From 5804cf5180c2afe603cb1fb5f6dfa174aa8c8d31 Mon Sep 17 00:00:00 2001 From: M4t7e <7535523+M4t7e@users.noreply.github.com> Date: Mon, 20 Oct 2025 19:04:31 +0200 Subject: [PATCH 1/2] Add new env vars for load balancer config --- docs/guides/load-balancer/configuration.md | 13 +- internal/config/config.go | 102 +++++++++- internal/config/config_test.go | 24 ++- internal/hcops/load_balancer.go | 121 ++++++++---- internal/hcops/load_balancer_internal_test.go | 64 +++++++ internal/hcops/load_balancer_test.go | 175 +++++++++++++++++- 6 files changed, 439 insertions(+), 60 deletions(-) diff --git a/docs/guides/load-balancer/configuration.md b/docs/guides/load-balancer/configuration.md index 419ddb61..b7574159 100644 --- a/docs/guides/load-balancer/configuration.md +++ b/docs/guides/load-balancer/configuration.md @@ -6,8 +6,17 @@ Load Balancers are configured via Kubernetes [annotations](https://kubernetes.io For convenience, you can set the following environment variables as cluster-wide defaults, so you don't have to set them on each load balancer service. If a load balancer service has the corresponding annotation set, it overrides the default. +- `HCLOUD_LOAD_BALANCERS_ALGORITHM_TYPE` +- `HCLOUD_LOAD_BALANCERS_DISABLE_IPV6` +- `HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS` +- `HCLOUD_LOAD_BALANCERS_DISABLE_PUBLIC_NETWORK` +- `HCLOUD_LOAD_BALANCERS_ENABLED` +- `HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_INTERVAL` +- `HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_RETRIES` +- `HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_TIMEOUT` - `HCLOUD_LOAD_BALANCERS_LOCATION` (mutually exclusive with `HCLOUD_LOAD_BALANCERS_NETWORK_ZONE`) - `HCLOUD_LOAD_BALANCERS_NETWORK_ZONE` (mutually exclusive with `HCLOUD_LOAD_BALANCERS_LOCATION`) -- `HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS` +- `HCLOUD_LOAD_BALANCERS_PRIVATE_SUBNET_IP_RANGE` +- `HCLOUD_LOAD_BALANCERS_TYPE` - `HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP` -- `HCLOUD_LOAD_BALANCERS_ENABLED` +- `HCLOUD_LOAD_BALANCERS_USES_PROXYPROTOCOL` diff --git a/internal/config/config.go b/internal/config/config.go index 80129677..f9d663b1 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -5,10 +5,12 @@ import ( "fmt" "os" "strconv" + "strings" "time" "k8s.io/klog/v2" + "github.com/hetznercloud/hcloud-go/v2/hcloud" "github.com/hetznercloud/hcloud-go/v2/hcloud/exp/kit/envutil" ) @@ -31,12 +33,20 @@ const ( hcloudNetworkDisableAttachedCheck = "HCLOUD_NETWORK_DISABLE_ATTACHED_CHECK" hcloudNetworkRoutesEnabled = "HCLOUD_NETWORK_ROUTES_ENABLED" + hcloudLoadBalancersAlgorithmType = "HCLOUD_LOAD_BALANCERS_ALGORITHM_TYPE" + hcloudLoadBalancersDisableIPv6 = "HCLOUD_LOAD_BALANCERS_DISABLE_IPV6" + hcloudLoadBalancersDisablePrivateIngress = "HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS" + hcloudLoadBalancersDisablePublicNetwork = "HCLOUD_LOAD_BALANCERS_DISABLE_PUBLIC_NETWORK" hcloudLoadBalancersEnabled = "HCLOUD_LOAD_BALANCERS_ENABLED" + hcloudLoadBalancersHealthCheckInterval = "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_INTERVAL" + hcloudLoadBalancersHealthCheckRetries = "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_RETRIES" + hcloudLoadBalancersHealthCheckTimeout = "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_TIMEOUT" hcloudLoadBalancersLocation = "HCLOUD_LOAD_BALANCERS_LOCATION" hcloudLoadBalancersNetworkZone = "HCLOUD_LOAD_BALANCERS_NETWORK_ZONE" - hcloudLoadBalancersDisablePrivateIngress = "HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS" + hcloudLoadBalancersPrivateSubnetIPRange = "HCLOUD_LOAD_BALANCERS_PRIVATE_SUBNET_IP_RANGE" + hcloudLoadBalancersType = "HCLOUD_LOAD_BALANCERS_TYPE" hcloudLoadBalancersUsePrivateIP = "HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP" - hcloudLoadBalancersDisableIPv6 = "HCLOUD_LOAD_BALANCERS_DISABLE_IPV6" + hcloudLoadBalancersUsesProxyProtocol = "HCLOUD_LOAD_BALANCERS_USES_PROXYPROTOCOL" hcloudMetricsEnabled = "HCLOUD_METRICS_ENABLED" hcloudMetricsAddress = ":8233" @@ -76,12 +86,21 @@ type InstanceConfiguration struct { } type LoadBalancerConfiguration struct { - Enabled bool - Location string - NetworkZone string - PrivateIngressEnabled bool - PrivateIPEnabled bool - IPv6Enabled bool + AlgorithmType hcloud.LoadBalancerAlgorithmType + DisablePublicNetwork bool + Enabled bool + HealthCheckInterval time.Duration + HealthCheckRetries int + HealthCheckTimeout time.Duration + IPv6Enabled bool + Location string + NetworkZone string + PrivateIngressEnabled bool + PrivateIPEnabled bool + PrivateSubnetIPRange string + ProxyProtocolEnabled bool + ProxyProtocolEnabledSet bool + Type string } type NetworkConfiguration struct { @@ -183,12 +202,70 @@ func Read() (HCCMConfiguration, error) { errs = append(errs, err) } + cfg.LoadBalancer.ProxyProtocolEnabled, err = getEnvBool(hcloudLoadBalancersUsesProxyProtocol, false) + if err != nil { + errs = append(errs, err) + } + // Workaround to keep bug https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/876 + if _, exists := os.LookupEnv(hcloudLoadBalancersUsesProxyProtocol); exists { + cfg.LoadBalancer.ProxyProtocolEnabledSet = true + } + disableIPv6, err := getEnvBool(hcloudLoadBalancersDisableIPv6, false) if err != nil { errs = append(errs, err) } cfg.LoadBalancer.IPv6Enabled = !disableIPv6 // Invert the logic, as the env var is prefixed with DISABLE_. + if subnetRange, ok := os.LookupEnv(hcloudLoadBalancersPrivateSubnetIPRange); ok { + cfg.LoadBalancer.PrivateSubnetIPRange = subnetRange + } + + if algorithmType, ok := os.LookupEnv(hcloudLoadBalancersAlgorithmType); ok { + alg, parseErr := parseLoadBalancerAlgorithmType(algorithmType) + if parseErr != nil { + errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersAlgorithmType, parseErr)) + } else { + cfg.LoadBalancer.AlgorithmType = alg + } + } + + if interval, ok := os.LookupEnv(hcloudLoadBalancersHealthCheckInterval); ok { + d, parseErr := time.ParseDuration(interval) + if parseErr != nil { + errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersHealthCheckInterval, parseErr)) + } else { + cfg.LoadBalancer.HealthCheckInterval = d + } + } + + if timeout, ok := os.LookupEnv(hcloudLoadBalancersHealthCheckTimeout); ok { + d, parseErr := time.ParseDuration(timeout) + if parseErr != nil { + errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersHealthCheckTimeout, parseErr)) + } else { + cfg.LoadBalancer.HealthCheckTimeout = d + } + } + + if retries, ok := os.LookupEnv(hcloudLoadBalancersHealthCheckRetries); ok { + v, parseErr := strconv.Atoi(retries) + if parseErr != nil { + errs = append(errs, fmt.Errorf("failed to parse %s: %w", hcloudLoadBalancersHealthCheckRetries, parseErr)) + } else { + cfg.LoadBalancer.HealthCheckRetries = v + } + } + + cfg.LoadBalancer.DisablePublicNetwork, err = getEnvBool(hcloudLoadBalancersDisablePublicNetwork, false) + if err != nil { + errs = append(errs, err) + } + + if lbType, ok := os.LookupEnv(hcloudLoadBalancersType); ok { + cfg.LoadBalancer.Type = lbType + } + cfg.Network.NameOrID = os.Getenv(hcloudNetwork) disableAttachedCheck, err := getEnvBool(hcloudNetworkDisableAttachedCheck, false) if err != nil { @@ -280,3 +357,12 @@ func getEnvDuration(key string) (time.Duration, error) { return b, nil } + +func parseLoadBalancerAlgorithmType(value string) (hcloud.LoadBalancerAlgorithmType, error) { + v := strings.ToLower(strings.TrimSpace(value)) + alg := hcloud.LoadBalancerAlgorithmType(v) + if alg == hcloud.LoadBalancerAlgorithmTypeRoundRobin || alg == hcloud.LoadBalancerAlgorithmTypeLeastConnections { + return alg, nil + } + return "", fmt.Errorf("unsupported value %q", value) +} diff --git a/internal/config/config_test.go b/internal/config/config_test.go index cb24d7e5..2387d08e 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/hetznercloud/hcloud-cloud-controller-manager/internal/testsupport" + "github.com/hetznercloud/hcloud-go/v2/hcloud" ) func TestRead(t *testing.T) { @@ -123,6 +124,14 @@ failed to read ROBOT_PASSWORD_FILE: open /tmp/hetzner-password: no such file or "HCLOUD_TOKEN", "jr5g7ZHpPptyhJzZyHw2Pqu4g9gTqDvEceYpngPf79jN_NOT_VALID_dzhepnahq", "HCLOUD_ENDPOINT", "https://api.example.com", "HCLOUD_DEBUG", "true", + "HCLOUD_LOAD_BALANCERS_PRIVATE_SUBNET_IP_RANGE", "10.1.0.0/24", + "HCLOUD_LOAD_BALANCERS_USES_PROXYPROTOCOL", "true", + "HCLOUD_LOAD_BALANCERS_ALGORITHM_TYPE", "least_connections", + "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_INTERVAL", "30s", + "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_TIMEOUT", "5s", + "HCLOUD_LOAD_BALANCERS_HEALTH_CHECK_RETRIES", "5", + "HCLOUD_LOAD_BALANCERS_DISABLE_PUBLIC_NETWORK", "true", + "HCLOUD_LOAD_BALANCERS_TYPE", "lb21", }, want: HCCMConfiguration{ HCloudClient: HCloudClientConfiguration{ @@ -137,9 +146,18 @@ failed to read ROBOT_PASSWORD_FILE: open /tmp/hetzner-password: no such file or AttachedCheckEnabled: true, }, LoadBalancer: LoadBalancerConfiguration{ - Enabled: true, - PrivateIngressEnabled: true, - IPv6Enabled: true, + Enabled: true, + PrivateIngressEnabled: true, + IPv6Enabled: true, + PrivateSubnetIPRange: "10.1.0.0/24", + ProxyProtocolEnabled: true, + ProxyProtocolEnabledSet: true, + AlgorithmType: hcloud.LoadBalancerAlgorithmTypeLeastConnections, + HealthCheckInterval: 30 * time.Second, + HealthCheckTimeout: 5 * time.Second, + HealthCheckRetries: 5, + DisablePublicNetwork: true, + Type: "lb21", }, }, wantErr: nil, diff --git a/internal/hcops/load_balancer.go b/internal/hcops/load_balancer.go index 39b2b453..9c73510e 100644 --- a/internal/hcops/load_balancer.go +++ b/internal/hcops/load_balancer.go @@ -171,6 +171,8 @@ func (l *LoadBalancerOps) Create( } if v, ok := annotation.LBType.StringFromService(svc); ok { opts.LoadBalancerType.Name = v + } else if l.Cfg.LoadBalancer.Type != "" { + opts.LoadBalancerType.Name = l.Cfg.LoadBalancer.Type } if l.Cfg.LoadBalancer.Location != "" { opts.Location = &hcloud.Location{Name: l.Cfg.LoadBalancer.Location} @@ -196,19 +198,26 @@ func (l *LoadBalancerOps) Create( } algType, err := annotation.LBAlgorithmType.LBAlgorithmTypeFromService(svc) - if err != nil && !errors.Is(err, annotation.ErrNotSet) { - return nil, fmt.Errorf("%s: %w", op, err) - } - if !errors.Is(err, annotation.ErrNotSet) { + if err == nil { opts.Algorithm = &hcloud.LoadBalancerAlgorithm{Type: algType} + } else if errors.Is(err, annotation.ErrNotSet) { + if l.Cfg.LoadBalancer.AlgorithmType != "" { + opts.Algorithm = &hcloud.LoadBalancerAlgorithm{Type: l.Cfg.LoadBalancer.AlgorithmType} + } + } else { + return nil, fmt.Errorf("%s: %w", op, err) } disablePubIface, err := annotation.LBDisablePublicNetwork.BoolFromService(svc) if err != nil && !errors.Is(err, annotation.ErrNotSet) { return nil, fmt.Errorf("%s: %w", op, err) } - if disablePubIface && !errors.Is(err, annotation.ErrNotSet) { - opts.PublicInterface = hcloud.Ptr(false) + if err == nil { + opts.PublicInterface = hcloud.Ptr(!disablePubIface) + } else if errors.Is(err, annotation.ErrNotSet) { + opts.PublicInterface = hcloud.Ptr(!l.Cfg.LoadBalancer.DisablePublicNetwork) + } else { + return nil, fmt.Errorf("%s: %w", op, err) } result, _, err := l.LBClient.Create(ctx, opts) @@ -401,11 +410,15 @@ func (l *LoadBalancerOps) changeAlgorithm(ctx context.Context, lb *hcloud.LoadBa metrics.OperationCalled.WithLabelValues(op).Inc() at, err := annotation.LBAlgorithmType.LBAlgorithmTypeFromService(svc) - if errors.Is(err, annotation.ErrNotSet) { - return false, nil - } if err != nil { - return false, fmt.Errorf("%s: %w", op, err) + if errors.Is(err, annotation.ErrNotSet) { + if l.Cfg.LoadBalancer.AlgorithmType == "" { + return false, nil + } + at = l.Cfg.LoadBalancer.AlgorithmType + } else { + return false, fmt.Errorf("%s: %w", op, err) + } } if at == lb.Algorithm.Type { return false, nil @@ -429,7 +442,10 @@ func (l *LoadBalancerOps) changeType(ctx context.Context, lb *hcloud.LoadBalance lt, ok := annotation.LBType.StringFromService(svc) if !ok { - return false, nil + if l.Cfg.LoadBalancer.Type == "" { + return false, nil + } + lt = l.Cfg.LoadBalancer.Type } if lt == lb.LoadBalancerType.Name { return false, nil @@ -484,6 +500,10 @@ func (l *LoadBalancerOps) attachToNetwork(ctx context.Context, lb *hcloud.LoadBa privateIPv4String, privateIPv4configured := annotation.LBPrivateIPv4.StringFromService(svc) subnetString, subnetConfigured := annotation.PrivateSubnetIPRange.StringFromService(svc) + if !subnetConfigured && l.Cfg.LoadBalancer.PrivateSubnetIPRange != "" { + subnetString = l.Cfg.LoadBalancer.PrivateSubnetIPRange + subnetConfigured = true + } // Don't attach the Load Balancer if network is not set, or the load // balancer is already attached. if l.NetworkID == 0 || lbAttached(lb, l.NetworkID, privateIPv4String) { @@ -557,11 +577,12 @@ func (l *LoadBalancerOps) togglePublicInterface(ctx context.Context, lb *hcloud. var a *hcloud.Action disable, err := annotation.LBDisablePublicNetwork.BoolFromService(svc) - if errors.Is(err, annotation.ErrNotSet) { - return false, nil - } if err != nil { - return false, fmt.Errorf("%s: %w", op, err) + if errors.Is(err, annotation.ErrNotSet) { + disable = l.Cfg.LoadBalancer.DisablePublicNetwork + } else { + return false, fmt.Errorf("%s: %w", op, err) + } } if disable == !lb.PublicNet.Enabled { @@ -924,7 +945,12 @@ func (l *LoadBalancerOps) ReconcileHCLBServices( klog.Warning(warnMsg) } - b := &hclbServiceOptsBuilder{Port: port, Service: svc, CertOps: l.CertOps} + b := &hclbServiceOptsBuilder{ + Port: port, + Service: svc, + CertOps: l.CertOps, + cfg: l.Cfg.LoadBalancer, + } if portExists { klog.InfoS("update service", "op", op, "port", portNo, "loadBalancerID", lb.ID) @@ -1010,6 +1036,7 @@ type hclbServiceOptsBuilder struct { Port corev1.ServicePort Service *corev1.Service CertOps *CertificateOps + cfg config.LoadBalancerConfiguration listenPort int destinationPort int @@ -1052,14 +1079,18 @@ func (b *hclbServiceOptsBuilder) extract() { b.do(func() error { pp, err := annotation.LBSvcProxyProtocol.BoolFromService(b.Service) - if errors.Is(err, annotation.ErrNotSet) { + if err == nil { + b.proxyProtocol = hcloud.Ptr(pp) return nil - } - if err != nil { + } else if errors.Is(err, annotation.ErrNotSet) { + // Workaround to keep bug https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/876 + if b.cfg.ProxyProtocolEnabledSet { + b.proxyProtocol = hcloud.Ptr(b.cfg.ProxyProtocolEnabled) + } + return nil + } else { return fmt.Errorf("%s: %w", op, err) } - b.proxyProtocol = hcloud.Ptr(pp) - return nil }) b.protocol = hcloud.LoadBalancerServiceProtocolTCP @@ -1226,41 +1257,53 @@ func (b *hclbServiceOptsBuilder) extractHealthCheck() { b.do(func() error { hcInterval, err := annotation.LBSvcHealthCheckInterval.DurationFromService(b.Service) - if errors.Is(err, annotation.ErrNotSet) { + if err == nil { + b.healthCheckOpts.Interval = hcloud.Ptr(hcInterval) + b.addHealthCheck = true return nil - } - if err != nil { + } else if errors.Is(err, annotation.ErrNotSet) { + if b.cfg.HealthCheckInterval != 0 { + b.healthCheckOpts.Interval = hcloud.Ptr(b.cfg.HealthCheckInterval) + b.addHealthCheck = true + } + return nil + } else { return fmt.Errorf("%s: %w", op, err) } - b.healthCheckOpts.Interval = hcloud.Ptr(hcInterval) - b.addHealthCheck = true - return nil }) b.do(func() error { t, err := annotation.LBSvcHealthCheckTimeout.DurationFromService(b.Service) - if errors.Is(err, annotation.ErrNotSet) { + if err == nil { + b.healthCheckOpts.Timeout = hcloud.Ptr(t) + b.addHealthCheck = true return nil - } - if err != nil { + } else if errors.Is(err, annotation.ErrNotSet) { + if b.cfg.HealthCheckTimeout != 0 { + b.healthCheckOpts.Timeout = hcloud.Ptr(b.cfg.HealthCheckTimeout) + b.addHealthCheck = true + } + return nil + } else { return fmt.Errorf("%s: %w", op, err) } - b.healthCheckOpts.Timeout = hcloud.Ptr(t) - b.addHealthCheck = true - return nil }) b.do(func() error { v, err := annotation.LBSvcHealthCheckRetries.IntFromService(b.Service) - if errors.Is(err, annotation.ErrNotSet) { + if err == nil { + b.healthCheckOpts.Retries = hcloud.Ptr(v) + b.addHealthCheck = true return nil - } - if err != nil { + } else if errors.Is(err, annotation.ErrNotSet) { + if b.cfg.HealthCheckRetries != 0 { + b.healthCheckOpts.Retries = hcloud.Ptr(b.cfg.HealthCheckRetries) + b.addHealthCheck = true + } + return nil + } else { return fmt.Errorf("%s: %w", op, err) } - b.healthCheckOpts.Retries = hcloud.Ptr(v) - b.addHealthCheck = true - return nil }) if b.healthCheckOpts.Protocol == hcloud.LoadBalancerServiceProtocolTCP { diff --git a/internal/hcops/load_balancer_internal_test.go b/internal/hcops/load_balancer_internal_test.go index bb35101f..637b451b 100644 --- a/internal/hcops/load_balancer_internal_test.go +++ b/internal/hcops/load_balancer_internal_test.go @@ -12,6 +12,7 @@ import ( "k8s.io/apimachinery/pkg/types" "github.com/hetznercloud/hcloud-cloud-controller-manager/internal/annotation" + "github.com/hetznercloud/hcloud-cloud-controller-manager/internal/config" "github.com/hetznercloud/hcloud-cloud-controller-manager/internal/mocks" "github.com/hetznercloud/hcloud-go/v2/hcloud" ) @@ -22,6 +23,7 @@ func TestHCLBServiceOptsBuilder(t *testing.T) { servicePort corev1.ServicePort serviceUID string serviceAnnotations map[annotation.Name]string + cfg config.LoadBalancerConfiguration expectedAddOpts hcloud.LoadBalancerAddServiceOpts expectedUpdateOpts hcloud.LoadBalancerUpdateServiceOpts mock func(t *testing.T, tt *testCase) @@ -78,6 +80,35 @@ func TestHCLBServiceOptsBuilder(t *testing.T) { }, }, }, + { + name: "proxy protocol annotation overrides config default", + servicePort: corev1.ServicePort{Port: 86, NodePort: 8086}, + cfg: config.LoadBalancerConfiguration{ + ProxyProtocolEnabled: true, + }, + serviceAnnotations: map[annotation.Name]string{ + annotation.LBSvcProxyProtocol: "false", + }, + expectedAddOpts: hcloud.LoadBalancerAddServiceOpts{ + ListenPort: hcloud.Ptr(86), + DestinationPort: hcloud.Ptr(8086), + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + Proxyprotocol: hcloud.Ptr(false), + HealthCheck: &hcloud.LoadBalancerAddServiceOptsHealthCheck{ + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + Port: hcloud.Ptr(8086), + }, + }, + expectedUpdateOpts: hcloud.LoadBalancerUpdateServiceOpts{ + DestinationPort: hcloud.Ptr(8086), + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + Proxyprotocol: hcloud.Ptr(false), + HealthCheck: &hcloud.LoadBalancerUpdateServiceOptsHealthCheck{ + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + Port: hcloud.Ptr(8086), + }, + }, + }, { name: "select HTTP protocol", servicePort: corev1.ServicePort{Port: 82, NodePort: 8082}, @@ -160,6 +191,38 @@ func TestHCLBServiceOptsBuilder(t *testing.T) { }, }, }, + { + name: "set health check defaults via config", + servicePort: corev1.ServicePort{Port: 85, NodePort: 8085}, + cfg: config.LoadBalancerConfiguration{ + HealthCheckInterval: 30 * time.Second, + HealthCheckTimeout: 5 * time.Second, + HealthCheckRetries: 5, + }, + expectedAddOpts: hcloud.LoadBalancerAddServiceOpts{ + ListenPort: hcloud.Ptr(85), + DestinationPort: hcloud.Ptr(8085), + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + HealthCheck: &hcloud.LoadBalancerAddServiceOptsHealthCheck{ + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + Port: hcloud.Ptr(8085), + Interval: hcloud.Ptr(30 * time.Second), + Timeout: hcloud.Ptr(5 * time.Second), + Retries: hcloud.Ptr(5), + }, + }, + expectedUpdateOpts: hcloud.LoadBalancerUpdateServiceOpts{ + DestinationPort: hcloud.Ptr(8085), + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + HealthCheck: &hcloud.LoadBalancerUpdateServiceOptsHealthCheck{ + Protocol: hcloud.LoadBalancerServiceProtocolTCP, + Port: hcloud.Ptr(8085), + Interval: hcloud.Ptr(30 * time.Second), + Timeout: hcloud.Ptr(5 * time.Second), + Retries: hcloud.Ptr(5), + }, + }, + }, { name: "add managed certificate by service uid label", servicePort: corev1.ServicePort{Port: 83, NodePort: 8083}, @@ -380,6 +443,7 @@ func TestHCLBServiceOptsBuilder(t *testing.T) { }, }, CertOps: &CertificateOps{CertClient: tt.certClient}, + cfg: tt.cfg, } for k, v := range tt.serviceAnnotations { builder.Service.Annotations[string(k)] = v diff --git a/internal/hcops/load_balancer_test.go b/internal/hcops/load_balancer_test.go