github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 18:00:08 +00:00
Code Issues Projects Releases Wiki Activity

Adjust ESIPP validation and service registry codes

Browse Source
This commit is contained in:
Zihong Zheng 2017-05-12 10:56:42 -07:00
parent 73fa1ddcac
commit 79ca71708a
4 changed files with 303 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
pkg/api/service/util.go
View File

@ -76,23 +76,22 @@ func RequestsOnlyLocalTraffic(service *api.Service) bool {
service.Spec.Type != api.ServiceTypeNodePort { service.Spec.Type != api.ServiceTypeNodePort {
return false return false
} }
// First check the alpha annotation and then the beta. This is so existing
// Services continue to work till the user decides to transition to beta. // First check the beta annotation and then the first class field. This is so that
// If they transition to beta, there's no way to go back to alpha without // existing Services continue to work till the user decides to transition to the
// rolling back the cluster. // first class field.
for _, annotation := range []string{AlphaAnnotationExternalTraffic, BetaAnnotationExternalTraffic} { if l, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
if l, ok := service.Annotations[annotation]; ok { switch l {
switch l { case AnnotationValueExternalTrafficLocal:
case AnnotationValueExternalTrafficLocal: return true
return true case AnnotationValueExternalTrafficGlobal:
case AnnotationValueExternalTrafficGlobal: return false
return false default:
default: glog.Errorf("Invalid value for annotation %v: %v", BetaAnnotationExternalTraffic, l)
glog.Errorf("Invalid value for annotation %v: %v", annotation, l) return false
}
} }
} }
return false return service.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal
} }
// NeedsHealthCheck Check if service needs health check. // NeedsHealthCheck Check if service needs health check.
@ -103,21 +102,61 @@ func NeedsHealthCheck(service *api.Service) bool {
return RequestsOnlyLocalTraffic(service) return RequestsOnlyLocalTraffic(service)
} }
// GetServiceHealthCheckNodePort Return health check node port annotation for service, if one exists // GetServiceHealthCheckNodePort Return health check node port for service, if one exists
func GetServiceHealthCheckNodePort(service *api.Service) int32 { func GetServiceHealthCheckNodePort(service *api.Service) int32 {
// First check the alpha annotation and then the beta. This is so existing // First check the beta annotation and then the first class field. This is so that
// Services continue to work till the user decides to transition to beta. // existing Services continue to work till the user decides to transition to the
// If they transition to beta, there's no way to go back to alpha without // first class field.
// rolling back the cluster. if l, ok := service.Annotations[BetaAnnotationHealthCheckNodePort]; ok {
for _, annotation := range []string{AlphaAnnotationHealthCheckNodePort, BetaAnnotationHealthCheckNodePort} { p, err := strconv.Atoi(l)
if l, ok := service.Annotations[annotation]; ok { if err != nil {
p, err := strconv.Atoi(l) glog.Errorf("Failed to parse annotation %v: %v", BetaAnnotationHealthCheckNodePort, err)
if err != nil { return 0
glog.Errorf("Failed to parse annotation %v: %v", annotation, err)
continue
}
return int32(p)
} }
return int32(p)
} }
return 0 return service.Spec.HealthCheckNodePort
}
// SetDefaultExternalTrafficPolicyIfNeeded defaults the ExternalTrafficPolicy field
// for NodePort / LoadBalancer service to Global for consistency.
// TODO: Move this default logic to default.go once beta annotation is deprecated.
func SetDefaultExternalTrafficPolicyIfNeeded(service *api.Service) {
if _, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
// Don't default this field if beta annotation exists.
return
} else if (service.Spec.Type == api.ServiceTypeNodePort ||
service.Spec.Type == api.ServiceTypeLoadBalancer) &&
service.Spec.ExternalTrafficPolicy == "" {
service.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeGlobal
}
}
// ClearExternalTrafficPolicy resets the ExternalTrafficPolicy field.
func ClearExternalTrafficPolicy(service *api.Service) {
// First check the beta annotation and then the first class field. This is so that
// existing Services continue to work till the user decides to transition to the
// first class field.
if _, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
delete(service.Annotations, BetaAnnotationExternalTraffic)
return
}
service.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyType("")
}
// SetServiceHealthCheckNodePort sets the given health check node port on service.
