Skip to content

Commit

Permalink
Deleting annotations does not remove the corresponding firewall rules…
Browse files Browse the repository at this point in the history
… (allow/deny) on the load balancer (#642)
  • Loading branch information
llDrLove authored Aug 2, 2023
1 parent f3a5e84 commit 2147b73
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 13 deletions.
11 changes: 8 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
## unreleased
* Remove deny and allow load balancer firewall rules when annotations are removed (@olove)

## v0.1.43 (beta) - May 25, 2023
* Updates kubernetes dependencies: (@olove)
- k8s.io/[email protected]
- k8s.io/[email protected]
- k8s.io/[email protected]
- k8s.io/[email protected]
- k8s.io/[email protected]

## v0.1.42 (beta) - January 10, 2023

## v0.1.42 (beta) - January 9, 2023
## v0.1.42 (beta) - January 10, 2023
* Updates kubernetes dependencies: (@olove)
- k8s.io/[email protected]
- k8s.io/[email protected]
Expand Down
10 changes: 2 additions & 8 deletions cloud-controller-manager/do/loadbalancers.go
Original file line number Diff line number Diff line change
Expand Up @@ -795,15 +795,9 @@ func buildForwardingRule(service *v1.Service, port *v1.ServicePort, protocol, ce
}

func buildFirewall(service *v1.Service) *godo.LBFirewall {
denyRules := getStrings(service, annDODenyRules)
allowRules := getStrings(service, annDOAllowRules)
if len(denyRules) == 0 && len(allowRules) == 0 {
return nil
}

return &godo.LBFirewall{
Deny: denyRules,
Allow: allowRules,
Deny: getStrings(service, annDODenyRules),
Allow: getStrings(service, annDOAllowRules),
}
}

Expand Down
7 changes: 5 additions & 2 deletions cloud-controller-manager/do/loadbalancers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4203,6 +4203,9 @@ func Test_buildLoadBalancerRequest(t *testing.T) {
lbActiveTimeout: 2,
lbActiveCheckTick: 1,
}
if test.lbr != nil {
test.lbr.Firewall = &godo.LBFirewall{}
}

lbr, err := lb.buildLoadBalancerRequest(context.Background(), test.service, test.nodes)

Expand Down Expand Up @@ -5652,7 +5655,7 @@ func Test_buildFirewall(t *testing.T) {
Annotations: map[string]string{},
},
},
expectedFirewall: nil,
expectedFirewall: &godo.LBFirewall{},
},
{
name: "annotations empty",
Expand All @@ -5666,7 +5669,7 @@ func Test_buildFirewall(t *testing.T) {
},
},
},
expectedFirewall: nil,
expectedFirewall: &godo.LBFirewall{},
},
{
name: "annotations set",
Expand Down

0 comments on commit 2147b73

Please sign in to comment.