Skip to content

Commit

Permalink
Merge pull request #683 from smarterclayton/make_consistent_with_3x
Browse files Browse the repository at this point in the history 
security: Open ports 9000-9999 inside the cluster for host network services
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Nov 15, 2018
2 parents 6a098fd + 3248996 commit c25196a
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 12 deletions.
12 changes: 6 additions & 6 deletions data/data/aws/vpc/sg-master.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,24 +118,24 @@ resource "aws_security_group_rule" "master_ingress_flannel_from_worker" {
to_port = 4789
}

resource "aws_security_group_rule" "master_ingress_node_exporter" {
resource "aws_security_group_rule" "master_ingress_internal" {
type = "ingress"
security_group_id = "${aws_security_group.master.id}"

protocol = "tcp"
from_port = 9100
to_port = 9100
from_port = 9000
to_port = 9990
self = true
}

resource "aws_security_group_rule" "master_ingress_node_exporter_from_worker" {
resource "aws_security_group_rule" "master_ingress_internal_from_worker" {
type = "ingress"
security_group_id = "${aws_security_group.master.id}"
source_security_group_id = "${aws_security_group.worker.id}"

protocol = "tcp"
from_port = 9100
to_port = 9100
from_port = 9000
to_port = 9990
}

resource "aws_security_group_rule" "master_ingress_kubelet_insecure" {
Expand Down
12 changes: 6 additions & 6 deletions data/data/openstack/topology/sg-master.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,21 +90,21 @@ resource "openstack_networking_secgroup_rule_v2" "master_ingress_flannel_from_wo
security_group_id = "${openstack_networking_secgroup_v2.master.id}"
}

resource "openstack_networking_secgroup_rule_v2" "master_ingress_node_exporter" {
resource "openstack_networking_secgroup_rule_v2" "master_ingress_internal" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 9100
port_range_max = 9100
port_range_min = 9000
port_range_max = 9999
security_group_id = "${openstack_networking_secgroup_v2.master.id}"
}

resource "openstack_networking_secgroup_rule_v2" "master_ingress_node_exporter_from_worker" {
resource "openstack_networking_secgroup_rule_v2" "master_ingress_internal_from_worker" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 9100
port_range_max = 9100
port_range_min = 9000
port_range_max = 9999
remote_group_id = "${openstack_networking_secgroup_v2.worker.id}"
security_group_id = "${openstack_networking_secgroup_v2.master.id}"
}
Expand Down

0 comments on commit c25196a

Please sign in to comment.