Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add AllowGlobalAccess support for InternalLoadBalancer. #1392

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add AllowGlobalAccess support for InternalLoadBalancer. #1392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions api/v1beta1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -371,4 +371,12 @@ type LoadBalancer struct {
// required for the Load Balancer, if not defined the first configured subnet will be
// used.
Subnet *string `json:"subnet,omitempty"`

// AllowGlobalAccess. If set to true, clients can access the internal
// passthrough Network Load Balancers, the regional internal Application Load
// Balancer, and the regional internal proxy Network Load Balancer from all
// regions. If false, only allows access from the local region the load
// balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
// this field cannot be changed after the forwarding rule is created.
AllowGlobalAccess bool `json:"allowGlobalAccess,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is hard to tell based on the comments in the file, but I feel like this field should exist somewhere else or this struct name needs to change (or the comments should be altered slightly). The struct appears to only be used for Internal Load Balancers but the way that the comments are worded make this struct seem like it should be for external and internal Load Balancers. Allow global access only appears to be related to internal LBs, so something isn't matched in the description(s) here.

nit: not necessarily a problem with this PR but maybe we should address it.

}
3 changes: 3 additions & 0 deletions cloud/services/compute/loadbalancers/reconcile.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -599,6 +599,9 @@ func (s *Service) createOrGetRegionalForwardingRule(ctx context.Context, lbname
log := log.FromContext(ctx)
spec := s.scope.ForwardingRuleSpec(lbname)
spec.LoadBalancingScheme = string(loadBalanceTrafficInternal)
if lbSpec := s.scope.LoadBalancer(); lbSpec.InternalLoadBalancer != nil {
spec.AllowGlobalAccess = lbSpec.InternalLoadBalancer.AllowGlobalAccess
}
spec.Region = s.scope.Region()
spec.BackendService = backendSvc.SelfLink
// Ports is used instead or PortRange for passthrough Load Balancer
Expand Down
9 changes: 9 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,15 @@ spec:
description: InternalLoadBalancer is the configuration for an
Internal Passthrough Network Load Balancer.
properties:
allowGlobalAccess:
description: |-
AllowGlobalAccess. If set to true, clients can access the internal
passthrough Network Load Balancers, the regional internal Application Load
Balancer, and the regional internal proxy Network Load Balancer from all
regions. If false, only allows access from the local region the load
balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
this field cannot be changed after the forwarding rule is created.
type: boolean
name:
description: |-
Name is the name of the Load Balancer. If not set a default name
Expand Down
9 changes: 9 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,15 @@ spec:
description: InternalLoadBalancer is the configuration
for an Internal Passthrough Network Load Balancer.
properties:
allowGlobalAccess:
description: |-
AllowGlobalAccess. If set to true, clients can access the internal
passthrough Network Load Balancers, the regional internal Application Load
Balancer, and the regional internal proxy Network Load Balancer from all
regions. If false, only allows access from the local region the load
balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
this field cannot be changed after the forwarding rule is created.
type: boolean
name:
description: |-
Name is the name of the Load Balancer. If not set a default name
Expand Down
9 changes: 9 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,15 @@ spec:
description: InternalLoadBalancer is the configuration for an
Internal Passthrough Network Load Balancer.
properties:
allowGlobalAccess:
description: |-
AllowGlobalAccess. If set to true, clients can access the internal
passthrough Network Load Balancers, the regional internal Application Load
Balancer, and the regional internal proxy Network Load Balancer from all
regions. If false, only allows access from the local region the load
balancer is located at. Note that for INTERNAL_MANAGED forwarding rules,
this field cannot be changed after the forwarding rule is created.
type: boolean
name:
description: |-
Name is the name of the Load Balancer. If not set a default name
Expand Down