Skip to content

Commit

Permalink
feat: add support for disable tcp reset
Browse files Browse the repository at this point in the history
  • Loading branch information
feiskyer authored and k8s-infra-cherrypick-robot committed Sep 4, 2023
1 parent e6ad00c commit 01216f8
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 4 deletions.
3 changes: 3 additions & 0 deletions pkg/consts/consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,9 @@ const (
// The list is separated by comma. It will be omitted if multi-slb is not used.
ServiceAnnotationLoadBalancerConfigurations = "service.beta.kubernetes.io/azure-load-balancer-configurations"

// ServiceAnnotationDisableTCPReset is the annotation used on the service to disable TCP reset on the load balancer.
ServiceAnnotationDisableTCPReset = "service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset"

// ServiceTagKey is the service key applied for public IP tags.
ServiceTagKey = "k8s-azure-service"
LegacyServiceTagKey = "service"
Expand Down
7 changes: 6 additions & 1 deletion pkg/consts/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,11 @@ func IsPLSEnabled(annotations map[string]string) bool {
return expectAttributeInSvcAnnotationBeEqualTo(annotations, ServiceAnnotationPLSCreation, TrueAnnotationValue)
}

// IsTCPResetDisabled return true if ServiceAnnotationDisableTCPReset is true
func IsTCPResetDisabled(annotations map[string]string) bool {
return expectAttributeInSvcAnnotationBeEqualTo(annotations, ServiceAnnotationDisableTCPReset, TrueAnnotationValue)
}

// Getint32ValueFromK8sSvcAnnotation get health probe configuration for port
func Getint32ValueFromK8sSvcAnnotation(annotations map[string]string, key string, validators ...Int32BusinessValidator) (*int32, error) {
val, err := GetAttributeValueInSvcAnnotation(annotations, key)
Expand All @@ -74,7 +79,7 @@ func Getint32ValueFromK8sSvcAnnotation(annotations map[string]string, key string
return nil, err
}

// BuildHealthProbeAnnotationKeyForPort get health probe configuration key for port
// BuildAnnotationKeyForPort get health probe configuration key for port
func BuildAnnotationKeyForPort(port int32, key PortParams) string {
return fmt.Sprintf(PortAnnotationPrefixPattern, port, string(key))
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/provider/azure_loadbalancer.go
Original file line number Diff line number Diff line change
Expand Up @@ -2717,7 +2717,7 @@ func (az *Cloud) getExpectedLoadBalancingRulePropertiesForPort(
IdleTimeoutInMinutes: lbIdleTimeout,
}
if strings.EqualFold(string(transportProto), string(network.TransportProtocolTCP)) && az.useStandardLoadBalancer() {
props.EnableTCPReset = pointer.Bool(true)
props.EnableTCPReset = pointer.Bool(!consts.IsTCPResetDisabled(service.Annotations))
}

// Azure ILB does not support secondary IPs as floating IPs on the LB. Therefore, floating IP needs to be turned
Expand All @@ -2738,7 +2738,8 @@ func (az *Cloud) getExpectedHAModeLoadBalancingRuleProperties(
if err != nil {
return nil, fmt.Errorf("error generate lb rule for ha mod loadbalancer. err: %w", err)
}
props.EnableTCPReset = pointer.Bool(true)
props.EnableTCPReset = pointer.Bool(!consts.IsTCPResetDisabled(service.Annotations))

return props, nil
}

Expand Down
23 changes: 22 additions & 1 deletion pkg/provider/azure_loadbalancer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2664,6 +2664,15 @@ func TestReconcileLoadBalancerRuleCommon(t *testing.T) {
expectedRules: getDefaultTestRules(false),
expectedProbes: getDefaultTestProbes("Http", "/"),
},
{
desc: "getExpectedLBRules should disable tcp reset when annotation is set",
service: getTestServiceDualStack("test1", v1.ProtocolTCP, map[string]string{
"service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset": "true",
}, 80),
loadBalancerSku: "standard",
expectedRules: getTCPResetTestRules(false),
expectedProbes: getDefaultTestProbes("Tcp", ""),
},
{
desc: "getExpectedLBRules should prioritize port specific probe protocol over appProtocol",
service: getTestServiceDualStack("test1", v1.ProtocolTCP, map[string]string{
Expand Down Expand Up @@ -2989,7 +2998,7 @@ func getDefaultTestRules(enableTCPReset bool) map[bool][]network.LoadBalancingRu

// getDefaultInternalIPv6Rules returns a rule for IPv6 single stack.
func getDefaultInternalIPv6Rules(enableTCPReset bool) map[bool][]network.LoadBalancingRule {
rule := getTestRule(true, 80, false)
rule := getTestRule(enableTCPReset, 80, false)
rule.EnableFloatingIP = pointer.Bool(false)
rule.BackendPort = pointer.Int32(getBackendPort(*rule.FrontendPort))
rule.BackendAddressPool.ID = pointer.String("backendPoolID-IPv6")
Expand All @@ -2998,6 +3007,18 @@ func getDefaultInternalIPv6Rules(enableTCPReset bool) map[bool][]network.LoadBal
}
}

// getTCPResetTestRules returns rules with TCPReset always set.
func getTCPResetTestRules(enableTCPReset bool) map[bool][]network.LoadBalancingRule {
IPv4Rule := getTestRule(enableTCPReset, 80, consts.IPVersionIPv4)
IPv6Rule := getTestRule(enableTCPReset, 80, consts.IPVersionIPv6)
IPv4Rule.EnableTCPReset = pointer.Bool(enableTCPReset)
IPv6Rule.EnableTCPReset = pointer.Bool(enableTCPReset)
return map[bool][]network.LoadBalancingRule{
consts.IPVersionIPv4: {IPv4Rule},
consts.IPVersionIPv6: {IPv6Rule},
}
}

// getTestRule returns a rule for dualStack.
func getTestRule(enableTCPReset bool, port int32, isIPv6 bool) network.LoadBalancingRule {
suffix := ""
Expand Down

0 comments on commit 01216f8

Please sign in to comment.