New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1838001: Remove remote_group_id usage at loadbalancer SGs #232
Bug 1838001: Remove remote_group_id usage at loadbalancer SGs #232
Conversation
@luis5tb: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few questions and suggestions:
df2b9fa
to
924da9f
Compare
abb7876
to
5c075f5
Compare
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright, looking very good. It will not cover one case, I think. I'm not sure how much we care about it really.
So basically if a global namespace is defined, but not created yet, an LB created before that ns will not have traffic from that namespace opened.
5c075f5
to
32754ae
Compare
kuryr_kubernetes/controller/drivers/namespace_security_groups.py
Outdated
Show resolved
Hide resolved
32754ae
to
63b99f4
Compare
/hold |
63b99f4
to
7917040
Compare
This patch removes the usage of remote_group_id at the loadbalancer SG rules to allow the access to the namespace. It obtaines the namespace associated range and use remote_ip_prefix instead. Note remote_group_id is still used for the default and namespace SG groups. We can improve it by replacing the rules inside those two (which use remote_group_ids too) to use remote_ip_prefixes. Change-Id: Ib551ac6c0e1e405e8611755f5f5a1f43f94b27bb
7917040
to
5806814
Compare
/hold cancel |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dulek, luis5tb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@luis5tb: All pull requests linked via external trackers have merged: . Bugzilla bug 1838001 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Adding upgradeable status and setting it to always "true" for now.
This patch removes the usage of remote_group_id at the loadbalancer
SG rules to allow the access to the namespace. It obtaines the
namespace associated range and use remote_ip_prefix instead.
Note remote_group_id is still used for the default and namespace
SG groups. We can improve it by replacing the rules inside those two
(which use remote_group_ids too) to use remote_ip_prefixes.