winterhazel commented on PR #9223: URL: https://github.com/apache/cloudstack/pull/9223#issuecomment-2635559101
> If the network state is implemented and has an existing firewall rule. > > The network already has a running state router > > CKS cluster fails with the following exception > That's the expected behavior, isn't it? ACS will block cluster creation because it needs to add firewall rules that will conflict with the existing one. What we could do is remove this limitation and, before adding the necessary rules, check if there is already a rule covering them; if there is, we do not add the rules. This would be a separate enhancement though. > There is no issue with CKS cluster creation if the network state is allocated and has an existing firewall rule. > > The network does not have a running router Also the current expected behavior. No validation is performed if the network's state is `Allocated`. https://github.com/apache/cloudstack/blob/22c71928dd28dc3217e59c9d4d7dacc56621a02f/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java#L403-L409 I haven't looked deeper into whether there is a better reason for this, but it seems to me that we could remove this so that the rules get validated for `Allocated` networks. Again, also a separate enhancement. > @kiranchavala , I think @GaOrtiga left the community (for now) can you assess the state of this PR for us? ie, > > * can it be merged > > * if yes is there work remaining for new issues / PRs > > * if no, what needs to be done? > most specifically; when you talk about " the scenario where the network state is implemented and has an existing firewall rule", is this a regression or a secondary finding? It seems to me not to have anything to do with the NPE fix the subject is about. @DaanHoogland I think that it can be merged, what @kiranchavala's pointed out seems like issues that can be addressed separately for me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
