Skip to content

Commit

Permalink
Merge pull request #75331 from feiskyer/automated-cherry-pick-of-#752…
Browse files Browse the repository at this point in the history
…82-upstream-release-1.12

Automated cherry pick of #75282: Allow disable outbound snat when Azure standard load balancer
  • Loading branch information
k8s-ci-robot authored Mar 14, 2019
2 parents 185dec7 + 7b4dfe7 commit 9166af3
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 7 deletions.
22 changes: 19 additions & 3 deletions pkg/cloudprovider/providers/azure/azure.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ const (
var (
// Master nodes are not added to standard load balancer by default.
defaultExcludeMasterFromStandardLB = true
// Outbound SNAT is enabled by default.
defaultDisableOutboundSNAT = false
)

// Azure implements PVLabeler.
Expand Down Expand Up @@ -139,6 +141,9 @@ type Config struct {
// ExcludeMasterFromStandardLB excludes master nodes from standard load balancer.
// If not set, it will be default to true.
ExcludeMasterFromStandardLB *bool `json:"excludeMasterFromStandardLB" yaml:"excludeMasterFromStandardLB"`
// DisableOutboundSNAT disables the outbound SNAT for public load balancer rules.
// It should only be set when loadBalancerSku is standard. If not set, it will be default to false.
DisableOutboundSNAT *bool `json:"disableOutboundSNAT" yaml:"disableOutboundSNAT"`

// Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer
MaximumLoadBalancerRuleCount int `json:"maximumLoadBalancerRuleCount" yaml:"maximumLoadBalancerRuleCount"`
Expand Down Expand Up @@ -265,9 +270,20 @@ func NewCloud(configReader io.Reader) (cloudprovider.Interface, error) {
config.CloudProviderRateLimitBucketWrite)
}

// Do not add master nodes to standard LB by default.
if config.ExcludeMasterFromStandardLB == nil {
config.ExcludeMasterFromStandardLB = &defaultExcludeMasterFromStandardLB
if strings.EqualFold(config.LoadBalancerSku, loadBalancerSkuStandard) {
// Do not add master nodes to standard LB by default.
if config.ExcludeMasterFromStandardLB == nil {
config.ExcludeMasterFromStandardLB = &defaultExcludeMasterFromStandardLB
}

// Enable outbound SNAT by default.
if config.DisableOutboundSNAT == nil {
config.DisableOutboundSNAT = &defaultDisableOutboundSNAT
}
} else {
if config.DisableOutboundSNAT != nil && *config.DisableOutboundSNAT {
return nil, fmt.Errorf("disableOutboundSNAT should only set when loadBalancerSku is standard")
}
}

azClientConfig := &azClientConfig{
Expand Down
9 changes: 5 additions & 4 deletions pkg/cloudprovider/providers/azure/azure_loadbalancer.go
Original file line number Diff line number Diff line change
Expand Up @@ -939,10 +939,11 @@ func (az *Cloud) reconcileLoadBalancerRule(
BackendAddressPool: &network.SubResource{
ID: to.StringPtr(lbBackendPoolID),
},
LoadDistribution: loadDistribution,
FrontendPort: to.Int32Ptr(port.Port),
BackendPort: to.Int32Ptr(port.Port),
EnableFloatingIP: to.BoolPtr(true),
LoadDistribution: loadDistribution,
FrontendPort: to.Int32Ptr(port.Port),
BackendPort: to.Int32Ptr(port.Port),
EnableFloatingIP: to.BoolPtr(true),
DisableOutboundSnat: to.BoolPtr(az.disableLoadBalancerOutboundSNAT()),
},
}
if protocol == v1.ProtocolTCP {
Expand Down
8 changes: 8 additions & 0 deletions pkg/cloudprovider/providers/azure/azure_wrap.go
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,14 @@ func (az *Cloud) excludeMasterNodesFromStandardLB() bool {
return az.ExcludeMasterFromStandardLB != nil && *az.ExcludeMasterFromStandardLB
}

func (az *Cloud) disableLoadBalancerOutboundSNAT() bool {
if !az.useStandardLoadBalancer() || az.DisableOutboundSNAT == nil {
return false
}

return *az.DisableOutboundSNAT
}

// IsNodeUnmanaged returns true if the node is not managed by Azure cloud provider.
// Those nodes includes on-prem or VMs from other clouds. They will not be added to load balancer
// backends. Azure routes and managed disks are also not supported for them.
Expand Down

0 comments on commit 9166af3

Please sign in to comment.