def update_lbaas_sg(self, service, sgs): LOG.debug('Setting SG for LBaaS VIP port') svc_namespace = service['metadata']['namespace'] svc_name = service['metadata']['name'] svc_ports = service['spec']['ports'] lbaas_name = "%s/%s" % (svc_namespace, svc_name) endpoints_link = utils.get_endpoints_link(service) k8s = clients.get_kubernetes_client() endpoint = k8s.get(endpoints_link) lbaas = utils.get_lbaas_state(endpoint) if not lbaas: return lbaas_obj = lbaas.loadbalancer lbaas_obj.security_groups = sgs utils.set_lbaas_state(endpoint, lbaas) for port in svc_ports: port_protocol = port['protocol'] lbaas_port = port['port'] target_port = port['targetPort'] sg_rule_name = "%s:%s:%s" % (lbaas_name, port_protocol, lbaas_port) self._apply_members_security_groups(lbaas_obj, lbaas_port, target_port, port_protocol, sg_rule_name, sgs)
def test_get_endpoints_link(self): service = { 'metadata': { 'selfLink': "/api/v1/namespaces/default/services/test" } } ret = utils.get_endpoints_link(service) expected_link = "/api/v1/namespaces/default/endpoints/test" self.assertEqual(expected_link, ret)
def test_get_endpoints_link(self): service = { 'apiVersion': 'v1', 'kind': 'Service', 'metadata': { 'namespace': 'default', 'name': 'test' } } ret = utils.get_endpoints_link(service) expected_link = "/api/v1/namespaces/default/endpoints/test" self.assertEqual(expected_link, ret)
def _ensure_release_lbaas(self, lb_obj, svc=None): attempts = 0 deadline = 0 retry = True timeout = config.CONF.kubernetes.watch_retry_timeout while retry: try: if attempts == 1: deadline = time.time() + timeout if (attempts > 0 and utils.exponential_sleep(deadline, attempts) == 0): LOG.error("Failed releasing lbaas '%s': deadline exceeded", lb_obj.name) return self._drv_lbaas.release_loadbalancer(lb_obj) retry = False except k_exc.ResourceNotReady: LOG.debug( "Attempt (%s) of loadbalancer release %s failed." " A retry will be triggered.", attempts, lb_obj.name) attempts += 1 retry = True if svc: endpoints_link = utils.get_endpoints_link(svc) k8s = clients.get_kubernetes_client() try: endpoints = k8s.get(endpoints_link) except k_exc.K8sResourceNotFound: LOG.debug("Endpoint not Found.") return lbaas = utils.get_lbaas_state(endpoints) if lbaas: lbaas.loadbalancer = None lbaas.pools = [] lbaas.listeners = [] lbaas.members = [] # NOTE(ltomasbo): give some extra time to ensure the Load # Balancer VIP is also released time.sleep(1) utils.set_lbaas_state(endpoints, lbaas)
def update_lbaas_sg(self, service, sgs): LOG.debug('Setting SG for LBaaS VIP port') svc_namespace = service['metadata']['namespace'] svc_name = service['metadata']['name'] svc_ports = service['spec'].get('ports', []) lbaas_name = "%s/%s" % (svc_namespace, svc_name) endpoints_link = utils.get_endpoints_link(service) k8s = clients.get_kubernetes_client() endpoint = k8s.get(endpoints_link) lbaas = utils.get_lbaas_state(endpoint) if not lbaas: LOG.debug('Endpoint not yet annotated with lbaas state.') raise k_exc.ResourceNotReady(svc_name) lbaas_obj = lbaas.loadbalancer lbaas_obj.security_groups = sgs utils.set_lbaas_state(endpoint, lbaas) lsnr_ids = {(l.protocol, l.port): l.id for l in lbaas.listeners} for port in svc_ports: port_protocol = port['protocol'] lbaas_port = port['port'] target_port = port['targetPort'] sg_rule_name = "%s:%s:%s" % (lbaas_name, port_protocol, lbaas_port) listener_id = lsnr_ids.get((port_protocol, target_port)) if listener_id is None: LOG.warning("There is no listener associated to the protocol " "%s and port %s. Skipping", port_protocol, lbaas_port) continue self._apply_members_security_groups(lbaas_obj, lbaas_port, target_port, port_protocol, sg_rule_name, listener_id, sgs)
def update_lbaas_sg(self, service, sgs): LOG.debug('Setting SG for LBaaS VIP port') svc_namespace = service['metadata']['namespace'] svc_name = service['metadata']['name'] svc_ports = service['spec'].get('ports', []) lbaas_name = c_utils.get_resource_name(svc_name, prefix=svc_namespace + "/") endpoints_link = utils.get_endpoints_link(service) k8s = clients.get_kubernetes_client() try: k8s.get(endpoints_link) except k_exc.K8sResourceNotFound: LOG.debug("Endpoint not Found. Skipping LB SG update for " "%s as the LB resources are not present", lbaas_name) return try: klb = k8s.get(f'{k_const.K8S_API_CRD_NAMESPACES}/{svc_namespace}/' f'kuryrloadbalancers/{svc_name}') except k_exc.K8sResourceNotFound: LOG.debug('No KuryrLoadBalancer for service %s created yet.', lbaas_name) raise k_exc.ResourceNotReady(svc_name) if (not klb.get('status', {}).get('loadbalancer') or klb.get('status', {}).get('listeners') is None): LOG.debug('KuryrLoadBalancer for service %s not populated yet.', lbaas_name) raise k_exc.ResourceNotReady(svc_name) klb['status']['loadbalancer']['security_groups'] = sgs lb = klb['status']['loadbalancer'] try: k8s.patch_crd('status/loadbalancer', utils.get_res_link(klb), {'security_groups': sgs}) except k_exc.K8sResourceNotFound: LOG.debug('KuryrLoadBalancer CRD not found %s', lbaas_name) return except k_exc.K8sClientException: LOG.exception('Error updating KuryLoadBalancer CRD %s', lbaas_name) raise lsnr_ids = {(listener['protocol'], listener['port']): listener['id'] for listener in klb['status']['listeners']} for port in svc_ports: port_protocol = port['protocol'] lbaas_port = port['port'] target_port = port['targetPort'] suffix = f"{port_protocol}:{lbaas_port}" sg_rule_name = c_utils.get_resource_name(lbaas_name, suffix=':' + suffix) listener_id = lsnr_ids.get((port_protocol, lbaas_port)) if listener_id is None: LOG.warning("There is no listener associated to the protocol " "%s and port %s. Skipping", port_protocol, lbaas_port) continue self._apply_members_security_groups(lb, lbaas_port, target_port, port_protocol, sg_rule_name, listener_id, sgs)