index 5ba80ef0..f42419d6 100644 --- a/internal/hcops/load_balancer_test.go +++ b/internal/hcops/load_balancer_test.go @@ -266,6 +266,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Location: &hcloud.Location{ Name: "fsn1", }, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "some-lb-uid", }, @@ -286,6 +287,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, NetworkZone: hcloud.NetworkZoneEUCentral, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -305,6 +307,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Location: &hcloud.Location{ Name: "fsn1", }, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "some-lb-uid", }, @@ -322,6 +325,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "some-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, NetworkZone: hcloud.NetworkZoneEUCentral, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "some-lb-uid", }, @@ -343,6 +347,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, NetworkZone: hcloud.NetworkZoneEUCentral, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -366,6 +371,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Location: &hcloud.Location{ Name: "fsn1", }, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -388,6 +394,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, Location: &hcloud.Location{Name: "nbg1"}, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -404,6 +411,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb21"}, Location: &hcloud.Location{Name: "nbg1"}, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -421,12 +429,51 @@ func TestLoadBalancerOps_Create(t *testing.T) { LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, Location: &hcloud.Location{Name: "nbg1"}, Algorithm: &hcloud.LoadBalancerAlgorithm{Type: hcloud.LoadBalancerAlgorithmTypeLeastConnections}, + PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, }, lb: &hcloud.LoadBalancer{ID: 4}, }, + { + name: "create with load balancer type default", + cfg: config.HCCMConfiguration{ + LoadBalancer: config.LoadBalancerConfiguration{ + Location: "nbg1", + Type: "lb21", + }, + }, + createOpts: hcloud.LoadBalancerCreateOpts{ + Name: "lb-default-type", + LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb21"}, + Location: &hcloud.Location{Name: "nbg1"}, + PublicInterface: hcloud.Ptr(true), + Labels: map[string]string{ + hcops.LabelServiceUID: "lb-default-type-uid", + }, + }, + lb: &hcloud.LoadBalancer{ID: 7}, + }, + { + name: "create disables public interface via default", + cfg: config.HCCMConfiguration{ + LoadBalancer: config.LoadBalancerConfiguration{ + Location: "nbg1", + DisablePublicNetwork: true, + }, + }, + createOpts: hcloud.LoadBalancerCreateOpts{ + Name: "lb-disable-public", + LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, + Location: &hcloud.Location{Name: "nbg1"}, + PublicInterface: hcloud.Ptr(false), + Labels: map[string]string{ + hcops.LabelServiceUID: "lb-disable-public-uid", + }, + }, + lb: &hcloud.LoadBalancer{ID: 8}, + }, { name: "fail on invalid Load Balancer algorithm type", serviceAnnotations: map[annotation.Name]string{ @@ -591,6 +638,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Algorithm: hcloud.LoadBalancerAlgorithm{ Type: hcloud.LoadBalancerAlgorithmTypeRoundRobin, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { opts := hcloud.LoadBalancerChangeAlgorithmOpts{Type: hcloud.LoadBalancerAlgorithmTypeLeastConnections} @@ -617,6 +667,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Algorithm: hcloud.LoadBalancerAlgorithm{ Type: hcloud.LoadBalancerAlgorithmTypeRoundRobin, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, perform: func(t *testing.T, tt *LBReconcilementTestCase) { changed, err := tt.fx.LBOps.ReconcileHCLB(tt.fx.Ctx, tt.initialLB, tt.service) @@ -635,6 +688,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Algorithm: hcloud.LoadBalancerAlgorithm{ Type: hcloud.LoadBalancerAlgorithmTypeRoundRobin, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, perform: func(t *testing.T, tt *LBReconcilementTestCase) { changed, err := tt.fx.LBOps.ReconcileHCLB(tt.fx.Ctx, tt.initialLB, tt.service) @@ -652,6 +708,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { LoadBalancerType: &hcloud.LoadBalancerType{ Name: "lb11", }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { opts := hcloud.LoadBalancerChangeTypeOpts{ @@ -670,6 +729,39 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { assert.True(t, changed) }, }, + { + name: "update type from config default", + cfg: config.HCCMConfiguration{ + LoadBalancer: config.LoadBalancerConfiguration{ + Type: "lb21", + }, + }, + initialLB: &hcloud.LoadBalancer{ + ID: 11, + LoadBalancerType: &hcloud.LoadBalancerType{ + Name: "lb11", + }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, + }, + mock: func(_ *testing.T, tt *LBReconcilementTestCase) { + opts := hcloud.LoadBalancerChangeTypeOpts{ + LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb21"}, + } + + action := &hcloud.Action{ID: 