services must listen on port 443

2025-07-31 23:37:01 +00:00 · 2018-05-29 08:28:41 -04:00 · 2018-05-29 08:28:41 -04:00 · b3ce7a9935
commit b3ce7a9935
parent 07e6410cf7
2 changed files with 40 additions and 0 deletions
--- a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go
+++ b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go
@ -176,6 +176,22 @@ func (c *AvailableConditionController) sync(key string) error {
 	}

 	if service.Spec.Type == v1.ServiceTypeClusterIP {
+		// if we have a cluster IP service, it must be listening on 443 and we can check that
+		foundPort := false
+		for _, port := range service.Spec.Ports {
+			if port.Port == 443 {
+				foundPort = true
+			}
+		}
+		if !foundPort {
+			availableCondition.Status = apiregistration.ConditionFalse
+			availableCondition.Reason = "ServicePortError"
+			availableCondition.Message = fmt.Sprintf("service/%s in %q is not listening on port 443", apiService.Spec.Service.Name, apiService.Spec.Service.Namespace)
+			apiregistration.SetAPIServiceCondition(apiService, availableCondition)
+			_, err := c.apiServiceClient.APIServices().UpdateStatus(apiService)
+			return err
+		}
+
 		endpoints, err := c.endpointsLister.Endpoints(apiService.Spec.Service.Namespace).Get(apiService.Spec.Service.Name)
 		if apierrors.IsNotFound(err) {
 			availableCondition.Status = apiregistration.ConditionFalse
--- a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller_test.go
+++ b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller_test.go
@ -55,6 +55,9 @@ func newService(namespace, name string) *v1.Service {
 		ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name},
 		Spec: v1.ServiceSpec{
 			Type: v1.ServiceTypeClusterIP,
+			Ports: []v1.ServicePort{
+				{Port: 443},
+			},
 		},
 	}
 }
@ -110,6 +113,27 @@ func TestSync(t *testing.T) {
 				Message: `service/bar in "foo" is not present`,
 			},
 		},
+		{
+			name:           "service on bad port",
+			apiServiceName: "remote.group",
+			apiServices:    []*apiregistration.APIService{newRemoteAPIService("remote.group")},
+			services: []*v1.Service{{
+				ObjectMeta: metav1.ObjectMeta{Namespace: "foo", Name: "bar"},
+				Spec: v1.ServiceSpec{
+					Type: v1.ServiceTypeClusterIP,
+					Ports: []v1.ServicePort{
+						{Port: 6443},
+					},
+				},
+			}},
+			endpoints: []*v1.Endpoints{newEndpointsWithAddress("foo", "bar")},
+			expectedAvailability: apiregistration.APIServiceCondition{
+				Type:    apiregistration.Available,
+				Status:  apiregistration.ConditionFalse,
+				Reason:  "ServicePortError",
+				Message: `service/bar in "foo" is not listening on port 443`,
+			},
+		},
 		{
 			name:           "no endpoints",
 			apiServiceName: "remote.group",