This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Bug 1777933 - [RFE] Bulk security group rules creation
Summary: [RFE] Bulk security group rules creation
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 16.0 (Train)
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: OSP Team
QA Contact: Eran Kuris
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-28 17:48 UTC by Luis Tomas Bolivar
Modified: 2023-10-20 19:12 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-10-20 19:12:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-2369 0 None None None 2022-03-24 13:37:38 UTC
Red Hat Issue Tracker OSP-29923 0 None None None 2023-10-20 19:12:35 UTC
Red Hat Issue Tracker   OSPRH-508 0 None None None 2023-10-20 19:12:06 UTC

Description Luis Tomas Bolivar 2019-11-28 17:48:12 UTC 
Kubernetes allows to fine-tune the access to the pods/containers by using Network Policies. When using Kuryr and running OpenShift on top of OpenStack, Network Policies are implemented through Neutron security groups and security group rules. Each Network Policy creates one security group. And depending on the Network Policy spec, as well as the existing pods, namespaces and their labels, more or less security group rules will be added to that security group.

It imposes extra load on Neutron (as well as time waste) to have to call the Neutron API to create each of the SG rules one by one. It would be great to have a 'bulk rule create' type where you can request many at once, similar to what is already there for ports or attaching ports to a trunk.
Note You need to log in before you can comment on or make changes to this bug.