Merge pull request #2526 from panslava/override-compute-api

Add a flag a logic to override k8scp compute api endpoint
kubernetes · Apr 23, 2024 · 614c6ca · 614c6ca
2 parents a34a810 + 8056a07
commit 614c6ca
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 11 deletions.
diff --git a/cmd/glbc/main.go b/cmd/glbc/main.go
@@ -25,19 +25,10 @@ import (
 	"sync"
 	"time"
 
+	k8scp "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
 	flag "github.com/spf13/pflag"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/ingress-gce/pkg/frontendconfig"
-	"k8s.io/ingress-gce/pkg/ingparams"
-	"k8s.io/ingress-gce/pkg/instancegroups"
-	"k8s.io/ingress-gce/pkg/l4lb"
-	"k8s.io/ingress-gce/pkg/psc"
-	"k8s.io/ingress-gce/pkg/serviceattachment"
-	"k8s.io/ingress-gce/pkg/servicemetrics"
-	"k8s.io/ingress-gce/pkg/svcneg"
-	"k8s.io/klog/v2"
-
 	crdclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	clientset "k8s.io/client-go/kubernetes"
 	restclient "k8s.io/client-go/rest"
@@ -47,10 +38,20 @@ import (
 	firewallcrclient "k8s.io/cloud-provider-gcp/crd/client/gcpfirewall/clientset/versioned"
 	networkclient "k8s.io/cloud-provider-gcp/crd/client/network/clientset/versioned"
 	backendconfigclient "k8s.io/ingress-gce/pkg/backendconfig/client/clientset/versioned"
+	"k8s.io/ingress-gce/pkg/frontendconfig"
 	frontendconfigclient "k8s.io/ingress-gce/pkg/frontendconfig/client/clientset/versioned"
+	"k8s.io/ingress-gce/pkg/ingparams"
 	ingparamsclient "k8s.io/ingress-gce/pkg/ingparams/client/clientset/versioned"
+	"k8s.io/ingress-gce/pkg/instancegroups"
+	"k8s.io/ingress-gce/pkg/l4lb"
+	"k8s.io/ingress-gce/pkg/psc"
+	"k8s.io/ingress-gce/pkg/serviceattachment"
 	serviceattachmentclient "k8s.io/ingress-gce/pkg/serviceattachment/client/clientset/versioned"
+	"k8s.io/ingress-gce/pkg/servicemetrics"
+	"k8s.io/ingress-gce/pkg/svcneg"
 	svcnegclient "k8s.io/ingress-gce/pkg/svcneg/client/clientset/versioned"
+	"k8s.io/ingress-gce/pkg/utils"
+	"k8s.io/klog/v2"
 
 	ingctx "k8s.io/ingress-gce/pkg/context"
 	"k8s.io/ingress-gce/pkg/controller"
@@ -213,6 +214,16 @@ func main() {
 	kubeSystemUID := kubeSystemNS.GetUID()
 
 	cloud := app.NewGCEClient(rootLogger)
+
+	if flags.F.OverrideComputeAPIEndpoint != "" {
+		// Globally set the domain for all urls generated by GoogleCloudPlatform/k8s-cloud-provider.
+		// The cloud object is configured by the gce.conf file and parsed in app.NewGCEClient().
+		// basePath will be of the form <URL>/v1
+		domain := utils.GetDomainFromGABasePath(flags.F.OverrideComputeAPIEndpoint)
+		rootLogger.Info("Overriding k8s-cloud-provider API Domain", "domain", domain)
+		k8scp.SetAPIDomain(domain)
+	}
+
 	defaultBackendServicePort := app.DefaultBackendServicePort(kubeClient, rootLogger)
 	ctxConfig := ingctx.ControllerContextConfig{
 		Namespace:                     flags.F.WatchNamespace,

diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go
@@ -128,6 +128,7 @@ var (
 		DisableFWEnforcement                     bool
 		EnableIngressRegionalExternal            bool
 		EnableIngressGlobalExternal              bool
+		OverrideComputeAPIEndpoint               string
 	}{
 		GCERateLimitScale: 1.0,
 	}
@@ -304,6 +305,7 @@ L7 load balancing. CSV values accepted. Example: -node-port-ranges=80,8080,400-5
 	flag.BoolVar(&F.DisableFWEnforcement, "disable-fw-enforcement", false, "Disable Ingress controller to enforce the firewall rules. If set to true, Ingress Controller stops creating GCE firewall rules. We can only enable this if enable-firewall-cr sets to true.")
 	flag.BoolVar(&F.EnableIngressRegionalExternal, "enable-ingress-regional-external", false, "Enable L7 Ingress Regional External.")
 	flag.BoolVar(&F.EnableIngressGlobalExternal, "enable-ingress-global-external", true, "Enable L7 Ingress Global External. Should be disabled when Regional External is enabled.")
+	flag.StringVar(&F.OverrideComputeAPIEndpoint, "override-compute-api-endpoint", "", "Override endpoint that is used to communicate to GCP compute APIs.")
 }
 
 func Validate() {

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -931,3 +931,12 @@ func IsUnsupportedFeatureError(err error, featureName string) bool {
 	}
 	return false
 }
+
+// GetDomainFromGABasePath takes a GA base path of the form <path>/compute/v1 and returns the path.
+func GetDomainFromGABasePath(basePath string) string {
+	// Trim URL to remove the "/v1" part since we are using the GA path.
+	// Start by trimming any trailing "/"
+	domain := strings.TrimSuffix(basePath, "/")
+	domain = strings.TrimSuffix(domain, "/compute/v1")
+	return domain
+}
diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go
@@ -1872,3 +1872,43 @@ func TestIsK8sServerError(t *testing.T) {
 		})
 	}
 }
+
+func TestGetDomainFromGABasePath(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		basePath string
+		want     string
+	}{
+		{
+			desc: "empty string",
+		},
+		{
+			desc:     "compute.googleapis.com path",
+			basePath: "https://www.compute.googleapis.com/compute/v1",
+			want:     "https://www.compute.googleapis.com",
+		},
+		{
+			desc:     "arbitary path",
+			basePath: "mycompute.mydomain.com/mypath/compute/v1",
+			want:     "mycompute.mydomain.com/mypath",
+		},
+		{
+			desc:     "arbitary path with trailing /",
+			basePath: "mycompute.mydomain.com/mypath/compute/v1/",
+			want:     "mycompute.mydomain.com/mypath",
+		},
+		{
+			desc:     "arbitary path without /v1 -- should return same string",
+			basePath: "mycompute.mydomain.com/mypath/compute",
+			want:     "mycompute.mydomain.com/mypath/compute",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			if got := GetDomainFromGABasePath(tc.basePath); got != tc.want {
+				t.Errorf("GetDomainFromGABasePath(%s) = %s, want %s", tc.basePath, got, tc.want)
+			}
+		})
+	}
+}