Merge pull request gardener#135 from jia-jerry/slb-local

set ExternalTrafficPolicy of kubeapi server service to Local

pkg/webhook/controlplaneexposure/add.go

@@ -20,6 +20,7 @@ import (
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
 	"github.com/gardener/gardener/extensions/pkg/webhook/controlplane"
 	"github.com/gardener/gardener/extensions/pkg/webhook/controlplane/genericmutator"
+	corev1 "k8s.io/api/core/v1"
 
 	druidv1alpha1 "github.com/gardener/etcd-druid/api/v1alpha1"
 	appsv1 "k8s.io/api/apps/v1"
@@ -47,7 +48,7 @@ func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionsw
 	return controlplane.New(mgr, controlplane.Args{
 		Kind:     controlplane.KindSeed,
 		Provider: alicloud.Type,
-		Types:    []runtime.Object{&appsv1.Deployment{}, &druidv1alpha1.Etcd{}},
+		Types:    []runtime.Object{&appsv1.Deployment{}, &druidv1alpha1.Etcd{}, &corev1.Service{}},
 		Mutator:  genericmutator.NewMutator(NewEnsurer(&opts.ETCDStorage, logger), nil, nil, nil, logger),
 	})
 }

pkg/webhook/controlplaneexposure/ensurer.go

@@ -17,7 +17,10 @@ package controlplaneexposure
 import (
 	"context"
 
+	corev1 "k8s.io/api/core/v1"
+
 	"github.com/gardener/gardener-extension-provider-alicloud/pkg/apis/config"
+	webhookutils "github.com/gardener/gardener-extension-provider-alicloud/pkg/webhook/utils"
 	"github.com/gardener/gardener/extensions/pkg/controller"
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
 	"github.com/gardener/gardener/extensions/pkg/webhook/controlplane/genericmutator"
@@ -54,6 +57,11 @@ func (e *ensurer) InjectClient(client client.Client) error {
 	return nil
 }
 
+// EnsureKubeAPIServerService ensures that the kube-apiserver service conforms to the provider requirements.
+func (e *ensurer) EnsureKubeAPIServerService(ctx context.Context, ectx genericmutator.EnsurerContext, new, old *corev1.Service) error {
+	return webhookutils.MutateLBService(new, old)
+}
+
 // EnsureKubeAPIServerDeployment ensures that the kube-apiserver deployment conforms to the provider requirements.
 func (e *ensurer) EnsureKubeAPIServerDeployment(ctx context.Context, ectx genericmutator.EnsurerContext, new, old *appsv1.Deployment) error {
 	if v1beta1helper.IsAPIServerExposureManaged(new) {

pkg/webhook/controlplaneexposure/ensurer_test.go

@@ -63,16 +63,8 @@ var _ = Describe("Ensurer", func() {
 		dummyContext = genericmutator.NewEnsurerContext(nil, nil)
 
 		svcKey = client.ObjectKey{Namespace: namespace, Name: v1beta1constants.DeploymentNameKubeAPIServer}
-		svc    = &corev1.Service{
-			ObjectMeta: metav1.ObjectMeta{Name: v1beta1constants.DeploymentNameKubeAPIServer, Namespace: namespace},
-			Status: corev1.ServiceStatus{
-				LoadBalancer: corev1.LoadBalancerStatus{
-					Ingress: []corev1.LoadBalancerIngress{
-						{IP: "1.2.3.4"},
-					},
-				},
-			},
-		}
+		svc    *corev1.Service
+
 		cluster = &extensionsv1alpha1.Cluster{
 			Spec: extensionsv1alpha1.ClusterSpec{
 				Shoot: runtime.RawExtension{
@@ -84,6 +76,22 @@ var _ = Describe("Ensurer", func() {
 
 	BeforeEach(func() {
 		ctrl = gomock.NewController(GinkgoT())
+		svc = &corev1.Service{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      v1beta1constants.DeploymentNameKubeAPIServer,
+				Namespace: namespace,
+			},
+			Spec: corev1.ServiceSpec{
+				ExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyTypeCluster,
+			},
+			Status: corev1.ServiceStatus{
+				LoadBalancer: corev1.LoadBalancerStatus{
+					Ingress: []corev1.LoadBalancerIngress{
+						{IP: "1.2.3.4"},
+					},
+				},
+			},
+		}
 	})
 
 	AfterEach(func() {
@@ -192,6 +200,25 @@ var _ = Describe("Ensurer", func() {
 			checkKubeAPIServerDeployment(dep)
 		})
 	})
+	Describe("#EnsureKubeAPIServerService", func() {
+		It("should set ExternalTrafficPolicy to Local for kube-apiserver service", func() {
+			ensurer := NewEnsurer(etcdStorage, logger)
+			err := ensurer.EnsureKubeAPIServerService(context.TODO(), dummyContext, svc, nil)
+			Expect(err).To(Not(HaveOccurred()))
+			Expect(svc.Spec.ExternalTrafficPolicy).To(Equal(corev1.ServiceExternalTrafficPolicyTypeLocal))
+		})
+
+		It("should not overwrite .spec.healthCheckNodePort for kube-apiserver service", func() {
+			oldVpnSvc := svc.DeepCopy()
+			oldVpnSvc.Spec.ExternalTrafficPolicy = corev1.ServiceExternalTrafficPolicyTypeLocal
+			oldVpnSvc.Spec.HealthCheckNodePort = 31279
+			ensurer := NewEnsurer(etcdStorage, logger)
+			err := ensurer.EnsureKubeAPIServerService(context.TODO(), dummyContext, svc, oldVpnSvc)
+			Expect(err).To(Not(HaveOccurred()))
+			Expect(svc.Spec.ExternalTrafficPolicy).To(Equal(corev1.ServiceExternalTrafficPolicyTypeLocal))
+			Expect(svc.Spec.HealthCheckNodePort).To(Equal(int32(31279)))
+		})
+	})
 
 	Describe("#EnsureETCD", func() {
 		It("should add or modify elements to etcd-main statefulset", func() {

pkg/webhook/shoot/mutator.go

@@ -17,8 +17,8 @@ package shoot
 import (
 	"context"
 
+	webhookutils "github.com/gardener/gardener-extension-provider-alicloud/pkg/webhook/utils"
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
-
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
 	appsv1 "k8s.io/api/apps/v1"
@@ -63,7 +63,7 @@ func (m *mutator) Mutate(ctx context.Context, new, old runtime.Object) error {
 			}
 
 			extensionswebhook.LogMutation(logger, x.Kind, x.Namespace, x.Name)
-			return m.mutateLBService(ctx, x, oldSvc)
+			return webhookutils.MutateLBService(x, oldSvc)
 		}
 	case *appsv1.Deployment:
 		if x.Name == "metrics-server" {

pkg/webhook/shoot/lb_service.go → pkg/webhook/utils/lb_service.go

@@ -12,15 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package shoot
+package utils
 
 import (
-	"context"
-
 	corev1 "k8s.io/api/core/v1"
 )
 
-func (m *mutator) mutateLBService(ctx context.Context, new, old *corev1.Service) error {
+func MutateLBService(new, old *corev1.Service) error {
 	new.Spec.ExternalTrafficPolicy = corev1.ServiceExternalTrafficPolicyTypeLocal
 
 	// Do not overwrite '.spec.healthCheckNodePort'