Merge pull request #305 from nicktate/ntate/feature/health-check-port-annotation

Add support for configurable health-check via annotation

Author: nicktate

CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Fixed
 
 * Maintain default protocol when secure protocol override is applied (@timoreimann)
+* Add `service.beta.kubernetes.io/do-loadbalancer-healthcheck-port` annotation to customize DO LB health-check port (@ntate)
 
 ## v0.1.22 (beta) - Jan 15th 2020
 

cloud-controller-manager/do/loadbalancers.go

@@ -49,6 +49,10 @@ const (
 	// for DO load balancers. Defaults to '/'.
 	annDOHealthCheckPath = "service.beta.kubernetes.io/do-loadbalancer-healthcheck-path"
 
+	// annDOHealthCheckPort is the annotation used to specify the health check port
+	// for DO load balancers. Defaults to the first Service Port
+	annDOHealthCheckPort = "service.beta.kubernetes.io/do-loadbalancer-healthcheck-port"
+
 	// annDOHealthCheckProtocol is the annotation used to specify the health check protocol
 	// for DO load balancers. Defaults to the protocol used in
 	// 'service.beta.kubernetes.io/do-loadbalancer-protocol'.
@@ -587,11 +591,12 @@ func (l *loadBalancers) buildLoadBalancerRequest(ctx context.Context, service *v
 }
 
 // buildHealthChecks returns a godo.HealthCheck for service.
-//
-// Although a Kubernetes Service can have many node ports, DigitalOcean Load
-// Balancers can only take one node port so we choose the first node port for
-// health checking.
 func buildHealthCheck(service *v1.Service) (*godo.HealthCheck, error) {
+	healthCheckPort, err := healthCheckPort(service)
+	if err != nil {
+		return nil, err
+	}
+
 	healthCheckProtocol, err := healthCheckProtocol(service)
 	if err != nil {
 		return nil, err
@@ -618,7 +623,7 @@ func buildHealthCheck(service *v1.Service) (*godo.HealthCheck, error) {
 
 	return &godo.HealthCheck{
 		Protocol:               healthCheckProtocol,
-		Port:                   int(service.Spec.Ports[0].NodePort),
+		Port:                   healthCheckPort,
 		Path:                   healthCheckPath,
 		CheckIntervalSeconds:   checkIntervalSecs,
 		ResponseTimeoutSeconds: responseTimeoutSecs,
@@ -781,6 +786,30 @@ func getHostname(service *v1.Service) string {
 	return strings.ToLower(service.Annotations[annDOHostname])
 }
 
+// healthCheckPort returns the health check port specified, defaulting
+// to the first port in the service otherwise.
+func healthCheckPort(service *v1.Service) (int, error) {
+	ports, err := getPorts(service, annDOHealthCheckPort)
+	if err != nil {
+		return 0, fmt.Errorf("failed to get health check port: %v", err)
+	}
+
+	if len(ports) > 1 {
+		return 0, fmt.Errorf("annotation %s only supports a single port, but found multiple: %v", annDOHealthCheckPort, ports)
+	}
+
+	if len(ports) == 1 {
+		for _, servicePort := range service.Spec.Ports {
+			if int(servicePort.Port) == ports[0] {
+				return int(servicePort.NodePort), nil
+			}
+		}
+		return 0, fmt.Errorf("specified health check port %d does not exist on service %s/%s", ports[0], service.Namespace, service.Name)
+	}
+
+	return int(service.Spec.Ports[0].NodePort), nil
+}
+
 // healthCheckProtocol returns the health check protocol as specified in the service,
 // falling back to TCP if not specified.
 func healthCheckProtocol(service *v1.Service) (string, error) {

cloud-controller-manager/do/loadbalancers_test.go

@@ -1991,6 +1991,125 @@ func Test_buildHealthCheck(t *testing.T) {
 			},
 			errMsgPrefix: fmt.Sprintf("invalid protocol: %q specified in annotation: %q", "invalid", annDOProtocol),
 		},
+		{
+			name: "health check with custom port",
+			service: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test",
+					UID:  "abc123",
+					Annotations: map[string]string{
+						annDOProtocol:        "http",
+						annDOHealthCheckPath: "/health",
+						annDOHealthCheckPort: "636",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					Ports: []v1.ServicePort{
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(80),
+							NodePort: int32(30000),
+						},
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(636),
+							NodePort: int32(32000),
+						},
+					},
+				},
+			},
+			healthcheck: defaultHealthCheck("http", 32000, "/health"),
+		},
+		{
+			name: "invalid health check using port override with non-existent port",
+			service: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test",
+					Namespace: "default",
+					UID:       "abc123",
+					Annotations: map[string]string{
+						annDOHealthCheckPort: "9999",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					Ports: []v1.ServicePort{
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(636),
+							NodePort: int32(30000),
+						},
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(332),
+							NodePort: int32(32000),
+						},
+					},
+				},
+			},
+			errMsgPrefix: fmt.Sprintf("specified health check port %d does not exist on service default/test", 9999),
+		},
+		{
+			name: "invalid health check using port override with non-numeric port",
+			service: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test",
+					UID:  "abc123",
+					Annotations: map[string]string{
+						annDOHealthCheckPort: "invalid",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					Ports: []v1.ServicePort{
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(636),
+							NodePort: int32(30000),
+						},
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(332),
+							NodePort: int32(32000),
+						},
+					},
+				},
+			},
+			errMsgPrefix: "failed to get health check port: strconv.Atoi: parsing \"invalid\": invalid syntax",
+		},
+		{
+			name: "invalid health check using port override with multiple ports",
+			service: &v1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test",
+					UID:  "abc123",
+					Annotations: map[string]string{
+						annDOHealthCheckPort: "636,332",
+					},
+				},
+				Spec: v1.ServiceSpec{
+					Ports: []v1.ServicePort{
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(636),
+							NodePort: int32(30000),
+						},
+						{
+							Name:     "test",
+							Protocol: "TCP",
+							Port:     int32(332),
+							NodePort: int32(32000),
+						},
+					},
+				},
+			},
+			errMsgPrefix: fmt.Sprintf("annotation %s only supports a single port, but found multiple: [636 332]", annDOHealthCheckPort),
+		},
 		{
 			name: "default numeric parameters",
 			service: &v1.Service{

docs/controllers/services/annotations.md

@@ -12,6 +12,10 @@ Certain annotations may override the default protocol. See the more specific des
 
 If `https` or `http2` is specified, then either `service.beta.kubernetes.io/do-loadbalancer-certificate-id` or `service.beta.kubernetes.io/do-loadbalancer-tls-passthrough` must be specified as well.
 
+## service.beta.kubernetes.io/do-loadbalancer-healthcheck-port
+
+The port used to check if a backend droplet is healthy. Defaults to the first port in a service.
+
 ## service.beta.kubernetes.io/do-loadbalancer-healthcheck-path
 
 The path used to check if a backend droplet is healthy. Defaults to "/".

docs/controllers/services/examples/http-nginx-with-healthcheck-port.yml

@@ -0,0 +1,43 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: http-lb
+  annotations:
+    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
+    service.beta.kubernetes.io/do-loadbalancer-healthcheck-port: "55"
+spec:
+  type: LoadBalancer
+  selector:
+    app: nginx-example
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 80
+    - name: health-check
+      protocol: TCP
+      port: 55
+      targetPort: 80
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-example
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx-example
+  template:
+    metadata:
+      labels:
+        app: nginx-example
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        ports:
+        - containerPort: 80
+          protocol: TCP