Do not add ingress loadbalancer on service tasks
Ingress loadbalancer is only required to be plumbed in ingress sandboxes of nodes which are the only mechanism to get traffix outside the cluster to tasks. Since the tasks are part of ingress network, these loadbalancers were getting added in all tasks which are exposing ports which is totally unnecessary resource usage. This PR avoids that. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This commit is contained in:
Jana Radhakrishnan
parent
0030332e4e
commit
cd488c6d18
|
|
@ -261,7 +261,7 @@ func (sb *sandbox) populateLoadbalancers(ep *endpoint) {
|
|||
addService := true
|
||||
for _, ip := range lb.backEnds {
|
||||
sb.addLBBackend(ip, lb.vip, lb.fwMark, lb.service.ingressPorts,
|
||||
eIP, gwIP, addService)
|
||||
eIP, gwIP, addService, n.ingress)
|
||||
addService = false
|
||||
}
|
||||
lb.service.Unlock()
|
||||
|
|
@ -284,7 +284,7 @@ func (n *network) addLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*Po
|
|||
gwIP = ep.Iface().Address().IP
|
||||
}
|
||||
|
||||
sb.addLBBackend(ip, vip, fwMark, ingressPorts, ep.Iface().Address(), gwIP, addService)
|
||||
sb.addLBBackend(ip, vip, fwMark, ingressPorts, ep.Iface().Address(), gwIP, addService, n.ingress)
|
||||
}
|
||||
|
||||
return false
|
||||
|
|
@ -307,7 +307,7 @@ func (n *network) rmLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*Por
|
|||
gwIP = ep.Iface().Address().IP
|
||||
}
|
||||
|
||||
sb.rmLBBackend(ip, vip, fwMark, ingressPorts, ep.Iface().Address(), gwIP, rmService)
|
||||
sb.rmLBBackend(ip, vip, fwMark, ingressPorts, ep.Iface().Address(), gwIP, rmService, n.ingress)
|
||||
}
|
||||
|
||||
return false
|
||||
|
|
@ -315,11 +315,15 @@ func (n *network) rmLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*Por
|
|||
}
|
||||
|
||||
// Add loadbalancer backend into one connected sandbox.
|
||||
func (sb *sandbox) addLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, gwIP net.IP, addService bool) {
|
||||
func (sb *sandbox) addLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, gwIP net.IP, addService bool, isIngressNetwork bool) {
|
||||
if sb.osSbox == nil {
|
||||
return
|
||||
}
|
||||
|
||||
if isIngressNetwork && !sb.ingress {
|
||||
return
|
||||
}
|
||||
|
||||
i, err := ipvs.New(sb.Key())
|
||||
if err != nil {
|
||||
logrus.Errorf("Failed to create an ipvs handle for sbox %s: %v", sb.Key(), err)
|
||||
|
|
@ -370,11 +374,15 @@ func (sb *sandbox) addLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*P
|
|||
}
|
||||
|
||||
// Remove loadbalancer backend from one connected sandbox.
|
||||
func (sb *sandbox) rmLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, gwIP net.IP, rmService bool) {
|
||||
func (sb *sandbox) rmLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, gwIP net.IP, rmService bool, isIngressNetwork bool) {
|
||||
if sb.osSbox == nil {
|
||||
return
|
||||
}
|
||||
|
||||
if isIngressNetwork && !sb.ingress {
|
||||
return
|
||||
}
|
||||
|
||||
i, err := ipvs.New(sb.Key())
|
||||
if err != nil {
|
||||
logrus.Errorf("Failed to create an ipvs handle for sbox %s: %v", sb.Key(), err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue