services backed by neutron-lbaas do not work with native ovs firewall
Bug #1749968 reported by
Antoni Segura Puimedon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kuryr-kubernetes |
Fix Released
|
Critical
|
Michal Dulko |
Bug Description
When we use neutron-lbaas (deprecated by Octavia but still very much in use) we do not set the appropriate security groups we get from the service sg driver. We did not catch this due to the fact that with the hybrid driver, lbaasv2 is done with an internal ovs port that bypasses the SGs. Octavia does the rules according to the listeners and does not present this issue, so that's why we did not notice it there either.
We should check the LB provider and if it is haproxy we should deal with the SGs ourselves from the default driver.
Changed in kuryr-kubernetes: | |
status: | New → Triaged |
importance: | Undecided → Critical |
assignee: | nobody → Antoni Segura Puimedon (celebdor) |
milestone: | none → queens-rc-final |
Changed in kuryr-kubernetes: | |
assignee: | Antoni Segura Puimedon (celebdor) → Michal Dulko (michal-dulko-f) |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/545363
Review: https:/