Skip to content

Commit

Permalink
migrate subnet to track2 sdk
Browse files Browse the repository at this point in the history
Signed-off-by: MartinForReal <[email protected]>
  • Loading branch information
MartinForReal authored and k8s-infra-cherrypick-robot committed Nov 13, 2024
1 parent 31fd487 commit 0eea605
Show file tree
Hide file tree
Showing 9 changed files with 366 additions and 77 deletions.
18 changes: 12 additions & 6 deletions pkg/provider/azure.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ import (
"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/vmssclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/vmssvmclient"
"sigs.k8s.io/cloud-provider-azure/pkg/provider/privatelinkservice"
"sigs.k8s.io/cloud-provider-azure/pkg/provider/subnet"
"sigs.k8s.io/cloud-provider-azure/pkg/provider/zone"

"sigs.k8s.io/yaml"
Expand Down Expand Up @@ -414,12 +415,13 @@ type Cloud struct {
routeUpdater batchProcessor
backendPoolUpdater batchProcessor

vmCache azcache.Resource
lbCache azcache.Resource
nsgRepo securitygroup.Repository
zoneRepo zone.Repository
plsRepo privatelinkservice.Repository
rtCache azcache.Resource
vmCache azcache.Resource
lbCache azcache.Resource
nsgRepo securitygroup.Repository
zoneRepo zone.Repository
plsRepo privatelinkservice.Repository
subnetRepo subnet.Repository
rtCache azcache.Resource
// public ip cache
// key: [resourceGroupName]
// Value: sync.Map of [pipName]*PublicIPAddress
Expand Down Expand Up @@ -750,6 +752,10 @@ func (az *Cloud) InitializeCloudFromConfig(ctx context.Context, config *Config,
if err != nil {
return err
}
az.subnetRepo, err = subnet.NewRepo(networkClientFactory.GetSubnetClient())
if err != nil {
return err
}
}
err = az.initCaches()
if err != nil {
Expand Down
5 changes: 5 additions & 0 deletions pkg/provider/azure_fakes.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"sigs.k8s.io/cloud-provider-azure/pkg/azclient/mock_azclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azclient/privatezoneclient/mock_privatezoneclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azclient/securitygroupclient/mock_securitygroupclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azclient/subnetclient/mock_subnetclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azclient/virtualnetworklinkclient/mock_virtualnetworklinkclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/diskclient/mockdiskclient"
"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/interfaceclient/mockinterfaceclient"
Expand All @@ -45,6 +46,7 @@ import (
"sigs.k8s.io/cloud-provider-azure/pkg/provider/config"
"sigs.k8s.io/cloud-provider-azure/pkg/provider/privatelinkservice"
"sigs.k8s.io/cloud-provider-azure/pkg/provider/securitygroup"
"sigs.k8s.io/cloud-provider-azure/pkg/provider/subnet"
utilsets "sigs.k8s.io/cloud-provider-azure/pkg/util/sets"
)

Expand Down Expand Up @@ -128,13 +130,16 @@ func GetTestCloud(ctrl *gomock.Controller) (az *Cloud) {
clientFactory.EXPECT().GetPrivateZoneClient().Return(mockPrivateDNSClient).AnyTimes()
virtualNetworkLinkClient := mock_virtualnetworklinkclient.NewMockInterface(ctrl)
clientFactory.EXPECT().GetVirtualNetworkLinkClient().Return(virtualNetworkLinkClient).AnyTimes()
subnetTrack2Client := mock_subnetclient.NewMockInterface(ctrl)
clientFactory.EXPECT().GetSubnetClient().Return(subnetTrack2Client).AnyTimes()
az.AuthProvider = &azclient.AuthProvider{
ComputeCredential: mock_azclient.NewMockTokenCredential(ctrl),
}
az.VMSet, _ = newAvailabilitySet(az)
az.vmCache, _ = az.newVMCache()
az.lbCache, _ = az.newLBCache()
az.nsgRepo, _ = securitygroup.NewSecurityGroupRepo(az.SecurityGroupResourceGroup, az.SecurityGroupName, az.NsgCacheTTLInSeconds, az.Config.DisableAPICallCache, securtyGrouptrack2Client)
az.subnetRepo = subnet.NewMockRepository(ctrl)
az.rtCache, _ = az.newRouteTableCache()
az.pipCache, _ = az.newPIPCache()
az.LoadBalancerBackendPool = NewMockBackendPool(ctrl)
Expand Down
51 changes: 37 additions & 14 deletions pkg/provider/azure_privatelinkservice.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,13 @@ package provider

import (
"context"
"errors"
"fmt"
"net"
"net/http"
"strings"