// It does not check whether this service needs healthCheckNodePort.
func SetServiceHealthCheckNodePort(service *api.Service, hcNodePort int32) {
// First check the beta annotation and then the first class field. This is so that
// existing Services continue to work till the user decides to transition to the
// first class field.
if _, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
if hcNodePort == 0 {
delete(service.Annotations, BetaAnnotationHealthCheckNodePort)
} else {
service.Annotations[BetaAnnotationHealthCheckNodePort] = fmt.Sprintf("%d", hcNodePort)
}
return
}
service.Spec.HealthCheckNodePort = hcNodePort
} }

96
pkg/api/v1/service/util.go
View File

@ -76,23 +76,22 @@ func RequestsOnlyLocalTraffic(service *v1.Service) bool {
service.Spec.Type != v1.ServiceTypeNodePort { service.Spec.Type != v1.ServiceTypeNodePort {
return false return false
} }
// First check the alpha annotation and then the beta. This is so existing
// Services continue to work till the user decides to transition to beta. // First check the beta annotation and then the first class field. This is so that
// If they transition to beta, there's no way to go back to alpha without // existing Services continue to work till the user decides to transition to the
// rolling back the cluster. // first class field.
for _, annotation := range []string{AlphaAnnotationExternalTraffic, BetaAnnotationExternalTraffic} { if l, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
if l, ok := service.Annotations[annotation]; ok { switch l {
switch l { case AnnotationValueExternalTrafficLocal:
case AnnotationValueExternalTrafficLocal: return true
return true case AnnotationValueExternalTrafficGlobal:
case AnnotationValueExternalTrafficGlobal: return false
return false default:
default: glog.Errorf("Invalid value for annotation %v: %v", BetaAnnotationExternalTraffic, l)
glog.Errorf("Invalid value for annotation %v: %v", annotation, l) return false
}
} }
} }
return false return service.Spec.ExternalTrafficPolicy == v1.ServiceExternalTrafficPolicyTypeLocal
} }
// NeedsHealthCheck Check if service needs health check. // NeedsHealthCheck Check if service needs health check.
@ -103,23 +102,62 @@ func NeedsHealthCheck(service *v1.Service) bool {
return RequestsOnlyLocalTraffic(service) return RequestsOnlyLocalTraffic(service)
} }
// GetServiceHealthCheckNodePort Return health check node port annotation for service, if one exists // GetServiceHealthCheckNodePort Return health check node port for service, if one exists
func GetServiceHealthCheckNodePort(service *v1.Service) int32 { func GetServiceHealthCheckNodePort(service *v1.Service) int32 {
// First check the alpha annotation and then the beta. This is so existing // First check the beta annotation and then the first class field. This is so that
// Services continue to work till the user decides to transition to beta. // existing Services continue to work till the user decides to transition to the
// If they transition to beta, there's no way to go back to alpha without // first class field.
// rolling back the cluster. if l, ok := service.Annotations[BetaAnnotationHealthCheckNodePort]; ok {
for _, annotation := range []string{AlphaAnnotationHealthCheckNodePort, BetaAnnotationHealthCheckNodePort} { p, err := strconv.Atoi(l)
if l, ok := service.Annotations[annotation]; ok { if err != nil {
p, err := strconv.Atoi(l) glog.Errorf("Failed to parse annotation %v: %v", BetaAnnotationHealthCheckNodePort, err)
if err != nil { return 0
glog.Errorf("Failed to parse annotation %v: %v", annotation, err)
continue
}
return int32(p)
} }
return int32(p)
} }
return 0 return service.Spec.HealthCheckNodePort
}
// SetDefaultExternalTrafficPolicyIfNeeded defaults the ExternalTrafficPolicy field
// for NodePort / LoadBalancer service to Global for consistency.
// TODO: Move this default logic to default.go once beta annotation is deprecated.
func SetDefaultExternalTrafficPolicyIfNeeded(service *v1.Service) {
if _, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
// Don't default this field if beta annotation exists.
return
} else if (service.Spec.Type == v1.ServiceTypeNodePort ||
service.Spec.Type == v1.ServiceTypeLoadBalancer) &&
service.Spec.ExternalTrafficPolicy == "" {
service.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeGlobal
}
}
// ClearExternalTrafficPolicy resets the ExternalTrafficPolicy field.
func ClearExternalTrafficPolicy(service *v1.Service) {
// First check the beta annotation and then the first class field. This is so existing
// Services continue to work till the user decides to transition to the first class field.
if _, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
delete(service.Annotations, BetaAnnotationExternalTraffic)
return
}
service.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyType("")
}
// SetServiceHealthCheckNodePort sets the given health check node port on service.
