[fedora-atomic-k8s] Allow all traffic from master to worker nodes
In Rocky release, the k8s workers security group was wide opened but
in Stein release it is more restrictive which prevent the access of
Kubnertes dashboard(and other serivces) via the command:
$ kubectl proxy
This patch can fix it by allowing traffic from master security group
to workers security group.
Co-Authored: Feilong Wang<flwang@catalyst.net.nz>
Task: 30171
Story: 2005294
Change-Id: I546cd7324b87b267e945477c78539ea80534538f
(cherry picked from commit 1f5dc1aa91
)
This commit is contained in:
parent
0e56f14eaf
commit
18ce317d02
|
@ -676,6 +676,17 @@ resources:
|
|||
- protocol: udp
|
||||
port_range_min: 8472
|
||||
port_range_max: 8472
|
||||
# allow any traffic from master nodes
|
||||
- protocol: tcp
|
||||
port_range_min: 1
|
||||
port_range_max: 65535
|
||||
remote_mode: 'remote_group_id'
|
||||
remote_group_id: {get_resource: secgroup_kube_master}
|
||||
- protocol: udp
|
||||
port_range_min: 1
|
||||
port_range_max: 65535
|
||||
remote_mode: 'remote_group_id'
|
||||
remote_group_id: {get_resource: secgroup_kube_master}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue