Pearl1594 commented on code in PR #7479:
URL: https://github.com/apache/cloudstack/pull/7479#discussion_r1187676054
##
plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java:
##
@@ -352,56 +352,57 @@ public VMTemplateVO
getKubernetesServiceTemplate(DataCenter dataCenter, Hypervis
return template;
}
-private boolean validateIsolatedNetwork(Network network, int
clusterTotalNodeCount) {
-if (Network.GuestType.Isolated.equals(network.getGuestType())) {
-if (Network.State.Allocated.equals(network.getState())) { //
Allocated networks won't have IP and rules
-return true;
+private void validateIsolatedNetwork(Network network, int
clusterTotalNodeCount) {
+if (!Network.GuestType.Isolated.equals(network.getGuestType())) {
+return;
+}
+if (Network.State.Allocated.equals(network.getState())) { // Allocated
networks won't have IP and rules
+return;
+}
+IpAddress sourceNatIp = getSourceNatIp(network);
+if (sourceNatIp == null) {
+throw new InvalidParameterValueException(String.format("Network
ID: %s does not have a source NAT IP associated with it. To provision a
Kubernetes Cluster, source NAT IP is required", network.getUuid()));
+}
+List rules =
firewallRulesDao.listByIpAndPurposeAndNotRevoked(sourceNatIp.getId(),
FirewallRule.Purpose.Firewall);
+for (FirewallRuleVO rule : rules) {
+Integer startPort = rule.getSourcePortStart();
+Integer endPort = rule.getSourcePortEnd();
+if (LOGGER.isDebugEnabled()) {
+LOGGER.debug("Network rule : " + startPort + " " + endPort);
}
-IpAddress sourceNatIp = getSourceNatIp(network);
-if (sourceNatIp == null) {
-throw new
InvalidParameterValueException(String.format("Network ID: %s does not have a
source NAT IP associated with it. To provision a Kubernetes Cluster, source NAT
IP is required", network.getUuid()));
+if (startPort <= KubernetesClusterActionWorker.CLUSTER_API_PORT &&
KubernetesClusterActionWorker.CLUSTER_API_PORT <= endPort) {
+throw new
InvalidParameterValueException(String.format("Network ID: %s has conflicting
firewall rules to provision Kubernetes cluster for API access",
network.getUuid()));
}
-List rules =
firewallRulesDao.listByIpAndPurposeAndNotRevoked(sourceNatIp.getId(),
FirewallRule.Purpose.Firewall);
-for (FirewallRuleVO rule : rules) {
-Integer startPort = rule.getSourcePortStart();
-Integer endPort = rule.getSourcePortEnd();
-if (LOGGER.isDebugEnabled()) {
-LOGGER.debug("Network rule : " + startPort + " " +
endPort);
-}
-if (startPort <=
KubernetesClusterActionWorker.CLUSTER_API_PORT &&
KubernetesClusterActionWorker.CLUSTER_API_PORT <= endPort) {
-throw new
InvalidParameterValueException(String.format("Network ID: %s has conflicting
firewall rules to provision Kubernetes cluster for API access",
network.getUuid()));
-}
-if (startPort <=
KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT &&
KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT +
clusterTotalNodeCount <= endPort) {
-throw new
InvalidParameterValueException(String.format("Network ID: %s has conflicting
firewall rules to provision Kubernetes cluster for node VM SSH access",
network.getUuid()));
-}
+if (startPort <=
KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT &&
KubernetesClusterActionWorker.CLUSTER_NODES_DEFAULT_START_SSH_PORT +
clusterTotalNodeCount <= endPort) {
+throw new
InvalidParameterValueException(String.format("Network ID: %s has conflicting
firewall rules to provision Kubernetes cluster for node VM SSH access",
network.getUuid()));
}
-rules =
firewallRulesDao.listByIpAndPurposeAndNotRevoked(sourceNatIp.getId(),
FirewallRule.Purpose.PortForwarding);
-for (FirewallRuleVO rule : rules) {
-Integer startPort = rule.getSourcePortStart();
-Integer endPort = rule.getSourcePortEnd();
-if (LOGGER.isDebugEnabled()) {
-LOGGER.debug("Network rule : " + startPort + " " +
endPort);
-}
-if (startPort <=
KubernetesClusterActionWorker.CLUSTER_API_PORT &&
KubernetesClusterActionWorker.CLUSTER_API_PORT <= endPort) {
-throw new
InvalidParameterValueException(String.format("Network ID: %s has conflicting
port forwarding rules to provision Kubernetes cluster for API access",
network.getUuid()));
-}
-if