-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for use subnetworks with IPV6_Only stack type and check if cust… #2624
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -202,7 +202,7 @@ func (l4 *L4) getOldIPv6ForwardingRule(existingBS *composite.BackendService) (*c | |
|
||
func (l4 *L4) serviceSubnetHasInternalIPv6Range() error { | ||
subnetName := l4.subnetName() | ||
hasIPv6SubnetRange, err := utils.SubnetHasIPv6Range(l4.cloud, subnetName, subnetInternalIPv6AccessType) | ||
hasIPv6SubnetRange, err := utils.SubnetHasIPv6Range(l4.cloud, subnetName, subnetInternalAccessType) | ||
if err != nil { | ||
return err | ||
} | ||
|
@@ -215,3 +215,19 @@ func (l4 *L4) serviceSubnetHasInternalIPv6Range() error { | |
} | ||
return nil | ||
} | ||
|
||
func (l4 *L4) serviceSubnetHasInternalIPv4Range() error { | ||
subnetName := l4.subnetName() | ||
hasIPv6SubnetRange, err := utils.SubnetHasIPv4Range(l4.cloud, subnetName, subnetInternalAccessType) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You have |
||
if err != nil { | ||
return err | ||
} | ||
if !hasIPv6SubnetRange { | ||
// We don't need to emit custom event, because errors are already emitted to the user as events. | ||
l4.svcLogger.Info("Subnet for IPv4 Service does not have internal IPv4 ranges", "subnetName", subnetName) | ||
return utils.NewUserError( | ||
fmt.Errorf( | ||
"subnet %s does not have internal IPv4 ranges, required for an internal IPv4 Service. You can specify an internal IPv4 subnet using the \"%s\" annotation on the Service", subnetName, annotations.CustomSubnetAnnotationKey)) | ||
} | ||
return nil | ||
} |
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -236,6 +236,15 @@ func (l4netlb *L4NetLB) EnsureFrontend(nodeNames []string, svc *corev1.Service) | |||||
} | ||||||
} | ||||||
|
||||||
// If service requires IPv6 LoadBalancer -- verify that Subnet with External IPv4 ranges is used. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
if l4netlb.enableDualStack && utils.NeedsIPv6(svc) { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
err := l4netlb.serviceSubnetHasExternalIPv4Range() | ||||||
if err != nil { | ||||||
result.Error = err | ||||||
return result | ||||||
} | ||||||
} | ||||||
|
||||||
hcLink := l4netlb.provideHealthChecks(nodeNames, result) | ||||||
if result.Error != nil { | ||||||
return result | ||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,8 +31,8 @@ import ( | |
) | ||
|
||
const ( | ||
ipv6Suffix = "-ipv6" | ||
subnetExternalIPv6AccessType = "EXTERNAL" | ||
ipv6Suffix = "-ipv6" | ||
subnetExternalAccessType = "EXTERNAL" | ||
) | ||
|
||
// ensureIPv6Resources creates resources specific to IPv6 L4 NetLB Load Balancers: | ||
|
@@ -195,7 +195,7 @@ func (l4netlb *L4NetLB) ipv6SubnetURL() (string, error) { | |
return l4netlb.cloud.SubnetworkURL(), nil | ||
} | ||
|
||
func (l4netlb *L4NetLB) ipv6SubnetName() string { | ||
func (l4netlb *L4NetLB) getSubnetName() string { | ||
// At first check custom subnet annotation. | ||
customSubnetName := annotations.FromService(l4netlb.Service).GetExternalLoadBalancerAnnotationSubnet() | ||
if customSubnetName != "" { | ||
|
@@ -209,8 +209,8 @@ func (l4netlb *L4NetLB) ipv6SubnetName() string { | |
} | ||
|
||
func (l4netlb *L4NetLB) serviceSubnetHasExternalIPv6Range() error { | ||
subnetName := l4netlb.ipv6SubnetName() | ||
hasIPv6SubnetRange, err := utils.SubnetHasIPv6Range(l4netlb.cloud, subnetName, subnetExternalIPv6AccessType) | ||
subnetName := l4netlb.getSubnetName() | ||
hasIPv6SubnetRange, err := utils.SubnetHasIPv6Range(l4netlb.cloud, subnetName, subnetExternalAccessType) | ||
if err != nil { | ||
return err | ||
} | ||
|
@@ -223,3 +223,19 @@ func (l4netlb *L4NetLB) serviceSubnetHasExternalIPv6Range() error { | |
