Merge "Fix k8s API server access on Nested deployment"
This commit is contained in:
commit
d16fda6d4c
@ -797,6 +797,21 @@ function create_ingress_l7_router {
|
||||
fi
|
||||
}
|
||||
|
||||
function configure_overcloud_vm_k8s_svc_sg {
|
||||
local project_id
|
||||
local security_group
|
||||
|
||||
project_id=$(get_or_create_project \
|
||||
"$KURYR_NEUTRON_DEFAULT_PROJECT" default)
|
||||
security_group=$(openstack security group list \
|
||||
--project "$project_id" -c ID -c Name -f value | \
|
||||
awk '{if ($2=="default") print $1}')
|
||||
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" \
|
||||
security group rule create --project "$project_id" \
|
||||
--dst-port "$KURYR_K8S_API_LB_PORT" "$security_group"
|
||||
openstack port set "$KURYR_OVERCLOUD_VM_PORT" --security-group service_pod_access
|
||||
}
|
||||
|
||||
source $DEST/kuryr-kubernetes/devstack/lib/kuryr_kubernetes
|
||||
|
||||
# main loop
|
||||
@ -898,6 +913,8 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
||||
KURYR_CONFIGURE_BAREMETAL_KUBELET_IFACE=$(trueorfalse True KURYR_CONFIGURE_BAREMETAL_KUBELET_IFACE)
|
||||
if [[ "$KURYR_CONFIGURE_BAREMETAL_KUBELET_IFACE" == "True" ]]; then
|
||||
ovs_bind_for_kubelet "$KURYR_NEUTRON_DEFAULT_PROJECT" 6443
|
||||
else
|
||||
configure_overcloud_vm_k8s_svc_sg
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -109,3 +109,6 @@ KURYR_L7_ROUTER_NAME=${KURYR_L7_ROUTER_NAME:-kuryr-l7-router}
|
||||
|
||||
# Whether to use Python3
|
||||
KURYR_CONTAINERS_USE_PY3=${KURYR_CONTAINERS_USE_PY3:-False}
|
||||
|
||||
# Kuryr overcloud VM port's name
|
||||
KURYR_OVERCLOUD_VM_PORT=${KURYR_OVERCLOUD_VM_PORT:-port0}
|
||||
|
Loading…
Reference in New Issue
Block a user