Optionally add cluster VIPs to the allowed addresses

Gopkg.toml

@@ -124,3 +124,7 @@ required = [
   name = "github.com/openshift/cluster-api"
   unused-packages = false
   non-go = false
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/openshift/client-go"

pkg/cloud/openstack/clients/machineservice.go

@@ -44,6 +44,7 @@ import (
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/subnets"
 	"github.com/gophercloud/gophercloud/pagination"
 	"github.com/gophercloud/utils/openstack/clientconfig"
+	configclient "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	machinev1 "github.com/openshift/cluster-api/pkg/apis/machine/v1beta1"
 	"github.com/openshift/cluster-api/pkg/util"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -299,11 +300,12 @@ func getSubnetsByFilter(is *InstanceService, opts *subnets.ListOpts) ([]subnets.
 	return snets, nil
 }
 
-func CreatePort(is *InstanceService, name string, net ServerNetwork, securityGroups *[]string) (ports.Port, error) {
+func CreatePort(is *InstanceService, name string, net ServerNetwork, securityGroups *[]string, allowedAddressPairs *[]ports.AddressPair) (ports.Port, error) {
 	portCreateOpts := ports.CreateOpts{
-		Name:           name,
-		NetworkID:      net.networkID,
-		SecurityGroups: securityGroups,
+		Name:                name,
+		NetworkID:           net.networkID,
+		SecurityGroups:      securityGroups,
+		AllowedAddressPairs: *allowedAddressPairs,
 	}
 	if net.subnetID != "" {
 		portCreateOpts.FixedIPs = []ports.IP{{SubnetID: net.subnetID}}
@@ -384,7 +386,7 @@ func getImageID(is *InstanceService, imageName string) (string, error) {
 }
 
 // InstanceCreate creates a compute instance
-func (is *InstanceService) InstanceCreate(clusterName string, name string, clusterSpec *openstackconfigv1.OpenstackClusterProviderSpec, config *openstackconfigv1.OpenstackProviderSpec, cmd string, keyName string) (instance *Instance, err error) {
+func (is *InstanceService) InstanceCreate(clusterName string, name string, clusterSpec *openstackconfigv1.OpenstackClusterProviderSpec, config *openstackconfigv1.OpenstackProviderSpec, cmd string, keyName string, configClient configclient.ConfigV1Interface) (instance *Instance, err error) {
 	var createOpts servers.CreateOptsBuilder
 	if config == nil {
 		return nil, fmt.Errorf("create Options need be specified to create instace")
@@ -451,6 +453,27 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 			}
 		}
 	}
+
+	clusterInfra, err := configClient.Infrastructures().Get("cluster", metav1.GetOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("Failed to retrieve cluster Infrastructure object: %v", err)
+	}
+
+	allowedAddressPairs := []ports.AddressPair{}
+	if clusterInfra != nil && clusterInfra.Status.PlatformStatus != nil && clusterInfra.Status.PlatformStatus.OpenStack != nil {
+		clusterVips := []string{
+			clusterInfra.Status.PlatformStatus.OpenStack.APIServerInternalIP,
+			clusterInfra.Status.PlatformStatus.OpenStack.NodeDNSIP,
+			clusterInfra.Status.PlatformStatus.OpenStack.IngressIP,
+		}
+
+		for _, vip := range clusterVips {
+			if vip != "" {
+				allowedAddressPairs = append(allowedAddressPairs, ports.AddressPair{IPAddress: vip})
+			}
+		}
+	}
+
 	userData := base64.StdEncoding.EncodeToString([]byte(cmd))
 	var ports_list []servers.Network
 	for _, net := range nets {
@@ -471,7 +494,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 		var port ports.Port
 		if len(portList) == 0 {
 			// create server port
-			port, err = CreatePort(is, name, net, &securityGroups)
+			port, err = CreatePort(is, name, net, &securityGroups, &allowedAddressPairs)
 			if err != nil {
 				return nil, fmt.Errorf("Failed to create port err: %v", err)
 			}

pkg/cloud/openstack/machine/actuator.go

@@ -215,7 +215,7 @@ func (oc *OpenstackClient) Create(ctx context.Context, cluster *clusterv1.Cluste
 		}
 	}
 
-	instance, err = machineService.InstanceCreate(clusterName, machine.Name, &clusterSpec, providerSpec, userDataRendered, providerSpec.KeyName)
+	instance, err = machineService.InstanceCreate(clusterName, machine.Name, &clusterSpec, providerSpec, userDataRendered, providerSpec.KeyName, oc.params.ConfigClient)
 
 	if err != nil {
 		return oc.handleMachineError(machine, apierrors.CreateMachine(

pkg/cloud/openstack/types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package openstack
 
 import (
+	configclient "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/record"
@@ -27,6 +28,7 @@ import (
 type ActuatorParams struct {
 	KubeClient    kubernetes.Interface
 	Client        client.Client
+	ConfigClient  configclient.ConfigV1Interface
 	EventRecorder record.EventRecorder
 	Scheme        *runtime.Scheme
 }

pkg/controller/controller.go

@@ -19,6 +19,7 @@ package controller
 import (
 	"k8s.io/klog"
 
+	configclient "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/cluster-api-provider-openstack/pkg/cloud/openstack"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -45,10 +46,15 @@ func getActuatorParams(mgr manager.Manager) openstack.ActuatorParams {
 	if err != nil {
 		klog.Fatalf("Could not create kubernetes client to talk to the apiserver: %v", err)
 	}
+	configClient, err := configclient.NewForConfig(config)
+	if err != nil {
+		klog.Fatalf("Failed to create a config client to talk to the apiserver: %v", err)
+	}
 
 	return openstack.ActuatorParams{
 		Client:        mgr.GetClient(),
 		KubeClient:    kubeClient,
+		ConfigClient:  configClient,
 		Scheme:        mgr.GetScheme(),
 		EventRecorder: mgr.GetEventRecorderFor("openstack_controller"),
 	}