onitake edited a comment on issue #9: [WIP] Support loadBalancerSourceRanges URL: https://github.com/apache/cloudstack-kubernetes-provider/pull/9#issuecomment-560521940 Proposed solution: * Implement a new function `updateFirewallRules` that takes one argument - the LB NAT IP object's UUID and the new rule set from `loadBalancerSourceRanges` * Replace `loadBalancerSourceRanges` with `["0.0.0.0/0"]` if the list is empty * Fetche the NAT IP's current rule set via [listFirewallRules](https://cloudstack.apache.org/api/apidocs-4.13/apis/listFirewallRules.html) * Compare the current rule set against `loadBalancerSourceRanges` * If they are identical, return * If they are not, add all rules via [createFirewallRule](https://cloudstack.apache.org/api/apidocs-4.13/apis/createFirewallRule.html) then * remove all previous rules from the current rule set via [deleteFirewallRule](https://cloudstack.apache.org/api/apidocs-4.13/apis/deleteFirewallRule.html) * Each time `EnsureLoadBalancer` is called, call `updateFirewallRules` * Call `p.SetOpenfirewall(false)` unconditionally This ensures that the firewall rules can be updated without service interruption.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
