onitake edited a comment on issue #9: [WIP] Support loadBalancerSourceRanges URL: https://github.com/apache/cloudstack-kubernetes-provider/pull/9#issuecomment-560521940 Proposed solution: * Implement a new function `updateFirewallRules` that takes one argument - the LB NAT IP object's UUID and the new rule set from `loadBalancerSourceRanges` * Replace `loadBalancerSourceRanges` with `["0.0.0.0/0"]` if the list is empty * Fetch the NAT IP's current rule set via [listFirewallRules](https://cloudstack.apache.org/api/apidocs-4.13/apis/listFirewallRules.html) * Compare the current rule set against `loadBalancerSourceRanges` * If they are identical, return * If they are not, add all rules via [createFirewallRule](https://cloudstack.apache.org/api/apidocs-4.13/apis/createFirewallRule.html) then * remove all previous rules from the current rule set via [deleteFirewallRule](https://cloudstack.apache.org/api/apidocs-4.13/apis/deleteFirewallRule.html) * Each time `EnsureLoadBalancer` is called, call `updateFirewallRules` * Call `p.SetOpenfirewall(false)` unconditionally This ensures that the firewall rules can be updated without service interruption. Caveat: What happens if an identical rule is added twice? Will it be ignore by CS? If yes, additional care needs to be taken not to remove it in step three. This could be done by looking up the returned id in the list of previous IP addresses.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
