Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-1.26] feat: add support for disable tcp reset #4554

Merged
merged 1 commit into from
Sep 5, 2023
Merged

[release-1.26] feat: add support for disable tcp reset #4554

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkg/consts/consts.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,9 @@ const (
// automatically on Azure LoadBalancer. Instead, they need to be configured manually (e.g. on Azure cross-region LoadBalancer by another operator).
ServiceAnnotationAdditionalPublicIPs = "service.beta.kubernetes.io/azure-additional-public-ips"

// ServiceAnnotationDisableTCPReset is the annotation used on the service to disable TCP reset on the load balancer.
ServiceAnnotationDisableTCPReset = "service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset"

// ServiceTagKey is the service key applied for public IP tags.
ServiceTagKey = "k8s-azure-service"
LegacyServiceTagKey = "service"
Expand Down
7 changes: 6 additions & 1 deletion pkg/consts/helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,11 @@ func IsPLSEnabled(annotations map[string]string) bool {
return expectAttributeInSvcAnnotationBeEqualTo(annotations, ServiceAnnotationPLSCreation, TrueAnnotationValue)
}

// IsTCPResetDisabled return true if ServiceAnnotationDisableTCPReset is true
func IsTCPResetDisabled(annotations map[string]string) bool {
return expectAttributeInSvcAnnotationBeEqualTo(annotations, ServiceAnnotationDisableTCPReset, TrueAnnotationValue)
}

// Getint32ValueFromK8sSvcAnnotation get health probe configuration for port
func Getint32ValueFromK8sSvcAnnotation(annotations map[string]string, key string, validators ...Int32BusinessValidator) (*int32, error) {
val, err := GetAttributeValueInSvcAnnotation(annotations, key)
Expand All @@ -79,7 +84,7 @@ func Getint32ValueFromK8sSvcAnnotation(annotations map[string]string, key string
return nil, err
}

// BuildHealthProbeAnnotationKeyForPort get health probe configuration key for port
// BuildAnnotationKeyForPort get health probe configuration key for port
func BuildAnnotationKeyForPort(port int32, key PortParams) string {
return fmt.Sprintf(PortAnnotationPrefixPattern, port, string(key))
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/provider/azure_loadbalancer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2314,7 +2314,7 @@ func (az *Cloud) getExpectedLoadBalancingRulePropertiesForPort(
IdleTimeoutInMinutes: lbIdleTimeout,
}
if strings.EqualFold(string(transportProto), string(network.TransportProtocolTCP)) && az.useStandardLoadBalancer() {
props.EnableTCPReset = pointer.Bool(true)
props.EnableTCPReset = pointer.Bool(!consts.IsTCPResetDisabled(service.Annotations))
}

// Azure ILB does not support secondary IPs as floating IPs on the LB. Therefore, floating IP needs to be turned
Expand All @@ -2335,7 +2335,8 @@ func (az *Cloud) getExpectedHAModeLoadBalancingRuleProperties(
if err != nil {
return nil, fmt.Errorf("error generate lb rule for ha mod loadbalancer. err: %w", err)
}
props.EnableTCPReset = pointer.Bool(true)
props.EnableTCPReset = pointer.Bool(!consts.IsTCPResetDisabled(service.Annotations))

return props, nil
}

Expand Down
23 changes: 22 additions & 1 deletion pkg/provider/azure_loadbalancer_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2471,6 +2471,15 @@ func TestReconcileLoadBalancerRule(t *testing.T) {
expectedRules: getDefaultTestRules(false),
expectedProbes: getDefaultTestProbes("Http", "/"),
},
{
desc: "getExpectedLBRules should disable tcp reset when annotation is set",
service: getTestServiceDualStack("test1", v1.ProtocolTCP, map[string]string{
"service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset": "true",
}, 80),
loadBalancerSku: "standard",
expectedRules: getTCPResetTestRules(false),
expectedProbes: getDefaultTestProbes("Tcp", ""),
},
{
desc: "getExpectedLBRules should prioritize port specific probe protocol over appProtocol",
service: getTestService("test1", v1.ProtocolTCP, map[string]string{
Expand Down Expand Up @@ -2776,7 +2785,7 @@ func getDefaultTestRules(enableTCPReset bool) map[bool][]network.LoadBalancingRu
}

func getDefaultInternalIPv6Rules(enableTCPReset bool) map[bool][]network.LoadBalancingRule {
rulesDualStack := getDefaultTestRules(true)
rulesDualStack := getDefaultTestRules(enableTCPReset)
for _, rules := range rulesDualStack {
for _, rule := range rules {
rule.EnableFloatingIP = pointer.Bool(false)
Expand All @@ -2786,6 +2795,18 @@ func getDefaultInternalIPv6Rules(enableTCPReset bool) map[bool][]network.LoadBal
return rulesDualStack
}

// getTCPResetTestRules returns rules with TCPReset always set.
func getTCPResetTestRules(enableTCPReset bool) map[bool][]network.LoadBalancingRule {
IPv4Rule := getTestRule(enableTCPReset, 80, consts.IPVersionIPv4)
IPv6Rule := getTestRule(enableTCPReset, 80, consts.IPVersionIPv6)
IPv4Rule.EnableTCPReset = pointer.Bool(enableTCPReset)
IPv6Rule.EnableTCPReset = pointer.Bool(enableTCPReset)
return map[bool][]network.LoadBalancingRule{
consts.IPVersionIPv4: {IPv4Rule},
consts.IPVersionIPv6: {IPv6Rule},
}
}

func getTestRule(enableTCPReset bool, port int32, isIPv6 bool) network.LoadBalancingRule {
suffix := ""
if isIPv6 {
Expand Down