cluster-api-provider-openstack
cluster-api-provider-openstack copied to clipboard
kubernetes-sigs
⚠️ WIP - New API for Security Groups
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1752
Special notes for your reviewer:
- Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
- [ ] squashed commits
- if necessary:
- [ ] includes documentation
- [ ] adds unit tests
/hold
Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!
| Name | Link |
|---|---|
| Latest commit | fbf1deb82d757dca983b229bcf76767b35beec9c |
| Latest deploy log | https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/65675bb56e0f6600088fee5e |
| Deploy Preview | https://deploy-preview-1751--kubernetes-sigs-cluster-api-openstack.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: EmilienM Once this PR has been reviewed and has the lgtm label, please assign vincepri for approval. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
This looks like a flexible approach that allows users to implement security groups tailored to their needs.
I'm wondering if it makes sense to investigate similar implementations across other providers as well and to mirror their API/naming scheme whereever it makes sense to do so.
CAPA, for example, defines a CNIIngressRule resource, which could serve as an inspiration here. In line with their naming scheme we could adopt fromPort and toPort in lieu of portRangeMin and portRangeMax proposed here.
Either way, thank you for working on this ❤️
Note for self when I'm back to it next week: I need to add bastion rules in templates for e2e to pass.
@EmilienM: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-cluster-api-provider-openstack-build | fbf1deb82d757dca983b229bcf76767b35beec9c | link | true | /test pull-cluster-api-provider-openstack-build |
| pull-cluster-api-provider-openstack-test | fbf1deb82d757dca983b229bcf76767b35beec9c | link | true | /test pull-cluster-api-provider-openstack-test |
| pull-cluster-api-provider-openstack-e2e-test | fbf1deb82d757dca983b229bcf76767b35beec9c | link | true | /test pull-cluster-api-provider-openstack-e2e-test |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Note: this one is not staled, I'll come back to it at some point this year, now that we have a new API for Security Groups.