xuyuji9000 commented 3 years ago

Context

Kubernetes version: 1.20.9

Introduction

This issues to used to learn loadBalancerSourceRanges field in kubernetes service yaml.

Reference

kubernetes/kubernetes
kubernetes/cloud-provider

This repo provide the GetLoadBalancerSourceRanges function
kubernetes/legacy-cloud-providers

This repo consumes GetLoadBalancerSourceRanges function

xuyuji9000 commented 3 years ago

Context: kubernetes/legacy-cloud-providers

How GetLoadBalancerSourceRanges function is used?

File azure/azure_loadbalancer.go uses GetLoadBalancerSourceRanges function.

sourceRanges, err := servicehelpers.GetLoadBalancerSourceRanges(service)

xuyuji9000 commented 3 years ago

Repo: kubernetes/legacy-cloud-providers

File: _azure/azureloadbalancer.go

It contains a function func getServiceTags(service *v1.Service) []string

func getServiceTags(service *v1.Service) []string {
    if service == nil {
        return nil
    }

    if serviceTags, found := service.Annotations[ServiceAnnotationAllowedServiceTag]; found {
        result := []string{}
        tags := strings.Split(strings.TrimSpace(serviceTags), ",")
        for _, tag := range tags {
            serviceTag := strings.TrimSpace(tag)
            if serviceTag != "" {
                result = append(result, serviceTag)
            }
        }

        return result
    }

    return nil
}

Description:

Function getServiceTags extract service tags as string array out of service annotation.

Question:

How is this string array, which contains service tags, is used?

xuyuji9000 commented 3 years ago

Repo: kubernetes/legacy-cloud-providers

File: _azure/azureloadbalancer.go

Function getServiceTags is part of function reconcileSecurityGroup

func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service, lbIP *string, wantLb bool) (*network.SecurityGroup, error) {
  // ...
  serviceTags := getServiceTags(service)
  // ...

}

Here function reconcileSecurityGroup returns a type network.SecurityGroup, where does it come from originally?

func (az *Cloud) reconcileSecurityGroup(clusterName string, service *v1.Service, lbIP *string, wantLb bool) (*network.SecurityGroup, error) {
  // ...
  sg, err := az.getSecurityGroup(azcache.CacheReadTypeDefault)
  // ...
  return &sg, nil
  // ...

}

az.getSecurityGroup(azcache.CacheReadTypeDefault) get network.SecurityGroup. How does it works?

Repo: kubernetes/legacy-cloud-providers

File: _legacy-cloud-providers/azure/azurewrap.go

func (az *Cloud) getSecurityGroup(crt azcache.AzureCacheReadType) (network.SecurityGroup, error) {
  // ...
  securityGroup, err := az.nsgCache.Get(az.SecurityGroupName, crt)
  // ...
}

xuyuji9000 commented 3 years ago

Repo: kubernetes/legacy-cloud-providers

File: _azure/azureloadbalancer.go

Function reconcileSecurityGroup is part of function EnsureLoadBalancer

xuyuji9000 commented 3 years ago

Repo: kubernetes/legacy-cloud-providers

File: _azure/azureloadbalancer.go

Function EnsureLoadBalancer is part of function UpdateLoadBalancer

xuyuji9000 commented 3 years ago

Repo: kubernetes/cloud-provider

File: cloud-provider/cloud.go

Function UpdateLoadBalancer is part of interface LoadBalancer

xuyuji9000 / kubernetes-playground

Understand kubernetes service loadBalancerSourceRanges #26

Context

Introduction

Reference