add support svc external traffic policy for alibabacloud slb (#194)

* add test log * add support svc external traffic policy for alibabacloud slb * fix error * add e2e test timeout * add aliyun slb param ExternalTrafficPolicyType doc
2025-01-16 10:44:24 +08:00 · 2025-01-16 10:44:24 +08:00 · f0c82f1b1f
parent 8c229c1191
commit f0c82f1b1f
5 changed files with 46 additions and 17 deletions
--- a/cloudprovider/alibabacloud/slb.go
+++ b/cloudprovider/alibabacloud/slb.go
@ -41,15 +41,16 @@ import (
 )

 const (
-	SlbNetwork              = "AlibabaCloud-SLB"
-	AliasSLB                = "LB-Network"
-	SlbIdsConfigName        = "SlbIds"
-	PortProtocolsConfigName = "PortProtocols"
-	SlbListenerOverrideKey  = "service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners"
-	SlbIdAnnotationKey      = "service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id"
-	SlbIdLabelKey           = "service.k8s.alibaba/loadbalancer-id"
-	SvcSelectorKey          = "statefulset.kubernetes.io/pod-name"
-	SlbConfigHashKey        = "game.kruise.io/network-config-hash"
+	SlbNetwork                          = "AlibabaCloud-SLB"
+	AliasSLB                            = "LB-Network"
+	SlbIdsConfigName                    = "SlbIds"
+	PortProtocolsConfigName             = "PortProtocols"
+	ExternalTrafficPolicyTypeConfigName = "ExternalTrafficPolicyType"
+	SlbListenerOverrideKey              = "service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners"
+	SlbIdAnnotationKey                  = "service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id"
+	SlbIdLabelKey                       = "service.k8s.alibaba/loadbalancer-id"
+	SvcSelectorKey                      = "statefulset.kubernetes.io/pod-name"
+	SlbConfigHashKey                    = "game.kruise.io/network-config-hash"
 )

 const (
@ -79,6 +80,7 @@ type slbConfig struct {
 	protocols   []corev1.Protocol
 	isFixed     bool

+	externalTrafficPolicyType   corev1.ServiceExternalTrafficPolicyType
 	lBHealthCheckSwitch         string
 	lBHealthCheckProtocolPort   string
 	lBHealthCheckFlag           string
@ -408,6 +410,7 @@ func parseLbConfig(conf []gamekruiseiov1alpha1.NetworkConfParams) (*slbConfig, e
 	protocols := make([]corev1.Protocol, 0)
 	isFixed := false

+	externalTrafficPolicy := corev1.ServiceExternalTrafficPolicyTypeCluster
 	lBHealthCheckSwitch := "on"
 	lBHealthCheckProtocolPort := ""
 	lBHealthCheckFlag := "off"
@ -447,6 +450,10 @@ func parseLbConfig(conf []gamekruiseiov1alpha1.NetworkConfParams) (*slbConfig, e
 				continue
 			}
 			isFixed = v
+		case ExternalTrafficPolicyTypeConfigName:
+			if strings.EqualFold(c.Value, string(corev1.ServiceExternalTrafficPolicyTypeLocal)) {
+				externalTrafficPolicy = corev1.ServiceExternalTrafficPolicyTypeLocal
+			}
 		case LBHealthCheckSwitchConfigName:
 			checkSwitch := strings.ToLower(c.Value)
 			if checkSwitch != "on" && checkSwitch != "off" {
@ -529,6 +536,7 @@ func parseLbConfig(conf []gamekruiseiov1alpha1.NetworkConfParams) (*slbConfig, e
 		protocols:                   protocols,
 		targetPorts:                 ports,
 		isFixed:                     isFixed,
+		externalTrafficPolicyType:   externalTrafficPolicy,
 		lBHealthCheckSwitch:         lBHealthCheckSwitch,
 		lBHealthCheckFlag:           lBHealthCheckFlag,
 		lBHealthCheckType:           lBHealthCheckType,
@ -606,7 +614,8 @@ func (s *SlbPlugin) consSvc(sc *slbConfig, pod *corev1.Pod, c client.Client, ctx
 			OwnerReferences: getSvcOwnerReference(c, ctx, pod, sc.isFixed),
 		},
 		Spec: corev1.ServiceSpec{
-			Type: corev1.ServiceTypeLoadBalancer,
+			Type:                  corev1.ServiceTypeLoadBalancer,
+			ExternalTrafficPolicy: sc.externalTrafficPolicyType,
 			Selector: map[string]string{
 				SvcSelectorKey: pod.GetName(),
 			},
--- a/cloudprovider/alibabacloud/slb_test.go
+++ b/cloudprovider/alibabacloud/slb_test.go
@ -17,13 +17,14 @@ limitations under the License.
 package alibabacloud

