Fix restoring listener in case of removing NP.
In case of using amphora with Octavia, and network policy, which blocking the traffic within the namespace, LB listener was set to offline state. After removal of the NP, listener state still was offline. In this patch we fix that case. Change-Id: I406cdc7d368122c6f828e9fa481d267e56b22ca6 Closes-Bug: 1899148
This commit is contained in:
parent
6b449bcc9a
commit
d26133a02d
|
@ -170,11 +170,16 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
||||||
all_pod_rules = []
|
all_pod_rules = []
|
||||||
add_default_rules = False
|
add_default_rules = False
|
||||||
os_net = clients.get_network_client()
|
os_net = clients.get_network_client()
|
||||||
|
sgs = []
|
||||||
|
|
||||||
if new_sgs:
|
if new_sgs:
|
||||||
sgs = new_sgs
|
sgs = new_sgs
|
||||||
else:
|
elif loadbalancer['security_groups']:
|
||||||
sgs = loadbalancer['security_groups']
|
sgs = loadbalancer['security_groups']
|
||||||
|
else:
|
||||||
|
# NOTE(gryf): in case there is no new SG rules and loadbalancer
|
||||||
|
# has the SG removed, just add default ones.
|
||||||
|
add_default_rules = True
|
||||||
|
|
||||||
# Check if Network Policy allows listener on the pods
|
# Check if Network Policy allows listener on the pods
|
||||||
for sg in sgs:
|
for sg in sgs:
|
||||||
|
|
|
@ -298,6 +298,8 @@ class KuryrNetworkPolicyHandler(k8s_base.ResourceEventHandler):
|
||||||
# Probably the network got removed already, we can ignore it.
|
# Probably the network got removed already, we can ignore it.
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
self._drv_policy.delete_np_sg(crd_sg)
|
||||||
|
|
||||||
if (CONF.octavia_defaults.enforce_sg_rules and policy and
|
if (CONF.octavia_defaults.enforce_sg_rules and policy and
|
||||||
not self._is_egress_only_policy(policy)):
|
not self._is_egress_only_policy(policy)):
|
||||||
services = driver_utils.get_services(
|
services = driver_utils.get_services(
|
||||||
|
@ -306,7 +308,14 @@ class KuryrNetworkPolicyHandler(k8s_base.ResourceEventHandler):
|
||||||
if (not svc['spec'].get('selector') or not
|
if (not svc['spec'].get('selector') or not
|
||||||
self._is_service_affected(svc, pods_to_update)):
|
self._is_service_affected(svc, pods_to_update)):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
sgs = self._drv_svc_sg.get_security_groups(svc, project_id)
|
sgs = self._drv_svc_sg.get_security_groups(svc, project_id)
|
||||||
|
|
||||||
|
if crd_sg in sgs:
|
||||||
|
# Remove our crd_sg out of service groups since we
|
||||||
|
# don't have it anymore
|
||||||
|
sgs.remove(crd_sg)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self._drv_lbaas.update_lbaas_sg(svc, sgs)
|
self._drv_lbaas.update_lbaas_sg(svc, sgs)
|
||||||
except exceptions.ResourceNotReady:
|
except exceptions.ResourceNotReady:
|
||||||
|
@ -314,8 +323,6 @@ class KuryrNetworkPolicyHandler(k8s_base.ResourceEventHandler):
|
||||||
# get handled when members will be getting created.
|
# get handled when members will be getting created.
|
||||||
pass
|
pass
|
||||||
|
|
||||||
self._drv_policy.delete_np_sg(crd_sg)
|
|
||||||
|
|
||||||
LOG.debug("Removing finalizers from KuryrNetworkPolicy and "
|
LOG.debug("Removing finalizers from KuryrNetworkPolicy and "
|
||||||
"NetworkPolicy.")
|
"NetworkPolicy.")
|
||||||
if policy:
|
if policy:
|
||||||
|
|
Loading…
Reference in New Issue