Merge pull request #563 from hidekazuna/secgroup_auto

Add generated security groups automatically

Author: k8s-ci-robot

pkg/cloud/services/compute/instance.go

@@ -98,6 +98,14 @@ func (s *Service) InstanceCreate(clusterName string, machine *clusterv1.Machine,
 	if err != nil {
 		return nil, err
 	}
+	if openStackCluster.Spec.ManagedSecurityGroups {
+		if util.IsControlPlaneMachine(machine) {
+			securityGroups = append(securityGroups, openStackCluster.Status.ControlPlaneSecurityGroup.ID)
+		} else {
+			securityGroups = append(securityGroups, openStackCluster.Status.WorkerSecurityGroup.ID)
+		}
+	}
+
 	// Get all network UUIDs
 	var nets []ServerNetwork
 	if len(openStackMachine.Spec.Networks) > 0 {

templates/cluster-template.yaml

@@ -119,8 +119,6 @@ spec:
       cloudsSecret:
         name: ${CLUSTER_NAME}-cloud-config
         namespace: ${NAMESPACE}
-      securityGroups:
-      - name: k8s-cluster-${NAMESPACE}-${CLUSTER_NAME}-secgroup-controlplane
 ---
 apiVersion: cluster.x-k8s.io/v1alpha3
 kind: MachineDeployment
@@ -159,8 +157,6 @@ spec:
         namespace: ${NAMESPACE}
       flavor: ${OPENSTACK_NODE_MACHINE_FLAVOR}
       image: ${OPENSTACK_IMAGE_NAME}
-      securityGroups:
-        - name: k8s-cluster-${NAMESPACE}-${CLUSTER_NAME}-secgroup-worker
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
 kind: KubeadmConfigTemplate