Allow operators to configure router.route_services_internal_server_port

dsabeti · dsabeti · commit 3882924a4faf · 2024-02-08T23:44:33.000Z
diff --git a/jobs/gorouter/templates/gorouter.yml.erb b/jobs/gorouter/templates/gorouter.yml.erb
@@ -140,6 +140,7 @@ params = {
   'route_services_secret_decrypt_only' => p('router.route_services_secret_decrypt_only'),
   'route_services_recommend_https' => p('router.route_services_recommend_https'),
   'route_services_hairpinning' => p('router.route_services_internal_lookup'),
+  'route_services_internal_server_port' => p('router.route_services_internal_server_port'),
   'route_services_hairpinning_allowlist' => p('router.route_services_internal_lookup_allowlist'),
   'extra_headers_to_log' => p('router.extra_headers_to_log'),
   'max_header_bytes' => validate_max_header_kb(p('router.max_header_kb')),
diff --git a/jobs/gorouter/templates/pre-start.erb b/jobs/gorouter/templates/pre-start.erb
@@ -32,7 +32,11 @@ tee_output_to_sys_log "${LOG_DIR}" "pre-start" <%= p("router.logging.format.time
     ports.append(p("router.status.port")) # has default. will always exist.
     ports.append(p("router.status.routes.port")) # has default. will always exist.
     ports.append(p("router.tls_port")) # has default. will always exist.
-    ports.append(p("router.route_services_internal_server_port")) # has default. will always exist.
+
+    route_services_internal_server_port = p('router.route_services_internal_server_port')
+    if route_services_internal_server_port != 0
+        ports.append(route_services_internal_server_port)
+    end
 
     if_p('router.status.tls.port') do |port|
         ports.append(port)
diff --git a/spec/gorouter_templates_spec.rb b/spec/gorouter_templates_spec.rb
@@ -473,6 +473,21 @@
         end
       end
 
+      context 'route_services_internal_server_port' do
+        it 'defaults to 7070' do
+          expect(parsed_yaml['route_services_internal_server_port']).to eq(7070)
+        end
+
+        context 'when set to a value' do
+          before do
+            deployment_manifest_fragment['router']['route_services_internal_server_port'] = 7272
+          end
+
+          it 'configures that value for the gorouter' do
+            expect(parsed_yaml['route_services_internal_server_port']).to eq(7272)
+          end
+        end
+      end
       context 'html_error_template' do
         it 'is not set by default' do
           expect(parsed_yaml['html_error_template_file']).to be_nil
@@ -1561,6 +1576,15 @@
           ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7272,7777,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
           expect(rendered_template).to include("\"#{ports}\" > /proc/sys/net/ipv4/ip_local_reserved_ports")
         end
+
+        context 'when route_services_internal_server_port is set to 0' do
+          it 'does not attempt to add 0 to the list of reserved ports because 0 represents use of a random, available port' do
+            properties['router']['route_services_internal_server_port'] = 0
+            rendered_template = template.render(properties)
+            ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7777,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
+            expect(rendered_template).to include("\"#{ports}\" > /proc/sys/net/ipv4/ip_local_reserved_ports")
+          end
+        end
       end
     end
   end
