Skip to content

Commit a9abf94

Browse files
NeurostepNeurostep
authored
Pass ignored IPs to proxy init container (#803)
1 parent 98ef469 commit a9abf94

File tree

2 files changed

+58
-1
lines changed

2 files changed

+58
-1
lines changed

pkg/inject/proxy.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,10 +64,11 @@ type proxyConfig struct {
6464
func (m *proxyMutator) buildProxyConfig(pod *corev1.Pod) proxyConfig {
6565
appPorts := m.getAppPorts(pod)
6666
egressIgnoredPorts := m.getEgressIgnoredPorts(pod)
67+
egressIgnoredIPs := m.getEgressIgnoredIPs(pod)
6768
enableIPV6 := m.isIPV6Enabled(pod)
6869
return proxyConfig{
6970
appPorts: appPorts,
70-
egressIgnoredIPs: m.mutatorConfig.egressIgnoredIPs,
71+
egressIgnoredIPs: egressIgnoredIPs,
7172
egressIgnoredPorts: egressIgnoredPorts,
7273
proxyEgressPort: defaultProxyEgressPort,
7374
proxyIngressPort: defaultProxyIngressPort,
@@ -100,6 +101,14 @@ func (m *proxyMutator) getEgressIgnoredPorts(pod *corev1.Pod) string {
100101
return egressIgnoredPorts
101102
}
102103

104+
func (m *proxyMutator) getEgressIgnoredIPs(pod *corev1.Pod) string {
105+
if v, ok := pod.ObjectMeta.Annotations[AppMeshEgressIgnoredIPsAnnotation]; ok {
106+
return v
107+
}
108+
109+
return m.mutatorConfig.egressIgnoredIPs
110+
}
111+
103112
func (m *proxyMutator) isAppMeshCNIEnabled(pod *corev1.Pod) bool {
104113
annotations := pod.GetAnnotations()
105114
if v, ok := annotations[AppMeshCNIAnnotation]; ok {

pkg/inject/proxy_test.go

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -497,6 +497,54 @@ func Test_proxyMutator_getEgressIgnoredPorts(t *testing.T) {
497497
}
498498
}
499499

500+
func Test_proxyMutator_getEgressIgnoredIPs(t *testing.T) {
501+
type args struct {
502+
pod *corev1.Pod
503+
}
504+
tests := []struct {
505+
name string
506+
args args
507+
want string
508+
}{
509+
{
510+
name: "get EgressIgnoredIPs from annotation",
511+
args: args{
512+
pod: &corev1.Pod{
513+
ObjectMeta: metav1.ObjectMeta{
514+
Annotations: map[string]string{
515+
"appmesh.k8s.aws/egressIgnoredIPs": "192.168.0.1,192.168.0.2",
516+
},
517+
},
518+
},
519+
},
520+
want: "192.168.0.1,192.168.0.2",
521+
},
522+
{
523+
name: "get EgressIgnoredIPs by default",
524+
args: args{
525+
pod: &corev1.Pod{
526+
ObjectMeta: metav1.ObjectMeta{
527+
Annotations: map[string]string{},
528+
},
529+
},
530+
},
531+
want: "192.168.0.1",
532+
},
533+
}
534+
535+
for _, tt := range tests {
536+
t.Run(tt.name, func(t *testing.T) {
537+
m := &proxyMutator{
538+
mutatorConfig: proxyMutatorConfig{
539+
egressIgnoredIPs: "192.168.0.1",
540+
},
541+
}
542+
got := m.getEgressIgnoredIPs(tt.args.pod)
543+
assert.Equal(t, tt.want, got)
544+
})
545+
}
546+
}
547+
500548
func Test_proxyMutator_isAppMeshCNIEnabled(t *testing.T) {
501549
type args struct {
502550
pod *corev1.Pod

0 commit comments

Comments
 (0)