Loadbalancer service type fails to create due to subnet access policy
Bug #1749921 reported by
Antoni Segura Puimedon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kuryr-kubernetes |
Fix Released
|
Critical
|
Yossi Boaron |
Bug Description
It is very, very common for production environments to only allow access to the public network and not the associated public subnets. In that case, we fail to allocate a floating IP to the Loadbalancer service type.
The reason why we fail is because our configuration revolves around passing the subnet id and retrieving the network id from that. It makes sense since in this way we get rid of the ambiguity of which of the public subnets were intended to be used. In practice this presents cloud policy issues.
In order to fix it, we need to add a required option for specifying the network id instead and switch the subnet config option to being optional.
Changed in kuryr-kubernetes: | |
assignee: | Antoni Segura Puimedon (celebdor) → Yossi Boaron (yossi-boaron-1234) |
To post a comment you must log in.
This should most definitely have a tempest test!