feat: add proxy protocol support for svc loadbalancer type

tsuru · Oct 16, 2024 · 74ea509 · 74ea509
1 parent a38b4b5
commit 74ea509
Show file tree

Hide file tree

Showing 2 changed files with 149 additions and 14 deletions.
diff --git a/pkg/k8s/k8s.go b/pkg/k8s/k8s.go
@@ -38,6 +38,9 @@ const (
 	defaultHTTPSHostNetworkPort = int32(443)
 	defaultHTTPSPortName        = "https"
 
+	defaultProxyProtocolHTTPPortName  = "proxy-http"
+	defaultProxyProtocolHTTPSPortName = "proxy-https"
+
 	defaultCacheVolumeExtraSize = float64(1.05)
 
 	curlProbeCommand = "curl -m%d -kfsS -o /dev/null %s"
@@ -233,20 +236,7 @@ func NewService(n *v1alpha1.Nginx) *corev1.Service {
 			Annotations: annotations,
 		},
 		Spec: corev1.ServiceSpec{
-			Ports: []corev1.ServicePort{
-				{
-					Name:       defaultHTTPPortName,
-					Protocol:   corev1.ProtocolTCP,
-					TargetPort: intstr.FromString(defaultHTTPPortName),
-					Port:       int32(80),
-				},
-				{
-					Name:       defaultHTTPSPortName,
-					Protocol:   corev1.ProtocolTCP,
-					TargetPort: intstr.FromString(defaultHTTPSPortName),
-					Port:       int32(443),
-				},
-			},
+			Ports:                 fillPorts(*n, nginxService(n)),
 			Selector:              labelSelector,
 			LoadBalancerIP:        lbIP,
 			Type:                  nginxService(n),
@@ -260,6 +250,47 @@ func NewService(n *v1alpha1.Nginx) *corev1.Service {
 	return &service
 }
 
+func fillPorts(n v1alpha1.Nginx, t corev1.ServiceType) []corev1.ServicePort {
+	if n.Spec.PodTemplate.Ports != nil && t == corev1.ServiceTypeLoadBalancer {
+		ports := make([]corev1.ServicePort, 0)
+		for _, port := range n.Spec.PodTemplate.Ports {
+			if port.Name == defaultProxyProtocolHTTPPortName {
+				ports = append(ports, corev1.ServicePort{
+					Name:       defaultProxyProtocolHTTPPortName,
+					Protocol:   corev1.ProtocolTCP,
+					TargetPort: intstr.FromString(defaultProxyProtocolHTTPPortName),
+					Port:       int32(80),
+				})
+			}
+			if port.Name == defaultProxyProtocolHTTPSPortName {
+				ports = append(ports, corev1.ServicePort{
+					Name:       defaultProxyProtocolHTTPSPortName,
+					Protocol:   corev1.ProtocolTCP,
+					TargetPort: intstr.FromString(defaultProxyProtocolHTTPSPortName),
+					Port:       int32(443),
+				})
+			}
+		}
+		if len(ports) > 0 {
+			return ports
+		}
+	}
+	return []corev1.ServicePort{
+		{
+			Name:       defaultHTTPPortName,
+			Protocol:   corev1.ProtocolTCP,
+			TargetPort: intstr.FromString(defaultHTTPPortName),
+			Port:       int32(80),
+		},
+		{
+			Name:       defaultHTTPSPortName,
+			Protocol:   corev1.ProtocolTCP,
+			TargetPort: intstr.FromString(defaultHTTPSPortName),
+			Port:       int32(443),
+		},
+	}
+}
+
 func nginxService(n *v1alpha1.Nginx) corev1.ServiceType {
 	if n == nil || n.Spec.Service == nil {
 		return corev1.ServiceTypeClusterIP

diff --git a/pkg/k8s/k8s_test.go b/pkg/k8s/k8s_test.go
@@ -1611,6 +1611,110 @@ func TestNewService(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "using proxy protocol with LB svc type",
+			nginx: func() v1alpha1.Nginx {
+				n := nginxWithService()
+				n.Spec.Service.Type = corev1.ServiceTypeLoadBalancer
+				n.Spec.PodTemplate.Ports = []corev1.ContainerPort{
+					{
+						Name: defaultProxyProtocolHTTPPortName,
+					},
+					{
+						Name: defaultProxyProtocolHTTPSPortName,
+					},
+				}
+				return n
+			}(),
+			want: &corev1.Service{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "Service",
+					APIVersion: "v1",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "my-nginx-service",
+					Namespace: "default",
+					Labels: map[string]string{
+						"nginx.tsuru.io/resource-name": "my-nginx",
+						"nginx.tsuru.io/app":           "nginx",
+					},
+					Annotations: map[string]string{},
+				},
+				Spec: corev1.ServiceSpec{
+					Ports: []corev1.ServicePort{
+						{
+							Name:       "proxy-http",
+							Protocol:   corev1.ProtocolTCP,
+							TargetPort: intstr.FromString("proxy-http"),
+							Port:       int32(80),
+						},
+						{
+							Name:       "proxy-https",
+							Protocol:   corev1.ProtocolTCP,
+							TargetPort: intstr.FromString("proxy-https"),
+							Port:       int32(443),
+						},
+					},
+					Selector: map[string]string{
+						"nginx.tsuru.io/resource-name": "my-nginx",
+						"nginx.tsuru.io/app":           "nginx",
+					},
+					Type: corev1.ServiceTypeLoadBalancer,
+				},
+			},
+		},
+		{
+			name: "using default ports with clusterIP svc type",
+			nginx: func() v1alpha1.Nginx {
+				n := nginxWithService()
+				n.Spec.Service.Type = corev1.ServiceTypeClusterIP
+				n.Spec.PodTemplate.Ports = []corev1.ContainerPort{
+					{
+						Name: defaultProxyProtocolHTTPPortName,
+					},
+					{
+						Name: defaultProxyProtocolHTTPSPortName,
+					},
+				}
+				return n
+			}(),
+			want: &corev1.Service{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "Service",
+					APIVersion: "v1",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "my-nginx-service",
+					Namespace: "default",
+					Labels: map[string]string{
+						"nginx.tsuru.io/resource-name": "my-nginx",
+						"nginx.tsuru.io/app":           "nginx",
+					},
+					Annotations: map[string]string{},
+				},
+				Spec: corev1.ServiceSpec{
+					Ports: []corev1.ServicePort{
+						{
+							Name:       "http",
+							Protocol:   corev1.ProtocolTCP,
+							TargetPort: intstr.FromString("http"),
+							Port:       int32(80),
+						},
+						{
+							Name:       "https",
+							Protocol:   corev1.ProtocolTCP,
+							TargetPort: intstr.FromString("https"),
+							Port:       int32(443),
+						},
+					},
+					Selector: map[string]string{
+						"nginx.tsuru.io/resource-name": "my-nginx",
+						"nginx.tsuru.io/app":           "nginx",
+					},
+					Type: corev1.ServiceTypeClusterIP,
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {