From 6195d5de96fd709463202f1188fd936dc010f2b9 Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Thu, 3 Oct 2024 17:45:36 +0300 Subject: [PATCH] Deploy ingress-gce only when dualstack networking is enabled. Signed-off-by: Artiom Diomin --- .../default-http-backend/templates/rbac.yaml | 3 --- pkg/controller/controlplane/valuesprovider.go | 21 +++++++++++++++---- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/charts/internal/shoot-system-components/charts/default-http-backend/templates/rbac.yaml b/charts/internal/shoot-system-components/charts/default-http-backend/templates/rbac.yaml index ba1cf5a77..19ca4b85e 100644 --- a/charts/internal/shoot-system-components/charts/default-http-backend/templates/rbac.yaml +++ b/charts/internal/shoot-system-components/charts/default-http-backend/templates/rbac.yaml @@ -56,9 +56,6 @@ rules: - apiGroups: ["extensions", "networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch"] -# For now, GLBC annotates ingress resources with various state and statuses: -# https://github.com/kubernetes/ingress-gce/blob/50d49b077d9ab4362a02fae05f94e433cd3f08dc/pkg/controller/controller.go#L579 -# TODO(rramkumar1): Remove unnecessary `update` permission once statuses are propagated through `ingresses/status` - apiGroups: ["extensions", "networking.k8s.io"] resources: ["ingresses"] verbs: ["update"] diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go index 56a4bbdcd..f4296111e 100644 --- a/pkg/controller/controlplane/valuesprovider.go +++ b/pkg/controller/controlplane/valuesprovider.go @@ -14,7 +14,7 @@ import ( extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller" "github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator" extensionssecretsmanager "github.com/gardener/gardener/extensions/pkg/util/secret/manager" - "github.com/gardener/gardener/pkg/apis/core/v1beta1" + gardencorcorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" @@ -412,10 +412,21 @@ func (vp *valuesProvider) getControlPlaneChartValues( }, gcp.CloudControllerManagerName: ccm, gcp.CSIControllerName: csi, - gcp.IngressGCEName: map[string]interface{}{"enabled": true}, + gcp.IngressGCEName: map[string]interface{}{ + "enabled": isDualstackEnabled(cluster.Shoot.Spec.Networking), + "replicas": extensionscontroller.GetControlPlaneReplicas(cluster, scaledDown, 1), + }, }, nil } +func isDualstackEnabled(networking *gardencorcorev1beta1.Networking) bool { + if networking != nil { + return !gardencorcorev1beta1.IsIPv4SingleStack(networking.IPFamilies) + } + + return false +} + // getCCMChartValues collects and returns the CCM chart values. func (vp *valuesProvider) getCCMChartValues( cpConfig *apisgcp.ControlPlaneConfig, @@ -523,7 +534,9 @@ func getControlPlaneShootChartValues( "caBundle": string(caSecret.Data[secretutils.DataKeyCertificateBundle]), }, }, - "default-http-backend": map[string]interface{}{"enabled": true}, + gcp.DefaultHTTPBackendImageName: map[string]interface{}{ + "enabled": isDualstackEnabled(cluster.Shoot.Spec.Networking), + }, }, nil } @@ -574,7 +587,7 @@ func getNetworkNames( return networkName, subNetworkName } -func (vp *valuesProvider) isOverlayEnabled(network *v1beta1.Networking) (bool, error) { +func (vp *valuesProvider) isOverlayEnabled(network *gardencorcorev1beta1.Networking) (bool, error) { if network == nil || network.ProviderConfig == nil { return true, nil }