"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2022-07-01/network"
Expand Down Expand Up @@ -144,14 +147,14 @@ func (az *Cloud) reconcilePrivateLinkService(
return err
}

dirtyPLS, err := az.getExpectedPrivateLinkService(existingPLS, &plsName, &clusterName, service, fipConfig)
dirtyPLS, err := az.getExpectedPrivateLinkService(ctx, existingPLS, &plsName, &clusterName, service, fipConfig)
if err != nil {
return err
}

if dirtyPLS {
klog.V(2).Infof("reconcilePrivateLinkService for service(%s): pls(%s) - updating", serviceName, plsName)
err := az.disablePLSNetworkPolicy(service)
err := az.disablePLSNetworkPolicy(ctx, service)
if err != nil {
klog.Errorf("reconcilePrivateLinkService for service(%s) disable PLS network policy failed for pls(%s): %v", serviceName, plsName, err.Error())
return err
Expand Down Expand Up @@ -196,28 +199,39 @@ func (az *Cloud) getPLSResourceGroup(service *v1.Service) string {
return az.PrivateLinkServiceResourceGroup
}

func (az *Cloud) disablePLSNetworkPolicy(service *v1.Service) error {
func (az *Cloud) disablePLSNetworkPolicy(ctx context.Context, service *v1.Service) error {
serviceName := getServiceName(service)
subnetName := getPLSSubnetName(service)
if subnetName == nil {
subnetName = &az.SubnetName
}

subnet, existsSubnet, err := az.getSubnet("", az.VnetName, *subnetName)
rg := az.VnetResourceGroup
if rg == "" {
rg = az.ResourceGroup
}

subnet, err := az.subnetRepo.Get(ctx, rg, az.VnetName, *subnetName)
if err != nil {
var respErr *azcore.ResponseError
if errors.As(err, &respErr) {
if respErr != nil && respErr.StatusCode == http.StatusNotFound {
return fmt.Errorf("disablePLSNetworkPolicy: failed to get private link service subnet(%s) for service(%s)", *subnetName, serviceName)
}
}
return err
}
if !existsSubnet {
return fmt.Errorf("disablePLSNetworkPolicy: failed to get private link service subnet(%s) for service(%s)", *subnetName, serviceName)
if subnet.Properties == nil {
subnet.Properties = &armnetwork.SubnetPropertiesFormat{}
}

// Policy already disabled
if subnet.PrivateLinkServiceNetworkPolicies == network.VirtualNetworkPrivateLinkServiceNetworkPoliciesDisabled {
if subnet.Properties.PrivateLinkServiceNetworkPolicies != nil && *subnet.Properties.PrivateLinkServiceNetworkPolicies == armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesDisabled {
return nil
}

subnet.PrivateLinkServiceNetworkPolicies = network.VirtualNetworkPrivateLinkServiceNetworkPoliciesDisabled
err = az.CreateOrUpdateSubnet(service, subnet)
subnet.Properties.PrivateLinkServiceNetworkPolicies = to.Ptr(armnetwork.VirtualNetworkPrivateLinkServiceNetworkPoliciesDisabled)
err = az.subnetRepo.CreateOrUpdate(ctx, rg, az.VnetName, *subnetName, *subnet)
if err != nil {
return err
}
Expand Down Expand Up @@ -281,6 +295,7 @@ func (az *Cloud) getPrivateLinkServiceName(

// getExpectedPrivateLinkService builds expected PLS object from service spec
func (az *Cloud) getExpectedPrivateLinkService(
ctx context.Context,
existingPLS *armnetwork.PrivateLinkService,
plsName *string,
clusterName *string,
Expand Down Expand Up @@ -314,7 +329,7 @@ func (az *Cloud) getExpectedPrivateLinkService(
dirtyPLS = true
}

changed, err := az.reconcilePLSIpConfigs(existingPLS, service)
changed, err := az.reconcilePLSIpConfigs(ctx, existingPLS, service)
if err != nil {
return false, err
}
Expand Down Expand Up @@ -347,6 +362,7 @@ func (az *Cloud) getExpectedPrivateLinkService(

// reconcile Private link service's IP configurations
func (az *Cloud) reconcilePLSIpConfigs(
ctx context.Context,
existingPLS *armnetwork.PrivateLinkService,
service *v1.Service,
) (bool, error) {
Expand All @@ -357,13 +373,20 @@ func (az *Cloud) reconcilePLSIpConfigs(
if subnetName == nil {
subnetName = &az.SubnetName
}
subnet, existsSubnet, err := az.getSubnet("", az.VnetName, *subnetName)
rg := az.VnetResourceGroup
if rg == "" {
rg = az.ResourceGroup
}
subnet, err := az.subnetRepo.Get(ctx, rg, az.VnetName, *subnetName)
if err != nil {
var runtimError *azcore.ResponseError
if errors.As(err, &runtimError) {
if runtimError != nil && runtimError.StatusCode == http.StatusNotFound {
return false, fmt.Errorf("checkAndUpdatePLSIPConfigs: failed to get private link service subnet(%s) for service(%s)", *subnetName, serviceName)
}
}
return false, err
}
if !existsSubnet {
return false, fmt.Errorf("checkAndUpdatePLSIPConfigs: failed to get private link service subnet(%s) for service(%s)", *subnetName, serviceName)
}

ipConfigCount, err := getPLSIPConfigCount(service)
if err != nil {
Expand Down
Loading

0 comments on commit 0eea605

Please sign in to comment.