Fix POD to POD networking with ML2/OVN

In ML2/OVN POD to POD networking does not work due to
different result of using network CIDRs in allowed_address_pairs.
The situation is explained in the bug and mailing list thread
[1]. 

[1]: http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019442.html

Related-Bug: #https://bugs.launchpad.net/neutron/+bug/1908382

Closes-Bug: #1908382
Change-Id: I659285048c4acb01eaa9d0e5e78e87269ab197b0
This commit is contained in:
Michał Nasiadka 2021-02-03 15:55:33 +01:00 committed by Michal Nasiadka
parent a5bb90a6b1
commit 76e5006661
1 changed files with 19 additions and 0 deletions

View File

@ -1127,6 +1127,25 @@ resources:
port_range_max: 65535
security_group: {get_resource: secgroup_kube_minion}
remote_group: {get_resource: secgroup_kube_minion}
# allow traffic between PODs for ML2/OVN
secgroup_rule_tcp_kube_minion_pods_cidr:
condition: create_cluster_resources
type: OS::Neutron::SecurityGroupRule
properties:
protocol: tcp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: {get_param: pods_network_cidr}
security_group: {get_resource: secgroup_kube_minion}
secgroup_rule_udp_kube_minion_pods_cidr:
condition: create_cluster_resources
type: OS::Neutron::SecurityGroupRule
properties:
protocol: udp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: {get_param: pods_network_cidr}
security_group: {get_resource: secgroup_kube_minion}
######################################################################
#