summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-01-09 17:48:04 +0000
committerGerrit Code Review <review@openstack.org>2019-01-09 17:48:04 +0000
commitd4929ef243cbad83979bbe2417dc6deed45a81fd (patch)
tree53f4cd857b690559817db62f32bb3cf48e524128
parentaf1e03d32f4ce4f2d4cf41ae1c87b96a3d7505f0 (diff)
parent374c5eeaf9bb1fe2ec572b0748c9d649b9514540 (diff)
Merge "Ensure reaction to svc target-port update"
-rw-r--r--kuryr_kubernetes/controller/drivers/lbaasv2.py18
1 files changed, 18 insertions, 0 deletions
diff --git a/kuryr_kubernetes/controller/drivers/lbaasv2.py b/kuryr_kubernetes/controller/drivers/lbaasv2.py
index 0da4e9b..985527c 100644
--- a/kuryr_kubernetes/controller/drivers/lbaasv2.py
+++ b/kuryr_kubernetes/controller/drivers/lbaasv2.py
@@ -200,6 +200,19 @@ class LBaaSv2Driver(base.LBaaSDriver):
200 LOG.exception('Failed when creating security group rule ' 200 LOG.exception('Failed when creating security group rule '
201 'for listener %s.', listener.name) 201 'for listener %s.', listener.name)
202 202
203 def _get_matched_sg_rule(self, rule, lbaas_sg_rules):
204 for lbaas_sg_rule in lbaas_sg_rules:
205 if lbaas_sg_rule['remote_ip_prefix'] == rule['remote_ip_prefix']:
206 return lbaas_sg_rule
207 return None
208
209 def _delete_sg_rule(self, rule, lbaas_sg_rules):
210 neutron = clients.get_neutron_client()
211 sg_rule = self._get_matched_sg_rule(rule, lbaas_sg_rules)
212 if sg_rule:
213 LOG.debug("Deleting sg rule: %r", sg_rule['id'])
214 neutron.delete_security_group_rule(sg_rule['id'])
215
203 def _apply_members_security_groups(self, loadbalancer, port, target_port, 216 def _apply_members_security_groups(self, loadbalancer, port, target_port,
204 protocol, sg_rule_name): 217 protocol, sg_rule_name):
205 neutron = clients.get_neutron_client() 218 neutron = clients.get_neutron_client()
@@ -208,6 +221,9 @@ class LBaaSv2Driver(base.LBaaSDriver):
208 else: 221 else:
209 sg_id = self._get_vip_port(loadbalancer).get('security_groups')[0] 222 sg_id = self._get_vip_port(loadbalancer).get('security_groups')[0]
210 223
224 lbaas_sg_rules = neutron.list_security_group_rules(
225 security_group_id=sg_id)
226
211 # Check if Network Policy allows listener on the pods 227 # Check if Network Policy allows listener on the pods
212 for sg in loadbalancer.security_groups: 228 for sg in loadbalancer.security_groups:
213 if sg != sg_id: 229 if sg != sg_id:
@@ -227,6 +243,8 @@ class LBaaSv2Driver(base.LBaaSDriver):
227 max_port = rule.get('port_range_max') 243 max_port = rule.get('port_range_max')
228 if (min_port and target_port not in range(min_port, 244 if (min_port and target_port not in range(min_port,
229 max_port+1)): 245 max_port+1)):
246 self._delete_sg_rule(
247 rule, lbaas_sg_rules['security_group_rules'])
230 continue 248 continue
231 try: 249 try:
232 neutron.create_security_group_rule({ 250 neutron.create_security_group_rule({