Browse Source

Merge "[fedora atomic] Allow traffic between k8s workers"

changes/56/627756/3
Zuul 2 years ago
committed by Gerrit Code Review
parent
commit
72726bf3d1
1 changed files with 18 additions and 16 deletions
  1. +18
    -16
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

+ 18
- 16
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@ -700,22 +700,6 @@ resources:
- protocol: tcp
port_range_min: 30000
port_range_max: 32767
# Worker node kubelet healthcheck port.
- protocol: tcp
port_range_min: 10250
port_range_max: 10250
# Calico BGP network, only required if the BGP backend is used.
- protocol: tcp
port_range_min: 179
port_range_max: 179
# flannel overlay network - udp backend.
- protocol: udp
port_range_min: 8285
port_range_max: 8285
# flannel overlay network - vxlan backend.
- protocol: udp
port_range_min: 8472
port_range_max: 8472
# allow any traffic from master nodes
- protocol: tcp
port_range_min: 1
@ -728,6 +712,24 @@ resources:
remote_mode: 'remote_group_id'
remote_group_id: {get_resource: secgroup_kube_master}
# allow any traffic between worker nodes
secgroup_rule_tcp_kube_minion:
type: OS::Neutron::SecurityGroupRule
properties:
protocol: tcp
port_range_min: 1
port_range_max: 65535
security_group: {get_resource: secgroup_kube_minion}
remote_group: {get_resource: secgroup_kube_minion}
secgroup_rule_udp_kube_minion:
type: OS::Neutron::SecurityGroupRule
properties:
protocol: udp
port_range_min: 1
port_range_max: 65535
security_group: {get_resource: secgroup_kube_minion}
remote_group: {get_resource: secgroup_kube_minion}
######################################################################
#
# resources that expose the IPs of either the kube master or a given


Loading…
Cancel
Save