Skip to content

Commit

Permalink
[occm] fix ovn security groups (#2705)
Browse files Browse the repository at this point in the history
* fix ovn security groups

* add tlscontainerref
  • Loading branch information
zetaab authored Nov 13, 2024
1 parent 0d32a98 commit bf31268
Showing 1 changed file with 19 additions and 47 deletions.
66 changes: 19 additions & 47 deletions pkg/openstack/loadbalancer.go
Original file line number Diff line number Diff line change
Expand Up @@ -1278,19 +1278,6 @@ func (lbaas *LbaasV2) checkServiceUpdate(ctx context.Context, service *corev1.Se
svcConf.preferredIPFamily = service.Spec.IPFamilies[0]
}

svcConf.lbID = getStringFromServiceAnnotation(service, ServiceAnnotationLoadBalancerID, "")
svcConf.supportLBTags = openstackutil.IsOctaviaFeatureSupported(lbaas.lb, openstackutil.OctaviaFeatureTags, lbaas.opts.LBProvider)

// Get service node-selector annotations
svcConf.nodeSelectors = getKeyValueFromServiceAnnotation(service, ServiceAnnotationLoadBalancerNodeSelector, lbaas.opts.NodeSelector)
for key, value := range svcConf.nodeSelectors {
if value == "" {
klog.V(3).InfoS("Target node label %s key is set to LoadBalancer service %s", key, serviceName)
} else {
klog.V(3).InfoS("Target node label %s=%s is set to LoadBalancer service %s", key, value, serviceName)
}
}

// Find subnet ID for creating members
memberSubnetID, err := lbaas.getMemberSubnetID(service)
if err != nil {
Expand Down Expand Up @@ -1322,25 +1309,7 @@ func (lbaas *LbaasV2) checkServiceUpdate(ctx context.Context, service *corev1.Se
}
}
}

// This affects the protocol of listener and pool
keepClientIP := getBoolFromServiceAnnotation(service, ServiceAnnotationLoadBalancerXForwardedFor, false)
svcConf.proxyProtocolVersion = getProxyProtocolFromServiceAnnotation(service)
if svcConf.proxyProtocolVersion != nil && keepClientIP {
return fmt.Errorf("annotation %s and %s cannot be used together", ServiceAnnotationLoadBalancerProxyEnabled, ServiceAnnotationLoadBalancerXForwardedFor)
}
svcConf.keepClientIP = keepClientIP

svcConf.tlsContainerRef = getStringFromServiceAnnotation(service, ServiceAnnotationTlsContainerRef, lbaas.opts.TlsContainerRef)
svcConf.enableMonitor = getBoolFromServiceAnnotation(service, ServiceAnnotationLoadBalancerEnableHealthMonitor, lbaas.opts.CreateMonitor)
if svcConf.enableMonitor && service.Spec.ExternalTrafficPolicy == corev1.ServiceExternalTrafficPolicyTypeLocal && service.Spec.HealthCheckNodePort > 0 {
svcConf.healthCheckNodePort = int(service.Spec.HealthCheckNodePort)
}
svcConf.healthMonitorDelay = getIntFromServiceAnnotation(service, ServiceAnnotationLoadBalancerHealthMonitorDelay, int(lbaas.opts.MonitorDelay.Duration.Seconds()))
svcConf.healthMonitorTimeout = getIntFromServiceAnnotation(service, ServiceAnnotationLoadBalancerHealthMonitorTimeout, int(lbaas.opts.MonitorTimeout.Duration.Seconds()))
svcConf.healthMonitorMaxRetries = getIntFromServiceAnnotation(service, ServiceAnnotationLoadBalancerHealthMonitorMaxRetries, int(lbaas.opts.MonitorMaxRetries))
svcConf.healthMonitorMaxRetriesDown = getIntFromServiceAnnotation(service, ServiceAnnotationLoadBalancerHealthMonitorMaxRetriesDown, int(lbaas.opts.MonitorMaxRetriesDown))
return nil
return lbaas.makeSvcConf(serviceName, service, svcConf)
}

func (lbaas *LbaasV2) checkServiceDelete(service *corev1.Service, svcConf *serviceConfig) error {
Expand Down Expand Up @@ -1372,19 +1341,6 @@ func (lbaas *LbaasV2) checkService(ctx context.Context, service *corev1.Service,
svcConf.preferredIPFamily = service.Spec.IPFamilies[0]
}

svcConf.lbID = getStringFromServiceAnnotation(service, ServiceAnnotationLoadBalancerID, "")
svcConf.supportLBTags = openstackutil.IsOctaviaFeatureSupported(lbaas.lb, openstackutil.OctaviaFeatureTags, lbaas.opts.LBProvider)

