-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ WIP - Reconcile Machines & Managed Security Groups #1765
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: EmilienM The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
✅ Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
e884fc2
to
0a6e40d
Compare
|
Before this patch, if Managed Security Groups would be enabled, CAPO would create them and the OpenStack Machines would get these security groups at instance creation time. Now, we are updating the ports of the machines to ensure they match the desired security groups that we want assigned. For now we only have Control Plane & Worker Security groups but in the future we'll have Bastion, CNI and also an interface to add more Security Groups. We'll need to reconcile the machines to ensure they have the security group assigned.
0a6e40d
to
a0a0657
Compare
@EmilienM: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@@ -110,6 +110,9 @@ type OpenStackMachineStatus struct { | |||
// +optional | |||
InstanceState *InstanceState `json:"instanceState,omitempty"` | |||
|
|||
// SecurityGroups is the list of security groups IDs associated with this machine. | |||
SecurityGroups []string `json:"securityGroups,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
um... I think for new features we tend to only on latest API ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah this was just for getting a build. Like I wrote in a comment above, I couldn't get the conversion working yet so I did this.
BTW I think this whole patch will go away, I was just experimenting a bit.
Now I believe a new controller is much preferred.
What this PR does / why we need it:
Before this patch, if Managed Security Groups would be enabled,
CAPO would create them and the OpenStack Machines would get these
security groups at instance creation time.
Now, we are updating the ports of the machines to ensure they match the
desired security groups that we want assigned.
For now we only have Control Plane & Worker Security groups but in the
future we'll have Bastion, CNI and also an interface to add more
Security Groups.
We'll need to reconcile the machines to ensure they have the security
group assigned.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
TODOs:
/hold