You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by GitBox <gi...@apache.org> on 2019/12/02 18:31:46 UTC

[GitHub] [cloudstack-kubernetes-provider] onitake commented on issue #9: [WIP] Support loadBalancerSourceRanges

onitake commented on issue #9: [WIP] Support loadBalancerSourceRanges
URL: https://github.com/apache/cloudstack-kubernetes-provider/pull/9#issuecomment-560521940
 
 
   Proposed solution:
   * Implement a new function `updateFirewallRules` that takes one argument - the LB NAT IP object's UUID and the new rule set from `loadBalancerSourceRanges`
     * Replace `loadBalancerSourceRanges` with `["0.0.0.0/0"]` if the list is empty
     * Fetche the NAT IP's current rule set via [listFirewallRules](https://cloudstack.apache.org/api/apidocs-4.13/apis/listFirewallRules.html)
     * Compare the current rule set against `loadBalancerSourceRanges`
     * If they are identical, return
     * If they are not, add all rules via [createFirewallRule](https://cloudstack.apache.org/api/apidocs-4.13/apis/createFirewallRule.html) then
     * remove all previous rules from the current rule set via [deleteFirewallRule](https://cloudstack.apache.org/api/apidocs-4.13/apis/deleteFirewallRule.html)
   * Each time `EnsureLoadBalancer` is called, call `updateFirewallRules`
   
   This ensures that the firewall rules can be updated without service interruption.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services