Add prefix to security groups allow-ssh and allow-icmp (!354) · Merge requests · Sovereign Cloud Stack / k8s-cluster-api-provider

Kurt Garloff requested to merge 343_sec_groups_prefix into main Mar 03, 2023

Created by: matofeder

Security groups allow-ssh and allow-icmp are created by the terraform script and then referenced in the cluster template. In a special case when e.g. two management nodes and then two CAPI clusters (with different names) want to share one OpenStack project, the allow-ssh, and allow-icmp are created two times. These sec. groups have the same names but have different IDs. As the CAPI provider looks for sec. group by its name, not by ID, the cluster node could have the "doubled" sec. groups association. This is an unwanted behavior that may break e.g. cleanup process, where the terraform wants to remove sec. group used by another cluster.

This PR adds a "prefix" to the allow-ssh and allow-icmp sec. groups that distinguish their usage in a single OpenStack project.

Closes #343 (closed)

Admin message

Add prefix to security groups allow-ssh and allow-icmp

Merge request reports