hive_ips = get_hive_ips()
if not hive_ips:
print("Couldn't find any hive IPs! Assuming this means we're running "
"on v4, and not that there's an actual problem. Bailing with "
"'success' status.")
sys.exit(0)
all_ips = set(hive_ips + get_bastion_ips(resource))
if not all_ips:
print("Not enough IPs!")
sys.exit(1)
ingress = resource.spec.managementAPIServerIngress
if set(ingress.allowedCIDRBlocks) == all_ips:
print("Same IPs, no-op\n%s" % all_ips)
sys.exit(0)
# Overwrite the list of IPs
ingress.allowedCIDRBlocks = list(all_ips)
print("Applying IPs: %s" % ingress.allowedCIDRBlocks)
# Tell cloud-ingress-operator it's okay to apply the CIDRs now.
if not ingress.enabled:
print("Enabling ingress")
ingress.enabled = True # As opposed to the string "true".
sss_resources = dyn_client.resources.get(api_version="hive.openshift.io/v1",
kind="SelectorSyncSet")
dyn_client.apply(sss_resources, body=sss.to_dict())
clusterDeploymentSelector:
matchLabels:
api.openshift.com/managed: "true"
hive.openshift.io/cluster-platform: "aws"
resourceApplyMode: Sync
resources:
- kind: APIScheme
apiVersion: cloudingress.managed.openshift.io/v1alpha1
metadata:
name: rh-api
namespace: openshift-cloud-ingress-operator
spec:
managementAPIServerIngress:
enabled: true
dnsName: rh-api
allowedCIDRBlocks: []
"""
api_yaml = yaml.safe_load(apischeme_sss)
api_yaml['metadata']['name'] = APISCHEME_SSS_NAME
all_ips = get_hive_ips() + get_bastion_ips()
ips_len = len(all_ips)
for i in range(ips_len):
api_yaml['spec']['resources'][0]['spec']['managementAPIServerIngress']['allowedCIDRBlocks'].append(all_ips[i])
sss_resources = dyn_client.resources.get(api_version='hive.openshift.io/v1', kind='SelectorSyncSet')
dyn_client.apply(sss_resources, body=api_yaml)