github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-15 06:01:50 +00:00
Code Issues Projects Releases Wiki Activity

Prepend the metadata firewall in gce, so it isn't superceded.

Browse Source
This commit is contained in:
Quintin Lee
2017-06-16 10:08:48 -07:00
parent 289de0ee14
commit b886897f9d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/gce/configure-vm.sh
View File

@@ -91,7 +91,7 @@ function config-ip-firewall {
echo "Configuring IP firewall rules"
iptables -N KUBE-METADATA-SERVER
iptables -A FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
if [[ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]]; then
iptables -A KUBE-METADATA-SERVER -j DROP

2
cluster/gce/gci/configure-helper.sh
View File

@@ -99,7 +99,7 @@ function config-ip-firewall {
fi
iptables -N KUBE-METADATA-SERVER
iptables -A FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
if [[ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]]; then
iptables -A KUBE-METADATA-SERVER -j DROP