Merge pull request #91997 from aramase/floating-ipv6

azure: enable floating IP for IPv6 LB
2025-07-29 06:27:05 +00:00 · 2020-06-12 14:27:55 -07:00 · 2020-06-12 14:27:55 -07:00 · 2402bfd4bc
commit 2402bfd4bc
parent 27c70773ad 0ef792ea18
2 changed files with 4 additions and 19 deletions
--- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go
+++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go
@ -1080,15 +1080,9 @@ func (az *Cloud) reconcileLoadBalancerRule(
 					BackendPort:         to.Int32Ptr(port.Port),
 					DisableOutboundSnat: to.BoolPtr(az.disableLoadBalancerOutboundSNAT()),
 					EnableTCPReset:      enableTCPReset,
 					EnableFloatingIP:    to.BoolPtr(true),
 				},
 			}
 			// LB does not support floating IPs for IPV6 rules
 			if utilnet.IsIPv6String(service.Spec.ClusterIP) {
 				expectedRule.BackendPort = to.Int32Ptr(port.NodePort)
 				expectedRule.EnableFloatingIP = to.BoolPtr(false)
 			} else {
 				expectedRule.EnableFloatingIP = to.BoolPtr(true)
 			}
 			if protocol == v1.ProtocolTCP {
 				expectedRule.LoadBalancingRulePropertiesFormat.IdleTimeoutInMinutes = lbIdleTimeout
@ -1158,8 +1152,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
 	}
 	expectedSecurityRules := []network.SecurityRule{}
 	ipv6 := utilnet.IsIPv6String(service.Spec.ClusterIP)
 	if wantLb {
 		expectedSecurityRules = make([]network.SecurityRule, len(ports)*len(sourceAddressPrefixes))
@ -1171,7 +1163,7 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
 			for j := range sourceAddressPrefixes {
 				ix := i*len(sourceAddressPrefixes) + j
 				securityRuleName := az.getSecurityRuleName(service, port, sourceAddressPrefixes[j])
-				securityRule := network.SecurityRule{
+				expectedSecurityRules[ix] = network.SecurityRule{
 					Name: to.StringPtr(securityRuleName),
 					SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{
 						Protocol:                 *securityProto,
@ -1183,13 +1175,6 @@ func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service,
 						Direction:                network.SecurityRuleDirectionInbound,
 					},
 				}
 				// For IPv6, the destination port needs to be node port and Destination Any as floating IPs
 				// not supported for IPv6
 				if ipv6 {
 					securityRule.SecurityRulePropertiesFormat.DestinationPortRange = to.StringPtr(strconv.Itoa(int(port.NodePort)))
 					securityRule.SecurityRulePropertiesFormat.DestinationAddressPrefix = to.StringPtr("*")
 				}
 				expectedSecurityRules[ix] = securityRule
 			}
 		}
 	}
--- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go
+++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go
@ -1879,9 +1879,9 @@ func TestReconcileSecurityGroup(t *testing.T) {
 							SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{
 								Protocol:                 network.SecurityRuleProtocol("Tcp"),
 								SourcePortRange:          to.StringPtr("*"),
-								DestinationPortRange:     to.StringPtr("10080"),
+								DestinationPortRange:     to.StringPtr("80"),
 								SourceAddressPrefix:      to.StringPtr("Internet"),
-								DestinationAddressPrefix: to.StringPtr("*"),
+								DestinationAddressPrefix: to.StringPtr("fd00::eef0"),
 								Access:                   network.SecurityRuleAccess("Allow"),
 								Priority:                 to.Int32Ptr(500),
 								Direction:                network.SecurityRuleDirection("Inbound"),