Merge pull request #91997 from aramase/floating-ipv6

azure: enable floating IP for IPv6 LB
This commit is contained in:
Kubernetes Prow Robot 2020-06-12 14:27:55 -07:00 committed by GitHub
commit 2402bfd4bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 19 deletions

View File

@ -1080,15 +1080,9 @@ func (az *Cloud) reconcileLoadBalancerRule(
BackendPort: to.Int32Ptr(port.Port),
DisableOutboundSnat: to.BoolPtr(az.disableLoadBalancerOutboundSNAT()),
EnableTCPReset: enableTCPReset,
EnableFloatingIP: to.BoolPtr(true),
},
}
// LB does not support floating IPs for IPV6 rules
if utilnet.IsIPv6String(service.Spec.ClusterIP) {
expectedRule.BackendPort = to.Int32Ptr(port.NodePort)
expectedRule.EnableFloatingIP = to.BoolPtr(false)
} else {
expectedRule.EnableFloatingIP = to.BoolPtr(true)
}
if protocol == v1.ProtocolTCP {
expectedRule.LoadBalancingRulePropertiesFormat.IdleTimeoutInMinutes = lbIdleTimeout
@ -1158,8 +1152,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
}
expectedSecurityRules := []network.SecurityRule{}
ipv6 := utilnet.IsIPv6String(service.Spec.ClusterIP)
if wantLb {
expectedSecurityRules = make([]network.SecurityRule, len(ports)*len(sourceAddressPrefixes))
@ -1171,7 +1163,7 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
for j := range sourceAddressPrefixes {
ix := i*len(sourceAddressPrefixes) + j
securityRuleName := az.getSecurityRuleName(service, port, sourceAddressPrefixes[j])
securityRule := network.SecurityRule{
expectedSecurityRules[ix] = network.SecurityRule{
Name: to.StringPtr(securityRuleName),
SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{
Protocol: *securityProto,
@ -1183,13 +1175,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
Direction: network.SecurityRuleDirectionInbound,
},
}
// For IPv6, the destination port needs to be node port and Destination Any as floating IPs
// not supported for IPv6
if ipv6 {
securityRule.SecurityRulePropertiesFormat.DestinationPortRange = to.StringPtr(strconv.Itoa(int(port.NodePort)))
securityRule.SecurityRulePropertiesFormat.DestinationAddressPrefix = to.StringPtr("*")
}
expectedSecurityRules[ix] = securityRule
}
}
}

View File

@ -1879,9 +1879,9 @@ func TestReconcileSecurityGroup(t *testing.T) {
SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{
Protocol: network.SecurityRuleProtocol("Tcp"),
SourcePortRange: to.StringPtr("*"),
DestinationPortRange: to.StringPtr("10080"),
DestinationPortRange: to.StringPtr("80"),
SourceAddressPrefix: to.StringPtr("Internet"),
DestinationAddressPrefix: to.StringPtr("*"),
DestinationAddressPrefix: to.StringPtr("fd00::eef0"),
Access: network.SecurityRuleAccess("Allow"),
Priority: to.Int32Ptr(500),
Direction: network.SecurityRuleDirection("Inbound"),