Ensure lb sg rules are not updated without namespaces

This patch ensures Octavia LoadBalancer SG rules are not updated by the lbaas driver when the namespace isolation feature is not enabled. Closes-Bug: 1809119 Change-Id: I09af490e77fcb722115e75147d5d004b2f4e6426
2018-12-19 14:59:13 +01:00 · 2018-12-19 14:59:13 +01:00 · 3baaccdc03
parent 69506be18e
commit 3baaccdc03
1 changed files with 4 additions and 1 deletions
--- a/kuryr_kubernetes/controller/drivers/lbaasv2.py
+++ b/kuryr_kubernetes/controller/drivers/lbaasv2.py
@ -252,9 +252,12 @@ class LBaaSv2Driver(base.LBaaSDriver):

    def _ensure_security_group_rules(self, loadbalancer, listener,
                                     service_type):
+        namespace_isolation = (
+            'namespace' in CONF.kubernetes.enabled_handlers and
+            CONF.kubernetes.service_security_groups_driver == 'namespace')
        if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
            self._ensure_lb_security_group_rule(loadbalancer, listener)
-        elif service_type == 'ClusterIP':
+        elif service_type == 'ClusterIP' and namespace_isolation:
            self._extend_lb_security_group_rules(loadbalancer, listener)

    def ensure_listener(self, loadbalancer, protocol, port,