restrict_kubeapi not working
Created by: Nils98Ar
I've set this in the tf environment:
[...]
restrict_kubeapi = [ "none" ]
[...]
This creates the following file in the workload cluster dir:
ubuntu@pub-01-mgmtcluster:~/pub-dev-01$ cat restrict-kubeapi-cidr.yaml
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha7
kind: OpenStackCluster
metadata:
name: pub-dev-01
spec:
allowAllInClusterTraffic: true
apiServerLoadBalancer:
allowedCidrs:
- <external ip>/32
But it is not patched into the actual workload cluster config yaml:
ubuntu@pub-01-mgmtcluster:~/pub-dev-01$ grep -i cidr pub-dev-01-config.yaml
cidrBlocks:
cidrBlocks:
nodeCidr: <xyz>
.. and therefore not to applied the OpenStack LB:
ubuntu@pub-01-mgmtcluster:~/pub-dev-01$ openstack loadbalancer listener show k8s-clusterapi-cluster-pub-dev-01-pub-dev-01-kubeapi-6443 | grep -i cidr
| allowed_cidrs | None