I should note that the documentation for manage-security-groups [1] states that it is ignored for Octavia so it doesn't seem like this is actually an issue with the configuration not being applied. In a related bug [2], the thinking was that the integrator charm would specifically need to create SG rules to allow NodePort ingress from within the subnet but this seems to indicate that simply restarting the openstack-cloud-controller-manager services might fix it, and another issue that's been opened [3] seems to indicate that perhaps the SG rules out to be unnecessary regardless.
I should note that the documentation for manage- security- groups [1] states that it is ignored for Octavia so it doesn't seem like this is actually an issue with the configuration not being applied. In a related bug [2], the thinking was that the integrator charm would specifically need to create SG rules to allow NodePort ingress from within the subnet but this seems to indicate that simply restarting the openstack- cloud-controlle r-manager services might fix it, and another issue that's been opened [3] seems to indicate that perhaps the SG rules out to be unnecessary regardless.
[1]: https:/ /github. com/kubernetes/ cloud-provider- openstack/ blob/master/ docs/using- openstack- cloud-controlle r-manager. md#load- balancer /bugs.launchpad .net/charm- kubernetes- master/ +bug/1884995 /bugs.launchpad .net/charm- openstack- integrator/ +bug/1893512
[2]: https:/
[3]: https:/