(cloudstack-kubernetes-provider) 01/01: NSX: (temp fix) Skip adding firewall rules for CKS Clusters on VPC tiers

[pe...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

pearl11594 pushed a commit to branch nsx-skip-firewall
in repository https://gitbox.apache.org/repos/asf/cloudstack-kubernetes-provider.git

commit f2870a38da15466101b17326490ad781db70cfff
Author: Pearl Dsilva <pe...@gmail.com>
AuthorDate: Thu Jan 18 11:05:38 2024 -0500

    NSX: (temp fix) Skip adding firewall rules for CKS Clusters on VPC tiers
---
 cloudstack_loadbalancer.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/cloudstack_loadbalancer.go b/cloudstack_loadbalancer.go
index b796dfa9..d9977997 100644
--- a/cloudstack_loadbalancer.go
+++ b/cloudstack_loadbalancer.go
@@ -163,7 +163,12 @@ func (cs *CSCloud) EnsureLoadBalancer(ctx context.Context, clusterName string, s
 			}
 		}
 
-		if lbRule != nil {
+		network, _, err := cs.client.Network.GetNetworkByID(lb.networkID, nil)
+		if err != nil {
+			return nil, err
+		}
+
+		if lbRule != nil && isFirewallSupported(network.Service) {
 			klog.V(4).Infof("Creating firewall rules for load balancer rule: %v (%v:%v:%v)", lbRuleName, protocol, lbRule.Publicip, port.Port)
 			if _, err := lb.updateFirewallRule(lbRule.Publicipid, int(port.Port), protocol, service.Spec.LoadBalancerSourceRanges); err != nil {
 				return nil, err
@@ -244,6 +249,15 @@ func (cs *CSCloud) UpdateLoadBalancer(ctx context.Context, clusterName string, s
 	return nil
 }
 
+func isFirewallSupported(services []cloudstack.NetworkServiceInternal) bool {
+	for _, svc := range services {
+		if svc.Name == "Firewall" {
+			return true
+		}
+	}
+	return false
+}
+
 // EnsureLoadBalancerDeleted deletes the specified load balancer if it exists, returning
 // nil if the load balancer specified either didn't exist or was successfully deleted.
 func (cs *CSCloud) EnsureLoadBalancerDeleted(ctx context.Context, clusterName string, service *corev1.Service) error {