[occm] KEP-1860: Add support for LoadBalancer ipMode (#2587)

* KEP-1860: Add support for LoadBalancer ipMode * cleaner: use assertEqual for test
kubernetes · May 7, 2024 · 7a4290e · 7a4290e
1 parent b6d73d6
commit 7a4290e
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 10 deletions.
diff --git a/pkg/openstack/loadbalancer.go b/pkg/openstack/loadbalancer.go
@@ -1568,18 +1568,26 @@ func (lbaas *LbaasV2) createLoadBalancerStatus(service *corev1.Service, svcConf
 		status.Ingress = []corev1.LoadBalancerIngress{{Hostname: hostname}}
 		return status
 	}
-	// If the load balancer is using the PROXY protocol, expose its IP address via
-	// the Hostname field to prevent kube-proxy from injecting an iptables bypass.
-	// This is a workaround until
-	// https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1860-kube-proxy-IP-node-binding
-	// is implemented (maybe in v1.22).
-	if svcConf.enableProxyProtocol && lbaas.opts.EnableIngressHostname {
-		fakeHostname := fmt.Sprintf("%s.%s", addr, lbaas.opts.IngressHostnameSuffix)
-		status.Ingress = []corev1.LoadBalancerIngress{{Hostname: fakeHostname}}
-		return status
+
+	ipMode := corev1.LoadBalancerIPModeVIP
+	if svcConf.enableProxyProtocol {
+		// If the load balancer is using the PROXY protocol, expose its IP address via
+		// the Hostname field to prevent kube-proxy from injecting an iptables bypass.
+		// Setting must be removed by the user to allow the use of the LoadBalancerIPModeProxy.
+		if lbaas.opts.EnableIngressHostname {
+			fakeHostname := fmt.Sprintf("%s.%s", addr, lbaas.opts.IngressHostnameSuffix)
+			status.Ingress = []corev1.LoadBalancerIngress{{Hostname: fakeHostname}}
+			return status
+		}
+		// Set the LoadBalancerIPMode to Proxy to prevent kube-proxy from injecting an iptables bypass.
+		// https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1860-kube-proxy-IP-node-binding
+		ipMode = corev1.LoadBalancerIPModeProxy
 	}
 	// Default to IP
-	status.Ingress = []corev1.LoadBalancerIngress{{IP: addr}}
+	status.Ingress = []corev1.LoadBalancerIngress{{
+		IP:     addr,
+		IPMode: &ipMode,
+	}}
 	return status
 }
 

diff --git a/pkg/openstack/loadbalancer_test.go b/pkg/openstack/loadbalancer_test.go
@@ -709,12 +709,15 @@ func TestLbaasV2_checkListenerPorts(t *testing.T) {
 	}
 }
 func TestLbaasV2_createLoadBalancerStatus(t *testing.T) {
+	ipmodeProxy := corev1.LoadBalancerIPModeProxy
+	ipmodeVIP := corev1.LoadBalancerIPModeVIP
 	type fields struct {
 		LoadBalancer LoadBalancer
 	}
 	type result struct {
 		HostName  string
 		IPAddress string
+		IPMode    *corev1.LoadBalancerIPMode
 	}
 	type args struct {
 		service *corev1.Service
@@ -800,6 +803,33 @@ func TestLbaasV2_createLoadBalancerStatus(t *testing.T) {
 			},
 			want: result{
 				IPAddress: "10.10.0.6",
+				IPMode:    &ipmodeVIP,
+			},
+		},
+		{
+			name: "it should return ipMode proxy if using proxyProtocol and not EnableIngressHostname",
+			fields: fields{
+				LoadBalancer: LoadBalancer{
+					opts: LoadBalancerOpts{
+						EnableIngressHostname: false,
+						IngressHostnameSuffix: "ingress-suffix",
+					},
+				},
+			},
+			args: args{
+				service: &corev1.Service{
+					ObjectMeta: v1.ObjectMeta{
+						Annotations: map[string]string{"test": "key"},
+					},
+				},
+				svcConf: &serviceConfig{
+					enableProxyProtocol: true,
+				},
+				addr: "10.10.0.6",
+			},
+			want: result{
+				IPAddress: "10.10.0.6",
+				IPMode:    &ipmodeProxy,
 			},
 		},
 	}
@@ -812,6 +842,7 @@ func TestLbaasV2_createLoadBalancerStatus(t *testing.T) {
 			result := lbaas.createLoadBalancerStatus(tt.args.service, tt.args.svcConf, tt.args.addr)
 			assert.Equal(t, tt.want.HostName, result.Ingress[0].Hostname)
 			assert.Equal(t, tt.want.IPAddress, result.Ingress[0].IP)
+			assert.Equal(t, tt.want.IPMode, result.Ingress[0].IPMode)
 		})
 	}
 }