5811} + tt.fx.LBClient. + On("ChangeType", tt.fx.Ctx, tt.initialLB, opts). + Return(action, nil, nil) + tt.fx.ActionClient.On("WaitFor", tt.fx.Ctx, action).Return(nil) + }, + perform: func(t *testing.T, tt *LBReconcilementTestCase) { + changed, err := tt.fx.LBOps.ReconcileHCLB(tt.fx.Ctx, tt.initialLB, tt.service) + assert.NoError(t, err) + assert.True(t, changed) + }, + }, { name: "don't update unchanged type", serviceAnnotations: map[annotation.Name]string{ @@ -680,6 +772,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { LoadBalancerType: &hcloud.LoadBalancerType{ Name: "lb21", }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, perform: func(t *testing.T, tt *LBReconcilementTestCase) { changed, err := tt.fx.LBOps.ReconcileHCLB(tt.fx.Ctx, tt.initialLB, tt.service) @@ -790,6 +885,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Network: &hcloud.Network{ID: 14, Name: "some-network"}, }, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { opts := hcloud.LoadBalancerDetachFromNetworkOpts{ @@ -815,6 +913,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { IP: net.ParseIP("10.10.10.3"), }, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, serviceAnnotations: map[annotation.Name]string{ annotation.LBPrivateIPv4: "10.10.10.2", @@ -856,6 +957,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Network: &hcloud.Network{ID: 15, Name: "some-network"}, }, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { tt.fx.LBOps.NetworkID = tt.initialLB.PrivateNet[0].Network.ID @@ -867,8 +971,13 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { }, }, { - name: "attach Load Balancer to network", - initialLB: &hcloud.LoadBalancer{ID: 4}, + name: "attach Load Balancer to network", + initialLB: &hcloud.LoadBalancer{ + ID: 4, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, + }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { nw := &hcloud.Network{ID: 15, Name: "some-network"} tt.fx.NetworkClient.On("GetByID", tt.fx.Ctx, nw.ID).Return(nw, nil, nil) @@ -887,8 +996,13 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { }, }, { - name: "attach Load Balancer to network with specific IP", - initialLB: &hcloud.LoadBalancer{ID: 4}, + name: "attach Load Balancer to network with specific IP", + initialLB: &hcloud.LoadBalancer{ + ID: 4, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, + }, serviceAnnotations: map[annotation.Name]string{ annotation.LBPrivateIPv4: "10.10.10.2", }, @@ -910,8 +1024,13 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { }, }, { - name: "re-try attach to network on conflict", - initialLB: &hcloud.LoadBalancer{ID: 5}, + name: "re-try attach to network on conflict", + initialLB: &hcloud.LoadBalancer{ + ID: 5, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, + }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { nw := &hcloud.Network{ID: 15, Name: "some-network"} tt.fx.NetworkClient.On("GetByID", tt.fx.Ctx, nw.ID).Return(nw, nil, nil) @@ -939,8 +1058,13 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { }, }, { - name: "re-try attach to network on locked error", - initialLB: &hcloud.LoadBalancer{ID: 5}, + name: "re-try attach to network on locked error", + initialLB: &hcloud.LoadBalancer{ + ID: 5, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, + }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { nw := &hcloud.Network{ID: 15, Name: "some-network"} tt.fx.NetworkClient.On("GetByID", tt.fx.Ctx, nw.ID).Return(nw, nil, nil) @@ -976,6 +1100,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Network: &hcloud.Network{ID: 16, Name: "some-network"}, }, }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { tt.fx.LBOps.NetworkID = tt.initialLB.PrivateNet[0].Network.ID @@ -1010,6 +1137,32 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { assert.True(t, changed) }, }, + { + name: "disable enabled public network from config default", + cfg: config.HCCMConfiguration{ + LoadBalancer: config.LoadBalancerConfiguration{ + DisablePublicNetwork: true, + }, + }, + initialLB: &hcloud.LoadBalancer{ + ID: 16, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, + }, + mock: func(_ *testing.T, tt *LBReconcilementTestCase) { + action := &hcloud.Action{ID: rand.Int63()} + tt.fx.LBClient. + On("DisablePublicInterface", tt.fx.Ctx, tt.initialLB). + Return(action, nil, nil) + tt.fx.ActionClient.On("WaitFor", tt.fx.Ctx, action).Return(nil) + }, + perform: func(t *testing.T, tt *LBReconcilementTestCase) { + changed, err := tt.fx.LBOps.ReconcileHCLB(tt.fx.Ctx, tt.initialLB, tt.service) + assert.NoError(t, err) + assert.True(t, changed) + }, + }, { name: "keep disabled public interface", serviceAnnotations: map[annotation.Name]string{ @@ -1076,6 +1229,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Labels: map[string]string{ "some-label": "some-value", }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { updated := *tt.initialLB @@ -1113,6 +1269,9 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { Labels: map[string]string{ hcops.LabelServiceUID: "11", }, + PublicNet: hcloud.LoadBalancerPublicNet{ + Enabled: true, + }, }, mock: func(_ *testing.T, tt *LBReconcilementTestCase) { updated := *tt.initialLB From 33b6571ed2a7611ab5fc651a8759f7c60b0874e1 Mon Sep 17 00:00:00 2001 From: M4t7e <7535523+M4t7e@users.noreply.github.com> Date: Mon, 27 Oct 2025 21:29:51 +0100 Subject: [PATCH 2/2] Use pointers and remove fallback to default value for public network --- internal/config/config.go | 53 +++++++++++-------- internal/config/config_test.go | 23 ++++---- internal/hcops/load_balancer.go | 32 ++++++----- internal/hcops/load_balancer_internal_test.go | 2 +- internal/hcops/load_balancer_test.go | 14 +---- 5 files changed, 64 insertions(+), 60 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index a037e18d..35bb63e6 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -86,21 +86,20 @@ type InstanceConfiguration struct { } type LoadBalancerConfiguration struct { - AlgorithmType hcloud.LoadBalancerAlgorithmType - DisablePublicNetwork bool - Enabled bool - HealthCheckInterval time.Duration - HealthCheckRetries int - HealthCheckTimeout time.Duration - IPv6Enabled bool - Location string - NetworkZone string - PrivateIngressEnabled bool - PrivateIPEnabled bool - PrivateSubnetIPRange string - ProxyProtocolEnabled bool - ProxyProtocolEnabledSet bool - Type string + AlgorithmType hcloud.LoadBalancerAlgorithmType + DisablePublicNetwork *bool + Enabled bool + HealthCheckInterval time.Duration + HealthCheckRetries int + HealthCheckTimeout time.Duration + IPv6Enabled bool + Location string + NetworkZone string + PrivateIngressEnabled bool + PrivateIPEnabled bool + PrivateSubnetIPRange string + ProxyProtocolEnabled *bool + Type string } type NetworkConfiguration struct { @@ -207,14 +206,10 @@ func Read() (HCCMConfiguration, error) { errs = append(errs, err) } - cfg.LoadBalancer.ProxyProtocolEnabled, err = getEnvBool(hcloudLoadBalancersUsesProxyProtocol, false) + cfg.LoadBalancer.ProxyProtocolEnabled, err = getEnvBoolPtr(hcloudLoadBalancersUsesProxyProtocol) if err != nil { errs = append(errs, err) } - // Workaround to keep bug https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/876 - if _, exists := os.LookupEnv(hcloudLoadBalancersUsesProxyProtocol); exists { - cfg.LoadBalancer.ProxyProtocolEnabledSet = true - } disableIPv6, err := getEnvBool(hcloudLoadBalancersDisableIPv6, false) if err != nil { @@ -262,7 +257,7 @@ func Read() (HCCMConfiguration, error) { } } - cfg.LoadBalancer.DisablePublicNetwork, err = getEnvBool(hcloudLoadBalancersDisablePublicNetwork, false) + cfg.LoadBalancer.DisablePublicNetwork, err = getEnvBoolPtr(hcloudLoadBalancersDisablePublicNetwork) if err != nil { errs = append(errs, err) } @@ -347,6 +342,22 @@ func getEnvBool(key string, defaultValue bool) (bool, error) { return b, nil } +// getEnvBoolPtr returns a pointer to the boolean parsed from the environment variable with the given key. +// Returns nil if the env var is unset. +func getEnvBoolPtr(key string) (*bool, error) { + v, ok := os.LookupEnv(key) + if !ok { + return nil, nil + } + + b, err := strconv.ParseBool(v) + if err != nil { + return nil, fmt.Errorf("failed to parse %s: %w", key, err) + } + + return &b, nil +} + // getEnvDuration returns the duration parsed from the environment variable with the given key and a potential error // parsing the var. Returns false if the env var is unset. func getEnvDuration(key string) (time.Duration, error) { diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 1295975c..179ab0bf 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -146,18 +146,17 @@ failed to read ROBOT_PASSWORD_FILE: open /tmp/hetzner-password: no such file or AttachedCheckEnabled: true, }, LoadBalancer: LoadBalancerConfiguration{ - Enabled: true, - PrivateIngressEnabled: true, - IPv6Enabled: true, - PrivateSubnetIPRange: "10.1.0.0/24", - ProxyProtocolEnabled: true, - ProxyProtocolEnabledSet: true, - AlgorithmType: hcloud.LoadBalancerAlgorithmTypeLeastConnections, - HealthCheckInterval: 30 * time.Second, - HealthCheckTimeout: 5 * time.Second, - HealthCheckRetries: 5, - DisablePublicNetwork: true, - Type: "lb21", + Enabled: true, + PrivateIngressEnabled: true, + IPv6Enabled: true, + PrivateSubnetIPRange: "10.1.0.0/24", + ProxyProtocolEnabled: hcloud.Ptr(true), + AlgorithmType: hcloud.LoadBalancerAlgorithmTypeLeastConnections, + HealthCheckInterval: 30 * time.Second, + HealthCheckTimeout: 5 * time.Second, + HealthCheckRetries: 5, + DisablePublicNetwork: hcloud.Ptr(true), + Type: "lb21", }, }, wantErr: nil, diff --git a/internal/hcops/load_balancer.go b/internal/hcops/load_balancer.go index 9c73510e..63405589 100644 --- a/internal/hcops/load_balancer.go +++ b/internal/hcops/load_balancer.go @@ -209,13 +209,12 @@ func (l *LoadBalancerOps) Create( } disablePubIface, err := annotation.LBDisablePublicNetwork.BoolFromService(svc) - if err != nil && !errors.Is(err, annotation.ErrNotSet) { - return nil, fmt.Errorf("%s: %w", op, err) - } if err == nil { opts.PublicInterface = hcloud.Ptr(!disablePubIface) } else if errors.Is(err, annotation.ErrNotSet) { - opts.PublicInterface = hcloud.Ptr(!l.Cfg.LoadBalancer.DisablePublicNetwork) + if l.Cfg.LoadBalancer.DisablePublicNetwork != nil { + opts.PublicInterface = hcloud.Ptr(!