Skip to content

Commit

Permalink
Merge pull request #8885 from george-angel/init-container-port
Browse files Browse the repository at this point in the history 
Add initContainer ports to WorkloadEndpoint
  • Loading branch information
@caseydavenport
caseydavenport authored Nov 4, 2024
2 parents c874785 + 9c60cbe commit 07ad564
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 30 deletions.
12 changes: 12 additions & 0 deletions libcalico-go/lib/backend/k8s/conversion/conversion_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,16 @@ var _ = Describe("Test Pod conversion", func() {
},
Spec: kapiv1.PodSpec{
NodeName: "nodeA",
InitContainers: []kapiv1.Container{
{
Ports: []kapiv1.ContainerPort{
{
Name: "init-port",
ContainerPort: 3000,
},
},
},
},
Containers: []kapiv1.Container{
{
Ports: []kapiv1.ContainerPort{
Expand Down Expand Up @@ -296,6 +306,8 @@ var _ = Describe("Test Pod conversion", func() {
libapiv3.WorkloadEndpointPort{Name: "udp-proto", Port: 432, Protocol: nsProtoUDP},
// SCTP.
libapiv3.WorkloadEndpointPort{Name: "sctp-proto", Port: 891, Protocol: nsProtoSCTP},
// initContainer sidecar with a named port
libapiv3.WorkloadEndpointPort{Name: "init-port", Port: 3000, Protocol: nsProtoTCP},
// Unknown protocol port is ignored.
))

Expand Down
66 changes: 36 additions & 30 deletions libcalico-go/lib/backend/k8s/conversion/workload_endpoint_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,36 +187,8 @@ func (wc defaultWorkloadEndpointConverter) podToDefaultWorkloadEndpoint(pod *kap

// Map any named ports through.
var endpointPorts []libapiv3.WorkloadEndpointPort
for _, container := range pod.Spec.Containers {
for _, containerPort := range container.Ports {
if containerPort.ContainerPort != 0 && (containerPort.HostPort != 0 || containerPort.Name != "") {
var modelProto numorstring.Protocol
switch containerPort.Protocol {
case kapiv1.ProtocolUDP:
modelProto = numorstring.ProtocolFromString("udp")
case kapiv1.ProtocolSCTP:
modelProto = numorstring.ProtocolFromString("sctp")
case kapiv1.ProtocolTCP, kapiv1.Protocol("") /* K8s default is TCP. */ :
modelProto = numorstring.ProtocolFromString("tcp")
default:
log.WithFields(log.Fields{
"protocol": containerPort.Protocol,
"pod": pod,
"port": containerPort,
}).Debug("Ignoring named port with unknown protocol")
continue
}

endpointPorts = append(endpointPorts, libapiv3.WorkloadEndpointPort{
Name: containerPort.Name,
Protocol: modelProto,
Port: uint16(containerPort.ContainerPort),
HostPort: uint16(containerPort.HostPort),
HostIP: containerPort.HostIP,
})
}
}
}
endpointPorts = appendEndpointPorts(endpointPorts, pod, pod.Spec.Containers)
endpointPorts = appendEndpointPorts(endpointPorts, pod, pod.Spec.InitContainers)

// Get the container ID if present. This is used in the CNI plugin to distinguish different pods that have
// the same name. For example, restarted stateful set pods.
Expand Down Expand Up @@ -267,6 +239,40 @@ func (wc defaultWorkloadEndpointConverter) podToDefaultWorkloadEndpoint(pod *kap
return &kvp, nil
}

func appendEndpointPorts(ports []libapiv3.WorkloadEndpointPort, pod *kapiv1.Pod, containers []kapiv1.Container) []libapiv3.WorkloadEndpointPort {
for _, container := range containers {
for _, containerPort := range container.Ports {
if containerPort.ContainerPort != 0 && (containerPort.HostPort != 0 || containerPort.Name != "") {
var modelProto numorstring.Protocol
switch containerPort.Protocol {
case kapiv1.ProtocolUDP:
modelProto = numorstring.ProtocolFromString("udp")
case kapiv1.ProtocolSCTP:
modelProto = numorstring.ProtocolFromString("sctp")
case kapiv1.ProtocolTCP, kapiv1.Protocol("") /* K8s default is TCP. */ :
modelProto = numorstring.ProtocolFromString("tcp")
default:
log.WithFields(log.Fields{
"protocol": containerPort.Protocol,
"pod": pod,
"port": containerPort,
}).Debug("Ignoring named port with unknown protocol")
continue
}

ports = append(ports, libapiv3.WorkloadEndpointPort{
Name: containerPort.Name,
Protocol: modelProto,
Port: uint16(containerPort.ContainerPort),
HostPort: uint16(containerPort.HostPort),
HostIP: containerPort.HostIP,
})
}
}
}
return ports
}

// HandleSourceIPSpoofingAnnotation parses the allowedSourcePrefixes annotation if present,
// and returns the allowed prefixes as a slice of strings.
func HandleSourceIPSpoofingAnnotation(annot map[string]string) ([]string, error) {
Expand Down

0 comments on commit 07ad564

Please sign in to comment.