Merge "[fedora atomic] Allow traffic between k8s workers"
This commit is contained in:
commit
72726bf3d1
|
@ -700,22 +700,6 @@ resources:
|
||||||
- protocol: tcp
|
- protocol: tcp
|
||||||
port_range_min: 30000
|
port_range_min: 30000
|
||||||
port_range_max: 32767
|
port_range_max: 32767
|
||||||
# Worker node kubelet healthcheck port.
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 10250
|
|
||||||
port_range_max: 10250
|
|
||||||
# Calico BGP network, only required if the BGP backend is used.
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 179
|
|
||||||
port_range_max: 179
|
|
||||||
# flannel overlay network - udp backend.
|
|
||||||
- protocol: udp
|
|
||||||
port_range_min: 8285
|
|
||||||
port_range_max: 8285
|
|
||||||
# flannel overlay network - vxlan backend.
|
|
||||||
- protocol: udp
|
|
||||||
port_range_min: 8472
|
|
||||||
port_range_max: 8472
|
|
||||||
# allow any traffic from master nodes
|
# allow any traffic from master nodes
|
||||||
- protocol: tcp
|
- protocol: tcp
|
||||||
port_range_min: 1
|
port_range_min: 1
|
||||||
|
@ -728,6 +712,24 @@ resources:
|
||||||
remote_mode: 'remote_group_id'
|
remote_mode: 'remote_group_id'
|
||||||
remote_group_id: {get_resource: secgroup_kube_master}
|
remote_group_id: {get_resource: secgroup_kube_master}
|
||||||
|
|
||||||
|
# allow any traffic between worker nodes
|
||||||
|
secgroup_rule_tcp_kube_minion:
|
||||||
|
type: OS::Neutron::SecurityGroupRule
|
||||||
|
properties:
|
||||||
|
protocol: tcp
|
||||||
|
port_range_min: 1
|
||||||
|
port_range_max: 65535
|
||||||
|
security_group: {get_resource: secgroup_kube_minion}
|
||||||
|
remote_group: {get_resource: secgroup_kube_minion}
|
||||||
|
secgroup_rule_udp_kube_minion:
|
||||||
|
type: OS::Neutron::SecurityGroupRule
|
||||||
|
properties:
|
||||||
|
protocol: udp
|
||||||
|
port_range_min: 1
|
||||||
|
port_range_max: 65535
|
||||||
|
security_group: {get_resource: secgroup_kube_minion}
|
||||||
|
remote_group: {get_resource: secgroup_kube_minion}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# resources that expose the IPs of either the kube master or a given
|
# resources that expose the IPs of either the kube master or a given
|
||||||
|
|
Loading…
Reference in New Issue