kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

do not create egress rules when using vipacl octavia

This commit is contained in:
Jesse Haka 2020-10-16 14:11:22 +03:00
parent d105c9299e
commit 33e2de60e5
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/model/openstackmodel/firewall.go
View File

@ -539,8 +539,11 @@ func (b *FirewallModelBuilder) getExistingRules(sgMap map[string]*openstacktasks
}
func (b *FirewallModelBuilder) addDefaultEgress(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup) {
for _, sg := range sgMap {
func (b *FirewallModelBuilder) addDefaultEgress(c *fi.ModelBuilderContext, sgMap map[string]*openstacktasks.SecurityGroup, useVIPACL bool) {
for name, sg := range sgMap {
if useVIPACL && name == b.Cluster.Spec.MasterPublicName {
continue
}
t := &openstacktasks.SecurityGroupRule{
Lifecycle: b.Lifecycle,
Direction: s(string(rules.DirEgress)),
@ -612,7 +615,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
klog.Warningf("Failed to list existing security groups: %v", err)
}
b.addDefaultEgress(c, sgMap)
b.addDefaultEgress(c, sgMap, useVIPACL)
//Add API Server Rules
b.addHTTPSRules(c, sgMap, useVIPACL)