Merge "devstack: Fix octavia api lb kubelet iface access" into stable/queens

2018-09-12 10:59:10 +00:00 · 2018-09-12 10:59:10 +00:00 · e3c2f1c312
parent 7b74ef9aee f8a27bf505
commit e3c2f1c312
2 changed files with 34 additions and 6 deletions
--- a/devstack/lib/kuryr_kubernetes
+++ b/devstack/lib/kuryr_kubernetes
@ -35,6 +35,17 @@ function ovs_bind_for_kubelet() {
        --network "${KURYR_NEUTRON_DEFAULT_POD_NET}" \
        -f value -c id \
        kubelet-"${HOSTNAME}")
+    # Need to enable Amphorae subnet access to the kubelet iface for API
+    # access
+    local use_octavia
+    use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
+    if [[ "$use_octavia" == "True" && \
+          "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
+        openstack port set "$port_id" --security-group service_pod_access
+    elif [[ "$use_octavia" == "True" && \
+            "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
+        openstack port set "$port_id" --security-group octavia_pod_access
+    fi
    ifname="kubelet${port_id}"
    ifname="${ifname:0:14}"
    service_subnet_cidr=$(openstack --os-cloud devstack-admin \
@ -893,10 +904,18 @@ function create_load_balancer_member {
    wait_for_lb $lb

    if is_service_enabled octavia; then
-        openstack loadbalancer member create --name "$name" \
-            --address "$address" \
-            --protocol-port "$port" \
-            "$pool"
+        if [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
+            openstack loadbalancer member create --name "$name" \
+                --address "$address" \
+                --protocol-port "$port" \
+                "$pool"
+        else
+            openstack loadbalancer member create --name "$name" \
+                --address "$address" \
+                --protocol-port "$port" \
+                --subnet "$subnet" \
+                "$pool"
+        fi
    else
        neutron lbaas-member-create --name "$name" \
            --subnet "$subnet" \
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -195,6 +195,7 @@ function create_k8s_api_service {
    local kubelet_iface_ip
    local lb_name
    local project_id
+    local use_octavia

    project_id=$(get_or_create_project \
        "$KURYR_NEUTRON_DEFAULT_PROJECT" default)
@ -221,8 +222,16 @@ function create_k8s_api_service {
        api_port=6443
    fi

-    create_load_balancer_member "$(hostname)" "$kubelet_iface_ip" "$api_port" \
-        default/kubernetes:443 public-subnet "$lb_name" "$project_id"
+    use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
+    if [[ "$use_octavia" == "True" && \
+          "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
+        create_load_balancer_member "$(hostname)" "$kubelet_iface_ip" "$api_port" \
+            default/kubernetes:443 $KURYR_NEUTRON_DEFAULT_POD_SUBNET "$lb_name" \
+            "$project_id"
+    else
+        create_load_balancer_member "$(hostname)" "$kubelet_iface_ip" "$api_port" \
+            default/kubernetes:443 public-subnet "$lb_name" "$project_id"
+    fi
 }

 function configure_neutron_defaults {