// It does not check whether this service needs healthCheckNodePort.
func SetServiceHealthCheckNodePort(service *v1.Service, hcNodePort int32) {
// First check the beta annotation and then the first class field. This is so that
// existing Services continue to work till the user decides to transition to the
// first class field.
if _, ok := service.Annotations[BetaAnnotationExternalTraffic]; ok {
if hcNodePort == 0 {
delete(service.Annotations, BetaAnnotationHealthCheckNodePort)
} else {
service.Annotations[BetaAnnotationHealthCheckNodePort] = fmt.Sprintf("%d", hcNodePort)
}
return
}
service.Spec.HealthCheckNodePort = hcNodePort
} }
// GetServiceHealthCheckPathPort Return the path and nodePort programmed into the Cloud LB Health Check // GetServiceHealthCheckPathPort Return the path and nodePort programmed into the Cloud LB Health Check

111
pkg/api/validation/validation.go
View File

@ -2742,7 +2742,8 @@ func ValidateService(service *api.Service) field.ErrorList {
} }
} }
allErrs = append(allErrs, validateServiceExternalTrafficFields(service)...) allErrs = append(allErrs, validateServiceExternalTrafficFieldsValue(service)...)
allErrs = append(allErrs, validateServiceExternalTrafficAPIVersion(service)...)
return allErrs return allErrs
} }
@ -2785,61 +2786,68 @@ func validateServicePort(sp *api.ServicePort, requireName, isHeadlessService boo
return allErrs return allErrs
} }
// validateServiceExternalTrafficFields validates ExternalTraffic related annotations // validateServiceExternalTrafficFieldsValue validates ExternalTraffic related annotations
// have legal value. // have legal value.
func validateServiceExternalTrafficFields(service *api.Service) field.ErrorList { func validateServiceExternalTrafficFieldsValue(service *api.Service) field.ErrorList {
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
for _, annotation := range []string{apiservice.AlphaAnnotationExternalTraffic, apiservice.BetaAnnotationExternalTraffic} { // Check beta annotations.
if l, ok := service.Annotations[annotation]; ok { if l, ok := service.Annotations[apiservice.BetaAnnotationExternalTraffic]; ok {
if l != apiservice.AnnotationValueExternalTrafficLocal && if l != apiservice.AnnotationValueExternalTrafficLocal &&
l != apiservice.AnnotationValueExternalTrafficGlobal { l != apiservice.AnnotationValueExternalTrafficGlobal {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(annotation), l, allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(apiservice.BetaAnnotationExternalTraffic), l,
fmt.Sprintf("ExternalTraffic must be %v or %v", apiservice.AnnotationValueExternalTrafficLocal, apiservice.AnnotationValueExternalTrafficGlobal))) fmt.Sprintf("ExternalTraffic must be %v or %v", apiservice.AnnotationValueExternalTrafficLocal, apiservice.AnnotationValueExternalTrafficGlobal)))
}
} }
} }
for _, annotation := range []string{apiservice.AlphaAnnotationHealthCheckNodePort, apiservice.BetaAnnotationHealthCheckNodePort} { if l, ok := service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]; ok {
if l, ok := service.Annotations[annotation]; ok { p, err := strconv.Atoi(l)
p, err := strconv.Atoi(l) if err != nil {
if err != nil { allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(apiservice.BetaAnnotationHealthCheckNodePort), l,
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(annotation), l, "HealthCheckNodePort must be a valid port number"))
"HealthCheckNodePort must be a valid port number")) } else if p <= 0 {
} else if p <= 0 { allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(apiservice.BetaAnnotationHealthCheckNodePort), l,
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(annotation), l, "HealthCheckNodePort must be greater than 0"))
"HealthCheckNodePort must be greater than 0"))
}
} }
} }
allErrs = append(allErrs, validateServiceExternalTrafficAPIVersion(service)...) // Check first class fields.
