diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index e7783a5c8e2..5b7c9fd5099 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -2667,15 +2667,6 @@ func ValidateServiceUpdate(service, oldService *api.Service) field.ErrorList { } } - // TODO(freehan): allow user to update loadbalancerSourceRanges - // Only allow removing LoadBalancerSourceRanges when change service type from LoadBalancer - // to non-LoadBalancer or adding LoadBalancerSourceRanges when change service type from - // non-LoadBalancer to LoadBalancer. - if service.Spec.Type != api.ServiceTypeLoadBalancer && oldService.Spec.Type != api.ServiceTypeLoadBalancer || - service.Spec.Type == api.ServiceTypeLoadBalancer && oldService.Spec.Type == api.ServiceTypeLoadBalancer { - allErrs = append(allErrs, ValidateImmutableField(service.Spec.LoadBalancerSourceRanges, oldService.Spec.LoadBalancerSourceRanges, field.NewPath("spec", "loadBalancerSourceRanges"))...) - } - allErrs = append(allErrs, validateServiceFields(service)...) allErrs = append(allErrs, validateServiceAnnotations(service, oldService)...) return allErrs diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index 094a4a0d19a..6a7a02b74e2 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -6675,7 +6675,7 @@ func TestValidateServiceUpdate(t *testing.T) { newSvc.Spec.Type = api.ServiceTypeLoadBalancer newSvc.Spec.LoadBalancerSourceRanges = []string{"10.0.0.0/8"} }, - numErrs: 1, + numErrs: 0, }, { name: "update loadBalancerSourceRanges", @@ -6685,7 +6685,7 @@ func TestValidateServiceUpdate(t *testing.T) { newSvc.Spec.Type = api.ServiceTypeLoadBalancer newSvc.Spec.LoadBalancerSourceRanges = []string{"10.180.0.0/16"} }, - numErrs: 1, + numErrs: 0, }, { name: "LoadBalancer type cannot have None ClusterIP", diff --git a/pkg/controller/service/servicecontroller.go b/pkg/controller/service/servicecontroller.go index 772aa0fad80..43c6a3f74ce 100644 --- a/pkg/controller/service/servicecontroller.go +++ b/pkg/controller/service/servicecontroller.go @@ -430,6 +430,13 @@ func (s *ServiceController) needsUpdate(oldService *v1.Service, newService *v1.S oldService.Spec.Type, newService.Spec.Type) return true } + + if wantsLoadBalancer(newService) && !reflect.DeepEqual(oldService.Spec.LoadBalancerSourceRanges, newService.Spec.LoadBalancerSourceRanges) { + s.eventRecorder.Eventf(newService, v1.EventTypeNormal, "LoadBalancerSourceRanges", "%v -> %v", + oldService.Spec.LoadBalancerSourceRanges, newService.Spec.LoadBalancerSourceRanges) + return true + } + if !portsEqualForLB(oldService, newService) || oldService.Spec.SessionAffinity != newService.Spec.SessionAffinity { return true } diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index a64659904c7..2f39fe9bbc8 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -388,6 +388,9 @@ func (proxier *Proxier) sameConfig(info *serviceInfo, service *api.Service, port if info.onlyNodeLocalEndpoints != onlyNodeLocalEndpoints { return false } + if !reflect.DeepEqual(info.loadBalancerSourceRanges, service.Spec.LoadBalancerSourceRanges) { + return false + } return true }