mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-01 07:47:56 +00:00
Merge pull request #33094 from jszczepkowski/ha-firewall2
Automatic merge from submit-queue HA master: add firewall rule for etcd cluster.
This commit is contained in:
Kubernetes Submit Queue
GitHub
commit
8d9642e2a2
@ -669,12 +669,22 @@ function create-network() {
|
|||||||
gcloud compute networks create --project "${PROJECT}" "${NETWORK}" --range "10.240.0.0/16"
|
gcloud compute networks create --project "${PROJECT}" "${NETWORK}" --range "10.240.0.0/16"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! gcloud compute firewall-rules --project "${PROJECT}" describe "${NETWORK}-default-internal" &>/dev/null; then
|
if ! gcloud compute firewall-rules --project "${PROJECT}" describe "${NETWORK}-default-internal-master" &>/dev/null; then
|
||||||
gcloud compute firewall-rules create "${NETWORK}-default-internal" \
|
gcloud compute firewall-rules create "${NETWORK}-default-internal-master" \
|
||||||
--project "${PROJECT}" \
|
--project "${PROJECT}" \
|
||||||
--network "${NETWORK}" \
|
--network "${NETWORK}" \
|
||||||
--source-ranges "10.0.0.0/8" \
|
--source-ranges "10.0.0.0/8" \
|
||||||
--allow "tcp:1-65535,udp:1-65535,icmp" &
|
--allow "tcp:1-2379,tcp:2382-65535,udp:1-65535,icmp" \
|
||||||
|
--target-tags "${MASTER_TAG}"&
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! gcloud compute firewall-rules --project "${PROJECT}" describe "${NETWORK}-default-internal-node" &>/dev/null; then
|
||||||
|
gcloud compute firewall-rules create "${NETWORK}-default-internal-node" \
|
||||||
|
--project "${PROJECT}" \
|
||||||
|
--network "${NETWORK}" \
|
||||||
|
--source-ranges "10.0.0.0/8" \
|
||||||
|
--allow "tcp:1-65535,udp:1-65535,icmp" \
|
||||||
|
--target-tags "${NODE_TAG}"&
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! gcloud compute firewall-rules describe --project "${PROJECT}" "${NETWORK}-default-ssh" &>/dev/null; then
|
if ! gcloud compute firewall-rules describe --project "${PROJECT}" "${NETWORK}-default-ssh" &>/dev/null; then
|
||||||
@ -723,6 +733,16 @@ function create-master() {
|
|||||||
--size "${CLUSTER_REGISTRY_DISK_SIZE}" &
|
--size "${CLUSTER_REGISTRY_DISK_SIZE}" &
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Create rule for accessing and securing etcd servers.
|
||||||
|
if ! gcloud compute firewall-rules --project "${PROJECT}" describe "${MASTER_NAME}-etcd" &>/dev/null; then
|
||||||
|
gcloud compute firewall-rules create "${MASTER_NAME}-etcd" \
|
||||||
|
--project "${PROJECT}" \
|
||||||
|
--network "${NETWORK}" \
|
||||||
|
--source-tags "${MASTER_TAG}" \
|
||||||
|
--allow "tcp:2380,tcp:2381" \
|
||||||
|
--target-tags "${MASTER_TAG}" &
|
||||||
|
fi
|
||||||
|
|
||||||
# Generate a bearer token for this cluster. We push this separately
|
# Generate a bearer token for this cluster. We push this separately
|
||||||
# from the other cluster variables so that the client (this
|
# from the other cluster variables so that the client (this
|
||||||
# computer) can forget it later. This should disappear with
|
# computer) can forget it later. This should disappear with
|
||||||
@ -1275,6 +1295,13 @@ function kube-down() {
|
|||||||
--quiet \
|
--quiet \
|
||||||
"${NODE_TAG}-all"
|
"${NODE_TAG}-all"
|
||||||
fi
|
fi
|
||||||
|
# Delete firewall rule for etcd servers.
|
||||||
|
if ! gcloud compute firewall-rules --project "${PROJECT}" describe "${MASTER_NAME}-etcd" &>/dev/null; then
|
||||||
|
gcloud compute firewall-rules delete \
|
||||||
|
--project "${PROJECT}" \
|
||||||
|
--quiet \
|
||||||
|
"${MASTER_NAME}-etcd"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "${KUBE_DELETE_NODES:-}" != "false" ]]; then
|
if [[ "${KUBE_DELETE_NODES:-}" != "false" ]]; then
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user