Skip to content

Commit 16baa32

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #2353 from stackhpc/feat/node-specific-secgroup-rules
🌱 Support for additional controlplane and worker secgroup rules
2 parents 880a5f6 + ce85e03 commit 16baa32

File tree

13 files changed

+534
-19
lines changed

13 files changed

+534
-19
lines changed

api/v1alpha6/openstackcluster_conversion.go

+2
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,8 @@ func restorev1beta1ClusterSpec(previous *infrav1.OpenStackClusterSpec, dst *infr
222222

223223
if previous.ManagedSecurityGroups != nil && dst.ManagedSecurityGroups != nil {
224224
dst.ManagedSecurityGroups.AllNodesSecurityGroupRules = previous.ManagedSecurityGroups.AllNodesSecurityGroupRules
225+
dst.ManagedSecurityGroups.ControlPlaneNodesSecurityGroupRules = previous.ManagedSecurityGroups.ControlPlaneNodesSecurityGroupRules
226+
dst.ManagedSecurityGroups.WorkerNodesSecurityGroupRules = previous.ManagedSecurityGroups.WorkerNodesSecurityGroupRules
225227
}
226228

227229
if dst.APIServerLoadBalancer != nil && previous.APIServerLoadBalancer != nil {

api/v1alpha7/openstackcluster_conversion.go

+2
Original file line numberDiff line numberDiff line change
@@ -218,6 +218,8 @@ func restorev1beta1ClusterSpec(previous *infrav1.OpenStackClusterSpec, dst *infr
218218

219219
if previous.ManagedSecurityGroups != nil && dst.ManagedSecurityGroups != nil {
220220
dst.ManagedSecurityGroups.AllNodesSecurityGroupRules = previous.ManagedSecurityGroups.AllNodesSecurityGroupRules
221+
dst.ManagedSecurityGroups.ControlPlaneNodesSecurityGroupRules = previous.ManagedSecurityGroups.ControlPlaneNodesSecurityGroupRules
222+
dst.ManagedSecurityGroups.WorkerNodesSecurityGroupRules = previous.ManagedSecurityGroups.WorkerNodesSecurityGroupRules
221223
}
222224

223225
if dst.APIServerLoadBalancer != nil && previous.APIServerLoadBalancer != nil {

api/v1beta1/openstackcluster_types.go

+16
Original file line numberDiff line numberDiff line change
@@ -320,6 +320,22 @@ type ManagedSecurityGroups struct {
320320
// +optional
321321
AllNodesSecurityGroupRules []SecurityGroupRuleSpec `json:"allNodesSecurityGroupRules,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
322322

323+
// controlPlaneNodesSecurityGroupRules defines the rules that should be applied to control plane nodes.
324+
// +patchMergeKey=name
325+
// +patchStrategy=merge
326+
// +listType=map
327+
// +listMapKey=name
328+
// +optional
329+
ControlPlaneNodesSecurityGroupRules []SecurityGroupRuleSpec `json:"controlPlaneNodesSecurityGroupRules,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
330+
331+
// workerNodesSecurityGroupRules defines the rules that should be applied to worker nodes.
332+
// +patchMergeKey=name
333+
// +patchStrategy=merge
334+
// +listType=map
335+
// +listMapKey=name
336+
// +optional
337+
WorkerNodesSecurityGroupRules []SecurityGroupRuleSpec `json:"workerNodesSecurityGroupRules,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
338+
323339
// AllowAllInClusterTraffic allows all ingress and egress traffic between cluster nodes when set to true.
324340
// +kubebuilder:default=false
325341
// +kubebuilder:validation:Required

api/v1beta1/zz_generated.deepcopy.go

+14
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

cmd/models-schema/zz_generated.openapi.go

+48
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml

+150
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)