Browse Source

[fedora-atomic-k8s] Allow all traffic from master to worker nodes

In Rocky release, the k8s workers security group was wide opened but
in Stein release it is more restrictive which prevent the access of
Kubnertes dashboard(and other serivces) via the command:

  $ kubectl proxy

This patch can fix it by allowing traffic from master security group
to workers security group.

Co-Authored: Feilong Wang<flwang@catalyst.net.nz>

Task: 30171
Story: 2005294

Change-Id: I546cd7324b87b267e945477c78539ea80534538f
changes/18/647618/5
Feilong Wang 2 years ago
committed by Gaëtan Trellu
parent
commit
1f5dc1aa91
  1. 11
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

11
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@ -676,6 +676,17 @@ resources:
- protocol: udp
port_range_min: 8472
port_range_max: 8472
# allow any traffic from master nodes
- protocol: tcp
port_range_min: 1
port_range_max: 65535
remote_mode: 'remote_group_id'
remote_group_id: {get_resource: secgroup_kube_master}
- protocol: udp
port_range_min: 1
port_range_max: 65535
remote_mode: 'remote_group_id'
remote_group_id: {get_resource: secgroup_kube_master}
######################################################################
#

Loading…
Cancel
Save