if service.Spec.ExternalTrafficPolicy != "" &&
service.Spec.ExternalTrafficPolicy != api.ServiceExternalTrafficPolicyTypeGlobal &&
service.Spec.ExternalTrafficPolicy != api.ServiceExternalTrafficPolicyTypeLocal {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("externalTrafficPolicy"), service.Spec.ExternalTrafficPolicy,
fmt.Sprintf("ExternalTrafficPolicy must be empty, %v or %v", api.ServiceExternalTrafficPolicyTypeGlobal, api.ServiceExternalTrafficPolicyTypeLocal)))
}
if service.Spec.HealthCheckNodePort < 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("healthCheckNodePort"), service.Spec.HealthCheckNodePort,
"HealthCheckNodePort must be not less than 0"))
}
return allErrs return allErrs
} }
// serviceExternalTrafficStatus stores flags indicating whether ExternalTraffic // serviceExternalTrafficStatus stores flags indicating whether ExternalTraffic
// related beta annotations and alpha annotations are set on service. // related beta annotations and GA fields are set on service.
type serviceExternalTrafficStatus struct { type serviceExternalTrafficStatus struct {
alphaExternalTrafficIsSet bool betaExternalTrafficIsSet bool
alphaHealthCheckIsSet bool betaHealthCheckIsSet bool
betaExternalTrafficIsSet bool gaExternalTrafficIsSet bool
betaHealthCheckIsSet bool gaHealthCheckIsSet bool
} }
func (s *serviceExternalTrafficStatus) useAlphaExternalTrafficWithBeta() bool { func (s *serviceExternalTrafficStatus) useBetaExternalTrafficWithGA() bool {
return s.alphaExternalTrafficIsSet && (s.betaExternalTrafficIsSet || s.betaHealthCheckIsSet) return s.betaExternalTrafficIsSet && (s.gaExternalTrafficIsSet || s.gaHealthCheckIsSet)
} }
func (s *serviceExternalTrafficStatus) useAlphaHealthCheckWithBeta() bool { func (s *serviceExternalTrafficStatus) useBetaHealthCheckWithGA() bool {
return s.alphaHealthCheckIsSet && (s.betaExternalTrafficIsSet || s.betaHealthCheckIsSet) return s.betaHealthCheckIsSet && (s.gaExternalTrafficIsSet || s.gaHealthCheckIsSet)
} }
func getServiceExternalTrafficStatus(service *api.Service) *serviceExternalTrafficStatus { func getServiceExternalTrafficStatus(service *api.Service) *serviceExternalTrafficStatus {
s := serviceExternalTrafficStatus{} s := serviceExternalTrafficStatus{}
_, s.alphaExternalTrafficIsSet = service.Annotations[apiservice.AlphaAnnotationExternalTraffic]
_, s.alphaHealthCheckIsSet = service.Annotations[apiservice.AlphaAnnotationHealthCheckNodePort]
_, s.betaExternalTrafficIsSet = service.Annotations[apiservice.BetaAnnotationExternalTraffic] _, s.betaExternalTrafficIsSet = service.Annotations[apiservice.BetaAnnotationExternalTraffic]
_, s.betaHealthCheckIsSet = service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort] _, s.betaHealthCheckIsSet = service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]
s.gaExternalTrafficIsSet = service.Spec.ExternalTrafficPolicy != ""
s.gaHealthCheckIsSet = service.Spec.HealthCheckNodePort != 0
return &s return &s
} }
@ -2850,16 +2858,39 @@ func validateServiceExternalTrafficAPIVersion(service *api.Service) field.ErrorL
status := getServiceExternalTrafficStatus(service) status := getServiceExternalTrafficStatus(service)
if status.useAlphaExternalTrafficWithBeta() { if status.useBetaExternalTrafficWithGA() {
fieldPath := field.NewPath("metadata", "annotations").Key(apiservice.AlphaAnnotationExternalTraffic) fieldPath := field.NewPath("metadata", "annotations").Key(apiservice.BetaAnnotationExternalTraffic)
msg := fmt.Sprintf("please replace the alpha annotation with beta annotation") msg := fmt.Sprintf("please replace the beta annotation with 'ExternalTrafficPolicy' field")
allErrs = append(allErrs, field.Invalid(fieldPath, apiservice.AlphaAnnotationExternalTraffic, msg)) allErrs = append(allErrs, field.Invalid(fieldPath, apiservice.BetaAnnotationExternalTraffic, msg))
} }
if status.useAlphaHealthCheckWithBeta() { if status.useBetaHealthCheckWithGA() {
fieldPath := field.NewPath("metadata", "annotations").Key(apiservice.AlphaAnnotationHealthCheckNodePort) fieldPath := field.NewPath("metadata", "annotations").Key(apiservice.BetaAnnotationHealthCheckNodePort)
msg := fmt.Sprintf("please replace the alpha annotation with beta annotation") msg := fmt.Sprintf("please replace the beta annotation with 'HealthCheckNodePort' field")
allErrs = append(allErrs, field.Invalid(fieldPath, apiservice.AlphaAnnotationHealthCheckNodePort, msg)) allErrs = append(allErrs, field.Invalid(fieldPath, apiservice.BetaAnnotationHealthCheckNodePort, msg))
}
return allErrs
}
// ValidateServiceExternalTrafficFieldsCombination validates if ExternalTrafficPolicy,
// HealthCheckNodePort and Type combination are legal. For update, it should be called
// after clearing externalTraffic related fields for the ease of transitioning between
// different service types.
func ValidateServiceExternalTrafficFieldsCombination(service *api.Service) field.ErrorList {
allErrs := field.ErrorList{}
if service.Spec.Type != api.ServiceTypeLoadBalancer &&
service.Spec.Type != api.ServiceTypeNodePort &&
service.Spec.ExternalTrafficPolicy != "" {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "externalTrafficPolicy"), service.Spec.ExternalTrafficPolicy,
"ExternalTrafficPolicy can only be set on NodePort and LoadBalancer service"))
}
if !apiservice.NeedsHealthCheck(service) &&
service.Spec.HealthCheckNodePort != 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "healthCheckNodePort"), service.Spec.HealthCheckNodePort,
"HealthCheckNodePort can only be set on LoadBalancer service with ExternalTrafficPolicy=Local"))
} }
return allErrs return allErrs

204
pkg/registry/core/service/rest.go
View File

@ -162,32 +162,16 @@ func (rs *REST) Create(ctx genericapirequest.Context, obj runtime.Object) (runti
} }
} }
if shouldCheckOrAssignHealthCheckNodePort(service) { // Handle ExternalTraiffc related fields during service creation.
var healthCheckNodePort int if utilfeature.DefaultFeatureGate.Enabled(features.ExternalTrafficLocalOnly) {
var err error apiservice.SetDefaultExternalTrafficPolicyIfNeeded(service)
if l, ok := service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]; ok { if apiservice.NeedsHealthCheck(service) {
healthCheckNodePort, err = strconv.Atoi(l) if err := rs.allocateHealthCheckNodePort(service); err != nil {
if err != nil || healthCheckNodePort <= 0 { return nil, errors.NewInternalError(err)
return nil, errors.NewInternalError(fmt.Errorf("Failed to parse annotation %v: %v", apiservice.BetaAnnotationHealthCheckNodePort, err))
} }
} }
if healthCheckNodePort > 0 { if errs := validation.ValidateServiceExternalTrafficFieldsCombination(service); len(errs) > 0 {
// If the request has a health check nodePort in mind, attempt to reserve it return nil, errors.NewInvalid(api.Kind("Service"), service.Name, errs)
err := nodePortOp.Allocate(int(healthCheckNodePort))
if err != nil {
return nil, errors.NewInternalError(fmt.Errorf("Failed to allocate requested HealthCheck nodePort %v: %v", healthCheckNodePort, err))
}
} else {
// If the request has no health check nodePort specified, allocate any
healthCheckNodePort, err = nodePortOp.AllocateNext()
if err != nil {
// TODO: what error should be returned here? It's not a
// field-level validation failure (the field is valid), and it's
// not really an internal error.
