-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1948546: Allow all networking interfaces to be defined as ports #179
Bug 1948546: Allow all networking interfaces to be defined as ports #179
Conversation
Rather than require users to use the networks and subnets to define a networking interface for an instance, users should be able to just define them using the ports api if they choose to. This removes validation checking that a user entered at least one network and subnet, and insteand checks that a user entered at least one network, subnet, or port.
@iamemilio: This pull request references Bugzilla bug 1948546, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (itbrown@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
1 similar comment
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. But we should point out that the user should only define eithe rhet networkID or the subnetID, if they define both, they will have to make sure they match.
Neutron is already going to prevent them from doing this. I don't think we are responsible for explaining very basic port creation information to users. If they make this mistake, they will figure it out pretty quickly from reading the logs. We also dont keep documentation on the OpenStack provider config for the machine api.
|
This installed and ran e2e succesfully. so it looks good to me. |
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: iamemilio The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@iamemilio: All pull requests linked via external trackers have merged: Bugzilla bug 1948546 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
We ought to use the same yaml package used by clientconfig in order to marshall/unmarshall Auth structs to/from yaml correctly. Using any other yaml library will fail to load the auth data from secrets.
Rather than require users to use the networks and subnets to define a
networking interface for an instance, users should be able to just
define them using the ports api if they choose to. This removes
validation checking that a user entered at least one network and subnet,
and insteand checks that a user entered at least one network, subnet, or
port.
Fixes Bug 1948546:
The correct way to configure the OpenStack provider spec in a machineset with interfaces on networks with port security disabled is now as follows in the example below. This is because it is impossible to attach networks with port security enabled when a security group is set on the instance. It will fail with:
Network requires port_security_enabled and subnet associated in order to apply security groups.