cluster-api-provider-openstack
cluster-api-provider-openstack copied to clipboard
kubernetes-sigs
π Expose NodePorts on cluster network instead of 0.0.0.0/0
What this PR does / why we need it:
This PR changes NodePorts to only be open from cluster network.
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #2127
Special notes for your reviewer:
I assume this is something that would be in 0.11 or 1.0? If so where do we put the changelog?
I also need to make sure what IP ranged we potentially want to use since there is multiple ways of specifying them depending on of they are operator managed or not.
TODOs:
- [ ] squashed commits
- if necessary:
- [ ] includes documentation
- [ ] adds unit tests
/hold
Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!
| Name | Link |
|---|---|
| Latest commit | ea7bf33cc9ed8b35cf2c829af17ef9a77ddc0a4f |
| Latest deploy log | https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/670f7849bc02000008f77d72 |
| Deploy Preview | https://deploy-preview-2128--kubernetes-sigs-cluster-api-openstack.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
The committers listed above are authorized under a signed CLA.
- :white_check_mark: login: mikaelgron / name: Mikael GrΓΆn (ea7bf33cc9ed8b35cf2c829af17ef9a77ddc0a4f)
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
Please can you also add a code comment in there about why we're explicitly adding this subnet? Namely because this is the default subnet used by CPO as the origin of traffic from Octavia load balancers to load balancer members? Otherwise it risks being deleted by somebody because it looks redundant, even me in 6 months when I've forgotten this discussion again π
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: mdbooth
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [mdbooth]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
Looks like something went wrong with the rebase / squash, looks like the changes have been rebased into the branch from the upstream/main and squashed against elastx/main that hasn't been synced in 3 weeks, so everything pushed upstream since then have been squashed.
Wierd that this don't get a /needs-rebase imo
Well shit. Does it need fixing before merging?
The easiest way is probably getting a patch from git diff <upstream>/main --patch >nodeports.patch and if that looks correct, git reset HEAD~1 --hard, then rebase, apply patch and commit/push
@bilbobrovall here's what I did if it shines any light on it:
git fetch
git reset $(git merge-base main HEAD)
git add -A
git commit -m "Expose NodePorts on cluster network instead of 0
.0.0.0/0"
git push --force
git merge-base main HEAD yields 6560f8882a2aa7ece3d13d47f2f2badbcba348c3.
I was thinking for a moment that I should've used git merge-base upstream/main HEAD instead, but that gives the same ref.