This is an automated email from the ASF dual-hosted git repository.
abhisar pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new b497f58022c Fix K8s scaling and deletion issue if firewall rule is for
ALL ports (#12806)
b497f58022c is described below
commit b497f58022ca86afa9eb2284422d16909e7eb9ca
Author: Pearl Dsilva <[email protected]>
AuthorDate: Thu Mar 19 04:17:22 2026 -0400
Fix K8s scaling and deletion issue if firewall rule is for ALL ports
(#12806)
---
.../KubernetesClusterResourceModifierActionWorker.java | 3 ++-
.../cluster/actionworkers/KubernetesClusterScaleWorker.java | 8 ++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git
a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index d92d0692ca1..bd59cbbee6b 100644
---
a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++
b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
@@ -517,7 +518,7 @@ public class KubernetesClusterResourceModifierActionWorker
extends KubernetesClu
FirewallRule rule = null;
List<FirewallRuleVO> firewallRules =
firewallRulesDao.listByIpAndPurposeAndNotRevoked(publicIp.getId(),
FirewallRule.Purpose.Firewall);
for (FirewallRuleVO firewallRule : firewallRules) {
- if (firewallRule.getSourcePortStart() ==
CLUSTER_NODES_DEFAULT_START_SSH_PORT) {
+ if (Objects.equals(firewallRule.getSourcePortStart(),
CLUSTER_NODES_DEFAULT_START_SSH_PORT)) {
rule = firewallRule;
firewallService.revokeIngressFwRule(firewallRule.getId(),
true);
logger.debug("The SSH firewall rule [%s] with the id [%s] was
revoked",firewallRule.getName(),firewallRule.getId());
diff --git
a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index f6828e3b203..38e919fc664 100644
---
a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++
b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -124,10 +124,14 @@ public class KubernetesClusterScaleWorker extends
KubernetesClusterResourceModif
// Remove existing SSH firewall rules
FirewallRule firewallRule = removeSshFirewallRule(publicIp);
+ int existingFirewallRuleSourcePortEnd;
if (firewallRule == null) {
- throw new ManagementServerException("Firewall rule for node SSH
access can't be provisioned");
+ logger.warn("SSH firewall rule not found for Kubernetes cluster:
{}. It may have been manually deleted or modified.",
kubernetesCluster.getName());
+ existingFirewallRuleSourcePortEnd =
CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVMIds.size() - 1;
+ } else {
+ existingFirewallRuleSourcePortEnd =
firewallRule.getSourcePortEnd();
}
- int existingFirewallRuleSourcePortEnd =
firewallRule.getSourcePortEnd();
+
try {
removePortForwardingRules(publicIp, network, owner,
CLUSTER_NODES_DEFAULT_START_SSH_PORT, existingFirewallRuleSourcePortEnd);
} catch (ResourceUnavailableException e) {