// Get service node-selector annotations
svcConf.nodeSelectors = getKeyValueFromServiceAnnotation(service, ServiceAnnotationLoadBalancerNodeSelector, lbaas.opts.NodeSelector)
for key, value := range svcConf.nodeSelectors {
if value == "" {
klog.V(3).InfoS("Target node label %s key is set to LoadBalancer service %s", key, serviceName)
} else {
klog.V(3).InfoS("Target node label %s=%s is set to LoadBalancer service %s", key, value, serviceName)
}
}

// If in the config file internal-lb=true, user is not allowed to create external service.
if lbaas.opts.InternalLB {
if !getBoolFromServiceAnnotation(service, ServiceAnnotationLoadBalancerInternal, false) {
Expand Down Expand Up @@ -1429,8 +1385,6 @@ func (lbaas *LbaasV2) checkService(ctx context.Context, service *corev1.Service,
}
}

svcConf.connLimit = getIntFromServiceAnnotation(service, ServiceAnnotationLoadBalancerConnLimit, -1)

lbNetworkID, err := lbaas.getNetworkID(service, svcConf)
if err != nil {
return fmt.Errorf("failed to get network id to create load balancer for service %s: %v", serviceName, err)
Expand Down Expand Up @@ -1549,6 +1503,23 @@ func (lbaas *LbaasV2) checkService(ctx context.Context, service *corev1.Service,
} else {
klog.V(4).Infof("Ensure an internal loadbalancer service.")
}
return lbaas.makeSvcConf(serviceName, service, svcConf)
}

func (lbaas *LbaasV2) makeSvcConf(serviceName string, service *corev1.Service, svcConf *serviceConfig) error {
svcConf.connLimit = getIntFromServiceAnnotation(service, ServiceAnnotationLoadBalancerConnLimit, -1)
svcConf.lbID = getStringFromServiceAnnotation(service, ServiceAnnotationLoadBalancerID, "")
svcConf.supportLBTags = openstackutil.IsOctaviaFeatureSupported(lbaas.lb, openstackutil.OctaviaFeatureTags, lbaas.opts.LBProvider)

// Get service node-selector annotations
svcConf.nodeSelectors = getKeyValueFromServiceAnnotation(service, ServiceAnnotationLoadBalancerNodeSelector, lbaas.opts.NodeSelector)
for key, value := range svcConf.nodeSelectors {
if value == "" {
klog.V(3).InfoS("Target node label %s key is set to LoadBalancer service %s", key, serviceName)
} else {
klog.V(3).InfoS("Target node label %s=%s is set to LoadBalancer service %s", key, value, serviceName)
}
}

keepClientIP := getBoolFromServiceAnnotation(service, ServiceAnnotationLoadBalancerXForwardedFor, false)
svcConf.proxyProtocolVersion = getProxyProtocolFromServiceAnnotation(service)
Expand Down Expand Up @@ -1593,6 +1564,7 @@ func (lbaas *LbaasV2) checkService(ctx context.Context, service *corev1.Service,
klog.Warningf(msg, serviceName)
}

svcConf.tlsContainerRef = getStringFromServiceAnnotation(service, ServiceAnnotationTlsContainerRef, lbaas.opts.TlsContainerRef)
svcConf.enableMonitor = getBoolFromServiceAnnotation(service, ServiceAnnotationLoadBalancerEnableHealthMonitor, lbaas.opts.CreateMonitor)
if svcConf.enableMonitor && service.Spec.ExternalTrafficPolicy == corev1.ServiceExternalTrafficPolicyTypeLocal && service.Spec.HealthCheckNodePort > 0 {
svcConf.healthCheckNodePort = int(service.Spec.HealthCheckNodePort)
Expand Down

0 comments on commit bf31268

Please sign in to comment.