Merge pull request #4182 from zac-nixon/main

[bug fix] fix tls protocol not being detected when generating SG rules

Author: k8s-ci-robot

pkg/service/model_build_target_group.go

@@ -479,6 +479,7 @@ func (t *defaultModelBuildTask) buildTargetGroupBindingSpec(ctx context.Context,
 
 func (t *defaultModelBuildTask) buildTargetGroupBindingNetworking(_ context.Context, tgPort intstr.IntOrString,
 	hcPort intstr.IntOrString, tgProtocol elbv2model.Protocol) (*elbv2model.TargetGroupBindingNetworking, error) {
+
 	if t.backendSGIDToken == nil {
 		return nil, nil
 	}
@@ -499,6 +500,8 @@ func (t *defaultModelBuildTask) buildTargetGroupBindingNetworking(_ context.Cont
 		}
 	} else {
 		switch tgProtocol {
+		case elbv2model.ProtocolTLS:
+			fallthrough
 		case elbv2model.ProtocolTCP:
 			ports = append(ports, elbv2api.NetworkingPort{
 				Protocol: &protocolTCP,

pkg/service/model_build_target_group_test.go

@@ -1432,6 +1432,30 @@ func Test_defaultModelBuilderTask_buildTargetGroupBindingNetworking(t *testing.T
 				},
 			},
 		},
+		{
+			name:             "tls with port restricted rules",
+			tgPort:           port80,
+			hcPort:           trafficPort,
+			tgProtocol:       elbv2.ProtocolTLS,
+			backendSGIDToken: core.LiteralStringToken(sgBackend),
+			want: &elbv2.TargetGroupBindingNetworking{
+				Ingress: []elbv2.NetworkingIngressRule{
+					{
+						From: []elbv2.NetworkingPeer{
+							{
+								SecurityGroup: &elbv2.SecurityGroup{GroupID: core.LiteralStringToken(sgBackend)},
+							},
+						},
+						Ports: []elbv2api.NetworkingPort{
+							{
+								Protocol: &networkingProtocolTCP,
+								Port:     &port80,
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name:             "udp with port restricted rules",
 			tgPort:           port80,