mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent
Signed-off-by: Paul Donohue <git@PaulSD.com> Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This commit is contained in:
Paul Donohue
Brad Davidson
parent
ddcc4d4034
commit
290d7e8fd1
@ -341,13 +341,13 @@ func configureNode(ctx context.Context, nodeConfig *daemonconfig.Node, nodes typ
|
|||||||
}
|
}
|
||||||
|
|
||||||
// inject node config
|
// inject node config
|
||||||
if changed, err := nodeconfig.SetNodeConfigAnnotations(node); err != nil {
|
if changed, err := nodeconfig.SetNodeConfigAnnotations(nodeConfig, node); err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
} else if changed {
|
} else if changed {
|
||||||
updateNode = true
|
updateNode = true
|
||||||
}
|
}
|
||||||
|
|
||||||
if changed, err := nodeconfig.SetNodeConfigLabels(node); err != nil {
|
if changed, err := nodeconfig.SetNodeConfigLabels(nodeConfig, node); err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
} else if changed {
|
} else if changed {
|
||||||
updateNode = true
|
updateNode = true
|
||||||
|
|||||||
@ -9,6 +9,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/k3s-io/k3s/pkg/configfilearg"
|
"github.com/k3s-io/k3s/pkg/configfilearg"
|
||||||
|
"github.com/k3s-io/k3s/pkg/daemons/config"
|
||||||
"github.com/k3s-io/k3s/pkg/version"
|
"github.com/k3s-io/k3s/pkg/version"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
@ -73,7 +74,7 @@ func getNodeEnv() (string, error) {
|
|||||||
// environment variables as annotations on the node object. It also stores a
|
// environment variables as annotations on the node object. It also stores a
|
||||||
// hash of the combined args + variables. These are used by other components
|
// hash of the combined args + variables. These are used by other components
|
||||||
// to determine if the node configuration has been changed.
|
// to determine if the node configuration has been changed.
|
||||||
func SetNodeConfigAnnotations(node *corev1.Node) (bool, error) {
|
func SetNodeConfigAnnotations(nodeConfig *config.Node, node *corev1.Node) (bool, error) {
|
||||||
nodeArgs, err := getNodeArgs()
|
nodeArgs, err := getNodeArgs()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
@ -106,14 +107,23 @@ func SetNodeConfigAnnotations(node *corev1.Node) (bool, error) {
|
|||||||
// that may not be present on down-level or up-level nodes.
|
// that may not be present on down-level or up-level nodes.
|
||||||
// These labels are used by other components to determine whether
|
// These labels are used by other components to determine whether
|
||||||
// or not a node supports particular functionality.
|
// or not a node supports particular functionality.
|
||||||
func SetNodeConfigLabels(node *corev1.Node) (bool, error) {
|
func SetNodeConfigLabels(nodeConfig *config.Node, node *corev1.Node) (bool, error) {
|
||||||
if node.Labels == nil {
|
if node.Labels == nil {
|
||||||
node.Labels = make(map[string]string)
|
node.Labels = make(map[string]string)
|
||||||
}
|
}
|
||||||
if _, ok := node.Labels[ClusterEgressLabel]; !ok {
|
_, hasLabel := node.Labels[ClusterEgressLabel]
|
||||||
|
switch nodeConfig.EgressSelectorMode {
|
||||||
|
case config.EgressSelectorModeCluster, config.EgressSelectorModePod:
|
||||||
|
if !hasLabel {
|
||||||
node.Labels[ClusterEgressLabel] = "true"
|
node.Labels[ClusterEgressLabel] = "true"
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
default:
|
||||||
|
if hasLabel {
|
||||||
|
delete(node.Labels, ClusterEgressLabel)
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -4,6 +4,7 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/k3s-io/k3s/pkg/daemons/config"
