Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 0300077941db0edfdcac0ae42e4a5dad3e8d3fd7^! / . / third_party
commit0300077941db0edfdcac0ae42e4a5dad3e8d3fd7[log] [tgz]
authorTim Windelschmidt <tim@monogon.tech>Mon Jul 03 02:19:28 2023 +0200
committerTim Windelschmidt <tim@monogon.tech>Tue Jul 04 18:58:49 2023 +0000
tree979cfc5f4269d3428b725acd79b9a216db8a6f82
parenta2ee88d585b9b8603f47544c95f09b380b92b5e2 [diff]
metropolis/node: allow all ports as NodePorts except special ones

As we dont have hostPort implemented we can only  provide NodePorts to
applications. To allow apps to use all ports we have to increase the range
but have to prevent them from using reserved metropolis ones. This is
currently prevented by patching the allocator and hardcode all of them.

Change-Id: I7c0e8b17643d1ec03e1a1b678bc6276881b1c5e5
Reviewed-on: https://review.monogon.dev/c/monogon/+/1884
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

diff --git a/third_party/go/patches/k8s-reserve-metropolis-ports.patch b/third_party/go/patches/k8s-reserve-metropolis-ports.patch
new file mode 100644
index 0000000..7586b10
--- /dev/null
+++ b/third_party/go/patches/k8s-reserve-metropolis-ports.patch

@@ -0,0 +1,24 @@
+diff --git a/pkg/registry/core/service/portallocator/allocator.go b/pkg/registry/core/service/portallocator/allocator.go
+--- a/pkg/registry/core/service/portallocator/allocator.go	(revision f66044f4361b9f1f96f0053dd46cb7dce5e990a8)
++++ b/pkg/registry/core/service/portallocator/allocator.go	(revision f42349f2a3ed203fc06462b9f28e90c0b857cb42)
+@@ -25,6 +25,7 @@
+ 	"k8s.io/kubernetes/pkg/registry/core/service/allocator"
+
+ 	"k8s.io/klog/v2"
++	"source.monogon.dev/metropolis/node"
+ )
+
+ // Interface manages the allocation of ports out of a range. Interface
+@@ -70,6 +71,12 @@
+ 	}
+ 	var err error
+ 	a.alloc, err = allocatorFactory(max, rangeSpec)
++
++	for _, p := range node.SystemPorts {
++		// We ignore errors as these could only happen if the port we try to
++		// allocate is out of range, which we dont really care about.
++		_, _ = a.alloc.Allocate(int(p))
++	}
+ 	return a, err
+ }
+

diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index f9c52c6..8b55efe 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl

@@ -6525,6 +6525,7 @@
             "//third_party/go/patches:k8s-fix-logs-path.patch",
             "//third_party/go/patches:k8s-drop-legacy-log-path.patch",
             "//third_party/go/patches:k8s-jose-semver-fix.patch",
+            "//third_party/go/patches:k8s-reserve-metropolis-ports.patch",
         ],
         sum = "h1:AyjtHzSysliKR04Km91njmk2yaKmOa3ZISQZCIGUnVI=",
         version = "v1.24.2",