github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 03:03:59 +00:00
Code Issues Projects Releases Wiki Activity

Add service.UID into security group name

Browse Source 
Related to: #53714
This commit is contained in:
FengyunPan 2017-10-26 20:23:16 +08:00
parent 849d7f8595
commit 7215ce30b1
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go
View File

@ -292,8 +292,14 @@ func popMember(members []v2pools.Member, addr string, port int) []v2pools.Member
return members return members
} }
func getSecurityGroupName(clusterName string, service *v1.Service) string { func getSecurityGroupName(service *v1.Service) string {
return fmt.Sprintf("lb-sg-%s-%s-%s", clusterName, service.Namespace, service.Name) securityGroupName := fmt.Sprintf("lb-sg-%s-%s-%s", service.UID, service.Namespace, service.Name)
//OpenStack requires that the name of a security group is shorter than 255 bytes.
if len(securityGroupName) > 255 {
securityGroupName = securityGroupName[:255]
}
return securityGroupName
} }
func getSecurityGroupRules(client *gophercloud.ServiceClient, opts rules.ListOpts) ([]rules.SecGroupRule, error) { func getSecurityGroupRules(client *gophercloud.ServiceClient, opts rules.ListOpts) ([]rules.SecGroupRule, error) {
@ -899,7 +905,7 @@ func (lbaas *LbaasV2) ensureSecurityGroup(clusterName string, apiService *v1.Ser
} }
// ensure security group for LB // ensure security group for LB
lbSecGroupName := getSecurityGroupName(clusterName, apiService) lbSecGroupName := getSecurityGroupName(apiService)
lbSecGroupID, err := groups.IDFromName(lbaas.network, lbSecGroupName) lbSecGroupID, err := groups.IDFromName(lbaas.network, lbSecGroupName)
if err != nil { if err != nil {
// check whether security group does not exist // check whether security group does not exist
@ -914,8 +920,8 @@ func (lbaas *LbaasV2) ensureSecurityGroup(clusterName string, apiService *v1.Ser
if len(lbSecGroupID) == 0 { if len(lbSecGroupID) == 0 {
// create security group // create security group
lbSecGroupCreateOpts := groups.CreateOpts{ lbSecGroupCreateOpts := groups.CreateOpts{
Name: getSecurityGroupName(clusterName, apiService), Name: getSecurityGroupName(apiService),
Description: fmt.Sprintf("Securty Group for loadbalancer service %s/%s", apiService.Namespace, apiService.Name), Description: fmt.Sprintf("Securty Group for %s/%s Service LoadBalancer in cluster %s", apiService.Namespace, apiService.Name, clusterName),
} }
lbSecGroup, err := groups.Create(lbaas.network, lbSecGroupCreateOpts).Extract() lbSecGroup, err := groups.Create(lbaas.network, lbSecGroupCreateOpts).Extract()
@ -1197,7 +1203,7 @@ func (lbaas *LbaasV2) updateSecurityGroup(clusterName string, apiService *v1.Ser
removals := original.Difference(current) removals := original.Difference(current)
// Generate Name // Generate Name
lbSecGroupName := getSecurityGroupName(clusterName, apiService) lbSecGroupName := getSecurityGroupName(apiService)
lbSecGroupID, err := groups.IDFromName(lbaas.network, lbSecGroupName) lbSecGroupID, err := groups.IDFromName(lbaas.network, lbSecGroupName)
if err != nil { if err != nil {
return fmt.Errorf("error occurred finding security group: %s: %v", lbSecGroupName, err) return fmt.Errorf("error occurred finding security group: %s: %v", lbSecGroupName, err)
@ -1369,7 +1375,7 @@ func (lbaas *LbaasV2) EnsureLoadBalancerDeleted(clusterName string, service *v1.
// Delete the Security Group // Delete the Security Group
if lbaas.opts.ManageSecurityGroups { if lbaas.opts.ManageSecurityGroups {
// Generate Name // Generate Name
lbSecGroupName := getSecurityGroupName(clusterName, service) lbSecGroupName := getSecurityGroupName(service)
lbSecGroupID, err := groups.IDFromName(lbaas.network, lbSecGroupName) lbSecGroupID, err := groups.IDFromName(lbaas.network, lbSecGroupName)
if err != nil { if err != nil {
// check whether security group does not exist // check whether security group does not exist