Configurable OpenStack SecurityGroups #389
Labels
area/networking
Networking related
kind/enhancement
Enhancement, improvement, extension
lifecycle/rotten
Nobody worked on this for 12 months (final aging stage)
platform/openstack
OpenStack platform/infrastructure
Comments
gardener-robot
added
area/networking
|
Hello, could anyone give me an update on the above? |
|
@SvenMW Command |
gardener-robot
added
the
lifecycle/stale
gardener-robot
added
lifecycle/rotten
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to categorize this issue?
/area networking
/kind enhancement
/platform openstack
What would you like to be added:
A configuration option to specify custom OpenStack SecurityGroups using this extension.
From what i know, customizing OpenStack SecurityGroups should only be possible by specifying the desired configuration in the templates inside ./pkg/internal/infrastructure/templates.
As of now, the rules specified in main.tpl.tf are static and use
openstack_networking_secgroup_v2.cluster.[id|name]to bind to the desired cluster.Why is this needed:
Apparently, the OpenStack SecurityGroups that are deployed via this extension cannot be configured externally, as they are statically baked into the template - Please correct me if i'm wrong on this. However, the default rules created are undesirable in production use-cases, since they enable all TCP/UDP traffic from/to any network source.
I'd be glad on getting any hint to support the above using this extension. If there is a chance of implementing this in a reasonable way, i'd also be ready to prepare a PR for it.
Since the project seems to be transitioning off of the usage of Terraform (#362), the implementation of this doesn't have to be in form of extending the existing templates. This might rather be seen as a good occasion to migrate logic into a go package using the
gophercloudSDK instead.The text was updated successfully, but these errors were encountered: