Skip to content

OpenStack provider allow setting disablePortSecurity in MachineDeployment #2012

Open
Open
OpenStack provider allow setting disablePortSecurity in MachineDeployment#2012
Labels
customer-requestkind/featureCategorizes issue or PR as related to a new feature.sig/cluster-managementDenotes a PR or issue as being assigned to SIG Cluster Management.
@sspreitzer

Description

@sspreitzer
sspreitzer
opened on Apr 15, 2026

Problem

We cannot use a routing based Kubernetes CNI as OpenStack port security does prevent IP and MAC spoofing. Disabling the port security in OpenStack does allow Kubernetes CNI such as Cilium to use native routing.

Kubermatic's machine-controller does not support setting disablePortSecurity. Please implement this setting, which is already present in newer cluster-api.

Reference

machine-controller/pkg/cloudprovider/provider/openstack/provider.go

Lines 96 to 99 in 1302066

// Machine details
Image string
Flavor string
SecurityGroups []string

Metadata

Metadata

Assignees

No one assigned

    Labels

    customer-requestkind/featureCategorizes issue or PR as related to a new feature.sig/cluster-managementDenotes a PR or issue as being assigned to SIG Cluster Management.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions