Merge pull request oracle#148 in OKE/oci-cloud-controller-manager from task/OKE-14472 to internal

* commit '70a07d7273ef81d60464bd8bb18922e39b65a091':
  removed TCP health check for SSL enabled traffic

Author: ankitkumr10

pkg/cloudprovider/providers/oci/load_balancer.go

@@ -136,10 +136,9 @@ const (
 	// Fallback value if annotation on service is not set
 	lbDefaultShape = "100Mbps"
 
-	lbNodesHealthCheckPath      = "/healthz"
-	lbNodesHealthCheckPort      = k8sports.ProxyHealthzPort
-	lbNodesHealthCheckProtoHTTP = "HTTP"
-	lbNodesHealthCheckProtoTCP  = "TCP"
+	lbNodesHealthCheckPath  = "/healthz"
+	lbNodesHealthCheckPort  = k8sports.ProxyHealthzPort
+	lbNodesHealthCheckProto = "HTTP"
 
 	// default connection idle timeout per protocol
 	// https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Reference/connectionreuse.htm#ConnectionConfiguration

pkg/cloudprovider/providers/oci/load_balancer_spec.go

@@ -252,7 +252,7 @@ func getPorts(svc *v1.Service) (map[string]portSpec, error) {
 	ports := make(map[string]portSpec)
 	for _, servicePort := range svc.Spec.Ports {
 		name := getBackendSetName(string(servicePort.Protocol), int(servicePort.Port))
-		healthChecker, err := getHealthChecker(nil, int(servicePort.Port), svc)
+		healthChecker, err := getHealthChecker(svc)
 		if err != nil {
 			return nil, err
 		}
@@ -295,7 +295,7 @@ func getBackendSets(logger *zap.SugaredLogger, svc *v1.Service, nodes []*v1.Node
 		if sslCfg != nil && len(sslCfg.BackendSetSSLSecretName) != 0 {
 			secretName = sslCfg.BackendSetSSLSecretName
 		}
-		healthChecker, err := getHealthChecker(sslCfg, port, svc)
+		healthChecker, err := getHealthChecker(svc)
 		if err != nil {
 			return nil, err
 		}
@@ -309,12 +309,7 @@ func getBackendSets(logger *zap.SugaredLogger, svc *v1.Service, nodes []*v1.Node
 	return backendSets, nil
 }
 
-func getHealthChecker(cfg *SSLConfig, port int, svc *v1.Service) (*loadbalancer.HealthCheckerDetails, error) {
-	// If the health-check has SSL enabled use TCP rather than HTTP.
-	protocol := lbNodesHealthCheckProtoHTTP
-	if cfg != nil && cfg.Ports.Has(port) {
-		protocol = lbNodesHealthCheckProtoTCP
-	}
+func getHealthChecker(svc *v1.Service) (*loadbalancer.HealthCheckerDetails, error) {
 	// Setting default values as per defined in the doc (https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Tasks/editinghealthcheck.htm#console)
 	var retries = 3
 	if r, ok := svc.Annotations[ServiceAnnotationLoadBalancerHealthCheckRetries]; ok {
@@ -345,7 +340,7 @@ func getHealthChecker(cfg *SSLConfig, port int, svc *v1.Service) (*loadbalancer.
 	checkPath, checkPort := apiservice.GetServiceHealthCheckPathPort(svc)
 	if checkPath != "" {
 		return &loadbalancer.HealthCheckerDetails{
-			Protocol:         &protocol,
+			Protocol:         common.String(lbNodesHealthCheckProto),
 			UrlPath:          &checkPath,
 			Port:             common.Int(int(checkPort)),
 			Retries:          &retries,
@@ -355,7 +350,7 @@ func getHealthChecker(cfg *SSLConfig, port int, svc *v1.Service) (*loadbalancer.
 	}
 
 	return &loadbalancer.HealthCheckerDetails{
-		Protocol:         &protocol,
+		Protocol:         common.String(lbNodesHealthCheckProto),
 		UrlPath:          common.String(lbNodesHealthCheckPath),
 		Port:             common.Int(lbNodesHealthCheckPort),
 		Retries:          &retries,

pkg/cloudprovider/providers/oci/load_balancer_spec_test.go

@@ -1197,7 +1197,7 @@ func TestNewLBSpecSuccess(t *testing.T) {
 					"TCP-443": {
 						Backends: []loadbalancer.BackendDetails{},
 						HealthChecker: &loadbalancer.HealthCheckerDetails{
-							Protocol:         common.String("TCP"),
+							Protocol:         common.String("HTTP"),
 							Port:             common.Int(10256),
 							UrlPath:          common.String("/healthz"),
 							Retries:          common.Int(3),