|
||||||
"github.com/k3s-io/k3s/pkg/version"
|
"github.com/k3s-io/k3s/pkg/version"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
@ -20,6 +21,7 @@ var FakeNodeWithNoAnnotation = &corev1.Node{
|
|||||||
}
|
}
|
||||||
|
|
||||||
var TestEnvName = version.ProgramUpper + "_NODE_NAME"
|
var TestEnvName = version.ProgramUpper + "_NODE_NAME"
|
||||||
|
var FakeNodeConfig = &config.Node{}
|
||||||
var FakeNodeWithAnnotation = &corev1.Node{
|
var FakeNodeWithAnnotation = &corev1.Node{
|
||||||
TypeMeta: metav1.TypeMeta{
|
TypeMeta: metav1.TypeMeta{
|
||||||
Kind: "Node",
|
Kind: "Node",
|
||||||
@ -39,7 +41,7 @@ func Test_UnitSetExistingNodeConfigAnnotations(t *testing.T) {
|
|||||||
// adding same config
|
// adding same config
|
||||||
os.Args = []string{version.Program, "server", "--flannel-backend=none"}
|
os.Args = []string{version.Program, "server", "--flannel-backend=none"}
|
||||||
os.Setenv(version.ProgramUpper+"_NODE_NAME", "fakeNode-with-annotation")
|
os.Setenv(version.ProgramUpper+"_NODE_NAME", "fakeNode-with-annotation")
|
||||||
nodeUpdated, err := SetNodeConfigAnnotations(FakeNodeWithAnnotation)
|
nodeUpdated, err := SetNodeConfigAnnotations(FakeNodeConfig, FakeNodeWithAnnotation)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to set node config annotation: %v", err)
|
t.Fatalf("Failed to set node config annotation: %v", err)
|
||||||
}
|
}
|
||||||
@ -50,6 +52,7 @@ func Test_UnitSetExistingNodeConfigAnnotations(t *testing.T) {
|
|||||||
|
|
||||||
func Test_UnitSetNodeConfigAnnotations(t *testing.T) {
|
func Test_UnitSetNodeConfigAnnotations(t *testing.T) {
|
||||||
type args struct {
|
type args struct {
|
||||||
|
config *config.Node
|
||||||
node *corev1.Node
|
node *corev1.Node
|
||||||
osArgs []string
|
osArgs []string
|
||||||
}
|
}
|
||||||
@ -72,6 +75,7 @@ func Test_UnitSetNodeConfigAnnotations(t *testing.T) {
|
|||||||
{
|
{
|
||||||
name: "Set empty NodeConfigAnnotations",
|
name: "Set empty NodeConfigAnnotations",
|
||||||
args: args{
|
args: args{
|
||||||
|
config: FakeNodeConfig,
|
||||||
node: FakeNodeWithAnnotation,
|
node: FakeNodeWithAnnotation,
|
||||||
osArgs: []string{version.Program, "server", "--flannel-backend=none"},
|
osArgs: []string{version.Program, "server", "--flannel-backend=none"},
|
||||||
},
|
},
|
||||||
@ -83,6 +87,7 @@ func Test_UnitSetNodeConfigAnnotations(t *testing.T) {
|
|||||||
{
|
{
|
||||||
name: "Set args with equal",
|
name: "Set args with equal",
|
||||||
args: args{
|
args: args{
|
||||||
|
config: FakeNodeConfig,
|
||||||
node: FakeNodeWithNoAnnotation,
|
node: FakeNodeWithNoAnnotation,
|
||||||
osArgs: []string{version.Program, "server", "--flannel-backend=none", "--write-kubeconfig-mode=777"},
|
osArgs: []string{version.Program, "server", "--flannel-backend=none", "--write-kubeconfig-mode=777"},
|
||||||
},
|
},
|
||||||
@ -98,7 +103,7 @@ func Test_UnitSetNodeConfigAnnotations(t *testing.T) {
|
|||||||
t.Errorf("Setup for SetNodeConfigAnnotations() failed = %v", err)
|
t.Errorf("Setup for SetNodeConfigAnnotations() failed = %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
got, err := SetNodeConfigAnnotations(tt.args.node)
|
got, err := SetNodeConfigAnnotations(tt.args.config, tt.args.node)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != tt.wantErr {
|
||||||
t.Errorf("SetNodeConfigAnnotations() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("SetNodeConfigAnnotations() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
return
|
return
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user