Merge pull request #64443 from deads2k/server-16-aggregate-tight

Automatic merge from submit-queue (batch tested with PRs 57082, 64325, 64016, 64443, 64403). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. services must listen on port 443 for aggregation If a clusterIP service isn't listening on port 443, don't mark it as available. @mfojtik you've got an issue, right? @kubernetes/sig-api-machinery-bugs /assign @sttts /kind bug ```release-note NONE ```
2018-05-30 18:49:20 -07:00 · 2018-05-30 18:49:20 -07:00 · 305d053182
parent 0340864ae9 b3ce7a9935
commit 305d053182
2 changed files with 40 additions and 0 deletions
--- a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go
+++ b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go
@ -176,6 +176,22 @@ func (c *AvailableConditionController) sync(key string) error {
 	}

 	if service.Spec.Type == v1.ServiceTypeClusterIP {
+		// if we have a cluster IP service, it must be listening on 443 and we can check that
+		foundPort := false
+		for _, port := range service.Spec.Ports {
+			if port.Port == 443 {
+				foundPort = true
+			}
+		}
+		if !foundPort {
+			availableCondition.Status = apiregistration.ConditionFalse
+			availableCondition.Reason = "ServicePortError"
+			availableCondition.Message = fmt.Sprintf("service/%s in %q is not listening on port 443", apiService.Spec.Service.Name, apiService.Spec.Service.Namespace)
+			apiregistration.SetAPIServiceCondition(apiService, availableCondition)
+			_, err := c.apiServiceClient.APIServices().UpdateStatus(apiService)
+			return err
+		}
+
 		endpoints, err := c.endpointsLister.Endpoints(apiService.Spec.Service.Namespace).Get(apiService.Spec.Service.Name)
 		if apierrors.IsNotFound(err) {
 			availableCondition.Status = apiregistration.ConditionFalse
--- a/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller_test.go
+++ b/staging/src/k8s.io/kube-aggregator/pkg/controllers/status/available_controller_test.go
@ -55,6 +55,9 @@ func newService(namespace, name string) *v1.Service {
 		ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name},
 		Spec: v1.ServiceSpec{
 			Type: v1.ServiceTypeClusterIP,
+			Ports: []v1.ServicePort{
+				{Port: 443},
+			},
 		},
 	}
 }
@ -110,6 +113,27 @@ func TestSync(t *testing.T) {
 				Message: `service/bar in "foo" is not present`,
 			},
 		},
+		{
+			name:           "service on bad port",
+			apiServiceName: "remote.group",
+			apiServices:    []*apiregistration.APIService{newRemoteAPIService("remote.group")},
+			services: []*v1.Service{{
+				ObjectMeta: metav1.ObjectMeta{Namespace: "foo", Name: "bar"},
+				Spec: v1.ServiceSpec{
+					Type: v1.ServiceTypeClusterIP,
+					Ports: []v1.ServicePort{
+						{Port: 6443},
+					},
+				},
+			}},
+			endpoints: []*v1.Endpoints{newEndpointsWithAddress("foo", "bar")},
+			expectedAvailability: apiregistration.APIServiceCondition{
+				Type:    apiregistration.Available,
+				Status:  apiregistration.ConditionFalse,
+				Reason:  "ServicePortError",
+				Message: `service/bar in "foo" is not listening on port 443`,
+			},
+		},
 		{
 			name:           "no endpoints",
 			apiServiceName: "remote.group",