diff --git a/devstack/lib/kuryr_kubernetes b/devstack/lib/kuryr_kubernetes index bb046e448..275e0b231 100644 --- a/devstack/lib/kuryr_kubernetes +++ b/devstack/lib/kuryr_kubernetes @@ -65,6 +65,8 @@ function ovs_bind_for_kubelet() { sudo ip addr add "${port_ips[$i]}/${prefix}" dev "$ifname" done sudo ip route add "$service_subnet_cidr" via "$pod_subnet_gw" dev "$ifname" + # Ignore the error if openstack-INPUT chain doesn't exist. + sudo iptables -I openstack-INPUT 1 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 --dport 6443 -j ACCEPT || true } # get_container diff --git a/devstack/plugin.sh b/devstack/plugin.sh index a79709ec7..e8f4c3bc5 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -198,7 +198,7 @@ function create_k8s_api_service { # containerized kuryr controller or kube-dns) to talk to the K8s API # service local service_cidr - local router_ip + local kubelet_iface_ip local lb_name lb_name='default/kubernetes' @@ -207,6 +207,8 @@ function create_k8s_api_service { subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \ -c cidr -f value) + kubelet_iface_ip=$(openstack port show kubelet-"${HOSTNAME}" -c fixed_ips -f value | cut -d \' -f 2) + k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1) neutron lbaas-loadbalancer-create --name "$lb_name" \ @@ -237,17 +239,17 @@ function create_k8s_api_service { while [[ "$(_lb_state $lb_name)" != "ACTIVE" ]]; do sleep 1 done + + local api_port if is_service_enabled openshift-master; then - neutron lbaas-member-create --subnet public-subnet \ - --address "${HOST_IP}" \ - --protocol-port 8443 \ - default/kubernetes:443 + api_port=8443 else - neutron lbaas-member-create --subnet public-subnet \ - --address "${HOST_IP}" \ - --protocol-port 6443 \ - default/kubernetes:443 + api_port=6443 fi + neutron lbaas-member-create --subnet public-subnet \ + --address ${kubelet_iface_ip} \ + --protocol-port ${api_port} \ + default/kubernetes:443 } function configure_neutron_defaults {