*l.Cfg.LoadBalancer.DisablePublicNetwork) + } } else { return nil, fmt.Errorf("%s: %w", op, err) } @@ -577,19 +576,24 @@ func (l *LoadBalancerOps) togglePublicInterface(ctx context.Context, lb *hcloud. var a *hcloud.Action disable, err := annotation.LBDisablePublicNetwork.BoolFromService(svc) - if err != nil { - if errors.Is(err, annotation.ErrNotSet) { - disable = l.Cfg.LoadBalancer.DisablePublicNetwork - } else { - return false, fmt.Errorf("%s: %w", op, err) - } + var desiredDisable *bool + if err == nil { + desiredDisable = hcloud.Ptr(disable) + } else if errors.Is(err, annotation.ErrNotSet) { + desiredDisable = l.Cfg.LoadBalancer.DisablePublicNetwork + } else { + return false, fmt.Errorf("%s: %w", op, err) + } + + if desiredDisable == nil { + return false, nil } - if disable == !lb.PublicNet.Enabled { + if *desiredDisable == !lb.PublicNet.Enabled { return false, nil } - if disable { + if *desiredDisable { a, _, err = l.LBClient.DisablePublicInterface(ctx, lb) } else { a, _, err = l.LBClient.EnablePublicInterface(ctx, lb) @@ -1084,8 +1088,8 @@ func (b *hclbServiceOptsBuilder) extract() { return nil } else if errors.Is(err, annotation.ErrNotSet) { // Workaround to keep bug https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/876 - if b.cfg.ProxyProtocolEnabledSet { - b.proxyProtocol = hcloud.Ptr(b.cfg.ProxyProtocolEnabled) + if b.cfg.ProxyProtocolEnabled != nil { + b.proxyProtocol = hcloud.Ptr(*b.cfg.ProxyProtocolEnabled) } return nil } else { diff --git a/internal/hcops/load_balancer_internal_test.go b/internal/hcops/load_balancer_internal_test.go index 637b451b..a2772844 100644 --- a/internal/hcops/load_balancer_internal_test.go +++ b/internal/hcops/load_balancer_internal_test.go @@ -84,7 +84,7 @@ func TestHCLBServiceOptsBuilder(t *testing.T) { name: "proxy protocol annotation overrides config default", servicePort: corev1.ServicePort{Port: 86, NodePort: 8086}, cfg: config.LoadBalancerConfiguration{ - ProxyProtocolEnabled: true, + ProxyProtocolEnabled: hcloud.Ptr(true), }, serviceAnnotations: map[annotation.Name]string{ annotation.LBSvcProxyProtocol: "false", diff --git a/internal/hcops/load_balancer_test.go b/internal/hcops/load_balancer_test.go index f42419d6..e3bfa854 100644 --- a/internal/hcops/load_balancer_test.go +++ b/internal/hcops/load_balancer_test.go @@ -266,7 +266,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Location: &hcloud.Location{ Name: "fsn1", }, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "some-lb-uid", }, @@ -287,7 +286,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, NetworkZone: hcloud.NetworkZoneEUCentral, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -307,7 +305,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Location: &hcloud.Location{ Name: "fsn1", }, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "some-lb-uid", }, @@ -325,7 +322,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "some-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, NetworkZone: hcloud.NetworkZoneEUCentral, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "some-lb-uid", }, @@ -347,7 +343,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, NetworkZone: hcloud.NetworkZoneEUCentral, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -371,7 +366,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Location: &hcloud.Location{ Name: "fsn1", }, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -394,7 +388,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, Location: &hcloud.Location{Name: "nbg1"}, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -411,7 +404,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "another-lb", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb21"}, Location: &hcloud.Location{Name: "nbg1"}, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -429,7 +421,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb11"}, Location: &hcloud.Location{Name: "nbg1"}, Algorithm: &hcloud.LoadBalancerAlgorithm{Type: hcloud.LoadBalancerAlgorithmTypeLeastConnections}, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "another-lb-uid", }, @@ -448,7 +439,6 @@ func TestLoadBalancerOps_Create(t *testing.T) { Name: "lb-default-type", LoadBalancerType: &hcloud.LoadBalancerType{Name: "lb21"}, Location: &hcloud.Location{Name: "nbg1"}, - PublicInterface: hcloud.Ptr(true), Labels: map[string]string{ hcops.LabelServiceUID: "lb-default-type-uid", }, @@ -460,7 +450,7 @@ func TestLoadBalancerOps_Create(t *testing.T) { cfg: config.HCCMConfiguration{ LoadBalancer: config.LoadBalancerConfiguration{ Location: "nbg1", - DisablePublicNetwork: true, + DisablePublicNetwork: hcloud.Ptr(true), }, }, createOpts: hcloud.LoadBalancerCreateOpts{ @@ -1141,7 +1131,7 @@ func TestLoadBalancerOps_ReconcileHCLB(t *testing.T) { name: "disable enabled public network from config default", cfg: config.HCCMConfiguration{ LoadBalancer: config.LoadBalancerConfiguration{ - DisablePublicNetwork: true, + DisablePublicNetwork: hcloud.Ptr(true), }, }, initialLB: &hcloud.LoadBalancer{