Merge "Move security group setting to kubecluster.yaml"
This commit is contained in:
commit
86365ac8b8
@ -266,6 +266,46 @@ resources:
|
||||
router_id: {get_resource: extrouter}
|
||||
subnet: {get_resource: fixed_subnet}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# security groups. we need to permit network traffic of various
|
||||
# sorts.
|
||||
#
|
||||
|
||||
secgroup_base:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
|
||||
secgroup_kube_master:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: tcp
|
||||
port_range_min: 7080
|
||||
port_range_max: 7080
|
||||
- protocol: tcp
|
||||
port_range_min: 8080
|
||||
port_range_max: 8080
|
||||
- protocol: tcp
|
||||
port_range_min: 2379
|
||||
port_range_max: 2379
|
||||
- protocol: tcp
|
||||
port_range_min: 2380
|
||||
port_range_max: 2380
|
||||
|
||||
secgroup_kube_minion:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
- protocol: udp
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# load balancers.
|
||||
@ -357,6 +397,8 @@ resources:
|
||||
tenant_name: {get_param: tenant_name}
|
||||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
secgroup_base_id: {get_resource: secgroup_base}
|
||||
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
@ -403,6 +445,7 @@ resources:
|
||||
magnum_url: {get_param: magnum_url}
|
||||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
|
||||
|
||||
outputs:
|
||||
|
||||
|
@ -107,6 +107,12 @@ parameters:
|
||||
type: number
|
||||
description : >
|
||||
timeout for the Wait Conditions
|
||||
secgroup_base_id:
|
||||
type: string
|
||||
description: ID of the security group for base.
|
||||
secgroup_kube_master_id:
|
||||
type: string
|
||||
description: ID of the security group for kubernetes master.
|
||||
api_pool_id:
|
||||
type: string
|
||||
description: ID of the load balancer pool of k8s API server.
|
||||
@ -142,38 +148,6 @@ resources:
|
||||
handle: {get_resource: master_wait_handle}
|
||||
timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# security groups. we need to permit network traffic of various
|
||||
# sorts.
|
||||
#
|
||||
|
||||
secgroup_base:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
|
||||
secgroup_kubernetes:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: tcp
|
||||
port_range_min: 7080
|
||||
port_range_max: 7080
|
||||
- protocol: tcp
|
||||
port_range_min: {get_param: kubernetes_port}
|
||||
port_range_max: {get_param: kubernetes_port}
|
||||
- protocol: tcp
|
||||
port_range_min: 2379
|
||||
port_range_max: 2379
|
||||
- protocol: tcp
|
||||
port_range_min: 2380
|
||||
port_range_max: 2380
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# software configs. these are components that are combined into
|
||||
@ -318,8 +292,8 @@ resources:
|
||||
properties:
|
||||
network: {get_param: fixed_network}
|
||||
security_groups:
|
||||
- {get_resource: secgroup_base}
|
||||
- {get_resource: secgroup_kubernetes}
|
||||
- {get_param: secgroup_base_id}
|
||||
- {get_param: secgroup_kube_master_id}
|
||||
fixed_ips:
|
||||
- subnet: {get_param: fixed_subnet}
|
||||
replacement_policy: AUTO
|
||||
|
@ -145,6 +145,10 @@ parameters:
|
||||
size fo the data segments for the swift dynamic large objects
|
||||
default: 5242880
|
||||
|
||||
secgroup_kube_minion_id:
|
||||
type: string
|
||||
description: ID of the security group for kubernetes minion.
|
||||
|
||||
resources:
|
||||
|
||||
minion_wait_handle:
|
||||
@ -157,14 +161,6 @@ resources:
|
||||
handle: {get_resource: minion_wait_handle}
|
||||
timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
secgroup_all_open:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
- protocol: udp
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# software configs. these are components that are combined into
|
||||
@ -329,7 +325,7 @@ resources:
|
||||
properties:
|
||||
network: {get_param: fixed_network}
|
||||
security_groups:
|
||||
- get_resource: secgroup_all_open
|
||||
- get_param: secgroup_kube_minion_id
|
||||
fixed_ips:
|
||||
- subnet: {get_param: fixed_subnet}
|
||||
replacement_policy: AUTO
|
||||
|
Loading…
Reference in New Issue
Block a user