 import (
+	"reflect"
+	"sync"
+	"testing"
+
 	gamekruiseiov1alpha1 "github.com/openkruise/kruise-game/apis/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"reflect"
-	"sync"
-	"testing"
 )

 func TestAllocateDeAllocate(t *testing.T) {
@ -136,6 +137,7 @@ func TestParseLbConfig(t *testing.T) {
 				lbIds:                       []string{"xxx-A"},
 				targetPorts:                 []int{80},
 				protocols:                   []corev1.Protocol{corev1.ProtocolTCP},
+				externalTrafficPolicyType:   corev1.ServiceExternalTrafficPolicyTypeCluster,
 				isFixed:                     false,
 				lBHealthCheckSwitch:         "off",
 				lBHealthCheckFlag:           "off",
@ -164,11 +166,16 @@ func TestParseLbConfig(t *testing.T) {
 					Name:  FixedConfigName,
 					Value: "true",
 				},
+				{
+					Name:  ExternalTrafficPolicyTypeConfigName,
+					Value: "Local",
+				},
 			},
 			slbConfig: &slbConfig{
 				lbIds:                       []string{"xxx-A", "xxx-B"},
 				targetPorts:                 []int{81, 82, 83},
 				protocols:                   []corev1.Protocol{corev1.ProtocolUDP, corev1.ProtocolTCP, corev1.ProtocolTCP},
+				externalTrafficPolicyType:   corev1.ServiceExternalTrafficPolicyTypeLocal,
 				isFixed:                     true,
 				lBHealthCheckSwitch:         "on",
 				lBHealthCheckFlag:           "off",
--- a/docs/en/user_manuals/network.md
+++ b/docs/en/user_manuals/network.md
@ -430,6 +430,12 @@ Fixed
 - Value: false or true.
 - Configuration change supported or not: yes.

+ExternalTrafficPolicyType
+
+- Meaning: Service LB forward type, if Local， Service LB just forward traffice to local node Pod, we can keep source IP without SNAT
+- Value: : Local/Cluster Default value is Cluster
+- Configuration change supported or not: not. It maybe related to "IP/Port mapping relationship Fixed", recommend not to change
+
 AllowNotReadyContainers

 - Meaning: the container names that are allowed not ready when inplace updating, when traffic will not be cut.
--- a/docs/中文/用户手册/网络模型.md
+++ b/docs/中文/用户手册/网络模型.md
@ -433,6 +433,12 @@ Fixed
 - 填写格式：false / true
 - 是否支持变更：支持

+ExternalTrafficPolicyType
+
+- 含义：Service LB 是否只转发给本地实例。若是Local， 创建Local类型Service, 配合cloud-manager只配置对应Node，可以保留客户端源IP地址
+- 填写格式: Local/Cluster 默认Cluster
+- 是否支持变更：不支持。跟是否固定IP/端口有关系，建议不更改
+
 AllowNotReadyContainers

 - 含义：在容器原地升级时允许不断流的对应容器名称，可填写多个
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@ -3,6 +3,10 @@ package framework
 import (
 	"encoding/json"
 	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
 	gamekruiseiov1alpha1 "github.com/openkruise/kruise-game/apis/v1alpha1"
 	kruisegameclientset "github.com/openkruise/kruise-game/pkg/client/clientset/versioned"
 	"github.com/openkruise/kruise-game/pkg/util"
@ -15,9 +19,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	clientset "k8s.io/client-go/kubernetes"
 	restclient "k8s.io/client-go/rest"
-	"strconv"
-	"strings"
-	"time"
 )

 type Framework struct {
@ -338,7 +339,7 @@ func (f *Framework) WaitForPodDeleted(podName string) error {
 }

 func (f *Framework) ExpectGsCorrect(gsName, opsState, dp, up string) error {
-	return wait.PollImmediate(5*time.Second, 3*time.Minute,
+	return wait.PollImmediate(5*time.Second, 5*time.Minute,
 		func() (done bool, err error) {
 			gs, err := f.client.GetGameServer(gsName)
 			if err != nil {