Add security groups automatically

hidekazuna · hidekazuna · commit 86c632a3cb8c · 2020-06-17T01:45:22.000Z
Currently generate security groups are not added to the instances.
This commit makes it automatically.
diff --git a/pkg/cloud/services/compute/instance.go b/pkg/cloud/services/compute/instance.go
@@ -98,6 +98,14 @@ func (s *Service) InstanceCreate(clusterName string, machine *clusterv1.Machine,
 	if err != nil {
 		return nil, err
 	}
+	if openStackCluster.Spec.ManagedSecurityGroups {
+		if util.IsControlPlaneMachine(machine) {
+			securityGroups = append(securityGroups, openStackCluster.Status.ControlPlaneSecurityGroup.ID)
+		} else {
+			securityGroups = append(securityGroups, openStackCluster.Status.WorkerSecurityGroup.ID)
+		}
+	}
+
 	// Get all network UUIDs
 	var nets []ServerNetwork
 	if len(openStackMachine.Spec.Networks) > 0 {
diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml
@@ -121,8 +121,6 @@ spec:
       cloudsSecret:
         name: ${CLUSTER_NAME}-cloud-config
         namespace: ${NAMESPACE}
-      securityGroups:
-      - name: k8s-cluster-${NAMESPACE}-${CLUSTER_NAME}-secgroup-controlplane
 ---
 apiVersion: cluster.x-k8s.io/v1alpha3
 kind: MachineDeployment
@@ -161,8 +159,6 @@ spec:
         namespace: ${NAMESPACE}
       flavor: ${OPENSTACK_NODE_MACHINE_FLAVOR}
       image: ${OPENSTACK_IMAGE_NAME}
-      securityGroups:
-        - name: k8s-cluster-${NAMESPACE}-${CLUSTER_NAME}-secgroup-worker
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
 kind: KubeadmConfigTemplate
