Fix K8s API access through LBaaS on gates

In the gate K8s API was inaccessible through the LB we create for it. This means that we could only connect to the API directly through HOST_IP. This commit fixes the issue by adding required iptables rule that allows traffic to the LB and fixes up the member IP added to the LB. Change-Id: Icd53ec45a479d54015d0506fb5e8bb9896d0a9df Related-Bug: 555040
2018-04-10 10:31:10 +02:00 · 2018-04-10 10:31:10 +02:00 · 49470991ad
commit 49470991ad
parent d37c2cb564
2 changed files with 13 additions and 9 deletions
--- a/devstack/lib/kuryr_kubernetes
+++ b/devstack/lib/kuryr_kubernetes
@ -65,6 +65,8 @@ function ovs_bind_for_kubelet() {
        sudo ip addr add "${port_ips[$i]}/${prefix}" dev "$ifname"
    done
    sudo ip route add "$service_subnet_cidr" via "$pod_subnet_gw" dev "$ifname"
+    # Ignore the error if openstack-INPUT chain doesn't exist.
+    sudo iptables -I openstack-INPUT 1 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 --dport 6443 -j ACCEPT || true
 }

 # get_container
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -212,7 +212,7 @@ function create_k8s_api_service {
    # containerized kuryr controller or kube-dns) to talk to the K8s API
    # service
    local service_cidr
-    local router_ip
+    local kubelet_iface_ip
    local lb_name

    lb_name='default/kubernetes'
@ -221,6 +221,8 @@ function create_k8s_api_service {
                             subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
                             -c cidr -f value)

+    kubelet_iface_ip=$(openstack port show kubelet-"${HOSTNAME}" -c fixed_ips -f value | cut -d \' -f 2)
+
    k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1)

    neutron lbaas-loadbalancer-create --name "$lb_name" \
@ -251,17 +253,17 @@ function create_k8s_api_service {
    while [[ "$(_lb_state $lb_name)" != "ACTIVE" ]]; do
        sleep 1
    done
+
+    local api_port
    if is_service_enabled openshift-master; then
-        neutron lbaas-member-create  --subnet public-subnet \
-            --address "${HOST_IP}" \
-            --protocol-port 8443 \
-            default/kubernetes:443
+        api_port=8443
    else
-        neutron lbaas-member-create  --subnet public-subnet \
-            --address "${HOST_IP}" \
-            --protocol-port 6443 \
-            default/kubernetes:443
+        api_port=6443
    fi
+    neutron lbaas-member-create  --subnet public-subnet \
+        --address ${kubelet_iface_ip} \
+        --protocol-port ${api_port} \
+        default/kubernetes:443
 }

 function configure_neutron_defaults {