Skip to content

Add firewall_id to LNP #725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

Add firewall_id to LNP #725

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
58d89e6
Merge pull request #707 from linode/dev
yec-akamai Sep 3, 2025
f1c8618
Merge pull request #715 from linode/dev
lgarber-akamai Oct 14, 2025
3b495d1
Merge branch 'dev' into add-lnp-firewall
rammanoj Nov 5, 2025
9575efc
add firewall-id
rpotla-akam Nov 5, 2025
a222d6c
address feedback
rpotla-akam Nov 11, 2025
203fe03
Merge branch 'dev' into add-lnp-firewall
rammanoj Nov 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/modules/lke_cluster.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ Manage Linode LKE clusters.
| [`autoscaler` (sub-options)](#autoscaler) | <center>`dict`</center> | <center>Optional</center> | When enabled, the number of nodes autoscales within the defined minimum and maximum values. **(Updatable)** |
| `labels` | <center>`dict`</center> | <center>Optional</center> | Key-value pairs added as labels to nodes in the node pool. Labels help classify your nodes and to easily select subsets of objects. **(Updatable)** |
| [`taints` (sub-options)](#taints) | <center>`list`</center> | <center>Optional</center> | Kubernetes taints to add to node pool nodes. Taints help control how pods are scheduled onto nodes, specifically allowing them to repel certain pods. **(Updatable)** |
| `firewall_id` | <center>`int`</center> | <center>Optional</center> | Firewall ID for the Node Pool. **(Updatable)** |

### autoscaler

Expand Down
1 change: 1 addition & 0 deletions docs/modules/lke_node_pool.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ Manage Linode LKE cluster node pools.
| [`taints` (sub-options)](#taints) | <center>`list`</center> | <center>Optional</center> | Kubernetes taints to add to node pool nodes. Taints help control how pods are scheduled onto nodes, specifically allowing them to repel certain pods. **(Updatable)** |
| `k8s_version` | <center>`str`</center> | <center>Optional</center> | The desired Kubernetes version for this Kubernetes Node Pool in the format of <major>.<minor>, and the latest supported patch version. NOTE: Only available for LKE Enterprise to support node pool upgrades. This field may not currently be available to all users and is under v4beta. **(Updatable)** |
| `update_strategy` | <center>`str`</center> | <center>Optional</center> | Upgrade strategy describes the available upgrade strategies. NOTE: Only available for LKE Enterprise to support node pool upgrades. This field may not currently be available to all users and is under v4beta. **(Choices: `rolling_update`, `on_recycle`; Updatable)** |
| `firewall_id` | <center>`int`</center> | <center>Optional</center> | Firewall ID for the Node Pool. **(Updatable)** |

### autoscaler

Expand Down
26 changes: 26 additions & 0 deletions plugins/modules/lke_cluster.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,12 @@
],
suboptions=linode_lke_cluster_taint,
),
"firewall_id": SpecField(
type=FieldType.integer,
editable=True,
description=["Firewall ID for the Node Pool."],
required=False,
),
}

linode_lke_cluster_spec = {
Expand Down Expand Up @@ -583,6 +589,16 @@ def _update_cluster(self, cluster: LKECluster) -> None:
current_pool.label = pool.get("label")
current_pool.save()

if "firewall_id" in pool and current_pool.firewall_id != pool["firewall_id"]:
self.register_action(
"Updated firewall_id for Node Pool {}".format(
current_pool.id
)
)

current_pool.firewall_id = pool.get("firewall_id")
current_pool.save()

pools_handled[k] = True
should_keep[i] = True
break
Expand Down Expand Up @@ -661,6 +677,16 @@ def _update_cluster(self, cluster: LKECluster) -> None:
existing_pool.label = pool["label"]
should_update = True

if "firewall_id" in pool and existing_pool.firewall_id != pool["firewall_id"]:
self.register_action(
"Updated firewall_id for Node Pool {}".format(
existing_pool.id
)
)

existing_pool.firewall_id = pool.get("firewall_id")
existing_pool.save()

if should_update:
existing_pool.save()

Expand Down
12 changes: 12 additions & 0 deletions plugins/modules/lke_node_pool.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,12 @@
],
choices=["rolling_update", "on_recycle"],
),
"firewall_id": SpecField(
type=FieldType.integer,
editable=True,
description=["Firewall ID for the Node Pool."],
required=False,
),
}

SPECDOC_META = SpecDocMeta(
Expand Down Expand Up @@ -326,6 +332,7 @@ def _update_pool(self, pool: LKENodePool) -> LKENodePool:
new_taints = params.pop("taints") if "taints" in params else None
new_labels = params.pop("labels") if "labels" in params else None
new_label = params.pop("label") if "label" in params else None
new_firewall_id = params.pop("firewall_id") if "firewall_id" in params else None
new_k8s_version = (
params.pop("k8s_version") if "k8s_version" in params else None
)
Expand Down Expand Up @@ -374,6 +381,11 @@ def _update_pool(self, pool: LKENodePool) -> LKENodePool:
pool.label = new_label
should_update = True

if new_firewall_id is not None and pool.firewall_id != new_firewall_id:
self.register_action("Updated firewall_id for Node Pool")
pool.firewall_id = new_firewall_id
should_update = True

if new_k8s_version is not None and pool.k8s_version != new_k8s_version:
self.register_action("Updated k8s version for Node Pool")
pool.k8s_version = new_k8s_version
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
linode-api4>=5.37.0
linode-api4>=5.38.0
polling==0.3.2
ansible-specdoc>=0.0.19
4 changes: 4 additions & 0 deletions tests/integration/targets/lke_cluster_basic/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
k8s_version: '{{ old_kube_version }}'
node_pools:
- type: g6-standard-1
firewall_id: 123456
count: 3
labels:
foo.example.com/test: bar
Expand All @@ -53,6 +54,7 @@
that:
- create_cluster.cluster.k8s_version == old_kube_version
- create_cluster.cluster.region == 'us-southeast'
- create_cluster.node_pools[0].firewall_id == 123456
- create_cluster.node_pools[0].type == 'g6-standard-1'
- create_cluster.node_pools[0].count == 3
- create_cluster.node_pools[1].label == 'pool-with-autoscaler'
Expand All @@ -75,6 +77,7 @@
- type: g6-standard-1
count: 2
label: updated-pool-label
firewall_id: 654321
labels:
foo.example.com/update: updated
foo.example.com/test2: foo
Expand All @@ -99,6 +102,7 @@

- update_pools.node_pools[0].type == 'g6-standard-1'
- update_pools.node_pools[0].count == 2
- update_pools.node_pools[0].firewall_id == 654321
- update_pools.node_pools[0].label == 'updated-pool-label'
- update_pools.node_pools[0].id == create_cluster.node_pools[0].id

Expand Down
15 changes: 14 additions & 1 deletion tests/integration/targets/lke_node_pool_basic/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
tags: ['my-pool']
type: g6-standard-1
count: 2
firewall_id: {{ firewall_id }}
label: new-pool-label
labels:
foo.example.com/test: bar
Expand All @@ -59,6 +60,7 @@
assert:
that:
- new_pool.node_pool.count == 2
- new_pool.node_pool.firewall_id == {{ firewall_id }}
- new_pool.node_pool.label == 'new-pool-label'
- new_pool.node_pool.type == 'g6-standard-1'
- new_pool.node_pool.nodes[0].status == 'ready'
Expand All @@ -80,10 +82,20 @@
register: update_pool_fail
failed_when: '"failed to update" not in update_pool_fail.msg'

- name: Ensure firewall exists
linode.cloud.firewall:
api_token: "{{ api_token }}"
label: "update-firewall-{{ r }}"
state: present
rules:
inbound_policy: ACCEPT
outbound_policy: ACCEPT
register: update_firewall

- name: Update the node pool
linode.cloud.lke_node_pool:
cluster_id: '{{ create_cluster.cluster.id }}'

firewall_id: {{ update_firewall.firewall.id }}
tags: ['my-pool']
type: g6-standard-1
count: 1
Expand All @@ -107,6 +119,7 @@
assert:
that:
- update_pool.node_pool.count == 1
- update_pool.node_pool.firewall_id == {{ update_firewall.firewall.id }}
- update_pool.node_pool.label == 'updated-pool-label'
- update_pool.node_pool.type == 'g6-standard-1'
- update_pool.node_pool.autoscaler.enabled
Expand Down