[fedora-atomic-k8s] Allow all traffic from master to worker nodes

In Rocky release, the k8s workers security group was wide opened but in Stein release it is more restrictive which prevent the access of Kubnertes dashboard(and other serivces) via the command: $ kubectl proxy This patch can fix it by allowing traffic from master security group to workers security group. Co-Authored: Feilong Wang<flwang@catalyst.net.nz> Task: 30171 Story: 2005294 Change-Id: I546cd7324b87b267e945477c78539ea80534538f (cherry picked from commit 1f5dc1aa91)
2019-03-26 15:49:27 +13:00 · 2019-03-26 15:49:27 +13:00 · 18ce317d02
parent 0e56f14eaf
commit 18ce317d02
1 changed files with 11 additions and 0 deletions
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@ -676,6 +676,17 @@ resources:
        - protocol: udp
          port_range_min: 8472
          port_range_max: 8472
+        # allow any traffic from master nodes
+        - protocol: tcp
+          port_range_min: 1
+          port_range_max: 65535
+          remote_mode: 'remote_group_id'
+          remote_group_id: {get_resource: secgroup_kube_master}
+        - protocol: udp
+          port_range_min: 1
+          port_range_max: 65535
+          remote_mode: 'remote_group_id'
+          remote_group_id: {get_resource: secgroup_kube_master}

  ######################################################################
  #