Skip to content

Commit e1a5a9a

Browse files
amuraruamuraru
committed
more
1 parent fd26517 commit e1a5a9a

File tree

4 files changed

+93
-1
lines changed

4 files changed

+93
-1
lines changed

pkg/resources/envoygateway/envoygateway_test.go

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,3 +166,72 @@ func TestTCPRouteGeneration(t *testing.T) {
166166
t.Errorf("Expected backend 'test-cluster-all-broker', got '%s'", tcpRoute.Spec.Rules[0].BackendRefs[0].Name)
167167
}
168168
}
169+
170+
func TestGatewayGenerationWithTLS(t *testing.T) {
171+
cluster := &v1beta1.KafkaCluster{
172+
ObjectMeta: metav1.ObjectMeta{
173+
Name: "test-cluster",
174+
Namespace: "test-namespace",
175+
},
176+
Spec: v1beta1.KafkaClusterSpec{
177+
Brokers: []v1beta1.Broker{
178+
{Id: 0},
179+
{Id: 1},
180+
{Id: 2},
181+
},
182+
EnvoyGatewayConfig: v1beta1.EnvoyGatewayIngressConfig{
183+
GatewayClassName: "test-gateway-class",
184+
TLSSecretName: "test-tls-secret",
185+
},
186+
},
187+
}
188+
189+
reconciler := &Reconciler{
190+
Reconciler: resources.Reconciler{
191+
KafkaCluster: cluster,
192+
},
193+
}
194+
195+
eListener := v1beta1.ExternalListenerConfig{
196+
CommonListenerSpec: v1beta1.CommonListenerSpec{
197+
Name: "test-listener",
198+
ContainerPort: 9092,
199+
},
200+
ExternalStartingPort: -1, // TLS enabled
201+
}
202+
203+
ingressConfig := v1beta1.IngressConfig{
204+
EnvoyGatewayConfig: &cluster.Spec.EnvoyGatewayConfig,
205+
}
206+
207+
gateway := reconciler.gateway(eListener, ingressConfig)
208+
209+
gw, ok := gateway.(*gatewayv1.Gateway)
210+
if !ok {
211+
t.Fatal("Expected Gateway type")
212+
}
213+
214+
// 3 brokers + 1 anycast = 4 listeners
215+
if len(gw.Spec.Listeners) != 4 {
216+
t.Errorf("Expected 4 listeners, got %d", len(gw.Spec.Listeners))
217+
}
218+
219+
// When TLS is enabled (externalStartingPort == -1), all broker listeners should use the anycast port
220+
expectedPort := gatewayv1.PortNumber(29092) // default anycast port
221+
for i := 0; i < 3; i++ {
222+
if gw.Spec.Listeners[i].Port != expectedPort {
223+
t.Errorf("Expected broker %d port %d (anycast port when TLS enabled), got %d", i, expectedPort, gw.Spec.Listeners[i].Port)
224+
}
225+
if gw.Spec.Listeners[i].Protocol != gatewayv1.TLSProtocolType {
226+
t.Errorf("Expected broker %d protocol TLS, got %s", i, gw.Spec.Listeners[i].Protocol)
227+
}
228+
if gw.Spec.Listeners[i].TLS == nil {
229+
t.Errorf("Expected broker %d to have TLS config", i)
230+
}
231+
}
232+
233+
// Check anycast listener also uses the same port
234+
if gw.Spec.Listeners[3].Port != expectedPort {
235+
t.Errorf("Expected anycast port %d, got %d", expectedPort, gw.Spec.Listeners[3].Port)
236+
}
237+
}

pkg/resources/envoygateway/gateway.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ func (r *Reconciler) gateway(eListener v1beta1.ExternalListenerConfig,
5454
// Add listener for each broker
5555
for _, broker := range r.KafkaCluster.Spec.Brokers {
5656
listenerName := gatewayv1.SectionName(fmt.Sprintf("broker-%d", broker.Id))
57-
port := eListener.ExternalStartingPort + broker.Id
57+
port := eListener.GetBrokerPort(broker.Id)
5858

5959
listener := gatewayv1.Listener{
6060
Name: listenerName,

pkg/webhooks/kafkacluster_validator.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,12 @@ func checkExternalListenerStartingPort(kafkaClusterSpec *banzaicloudv1beta1.Kafk
142142
var allErrs field.ErrorList
143143
const maxPort int32 = 65535
144144
for i, extListener := range kafkaClusterSpec.ListenersConfig.ExternalListeners {
145+
// Skip port validation when TLS is enabled (externalStartingPort == -1)
146+
// In TLS mode, GetAnyCastPort() is used instead of externalStartingPort + brokerId
147+
if extListener.TLSEnabled() {
148+
continue
149+
}
150+
145151
var outOfRangeBrokerIDs, collidingPortsBrokerIDs []int32
146152
for _, broker := range kafkaClusterSpec.Brokers {
147153
externalPort := util.GetExternalPortForBroker(extListener.ExternalStartingPort, broker.Id)

pkg/webhooks/kafkacluster_validator_test.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,6 +248,23 @@ func TestCheckExternalListenerStartingPort(t *testing.T) {
248248
"test-external2", int32(8081), int32(8080), int32(29092), []int32{11})),
249249
),
250250
},
251+
{
252+
// When TLS is enabled (externalStartingPort == -1), port validation should be skipped
253+
// because GetAnyCastPort() is used instead of externalStartingPort + brokerId
254+
testName: "valid config: TLS enabled with externalStartingPort -1 (should skip port validation)",
255+
kafkaClusterSpec: v1beta1.KafkaClusterSpec{
256+
Brokers: []v1beta1.Broker{{Id: 0}, {Id: 1}, {Id: 2}},
257+
ListenersConfig: v1beta1.ListenersConfig{
258+
ExternalListeners: []v1beta1.ExternalListenerConfig{
259+
{
260+
CommonListenerSpec: v1beta1.CommonListenerSpec{Name: "envoygateway"},
261+
ExternalStartingPort: -1, // TLS enabled
262+
},
263+
},
264+
},
265+
},
266+
expected: nil,
267+
},
251268
}
252269

253270
for _, testCase := range testCases {

0 commit comments

Comments
 (0)