return nil, errors.NewInternalError(fmt.Errorf("failed to allocate a nodePort: %v", err))
}
// Insert the newly allocated health check port as an annotation (plan of record for Alpha)
service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort] = fmt.Sprintf("%d", healthCheckNodePort)
} }
} }
@ -239,13 +223,14 @@ func (rs *REST) Delete(ctx genericapirequest.Context, id string) (runtime.Object
} }
} }
if shouldCheckOrAssignHealthCheckNodePort(service) { if utilfeature.DefaultFeatureGate.Enabled(features.ExternalTrafficLocalOnly) &&
apiservice.NeedsHealthCheck(service) {
nodePort := apiservice.GetServiceHealthCheckNodePort(service) nodePort := apiservice.GetServiceHealthCheckNodePort(service)
if nodePort > 0 { if nodePort > 0 {
err := rs.serviceNodePorts.Release(int(nodePort)) err := rs.serviceNodePorts.Release(int(nodePort))
if err != nil { if err != nil {
// these should be caught by an eventual reconciliation / restart // these should be caught by an eventual reconciliation / restart
utilruntime.HandleError(fmt.Errorf("Error releasing service health check %s node port %d: %v", service.Name, nodePort, err)) utilruntime.HandleError(fmt.Errorf("Error releasing service %s health check node port %d: %v", service.Name, nodePort, err))
} }
} }
} }
@ -280,92 +265,70 @@ func (*REST) NewList() runtime.Object {
return &api.ServiceList{} return &api.ServiceList{}
} }
// externalTrafficPolicyUpdate adjusts ExternalTrafficPolicy during service update if needed.
// It is necessary because we default ExternalTrafficPolicy field to different values.
// (NodePort / LoadBalancer: default is Global; Other types: default is empty.)
func externalTrafficPolicyUpdate(oldService, service *api.Service) {
var neededExternalTraffic, needsExternalTraffic bool
if oldService.Spec.Type == api.ServiceTypeNodePort ||
oldService.Spec.Type == api.ServiceTypeLoadBalancer {
neededExternalTraffic = true
}
if service.Spec.Type == api.ServiceTypeNodePort ||
service.Spec.Type == api.ServiceTypeLoadBalancer {
needsExternalTraffic = true
}
if neededExternalTraffic && !needsExternalTraffic {
// Clear ExternalTrafficPolicy to prevent confusion from ineffective field.
apiservice.ClearExternalTrafficPolicy(service)
}
}
// healthCheckNodePortUpdate handles HealthCheckNodePort allocation/release
// and adjusts HealthCheckNodePort during service update if needed.
func (rs *REST) healthCheckNodePortUpdate(oldService, service *api.Service) (bool, error) { func (rs *REST) healthCheckNodePortUpdate(oldService, service *api.Service) (bool, error) {
// Health Check Node Port handling during updates neededHealthCheckNodePort := apiservice.NeedsHealthCheck(oldService)
//
// Case 1. Transition from globalTraffic to OnlyLocal for the ESIPP annotation
//
// Allocate a health check node port or attempt to reserve the user-specified one, if provided.
// Insert health check node port as an annotation into the service's annotations
//
// Case 2. Transition from OnlyLocal to Global for the ESIPP annotation
//
// Free the existing healthCheckNodePort and clear the health check nodePort annotation
//
// Case 3. No change (Global ---stays--> Global) but prevent invalid annotation manipulations
//
// Reject insertion of the "service.alpha.kubernetes.io/healthcheck-nodeport" annotation
//
// Case 4. No change (OnlyLocal ---stays--> OnlyLocal) but prevent invalid annotation manipulations
//
// Reject deletion of the "service.alpha.kubernetes.io/healthcheck-nodeport" annotation
// Reject changing the value of the healthCheckNodePort annotation
//
oldServiceHasHealthCheckNodePort := shouldCheckOrAssignHealthCheckNodePort(oldService)
oldHealthCheckNodePort := apiservice.GetServiceHealthCheckNodePort(oldService) oldHealthCheckNodePort := apiservice.GetServiceHealthCheckNodePort(oldService)
assignHealthCheckNodePort := shouldCheckOrAssignHealthCheckNodePort(service) needsHealthCheckNodePort := apiservice.NeedsHealthCheck(service)
requestedHealthCheckNodePort := apiservice.GetServiceHealthCheckNodePort(service) newHealthCheckNodePort := apiservice.GetServiceHealthCheckNodePort(service)
switch { switch {
case !oldServiceHasHealthCheckNodePort && assignHealthCheckNodePort: // Case 1: Transition from don't need HealthCheckNodePort to needs HealthCheckNodePort.
glog.Infof("Transition from Global LB service to OnlyLocal service") // Allocate a health check node port or attempt to reserve the user-specified one if provided.
if requestedHealthCheckNodePort > 0 { // Insert health check node port into the service's HealthCheckNodePort field if needed.
// If the request has a health check nodePort in mind, attempt to reserve it case !neededHealthCheckNodePort && needsHealthCheckNodePort:
err := rs.serviceNodePorts.Allocate(int(requestedHealthCheckNodePort)) glog.Infof("Transition to LoadBalancer type service with ExternalTrafficPolicy=Local")
if err != nil { if err := rs.allocateHealthCheckNodePort(service); err != nil {
errmsg := fmt.Sprintf("Failed to allocate requested HealthCheck nodePort %v:%v", return false, errors.NewInternalError(err)
requestedHealthCheckNodePort, err)
el := field.ErrorList{field.Invalid(field.NewPath("metadata", "annotations"),
apiservice.BetaAnnotationHealthCheckNodePort, errmsg)}
return false, errors.NewInvalid(api.Kind("Service"), service.Name, el)
}
glog.Infof("Reserved user requested nodePort: %d", requestedHealthCheckNodePort)
} else {
// If the request has no health check nodePort specified, allocate any
healthCheckNodePort, err := rs.serviceNodePorts.AllocateNext()
if err != nil {
// TODO: what error should be returned here? It's not a
// field-level validation failure (the field is valid), and it's
// not really an internal error.
return false, errors.NewInternalError(fmt.Errorf("failed to allocate a nodePort: %v", err))
}
// Insert the newly allocated health check port as an annotation (plan of record for Alpha)
service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort] = fmt.Sprintf("%d", healthCheckNodePort)
glog.Infof("Reserved health check nodePort: %d", healthCheckNodePort)
} }
case oldServiceHasHealthCheckNodePort && !assignHealthCheckNodePort: // Case 2: Transition from needs HealthCheckNodePort to don't need HealthCheckNodePort.
glog.Infof("Transition from OnlyLocal LB service to Global service") // Free the existing healthCheckNodePort and clear the HealthCheckNodePort field.
case neededHealthCheckNodePort && !needsHealthCheckNodePort:
glog.Infof("Transition to non LoadBalancer type service or LoadBalancer type service with ExternalTrafficPolicy=Global")
err := rs.serviceNodePorts.Release(int(oldHealthCheckNodePort)) err := rs.serviceNodePorts.Release(int(oldHealthCheckNodePort))
if err != nil { if err != nil {
glog.Warningf("Error releasing service health check %s node port %d: %v", service.Name, oldHealthCheckNodePort, err) glog.Warningf("error releasing service health check %s node port %d: %v", service.Name, oldHealthCheckNodePort, err)
return false, errors.NewInternalError(fmt.Errorf("failed to free health check nodePort: %v", err)) return false, errors.NewInternalError(fmt.Errorf("failed to free health check nodePort: %v", err))
} else {
delete(service.Annotations, apiservice.BetaAnnotationHealthCheckNodePort)
delete(service.Annotations, apiservice.AlphaAnnotationHealthCheckNodePort)
glog.Infof("Freed health check nodePort: %d", oldHealthCheckNodePort)
} }
glog.Infof("Freed health check nodePort: %d", oldHealthCheckNodePort)
// Clear the HealthCheckNodePort field.
apiservice.SetServiceHealthCheckNodePort(service, 0)
case !oldServiceHasHealthCheckNodePort && !assignHealthCheckNodePort: // Case 3: Remain in needs HealthCheckNodePort.
if _, ok := service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]; ok { // Reject changing the value of the HealthCheckNodePort field.
