Ensure lb sg rules are not updated without namespaces
This patch ensures Octavia LoadBalancer SG rules are not updated by the lbaas driver when the namespace isolation feature is not enabled. Closes-Bug: 1809119 Change-Id: I09af490e77fcb722115e75147d5d004b2f4e6426
This commit is contained in:
parent
69506be18e
commit
3baaccdc03
|
@ -252,9 +252,12 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
|||
|
||||
def _ensure_security_group_rules(self, loadbalancer, listener,
|
||||
service_type):
|
||||
namespace_isolation = (
|
||||
'namespace' in CONF.kubernetes.enabled_handlers and
|
||||
CONF.kubernetes.service_security_groups_driver == 'namespace')
|
||||
if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
|
||||
self._ensure_lb_security_group_rule(loadbalancer, listener)
|
||||
elif service_type == 'ClusterIP':
|
||||
elif service_type == 'ClusterIP' and namespace_isolation:
|
||||
self._extend_lb_security_group_rules(loadbalancer, listener)
|
||||
|
||||
def ensure_listener(self, loadbalancer, protocol, port,
|
||||
|
|
Loading…
Reference in New Issue