[fedora-atomic-k8s] Allow all traffic from master to worker nodes

In Rocky release, the k8s workers security group was wide opened but
in Stein release it is more restrictive which prevent the access of
Kubnertes dashboard(and other serivces) via the command:

  $ kubectl proxy

This patch can fix it by allowing traffic from master security group
to workers security group.

Co-Authored: Feilong Wang<flwang@catalyst.net.nz>

Task: 30171
Story: 2005294

Change-Id: I546cd7324b87b267e945477c78539ea80534538f
This commit is contained in:
Feilong Wang 2019-03-26 15:49:27 +13:00 committed by Gaëtan Trellu
parent a6c8c399e9
commit 1f5dc1aa91
1 changed files with 11 additions and 0 deletions

View File

@ -676,6 +676,17 @@ resources:
- protocol: udp
port_range_min: 8472
port_range_max: 8472
# allow any traffic from master nodes
- protocol: tcp
port_range_min: 1
port_range_max: 65535
remote_mode: 'remote_group_id'
remote_group_id: {get_resource: secgroup_kube_master}
- protocol: udp
port_range_min: 1
port_range_max: 65535
remote_mode: 'remote_group_id'
remote_group_id: {get_resource: secgroup_kube_master}
######################################################################
#