From 5a2e8ab8e40be6bf70bac1d1524947995944aa9e Mon Sep 17 00:00:00 2001 From: Jwalant Modi Date: Tue, 1 Oct 2024 13:33:00 +0530 Subject: [PATCH] Skip setting hostPort in Aerospike container for podOnly network and multiPodPerHost: false --- internal/controller/cluster/statefulset.go | 18 ++++++++++++----- test/cluster/network_policy_test.go | 23 ++++++++++++++++++++++ 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/internal/controller/cluster/statefulset.go b/internal/controller/cluster/statefulset.go index f137d828..fc0145b9 100644 --- a/internal/controller/cluster/statefulset.go +++ b/internal/controller/cluster/statefulset.go @@ -89,9 +89,10 @@ func (r *SingleClusterReconciler) createSTS( r.Log.Info("Create statefulset for AerospikeCluster", "size", replicas) - ports := getSTSContainerPort( + ports := GetSTSContainerPort( r.aeroCluster.Spec.PodSpec.MultiPodPerHost, r.aeroCluster.Spec.AerospikeConfig, + &r.aeroCluster.Spec.AerospikeNetworkPolicy, ) operatorDefinedLabels := utils.LabelsForAerospikeClusterRack( @@ -605,9 +606,10 @@ func (r *SingleClusterReconciler) updateSTSStorage( func (r *SingleClusterReconciler) updateSTSPorts( st *appsv1.StatefulSet, ) { - ports := getSTSContainerPort( + ports := GetSTSContainerPort( r.aeroCluster.Spec.PodSpec.MultiPodPerHost, r.aeroCluster.Spec.AerospikeConfig, + &r.aeroCluster.Spec.AerospikeNetworkPolicy, ) st.Spec.Template.Spec.Containers[0].Ports = ports @@ -1538,11 +1540,16 @@ func addVolumeDeviceInContainer( } } -func getSTSContainerPort( - multiPodPerHost *bool, aeroConf *asdbv1.AerospikeConfigSpec, +func GetSTSContainerPort( + multiPodPerHost *bool, aeroConf *asdbv1.AerospikeConfigSpec, aeroNetworkPolicy *asdbv1.AerospikeNetworkPolicy, ) []corev1.ContainerPort { ports := make([]corev1.ContainerPort, 0, len(defaultContainerPorts)) portNames := make([]string, 0, len(defaultContainerPorts)) + aerospikeNetworkTypePod := asdbv1.AerospikeNetworkTypePod + podOnlyNetwork := (aeroNetworkPolicy.AccessType == aerospikeNetworkTypePod && + aeroNetworkPolicy.AlternateAccessType == aerospikeNetworkTypePod) + tlsPodOnlyNetwork := (aeroNetworkPolicy.TLSAccessType == aerospikeNetworkTypePod && + aeroNetworkPolicy.TLSAlternateAccessType == aerospikeNetworkTypePod) // Sorting defaultContainerPorts to fetch map in ordered manner. // Helps reduce unnecessary sts object updates. @@ -1567,11 +1574,12 @@ func getSTSContainerPort( ContainerPort: int32(*configPort), } // Single pod per host. Enable hostPort setting + // when pod only network is not defined. // The hostPort setting applies to the Kubernetes containers. // The container port will be exposed to the external network at :, // where the hostIP is the IP address of the Kubernetes node where // the container is running and the hostPort is the port requested by the user - if !asdbv1.GetBool(multiPodPerHost) && portInfo.exposedOnHost { + if !asdbv1.GetBool(multiPodPerHost) && portInfo.exposedOnHost && !podOnlyNetwork && !tlsPodOnlyNetwork { containerPort.HostPort = containerPort.ContainerPort } diff --git a/test/cluster/network_policy_test.go b/test/cluster/network_policy_test.go index 634772d8..d1329d39 100644 --- a/test/cluster/network_policy_test.go +++ b/test/cluster/network_policy_test.go @@ -708,6 +708,29 @@ func doTestNetworkPolicy( }, ) + It("OnlyPodNetwork: should not set the hostport in pod only network"+ + "and multiPodPerHost is false", func() { + clusterNamespacedName := getNamespacedName( + "pod-network-cluster", test.MultiClusterNs1) + + networkPolicy := asdbv1.AerospikeNetworkPolicy{ + AccessType: asdbv1.AerospikeNetworkTypePod, + AlternateAccessType: asdbv1.AerospikeNetworkTypePod, + TLSAccessType: asdbv1.AerospikeNetworkTypePod, + TLSAlternateAccessType: asdbv1.AerospikeNetworkTypePod, + } + + aeroCluster = getAerospikeClusterSpecWithNetworkPolicy( + clusterNamespacedName, &networkPolicy, multiPodPerHost, + enableTLS, + ) + ports := aerospikecluster.GetSTSContainerPort(aeroCluster.Spec.PodSpec.MultiPodPerHost, + aeroCluster.Spec.AerospikeConfig, &aeroCluster.Spec.AerospikeNetworkPolicy) + + for _, port := range ports { + Expect(port.HostPort).To(BeZero()) + } + }) // test-case valid only for multiPodPerHost true if multiPodPerHost { It("OnlyPodNetwork: should create cluster without nodePort service", func() {