Merge "Ensure LB sg rules use IPv6 when enabled"
This commit is contained in:
commit
e461600ffa
|
@ -66,6 +66,10 @@ KURYR_VIF_TYPE_SRIOV = 'sriov'
|
||||||
OCTAVIA_L2_MEMBER_MODE = "L2"
|
OCTAVIA_L2_MEMBER_MODE = "L2"
|
||||||
OCTAVIA_L3_MEMBER_MODE = "L3"
|
OCTAVIA_L3_MEMBER_MODE = "L3"
|
||||||
NEUTRON_LBAAS_HAPROXY_PROVIDER = 'haproxy'
|
NEUTRON_LBAAS_HAPROXY_PROVIDER = 'haproxy'
|
||||||
|
IPv4 = 'IPv4'
|
||||||
|
IPv6 = 'IPv6'
|
||||||
|
IP_VERSION_4 = 4
|
||||||
|
IP_VERSION_6 = 6
|
||||||
|
|
||||||
VIF_POOL_POPULATE = '/populatePool'
|
VIF_POOL_POPULATE = '/populatePool'
|
||||||
VIF_POOL_FREE = '/freePool'
|
VIF_POOL_FREE = '/freePool'
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import ipaddress
|
||||||
import random
|
import random
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
@ -24,6 +25,7 @@ from oslo_utils import versionutils
|
||||||
|
|
||||||
from kuryr_kubernetes import clients
|
from kuryr_kubernetes import clients
|
||||||
from kuryr_kubernetes import config
|
from kuryr_kubernetes import config
|
||||||
|
from kuryr_kubernetes import constants as k_const
|
||||||
from kuryr_kubernetes.controller.drivers import base
|
from kuryr_kubernetes.controller.drivers import base
|
||||||
from kuryr_kubernetes.controller.drivers import utils as c_utils
|
from kuryr_kubernetes.controller.drivers import utils as c_utils
|
||||||
from kuryr_kubernetes import exceptions as k_exc
|
from kuryr_kubernetes import exceptions as k_exc
|
||||||
|
@ -299,11 +301,14 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
max_port+1)):
|
max_port+1)):
|
||||||
continue
|
continue
|
||||||
all_pod_rules.append(rule)
|
all_pod_rules.append(rule)
|
||||||
|
sg_rule_ethertype = ipaddress.ip_network(
|
||||||
|
rule.remote_ip_prefix).version
|
||||||
try:
|
try:
|
||||||
LOG.debug("Creating LBaaS sg rule for sg: %r",
|
LOG.debug("Creating LBaaS sg rule for sg: %r",
|
||||||
lb_sg)
|
lb_sg)
|
||||||
os_net.create_security_group_rule(
|
os_net.create_security_group_rule(
|
||||||
direction='ingress',
|
direction='ingress',
|
||||||
|
ether_type=sg_rule_ethertype,
|
||||||
port_range_min=port,
|
port_range_min=port,
|
||||||
port_range_max=port,
|
port_range_max=port,
|
||||||
protocol=protocol,
|
protocol=protocol,
|
||||||
|
@ -330,9 +335,13 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
self._delete_rule_if_no_match(rule, all_pod_rules)
|
self._delete_rule_if_no_match(rule, all_pod_rules)
|
||||||
|
|
||||||
if add_default_rules:
|
if add_default_rules:
|
||||||
|
sg_rule_ethertype = k_const.IPv4
|
||||||
|
if utils.get_service_subnet_version() == k_const.IP_VERSION_6:
|
||||||
|
sg_rule_ethertype = k_const.IPv6
|
||||||
try:
|
try:
|
||||||
LOG.debug("Restoring default LBaaS sg rule for sg: %r", lb_sg)
|
LOG.debug("Restoring default LBaaS sg rule for sg: %r", lb_sg)
|
||||||
os_net.create_security_group_rule(direction='ingress',
|
os_net.create_security_group_rule(direction='ingress',
|
||||||
|
ether_type=sg_rule_ethertype,
|
||||||
port_range_min=port,
|
port_range_min=port,
|
||||||
port_range_max=port,
|
port_range_max=port,
|
||||||
protocol=protocol,
|
protocol=protocol,
|
||||||
|
|
|
@ -353,3 +353,15 @@ def get_service_ports(service):
|
||||||
'port': port['port'],
|
'port': port['port'],
|
||||||
'targetPort': str(port['targetPort'])}
|
'targetPort': str(port['targetPort'])}
|
||||||
for port in service['spec']['ports']]
|
for port in service['spec']['ports']]
|
||||||
|
|
||||||
|
|
||||||
|
@MEMOIZE
|
||||||
|
def get_service_subnet_version():
|
||||||
|
os_net = clients.get_network_client()
|
||||||
|
svc_subnet_id = CONF.neutron_defaults.service_subnet
|
||||||
|
try:
|
||||||
|
svc_subnet = os_net.get_subnet(svc_subnet_id)
|
||||||
|
except os_exc.ResourceNotFound:
|
||||||
|
LOG.exception("Service subnet %s not found", svc_subnet_id)
|
||||||
|
raise
|
||||||
|
return svc_subnet.ip_version
|
||||||
|
|
Loading…
Reference in New Issue