Skip to content

Commit 497a366

Browse files
pthak94pthak94
committed
update logic, tests and doc
1 parent 800bb02 commit 497a366

File tree

3 files changed

+19
-18
lines changed

3 files changed

+19
-18
lines changed

docs/guide/service/annotations.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
| [service.beta.kubernetes.io/aws-load-balancer-internal](#lb-internal) | boolean | false | deprecated, in favor of [aws-load-balancer-scheme](#lb-scheme) |
2424
| [service.beta.kubernetes.io/aws-load-balancer-scheme](#lb-scheme) | string | internal | |
2525
| [service.beta.kubernetes.io/aws-load-balancer-proxy-protocol](#proxy-protocol-v2) | string | | Set to `"*"` to enable |
26-
| [service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group](#proxy-protocol-v2) | string | | If specified,configures proxy protocol per targrt group based on ServicePort. For example `"80, true, 443, true, 22, false"` will disable proxy protocol for port 22 only. This annotation is overriden by `"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol"` |
26+
| [service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group](#proxy-protocol-v2) | string | | If specified,configures proxy protocol for the target groups corresponding to the ports mentioned and disables for the rest. For example, if you have services deployed on ports `"80, 443 and 22"`, the annotation value `"80, 443"` will enable proxy protocol for ports 80 and 443 only, and disable for port 22. This annotation is overriden by `"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol"` |
2727
| [service.beta.kubernetes.io/aws-load-balancer-ip-address-type](#ip-address-type) | string | ipv4 | ipv4 \| dualstack |
2828
| [service.beta.kubernetes.io/aws-load-balancer-access-log-enabled](#deprecated-attributes) | boolean | false | deprecated, in favor of [aws-load-balancer-attributes](#load-balancer-attributes) |
2929
| [service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name](#deprecated-attributes) | string | | deprecated, in favor of [aws-load-balancer-attributes](#load-balancer-attributes) |

pkg/service/model_build_target_group.go

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -216,24 +216,26 @@ func (t *defaultModelBuildTask) buildTargetGroupAttributes(_ context.Context, po
216216
rawAttributes[tgAttrsProxyProtocolV2Enabled] = strconv.FormatBool(t.defaultProxyProtocolV2Enabled)
217217
}
218218

219-
var proxyProtocolPerTG string
219+
var proxyProtocolPerTG string
220220
if t.annotationParser.ParseStringAnnotation(annotations.SvcLBSuffixProxyProtocolPerTargetGroup, &proxyProtocolPerTG, t.service.Annotations) {
221-
pairs := strings.Split(proxyProtocolPerTG, ",")
222-
if len(pairs)%2 != 0 {
223-
return nil, errors.Errorf("invalid format for proxy-protocol-per-target-group: %v", proxyProtocolPerTG)
224-
}
225-
for i := 0; i < len(pairs); i += 2 {
226-
portStr := strings.TrimSpace(pairs[i])
227-
enabledStr := strings.TrimSpace(pairs[i+1])
228-
if portStr == strconv.FormatInt(int64(port.Port), 10) {
229-
enabled, err := strconv.ParseBool(enabledStr)
230-
if err != nil {
231-
return nil, errors.Errorf("invalid boolean value for port %v: %v", portStr, enabledStr)
221+
ports := strings.Split(proxyProtocolPerTG, ",")
222+
enabledPorts := make(map[string]struct{})
223+
for _, p := range ports {
224+
trimmedPort := strings.TrimSpace(p)
225+
if trimmedPort != "" {
226+
if _, err := strconv.Atoi(trimmedPort); err != nil {
227+
return nil, errors.Errorf("invalid port number in proxy-protocol-per-target-group: %v", trimmedPort)
232228
}
233-
rawAttributes[tgAttrsProxyProtocolV2Enabled] = strconv.FormatBool(enabled)
234-
break
229+
enabledPorts[trimmedPort] = struct{}{}
235230
}
236231
}
232+
233+
currentPortStr := strconv.FormatInt(int64(port.Port), 10)
234+
if _, enabled := enabledPorts[currentPortStr]; enabled {
235+
rawAttributes[tgAttrsProxyProtocolV2Enabled] = "true"
236+
} else {
237+
rawAttributes[tgAttrsProxyProtocolV2Enabled] = "false"
238+
}
237239
}
238240

239241
proxyV2Annotation := ""

pkg/service/model_build_target_group_test.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -146,8 +146,7 @@ func Test_defaultModelBuilderTask_targetGroupAttrs(t *testing.T) {
146146
svc: &corev1.Service{
147147
ObjectMeta: metav1.ObjectMeta{
148148
Annotations: map[string]string{
149-
"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "80, true, 443, false",
150-
149+
"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "80",
151150
},
152151
},
153152
},
@@ -165,7 +164,7 @@ func Test_defaultModelBuilderTask_targetGroupAttrs(t *testing.T) {
165164
svc: &corev1.Service{
166165
ObjectMeta: metav1.ObjectMeta{
167166
Annotations: map[string]string{
168-
"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "80, false, 443, false",
167+
"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol-per-target-group": "443, 22",
169168
"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*",
170169

171170
},

0 commit comments

Comments
 (0)