mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 12:43:23 +00:00
Merge pull request #91997 from aramase/floating-ipv6
azure: enable floating IP for IPv6 LB
This commit is contained in:
commit
2402bfd4bc
@ -1080,15 +1080,9 @@ func (az *Cloud) reconcileLoadBalancerRule(
|
||||
BackendPort: to.Int32Ptr(port.Port),
|
||||
DisableOutboundSnat: to.BoolPtr(az.disableLoadBalancerOutboundSNAT()),
|
||||
EnableTCPReset: enableTCPReset,
|
||||
EnableFloatingIP: to.BoolPtr(true),
|
||||
},
|
||||
}
|
||||
// LB does not support floating IPs for IPV6 rules
|
||||
if utilnet.IsIPv6String(service.Spec.ClusterIP) {
|
||||
expectedRule.BackendPort = to.Int32Ptr(port.NodePort)
|
||||
expectedRule.EnableFloatingIP = to.BoolPtr(false)
|
||||
} else {
|
||||
expectedRule.EnableFloatingIP = to.BoolPtr(true)
|
||||
}
|
||||
|
||||
if protocol == v1.ProtocolTCP {
|
||||
expectedRule.LoadBalancingRulePropertiesFormat.IdleTimeoutInMinutes = lbIdleTimeout
|
||||
@ -1158,8 +1152,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
|
||||
}
|
||||
expectedSecurityRules := []network.SecurityRule{}
|
||||
|
||||
ipv6 := utilnet.IsIPv6String(service.Spec.ClusterIP)
|
||||
|
||||
if wantLb {
|
||||
expectedSecurityRules = make([]network.SecurityRule, len(ports)*len(sourceAddressPrefixes))
|
||||
|
||||
@ -1171,7 +1163,7 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
|
||||
for j := range sourceAddressPrefixes {
|
||||
ix := i*len(sourceAddressPrefixes) + j
|
||||
securityRuleName := az.getSecurityRuleName(service, port, sourceAddressPrefixes[j])
|
||||
securityRule := network.SecurityRule{
|
||||
expectedSecurityRules[ix] = network.SecurityRule{
|
||||
Name: to.StringPtr(securityRuleName),
|
||||
SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{
|
||||
Protocol: *securityProto,
|
||||
@ -1183,13 +1175,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
|
||||
Direction: network.SecurityRuleDirectionInbound,
|
||||
},
|
||||
}
|
||||
// For IPv6, the destination port needs to be node port and Destination Any as floating IPs
|
||||
// not supported for IPv6
|
||||
if ipv6 {
|
||||
securityRule.SecurityRulePropertiesFormat.DestinationPortRange = to.StringPtr(strconv.Itoa(int(port.NodePort)))
|
||||
securityRule.SecurityRulePropertiesFormat.DestinationAddressPrefix = to.StringPtr("*")
|
||||
}
|
||||
expectedSecurityRules[ix] = securityRule
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1879,9 +1879,9 @@ func TestReconcileSecurityGroup(t *testing.T) {
|
||||
SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{
|
||||
Protocol: network.SecurityRuleProtocol("Tcp"),
|
||||
SourcePortRange: to.StringPtr("*"),
|
||||
DestinationPortRange: to.StringPtr("10080"),
|
||||
DestinationPortRange: to.StringPtr("80"),
|
||||
SourceAddressPrefix: to.StringPtr("Internet"),
|
||||
DestinationAddressPrefix: to.StringPtr("*"),
|
||||
DestinationAddressPrefix: to.StringPtr("fd00::eef0"),
|
||||
Access: network.SecurityRuleAccess("Allow"),
|
||||
Priority: to.Int32Ptr(500),
|
||||
Direction: network.SecurityRuleDirection("Inbound"),
|
||||
|
Loading…
Reference in New Issue
Block a user