} | ||
return nil | ||
} | ||
|
||
func (l4netlb *L4NetLB) serviceSubnetHasExternalIPv4Range() error { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. it's a bit strange to me that function reading something like this
makes you think that error happens when something wrong happened, not when service just doesn't have ExternalIPv4Range though, I am not strong on this opinion :) |
||
subnetName := l4netlb.getSubnetName() | ||
hasIPv6SubnetRange, err := utils.SubnetHasIPv4Range(l4netlb.cloud, subnetName, subnetExternalAccessType) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ditto: IPv6 on the left, IPv4 on the right |
||
if err != nil { | ||
return err | ||
} | ||
if !hasIPv6SubnetRange { | ||
// We don't need to emit custom event, because errors are already emitted to the user as events. | ||
l4netlb.svcLogger.Info("Subnet for IPv4 Service does not have external IPv6 ranges", "subnetName", subnetName) | ||
return utils.NewUserError( | ||
fmt.Errorf( | ||
"subnet %s does not have external IPv4 ranges, required for an external IPv6 Service. You can specify an external IPv4 subnet using the \"%s\" annotation on the Service", subnetName, annotations.CustomSubnetAnnotationKey)) | ||
} | ||
return nil | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,7 @@ limitations under the License. | |
package utils | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"errors" | ||
"fmt" | ||
|
@@ -87,6 +88,9 @@ const ( | |
// be removed in 1.18. | ||
LabelAlphaNodeRoleExcludeBalancer = "alpha.service-controller.kubernetes.io/exclude-balancer" | ||
DualStackSubnetStackType = "IPV4_IPV6" | ||
IPv6SubnetStackType = "IPV6_ONLY" | ||
|
||
IPv4SubnetStackType = "IPV4_ONLY" | ||
|
||
// LabelNodeSubnet specifies the subnet name of this node. | ||
LabelNodeSubnet = "cloud.google.com/gke-node-pool-subnet" | ||
|
@@ -883,12 +887,26 @@ func AddIPToLBStatus(status *api_v1.LoadBalancerStatus, ips ...string) *api_v1.L | |
return status | ||
} | ||
|
||
func SubnetHasIPv6Range(cloud *gce.Cloud, subnetName, ipv6AccessType string) (bool, error) { | ||
subnet, err := cloud.GetSubnetwork(cloud.Region(), subnetName) | ||
func SubnetHasIPv6Range(gcecloud *gce.Cloud, subnetName, accessType string) (bool, error) { | ||
key := meta.RegionalKey(subnetName, gcecloud.Region()) | ||
subnet, err := gcecloud.Compute().AlphaSubnetworks().Get(context.Background(), key) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is it only available in Alpha? |
||
if err != nil { | ||
return false, fmt.Errorf("failed getting subnet: %w", err) | ||
} | ||
stackTypeMatches := subnet.StackType == DualStackSubnetStackType || subnet.StackType == IPv6SubnetStackType | ||
accessTypeMatches := subnet.Ipv6AccessType == accessType | ||
return stackTypeMatches && accessTypeMatches, nil | ||
} | ||
|
||
func SubnetHasIPv4Range(gcecloud *gce.Cloud, subnetName, accessType string) (bool, error) { | ||
key := meta.RegionalKey(subnetName, gcecloud.Region()) | ||
subnet, err := gcecloud.Compute().AlphaSubnetworks().Get(context.Background(), key) | ||
if err != nil { | ||
return false, fmt.Errorf("failed getting subnet: %w", err) | ||
} | ||
return subnet.StackType == DualStackSubnetStackType && subnet.Ipv6AccessType == ipv6AccessType, nil | ||
stackTypeMatches := subnet.StackType == DualStackSubnetStackType || subnet.StackType == IPv4SubnetStackType | ||
accessTypeMatches := subnet.Ipv6AccessType == accessType | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. out of curiosity: is ipv6AccessType relevant for IPv4 subnet? |
||
return stackTypeMatches && accessTypeMatches, nil | ||
} | ||
|
||
// IsUnsupportedFeatureError returns true if the error has 400 number, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it even called anywhere?