[fedora-atomic-k8s] Allow all traffic from master to worker nodes
In Rocky release, the k8s workers security group was wide opened but in Stein release it is more restrictive which prevent the access of Kubnertes dashboard(and other serivces) via the command: $ kubectl proxy This patch can fix it by allowing traffic from master security group to workers security group. Co-Authored: Feilong Wang<flwang@catalyst.net.nz> Task: 30171 Story: 2005294 Change-Id: I546cd7324b87b267e945477c78539ea80534538f
This commit is contained in:
parent
a6c8c399e9
commit
1f5dc1aa91
|
@ -676,6 +676,17 @@ resources:
|
|||
- protocol: udp
|
||||
port_range_min: 8472
|
||||
port_range_max: 8472
|
||||
# allow any traffic from master nodes
|
||||
- protocol: tcp
|
||||
port_range_min: 1
|
||||
port_range_max: 65535
|
||||
remote_mode: 'remote_group_id'
|
||||
remote_group_id: {get_resource: secgroup_kube_master}
|
||||
- protocol: udp
|
||||
port_range_min: 1
|
||||
port_range_max: 65535
|
||||
remote_mode: 'remote_group_id'
|
||||
remote_group_id: {get_resource: secgroup_kube_master}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue