Merge "Add icmp sg rules to k8s project"
This commit is contained in:
commit
69ea565dee
|
@ -174,6 +174,23 @@ print("%s\\t%s" % (n[beg_offset], n[-end_offset]))
|
|||
EOF
|
||||
}
|
||||
|
||||
# create_k8s_icmp_sg_rules
|
||||
# Description: Creates icmp sg rules for Kuryr-Kubernetes pods
|
||||
# Params:
|
||||
# sg_id - Kuryr's security group id
|
||||
# direction - egress or ingress direction
|
||||
function create_k8s_icmp_sg_rules {
|
||||
local sg_id=$1
|
||||
local direction="$2"
|
||||
icmp_sg_rules=$(openstack --os-cloud devstack-admin \
|
||||
--os-region "$REGION_NAME" \
|
||||
security group rule create \
|
||||
--protocol icmp \
|
||||
--"$direction" "$sg_id")
|
||||
die_if_not_set $LINENO icmp_sg_rules \
|
||||
"Failure creating icmp sg ${direction} rule for ${sg_id}"
|
||||
}
|
||||
|
||||
# create_k8s_subnet
|
||||
# Description: Creates a network and subnet for Kuryr-Kubernetes usage
|
||||
# Params:
|
||||
|
|
|
@ -303,6 +303,20 @@ function configure_neutron_defaults {
|
|||
iniset "$KURYR_CONFIG" octavia_defaults member_mode "$KURYR_K8S_OCTAVIA_MEMBER_MODE"
|
||||
}
|
||||
|
||||
function configure_k8s_pod_sg_rules {
|
||||
local project_id
|
||||
local sg_id
|
||||
|
||||
project_id=$(get_or_create_project \
|
||||
"$KURYR_NEUTRON_DEFAULT_PROJECT" default)
|
||||
sg_id=$(openstack --os-cloud devstack-admin \
|
||||
--os-region "$REGION_NAME" \
|
||||
security group list \
|
||||
--project "$project_id" -c ID -c Name -f value | \
|
||||
awk '/default/ {print $1}')
|
||||
create_k8s_icmp_sg_rules "$sg_id" ingress
|
||||
}
|
||||
|
||||
function get_hyperkube_container_cacert_setup_dir {
|
||||
case "$1" in
|
||||
1.[0-3].*) echo "/data";;
|
||||
|
@ -582,6 +596,7 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|||
|
||||
if is_service_enabled tempest; then
|
||||
copy_tempest_kubeconfig
|
||||
configure_k8s_pod_sg_rules
|
||||
fi
|
||||
|
||||
if is_service_enabled kuryr-kubernetes; then
|
||||
|
|
Loading…
Reference in New Issue