Proper ip-per-pod on GCE.

Back out the second iptables rule, now that we know what the problem was - we need to open a firewal rule on each minion.
2025-09-09 13:12:20 +00:00 · 2014-08-13 13:26:03 -07:00
parent 12a22db2a9
commit 03ade159c3
2 changed files with 19 additions and 16 deletions
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -171,6 +171,13 @@ function kube-up {
      grep -v "^#" $(dirname $0)/templates/salt-minion.sh
    ) > ${KUBE_TEMP}/minion-start-${i}.sh

+    gcutil addfirewall ${MINION_NAMES[$i]}-all \
+      --norespect_terminal_width \
+      --project ${PROJECT} \
+      --network ${NETWORK} \
+      --allowed_ip_sources ${MINION_IP_RANGES[$i]} \
+      --allowed "tcp,udp,icmp,esp,ah,sctp" &
+
    gcutil addinstance ${MINION_NAMES[$i]} \
    --norespect_terminal_width \
      --project ${PROJECT} \
@@ -277,6 +284,12 @@ function kube-down {
    --zone ${ZONE} \
    ${MASTER_NAME} &

+  gcutil deletefirewall  \
+    --project ${PROJECT} \
+    --norespect_terminal_width \
+    --force \
+    ${MINION_NAMES[*]/%/-all} &
+
  gcutil deleteinstance \
    --project ${PROJECT} \
    --norespect_terminal_width \