "gce-multi-cluster"
Expand Down Expand Up @@ -131,8 +140,35 @@ func (ing *Ingress) UseNamedTLS() string {
return val
}

func (ing *Ingress) StaticIPName() string {
val, ok := ing.v[StaticIPNameKey]
func (ing *Ingress) StaticIPName() (string, error) {
if !flags.F.EnableL7Ilb {
return ing.GlobalStaticIPName(), nil
}

globalIp := ing.GlobalStaticIPName()
regionalIp := ing.RegionalStaticIPName()

if globalIp != "" && regionalIp != "" {
return "", errors.New("Error: both global-static-ip and regional-static-ip cannot be specified")
}

if regionalIp != "" {
return regionalIp, nil
}

return globalIp, nil
}

func (ing *Ingress) GlobalStaticIPName() string {
val, ok := ing.v[GlobalStaticIPNameKey]
if !ok {
return ""
}
return val
}

func (ing *Ingress) RegionalStaticIPName() string {
val, ok := ing.v[RegionalStaticIPNameKey]
if !ok {
return ""
}
Expand Down
42 changes: 36 additions & 6 deletions pkg/annotations/ingress_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,49 @@ import (

"k8s.io/api/networking/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-gce/pkg/flags"
)

func TestIngress(t *testing.T) {
for _, tc := range []struct {
desc string
ing *v1beta1.Ingress
allowHTTP bool
useNamedTLS string
staticIPName string
ingressClass string
wantErr bool
}{
{
desc: "Empty ingress",
ing: &v1beta1.Ingress{},
allowHTTP: true, // defaults to true.
},
{
desc: "Global and Regional StaticIP Specified",
ing: &v1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{
AllowHTTPKey: "false",
IngressClassKey: "gce",
PreSharedCertKey: "shared-cert-key",
StaticIPNameKey: "1.2.3.4",
GlobalStaticIPNameKey: "1.2.3.4",
RegionalStaticIPNameKey: "10.0.0.0",
IngressClassKey: GceL7ILBIngressClass,
},
},
},
ingressClass: GceL7ILBIngressClass,
staticIPName: "",
allowHTTP: true,
wantErr: true,
},
{
desc: "Test most annotations",
ing: &v1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{
AllowHTTPKey: "false",
IngressClassKey: "gce",
PreSharedCertKey: "shared-cert-key",
GlobalStaticIPNameKey: "1.2.3.4",
},
},
},
Expand All @@ -53,14 +74,23 @@ func TestIngress(t *testing.T) {
},
} {
ing := FromIngress(tc.ing)

if tc.ingressClass == GceL7ILBIngressClass {
flags.F.EnableL7Ilb = true
}

if x := ing.AllowHTTP(); x != tc.allowHTTP {
t.Errorf("ingress %+v; AllowHTTP() = %v, want %v", tc.ing, x, tc.allowHTTP)
}
if x := ing.UseNamedTLS(); x != tc.useNamedTLS {
t.Errorf("ingress %+v; UseNamedTLS() = %v, want %v", tc.ing, x, tc.useNamedTLS)
}
if x := ing.StaticIPName(); x != tc.staticIPName {
t.Errorf("ingress %+v; StaticIPName() = %v, want %v", tc.ing, x, tc.staticIPName)
staticIp, err := ing.StaticIPName()
if (err != nil) != tc.wantErr {
t.Errorf("ingress: %+v, err = %v, wantErr = %v", tc.ing, err, tc.wantErr)
}
if staticIp != tc.staticIPName {
t.Errorf("ingress %+v; GlobalStaticIPName() = %v, want %v", tc.ing, staticIp, tc.staticIPName)
}
if x := ing.IngressClass(); x != tc.ingressClass {
t.Errorf("ingress %+v; IngressClass() = %v, want %v", tc.ing, x, tc.ingressClass)
Expand Down
Loading

0 comments on commit 6c3ddf6

Please sign in to comment.