Skip to content

Set DisableTargetSecurityGroupAssignment to "true" for new loadbalancers#1239

Open
nschad wants to merge 5 commits into
mainfrom
ccm-update
Open

Set DisableTargetSecurityGroupAssignment to "true" for new loadbalancers#1239
nschad wants to merge 5 commits into
mainfrom
ccm-update

Conversation

@nschad

@nschad nschad commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

How to categorize this PR?

/kind enhancement

What this PR does / why we need it:

Pre-requisite for the LB Team to clean-up their workaround in their API.

Which issue(s) this PR fixes:
Fixes #1185

Special notes for your reviewer:

Breaking changes:

@nschad
Set DisableTargetSecurityGroupAssignment to "true" for new loadbalancers
3555b28 
Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud>
@ske-prow ske-prow Bot added kind/enhancement Enhancement, improvement, extension size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jun 18, 2026
nschad added 2 commits June 18, 2026 16:11
@nschad
do not unnecessarily set DisableTargetSecurityGroupAssignment in Upda…
4aeca96 
…te call

Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud>
@nschad
add unit test
2b43267 
Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud>
@ske-prow ske-prow Bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jun 18, 2026
hown3d
hown3d reviewed Jun 18, 2026
View reviewed changes
Comment thread pkg/ccm/loadbalancer_spec.go
}

// For new lb's always set DisableTargetSecurityGroupAssignment to true
lb.DisableTargetSecurityGroupAssignment = new(true)

@hown3d hown3d Jun 18, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is not only called for new loadbalancers but also for updating existing ones. If you mention that this is immutable, we should not set it to true by default

@nschad nschad Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm aware that is called by the Update() but the result in that case is not used. This is already tested

Setting it to true by default is literally the Task, lol.

@nschad nschad Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be eventually removed anyway again

@breuerfelix breuerfelix Jun 19, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it will not be removed in the future, it will just be made customizeable :)

@breuerfelix breuerfelix Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after having a chat with the LB guys, we should definitely also set this value in the update + delete call.
They said that their api (sometimes) needs those fields, even though they are immutable.
So in the update call, just use the value that got returned from the get.
Also in the update call when deleting -> use the value that we got from the returned LB.
It is also worth adding a test for that.
We should test that when creating -> always true.
When updating: true or false, depending on the value of the GET LB

nschad added 2 commits June 19, 2026 12:42
@nschad
set DisableTargetSecurityGroupAssignment for UPDATE calls
6934f8e 
Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud>
@nschad
add unit test for LB creation with DisableTargetSecurityGroupAssignme…
e57e4e0 
…nt set to true

Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud>
@ske-prow ske-prow Bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 19, 2026
@ske-prow

ske-prow Bot commented Jun 19, 2026

Copy link
Copy Markdown

@fischerman: adding LGTM is restricted to approvers and reviewers in OWNERS files.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ske-prow

ske-prow Bot commented Jun 19, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: fischerman
Once this PR has been reviewed and has the lgtm label, please assign maboehm for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@breuerfelix breuerfelix breuerfelix left review comments

@hown3d hown3d hown3d left review comments

@fischerman fischerman fischerman approved these changes

Assignees

No one assigned

Labels

kind/enhancement Enhancement, improvement, extension size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Services of type: LoadBalancer provisioned by cluster-provider-stackit do not attach required security groups to workload nodes

4 participants

@nschad @fischerman @breuerfelix @hown3d