Add externalTrafficPolicy value

hivemq · Dec 2, 2024 · 9fd5541 · 9fd5541
1 parent 4287208
commit 9fd5541
Show file tree

Hide file tree

Showing 5 changed files with 165 additions and 0 deletions.
diff --git a/charts/hivemq-platform/templates/_helpers.tpl b/charts/hivemq-platform/templates/_helpers.tpl
@@ -360,6 +360,7 @@ Usage: {{ include "hivemq-platform.validate-services" (dict "services" .Values.s
 {{- include "hivemq-platform.validate-metrics-services" . -}}
 {{- include "hivemq-platform.validate-hivemq-proxy-protocol-services" . -}}
 {{- include "hivemq-platform.validate-hivemq-listener-name-services" . -}}
+{{- include "hivemq-platform.validate-external-traffic-policy" . -}}
 {{- include "hivemq-platform.validate-legacy-services" . -}}
 {{- end -}}
 
@@ -502,6 +503,23 @@ Usage: {{ include "hivemq-platform.validate-hivemq-listener-name-services" . }}
 {{- end }}
 {{- end -}}
 
+{{/*
+Validates that external traffic policy value is only present when the service type value is set to either NodePort or LoadBalancer
+and the service is exposed.
+Usage: {{ include "hivemq-platform.validate-external-traffic-policy" . }}
+*/}}
+{{- define "hivemq-platform.validate-external-traffic-policy" -}}
+{{- $services := .Values.services }}
+{{- range $service := $services }}
+  {{- if and ($service.exposed) (hasKey $service "externalTrafficPolicy") (not (hasKey $service "serviceType")) }}
+    {{- fail (printf "Service type `%s` with container port `%d` is using `externalTrafficPolicy` value but `serviceType` value is not defined. Service type value is mandatory when using external traffic policy" $service.type (int64 $service.containerPort)) }}
+  {{- end }}
+  {{- if and ($service.exposed) (hasKey $service "externalTrafficPolicy") (hasKey $service "serviceType") (and (not (eq $service.serviceType "NodePort")) (not (eq $service.serviceType "LoadBalancer")) )  }}
+    {{- fail (printf "Service type `%s` with container port `%d` is using `externalTrafficPolicy` value. External traffic policy is only supported by NodePort and LoadBalancer service types" $service.serviceType (int64 $service.containerPort)) }}
+  {{- end }}
+{{- end }}
+{{- end -}}
+
 {{/*
 Validates `runAsNonRoot` and `runAsUser` has a valid combination for the PodSecurityContext or SecurityContext.
 Params:

diff --git a/charts/hivemq-platform/templates/hivemq-custom-resource.yml b/charts/hivemq-platform/templates/hivemq-custom-resource.yml
@@ -258,6 +258,9 @@ spec:
         {{- if and $service.serviceType (or (eq $service.serviceType "NodePort") (eq $service.serviceType "LoadBalancer")) }}
         type: {{ $service.serviceType }}
         {{- end }}
+        {{- if $service.externalTrafficPolicy }}
+        externalTrafficPolicy: {{ $service.externalTrafficPolicy }}
+        {{- end }}
         {{- if and (eq $service.type "control-center") (not (hasKey $service "sessionAffinity")) }}
         sessionAffinity: ClientIP
         {{- else if hasKey $service "sessionAffinity" }}

diff --git a/charts/hivemq-platform/tests/services/hivemq_services_test.yaml b/charts/hivemq-platform/tests/services/hivemq_services_test.yaml
@@ -915,3 +915,130 @@ tests:
             foo: bar
     asserts:
       - failedTemplate: {}
+
+  - it: with invalid external traffic policy set, schema validation fails
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: NodePort
+          externalTrafficPolicy: foobar
+    asserts:
+      - failedTemplate: {}
+
+  - it: with default service values, external traffic policy not set
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+    asserts:
+      - exists:
+          path: spec.services
+      - contains:
+          path: spec.services
+          content:
+            metadata:
+              name: hivemq-test-hivemq-platform-mqtt-1883
+            spec:
+              ports:
+                - name: mqtt-1883
+                  targetPort: mqtt-1883
+                  port: 1883
+
+  - it: with external traffic policy value set to Cluster, external traffic policy service specification set to Cluster
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: LoadBalancer
+          externalTrafficPolicy: Cluster
+    asserts:
+      - exists:
+          path: spec.services
+      - contains:
+          path: spec.services
+          content:
+            metadata:
+              name: hivemq-test-hivemq-platform-mqtt-1883
+            spec:
+              externalTrafficPolicy: Cluster
+              type: LoadBalancer
+              ports:
+                - name: mqtt-1883
+                  targetPort: mqtt-1883
+                  port: 1883
+
+  - it: with external traffic policy value set to Local, external traffic policy service specification set to Local
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: LoadBalancer
+          externalTrafficPolicy: Local
+    asserts:
+      - exists:
+          path: spec.services
+      - contains:
+          path: spec.services
+          content:
+            metadata:
+              name: hivemq-test-hivemq-platform-mqtt-1883
+            spec:
+              externalTrafficPolicy: Local
+              type: LoadBalancer
+              ports:
+                - name: mqtt-1883
+                  targetPort: mqtt-1883
+                  port: 1883
+
+  - it: with external traffic policy value set but service type not set, validation fails
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          externalTrafficPolicy: Cluster
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `mqtt` with container port `1883` is using `externalTrafficPolicy` value but `serviceType` value is not defined. Service type value is mandatory when using external traffic policy
+
+  - it: with external traffic policy value set and service type not set but service not exposed, validation succeeds
+    set:
+      services:
+        - type: mqtt
+          exposed: false
+          containerPort: 1883
+          externalTrafficPolicy: Cluster
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1
+
+  - it: with external traffic policy value set and service type ClusterIP, validation fails
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: ClusterIP
+          externalTrafficPolicy: Cluster
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `ClusterIP` with container port `1883` is using `externalTrafficPolicy` value. External traffic policy is only supported by NodePort and LoadBalancer service types
+
+  - it: with external traffic policy value set and service type ClusterIP but service not exposed, validation succeeds
+    set:
+      services:
+        - type: mqtt
+          exposed: false
+          containerPort: 1883
+          serviceType: ClusterIP
+          externalTrafficPolicy: Cluster
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1
diff --git a/charts/hivemq-platform/values.schema.json b/charts/hivemq-platform/values.schema.json
@@ -695,6 +695,18 @@
           "exposed" : {
             "type" : "boolean"
           },
+          "externalTrafficPolicy" : {
+            "description" : "Describes if the Service routes external traffic to node-local or cluster-wide endpoints. See https://kubernetes.io/docs/reference/networking/virtual-ips/#external-traffic-policy.",
+            "enum" : [
+              "Cluster",
+              "Local"
+            ],
+            "type": "string"
+          },
+          "hivemqListenerName" : {
+            "description" : "Defines the optional custom name for the MQTT and WebSocket listeners.",
+            "type" : "string"
+          },
           "hivemqProxyProtocol" : {
             "type" : "boolean"
           },

diff --git a/charts/hivemq-platform/values.yaml b/charts/hivemq-platform/values.yaml
@@ -267,6 +267,11 @@ services:
     #  # Session affinity type. Must be `ClientIP` or `None`.
     #  # Defaults to `ClientIP` for the `control-center` service type.
     #  type: None
+    # Configures whether this Service routes external traffic to node-local or cluster-wide endpoints.
+    # Affects the network traffic routing behavior, client source IP preservation, and load balancing across Kubernetes nodes.
+    # Only applicable to LoadBalancer or NodePort service types. Possible values are `Cluster` or `Local`.
+    # See: https://kubernetes.io/docs/reference/networking/virtual-ips/#external-traffic-policy
+    # externalTrafficPolicy: Cluster
 
   # Secure MQTT service configuration
   - type: mqtt