github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use SSL/HTTPS health checks for ELBs when backend protocol is SSL/HTTPS

Browse Source 
Fixes #45746
This commit is contained in:
Andrew Garrett 2018-10-26 22:07:41 +00:00
parent 117c6177c4
commit 14565f05d6
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/cloudprovider/providers/aws/aws.go
View File

@ -3604,9 +3604,16 @@ func (c *Cloud) EnsureLoadBalancer(ctx context.Context, clusterName string, apiS
}
}
annotationProtocol := strings.ToLower(annotations[ServiceAnnotationLoadBalancerBEProtocol])
var hcProtocol string
if path, healthCheckNodePort := service.GetServiceHealthCheckPathPort(apiService); path != "" {
glog.V(4).Infof("service %v (%v) needs health checks on :%d%s)", apiService.Name, loadBalancerName, healthCheckNodePort, path)
err = c.ensureLoadBalancerHealthCheck(loadBalancer, "HTTP", healthCheckNodePort, path, annotations)
if annotationProtocol == "https" || annotationProtocol == "ssl" {
hcProtocol = "HTTPS"
} else {
hcProtocol = "HTTP"
}
err = c.ensureLoadBalancerHealthCheck(loadBalancer, hcProtocol, healthCheckNodePort, path, annotations)
if err != nil {
return nil, fmt.Errorf("Failed to ensure health check for localized service %v on node port %v: %q", loadBalancerName, healthCheckNodePort, err)
}
@ -3621,8 +3628,13 @@ func (c *Cloud) EnsureLoadBalancer(ctx context.Context, clusterName string, apiS
tcpHealthCheckPort = int32(*listener.InstancePort)
break
}
if annotationProtocol == "https" || annotationProtocol == "ssl" {
hcProtocol = "SSL"
} else {
hcProtocol = "TCP"
}
// there must be no path on TCP health check
err = c.ensureLoadBalancerHealthCheck(loadBalancer, "TCP", tcpHealthCheckPort, "", annotations)
err = c.ensureLoadBalancerHealthCheck(loadBalancer, hcProtocol, tcpHealthCheckPort, "", annotations)
if err != nil {
return nil, err
}