mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
BUGFIX: must use ID, not name, of the node security group when adding rules to it
This commit is contained in:
parent
d0ff465b1c
commit
8ed735d104
@ -554,14 +554,14 @@ func getSubnetIDForLB(compute *gophercloud.ServiceClient, node v1.Node) (string,
|
||||
}
|
||||
|
||||
// getNodeSecurityGroupIDForLB lists node-security-groups for specific nodes
|
||||
func getNodeSecurityGroupIDForLB(compute *gophercloud.ServiceClient, nodes []*v1.Node) ([]string, error) {
|
||||
nodeSecurityGroupIDs := sets.NewString()
|
||||
func getNodeSecurityGroupIDForLB(compute *gophercloud.ServiceClient, network *gophercloud.ServiceClient, nodes []*v1.Node) ([]string, error) {
|
||||
secGroupNames := sets.NewString()
|
||||
|
||||
for _, node := range nodes {
|
||||
nodeName := types.NodeName(node.Name)
|
||||
srv, err := getServerByName(compute, nodeName)
|
||||
if err != nil {
|
||||
return nodeSecurityGroupIDs.List(), err
|
||||
return []string{}, err
|
||||
}
|
||||
|
||||
// use the first node-security-groups
|
||||
@ -569,11 +569,19 @@ func getNodeSecurityGroupIDForLB(compute *gophercloud.ServiceClient, nodes []*v1
|
||||
// case 1: node1:SG1 node2:SG2 return SG1,SG2
|
||||
// case 2: node1:SG1,SG2 node2:SG3,SG4 return SG1,SG3
|
||||
// case 3: node1:SG1,SG2 node2:SG2,SG3 return SG1,SG2
|
||||
securityGroupName := srv.SecurityGroups[0]["name"]
|
||||
nodeSecurityGroupIDs.Insert(securityGroupName.(string))
|
||||
secGroupNames.Insert(srv.SecurityGroups[0]["name"].(string))
|
||||
}
|
||||
|
||||
return nodeSecurityGroupIDs.List(), nil
|
||||
secGroupIDs := make([]string, secGroupNames.Len())
|
||||
for i, name := range secGroupNames.List() {
|
||||
secGroupID, err := groups.IDFromName(network, name)
|
||||
if err != nil {
|
||||
return []string{}, err
|
||||
}
|
||||
secGroupIDs[i] = secGroupID
|
||||
}
|
||||
|
||||
return secGroupIDs, nil
|
||||
}
|
||||
|
||||
// isSecurityGroupNotFound return true while 'err' is object of gophercloud.ErrResourceNotFound
|
||||
@ -997,7 +1005,7 @@ func (lbaas *LbaasV2) ensureSecurityGroup(clusterName string, apiService *v1.Ser
|
||||
// find node-security-group for service
|
||||
var err error
|
||||
if len(lbaas.opts.NodeSecurityGroupIDs) == 0 {
|
||||
lbaas.opts.NodeSecurityGroupIDs, err = getNodeSecurityGroupIDForLB(lbaas.compute, nodes)
|
||||
lbaas.opts.NodeSecurityGroupIDs, err = getNodeSecurityGroupIDForLB(lbaas.compute, lbaas.network, nodes)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to find node-security-group for loadbalancer service %s/%s: %v", apiService.Namespace, apiService.Name, err)
|
||||
}
|
||||
@ -1311,7 +1319,7 @@ func (lbaas *LbaasV2) updateSecurityGroup(clusterName string, apiService *v1.Ser
|
||||
originalNodeSecurityGroupIDs := lbaas.opts.NodeSecurityGroupIDs
|
||||
|
||||
var err error
|
||||
lbaas.opts.NodeSecurityGroupIDs, err = getNodeSecurityGroupIDForLB(lbaas.compute, nodes)
|
||||
lbaas.opts.NodeSecurityGroupIDs, err = getNodeSecurityGroupIDForLB(lbaas.compute, lbaas.network, nodes)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to find node-security-group for loadbalancer service %s/%s: %v", apiService.Namespace, apiService.Name, err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user