Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clean security groups if api/ssh ips are removed from config #7561

Merged
merged 2 commits into from
Sep 16, 2019

Conversation

zetaab
Copy link
Member

@zetaab zetaab commented Sep 11, 2019

fixes #7125

@k8s-ci-robot
Copy link
Contributor

@zetaab: The label(s) sig/openstack cannot be appled. These labels are supported: api-review, community/discussion, community/maintenance, community/question, cuj/build-train-deploy, cuj/multi-user, platform/aws, platform/azure, platform/gcp, platform/minikube, platform/other

In response to this:

fixes #7125

/sig openstack

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 11, 2019
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 11, 2019
@zetaab
Copy link
Member Author

zetaab commented Sep 11, 2019

/hold

wait until we have answer to kubelet port question

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 11, 2019
@zetaab zetaab force-pushed the feature/cleansecgroup branch from 8924193 to 0901130 Compare September 11, 2019 18:34
@zetaab
Copy link
Member Author

zetaab commented Sep 11, 2019

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 11, 2019
@zetaab
Copy link
Member Author

zetaab commented Sep 12, 2019

/test pull-kops-verify-gomod

@k8s-ci-robot k8s-ci-robot removed the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 12, 2019
@zetaab
Copy link
Member Author

zetaab commented Sep 12, 2019

@justinsb @mikesplain something wrong with gomod check

I0912 05:55:52.896] ERROR: go modules are not up to date; please run: go mod tidy
I0912 05:55:52.897] changed files:
I0912 05:55:52.897] ?? .config/
I0912 05:55:52.897] git diff:
W0912 05:55:52.931] Traceback (most recent call last):
W0912 05:55:52.931]   File "/workspace/./test-infra/jenkins/../scenarios/execute.py", line 50, in <module>
W0912 05:55:52.932]     main(ARGS.env, ARGS.cmd + ARGS.args)
W0912 05:55:52.932]   File "/workspace/./test-infra/jenkins/../scenarios/execute.py", line 41, in main
W0912 05:55:52.932]     check(*cmd)
W0912 05:55:52.932]   File "/workspace/./test-infra/jenkins/../scenarios/execute.py", line 30, in check
W0912 05:55:52.932]     subprocess.check_call(cmd)
W0912 05:55:52.932]   File "/usr/lib/python2.7/subprocess.py", line 186, in check_call
W0912 05:55:52.932]     raise CalledProcessError(retcode, cmd)
W0912 05:55:52.932] subprocess.CalledProcessError: Command '('./hack/verify-gomod',)' returned non-zero exit status 1

I have not created folder called .config

@zetaab zetaab force-pushed the feature/cleansecgroup branch from f0ca5db to 0901130 Compare September 12, 2019 06:01
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 12, 2019
@zetaab zetaab force-pushed the feature/cleansecgroup branch from 0901130 to 6278fec Compare September 12, 2019 15:05
@chrisz100
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 16, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrisz100, zetaab

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 4b490d0 into kubernetes:master Sep 16, 2019
@mikesplain
Copy link
Contributor

@zetaab, I'll open a cherry pick to 1.15, should this be in 1.14 as well?

@zetaab
Copy link
Member Author

zetaab commented Sep 18, 2019

@mikesplain yes I think it could be cherrypicked to 1.14 as well. This is basically bug fix, because now the behaviour is that rules are not cleaned. It may lead to situations that there are sg rules that should not be there (like kops is opening 0.0.0.0 by default if you do not specify anything when creating cluster, it does not help modifying rules afterwards because 0.0.0.0 is not removed at all)

k8s-ci-robot added a commit that referenced this pull request Sep 18, 2019
…61-origin-release-1.15

Automated cherry pick of #7561: clean security groups
@zetaab zetaab deleted the feature/cleansecgroup branch September 27, 2019 05:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

IPs in k8s api / ssh is not cleaned if removed from config
4 participants