openstack
/
magnum
Code Issues Proposed changes

Merge "[fedora atomic] Allow traffic between k8s workers"

This commit is contained in:
Zuul 2019-04-17 09:42:28 +00:00 committed by Gerrit Code Review
parent de31bc23a2 ecd074484f
commit 72726bf3d1
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
View File

@ -700,22 +700,6 @@ resources:
- protocol: tcp
port_range_min: 30000
port_range_max: 32767
# Worker node kubelet healthcheck port.
- protocol: tcp
port_range_min: 10250
port_range_max: 10250
# Calico BGP network, only required if the BGP backend is used.
- protocol: tcp
port_range_min: 179
port_range_max: 179
# flannel overlay network - udp backend.
- protocol: udp
port_range_min: 8285
port_range_max: 8285
# flannel overlay network - vxlan backend.
- protocol: udp
port_range_min: 8472
port_range_max: 8472
# allow any traffic from master nodes
- protocol: tcp
port_range_min: 1
@ -728,6 +712,24 @@ resources:
remote_mode: 'remote_group_id'
remote_group_id: {get_resource: secgroup_kube_master}
# allow any traffic between worker nodes
secgroup_rule_tcp_kube_minion:
type: OS::Neutron::SecurityGroupRule
properties:
protocol: tcp
port_range_min: 1
port_range_max: 65535
security_group: {get_resource: secgroup_kube_minion}
remote_group: {get_resource: secgroup_kube_minion}
secgroup_rule_udp_kube_minion:
type: OS::Neutron::SecurityGroupRule
properties:
protocol: udp
port_range_min: 1
port_range_max: 65535
security_group: {get_resource: secgroup_kube_minion}
remote_group: {get_resource: secgroup_kube_minion}
######################################################################
#
# resources that expose the IPs of either the kube master or a given