diff --git a/pkg/platform/openstack/kuryr_bootstrap.go b/pkg/platform/openstack/kuryr_bootstrap.go
index 1666d792c3..102d8124bb 100644
--- a/pkg/platform/openstack/kuryr_bootstrap.go
+++ b/pkg/platform/openstack/kuryr_bootstrap.go
@@ -943,6 +943,10 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 			return nil, errors.Wrapf(err, "failed to add rule opening traffic to workers on %s", cidr)
 		}
 	}
+	err = ensureOpenStackSgRule(client, masterSgId, openStackSvcCIDR, 2379, 2380)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to add rule opening etcd traffic to masters from service subnet %s", conf.ServiceNetwork[0])
+	}
 	// We need to open traffic from service subnet to masters for API LB to work.
 	err = ensureOpenStackSgRule(client, masterSgId, openStackSvcCIDR, 6443, 6443)
 	if err != nil {