Fix POD to POD networking with ML2/OVN
In ML2/OVN POD to POD networking does not work due to different result of using network CIDRs in allowed_address_pairs. The situation is explained in the bug and mailing list thread [1]. [1]: http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019442.html Related-Bug: #https://bugs.launchpad.net/neutron/+bug/1908382 Closes-Bug: #1908382 Change-Id: I659285048c4acb01eaa9d0e5e78e87269ab197b0
This commit is contained in:
parent
a5bb90a6b1
commit
76e5006661
|
@ -1127,6 +1127,25 @@ resources:
|
|||
port_range_max: 65535
|
||||
security_group: {get_resource: secgroup_kube_minion}
|
||||
remote_group: {get_resource: secgroup_kube_minion}
|
||||
# allow traffic between PODs for ML2/OVN
|
||||
secgroup_rule_tcp_kube_minion_pods_cidr:
|
||||
condition: create_cluster_resources
|
||||
type: OS::Neutron::SecurityGroupRule
|
||||
properties:
|
||||
protocol: tcp
|
||||
port_range_min: 1
|
||||
port_range_max: 65535
|
||||
remote_ip_prefix: {get_param: pods_network_cidr}
|
||||
security_group: {get_resource: secgroup_kube_minion}
|
||||
secgroup_rule_udp_kube_minion_pods_cidr:
|
||||
condition: create_cluster_resources
|
||||
type: OS::Neutron::SecurityGroupRule
|
||||
properties:
|
||||
protocol: udp
|
||||
port_range_min: 1
|
||||
port_range_max: 65535
|
||||
remote_ip_prefix: {get_param: pods_network_cidr}
|
||||
security_group: {get_resource: secgroup_kube_minion}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue