From 9749c9de351170171e4c43478f6661d14ce4b422 Mon Sep 17 00:00:00 2001 From: Maysa Macedo Date: Sat, 14 Sep 2019 12:35:34 +0200 Subject: [PATCH] Kuryr: Open etcd traffic from svc subnet to master nodes This commit makes sure the master nodes will accept traffic from SVC subnets to ports 2379-2380. This is required for API server pods to work. --- pkg/platform/openstack/kuryr_bootstrap.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/platform/openstack/kuryr_bootstrap.go b/pkg/platform/openstack/kuryr_bootstrap.go index 1666d792c3..102d8124bb 100644 --- a/pkg/platform/openstack/kuryr_bootstrap.go +++ b/pkg/platform/openstack/kuryr_bootstrap.go @@ -943,6 +943,10 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst return nil, errors.Wrapf(err, "failed to add rule opening traffic to workers on %s", cidr) } } + err = ensureOpenStackSgRule(client, masterSgId, openStackSvcCIDR, 2379, 2380) + if err != nil { + return nil, errors.Wrapf(err, "failed to add rule opening etcd traffic to masters from service subnet %s", conf.ServiceNetwork[0]) + } // We need to open traffic from service subnet to masters for API LB to work. err = ensureOpenStackSgRule(client, masterSgId, openStackSvcCIDR, 6443, 6443) if err != nil {