Created
August 13, 2019 12:42
-
-
Save infinitydon/7d27767c6650520a5395703be1b1cf58 to your computer and use it in GitHub Desktop.
Openstack LB SG update with Port addtion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.) First all create a LB svc: | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| labels: | |
| app.kubernetes.io/name: ingress-nginx | |
| spec: | |
| type: LoadBalancer | |
| selector: | |
| app.kubernetes.io/name: ingress-nginx | |
| ports: | |
| - name: https | |
| port: 443 | |
| targetPort: https | |
| - name: http | |
| port: 80 | |
| targetPort: http | |
| 2.) Then update the same svc by adding another port | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: ingress-nginx | |
| namespace: ingress-nginx | |
| labels: | |
| app.kubernetes.io/name: ingress-nginx | |
| spec: | |
| type: LoadBalancer | |
| selector: | |
| app.kubernetes.io/name: ingress-nginx | |
| ports: | |
| - name: https | |
| port: 443 | |
| targetPort: https | |
| - name: http | |
| port: 80 | |
| targetPort: http | |
| - name: ssh | |
| port: 22 | |
| targetPort: 22 | |
| The Openstack SG does not reflect the new port that was added to the svc, so traffic to this port will fail. |
it should work for most of the scenarios but not for this case, I'm not 100% sure because i'm not a neutron-lbaas user. Octavia is using a different deployment model with neutron-lbaas and takes good care of sgs for the lb.
Ok.. Could please kindly try the scenario on Octavia, I currently don't have access to an Octavia based Openstack cluster.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The supported LB solution now is only Octavia?