diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go index a1baf25cff7..8c56e5c5a73 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go @@ -1080,15 +1080,9 @@ func (az *Cloud) reconcileLoadBalancerRule( BackendPort: to.Int32Ptr(port.Port), DisableOutboundSnat: to.BoolPtr(az.disableLoadBalancerOutboundSNAT()), EnableTCPReset: enableTCPReset, + EnableFloatingIP: to.BoolPtr(true), }, } - // LB does not support floating IPs for IPV6 rules - if utilnet.IsIPv6String(service.Spec.ClusterIP) { - expectedRule.BackendPort = to.Int32Ptr(port.NodePort) - expectedRule.EnableFloatingIP = to.BoolPtr(false) - } else { - expectedRule.EnableFloatingIP = to.BoolPtr(true) - } if protocol == v1.ProtocolTCP { expectedRule.LoadBalancingRulePropertiesFormat.IdleTimeoutInMinutes = lbIdleTimeout @@ -1158,8 +1152,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service, } expectedSecurityRules := []network.SecurityRule{} - ipv6 := utilnet.IsIPv6String(service.Spec.ClusterIP) - if wantLb { expectedSecurityRules = make([]network.SecurityRule, len(ports)*len(sourceAddressPrefixes)) @@ -1171,7 +1163,7 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service, for j := range sourceAddressPrefixes { ix := i*len(sourceAddressPrefixes) + j securityRuleName := az.getSecurityRuleName(service, port, sourceAddressPrefixes[j]) - securityRule := network.SecurityRule{ + expectedSecurityRules[ix] = network.SecurityRule{ Name: to.StringPtr(securityRuleName), SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{ Protocol: *securityProto, @@ -1183,13 +1175,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service, Direction: network.SecurityRuleDirectionInbound, }, } - // For IPv6, the destination port needs to be node port and Destination Any as floating IPs - // not supported for IPv6 - if ipv6 { - securityRule.SecurityRulePropertiesFormat.DestinationPortRange = to.StringPtr(strconv.Itoa(int(port.NodePort))) - securityRule.SecurityRulePropertiesFormat.DestinationAddressPrefix = to.StringPtr("*") - } - expectedSecurityRules[ix] = securityRule } } } diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go index 73cf7d6a129..4f50561dfeb 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go @@ -1879,9 +1879,9 @@ func TestReconcileSecurityGroup(t *testing.T) { SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{ Protocol: network.SecurityRuleProtocol("Tcp"), SourcePortRange: to.StringPtr("*"), - DestinationPortRange: to.StringPtr("10080"), + DestinationPortRange: to.StringPtr("80"), SourceAddressPrefix: to.StringPtr("Internet"), - DestinationAddressPrefix: to.StringPtr("*"), + DestinationAddressPrefix: to.StringPtr("fd00::eef0"), Access: network.SecurityRuleAccess("Allow"), Priority: to.Int32Ptr(500), Direction: network.SecurityRuleDirection("Inbound"),