glog.Warningf("Attempt to insert health check node port annotation DENIED") case neededHealthCheckNodePort && needsHealthCheckNodePort:
el := field.ErrorList{field.Invalid(field.NewPath("metadata", "annotations"), if oldHealthCheckNodePort != newHealthCheckNodePort {
apiservice.BetaAnnotationHealthCheckNodePort, "Cannot insert healthcheck nodePort annotation")} glog.Warningf("Attempt to change value of health check node port DENIED")
return false, errors.NewInvalid(api.Kind("Service"), service.Name, el) var fldPath *field.Path
} if _, ok := service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]; ok {
fldPath = field.NewPath("metadata", "annotations").Key(apiservice.BetaAnnotationHealthCheckNodePort)
case oldServiceHasHealthCheckNodePort && assignHealthCheckNodePort: } else {
if _, ok := service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]; !ok { fldPath = field.NewPath("spec", "healthCheckNodePort")
glog.Warningf("Attempt to delete health check node port annotation DENIED") }
el := field.ErrorList{field.Invalid(field.NewPath("metadata", "annotations"), el := field.ErrorList{field.Invalid(fldPath, newHealthCheckNodePort,
apiservice.BetaAnnotationHealthCheckNodePort, "Cannot delete healthcheck nodePort annotation")} "cannot change healthCheckNodePort on loadBalancer service with externalTraffic=Local during update")}
return false, errors.NewInvalid(api.Kind("Service"), service.Name, el)
}
if oldHealthCheckNodePort != requestedHealthCheckNodePort {
glog.Warningf("Attempt to change value of health check node port annotation DENIED")
el := field.ErrorList{field.Invalid(field.NewPath("metadata", "annotations"),
apiservice.BetaAnnotationHealthCheckNodePort, "Cannot change healthcheck nodePort during update")}
return false, errors.NewInvalid(api.Kind("Service"), service.Name, el) return false, errors.NewInvalid(api.Kind("Service"), service.Name, el)
} }
} }
@ -449,9 +412,17 @@ func (rs *REST) Update(ctx genericapirequest.Context, name string, objInfo rest.
service.Status.LoadBalancer = api.LoadBalancerStatus{} service.Status.LoadBalancer = api.LoadBalancerStatus{}
} }
success, err := rs.healthCheckNodePortUpdate(oldService, service) // Handle ExternalTraiffc related updates.
if !success { if utilfeature.DefaultFeatureGate.Enabled(features.ExternalTrafficLocalOnly) {
return nil, false, err apiservice.SetDefaultExternalTrafficPolicyIfNeeded(service)
success, err := rs.healthCheckNodePortUpdate(oldService, service)
if !success || err != nil {
return nil, false, err
}
externalTrafficPolicyUpdate(oldService, service)
if errs := validation.ValidateServiceExternalTrafficFieldsCombination(service); len(errs) > 0 {
return nil, false, errors.NewInvalid(api.Kind("Service"), service.Name, errs)
}
} }
out, err := rs.registry.UpdateService(ctx, service) out, err := rs.registry.UpdateService(ctx, service)
@ -566,10 +537,6 @@ func shouldAssignNodePorts(service *api.Service) bool {
} }
} }
func shouldCheckOrAssignHealthCheckNodePort(service *api.Service) bool {
return (utilfeature.DefaultFeatureGate.Enabled(features.ExternalTrafficLocalOnly) && apiservice.NeedsHealthCheck(service))
}
// Loop through the service ports list, find one with the same port number and // Loop through the service ports list, find one with the same port number and
// NodePort specified, return this NodePort otherwise return 0. // NodePort specified, return this NodePort otherwise return 0.
func findRequestedNodePort(port int, servicePorts []api.ServicePort) int { func findRequestedNodePort(port int, servicePorts []api.ServicePort) int {
@ -581,3 +548,26 @@ func findRequestedNodePort(port int, servicePorts []api.ServicePort) int {
} }
return 0 return 0
} }
// allocateHealthCheckNodePort allocates health check node port to service.
func (rs *REST) allocateHealthCheckNodePort(service *api.Service) error {
healthCheckNodePort := apiservice.GetServiceHealthCheckNodePort(service)
if healthCheckNodePort != 0 {
// If the request has a health check nodePort in mind, attempt to reserve it.
err := rs.serviceNodePorts.Allocate(int(healthCheckNodePort))
if err != nil {
return fmt.Errorf("failed to allocate requested HealthCheck NodePort %v: %v",
service.Spec.HealthCheckNodePort, err)
}
glog.Infof("Reserved user requested nodePort: %d", service.Spec.HealthCheckNodePort)
} else {
// If the request has no health check nodePort specified, allocate any.
healthCheckNodePort, err := rs.serviceNodePorts.AllocateNext()
if err != nil {
return fmt.Errorf("failed to allocate a HealthCheck NodePort %v: %v", healthCheckNodePort, err)
}
apiservice.SetServiceHealthCheckNodePort(service, int32(healthCheckNodePort))
glog.Infof("Reserved allocated nodePort: %d", healthCheckNodePort)
}
return nil
}