mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #47626 from Q-Lee/metadata-fix
Automatic merge from submit-queue (batch tested with PRs 47626, 47674, 47683, 47290, 47688) The KUBE-METADATA-SERVER firewall must be applied before the universa… …l tcp ACCEPT **What this PR does / why we need it**: the metadata firewall rule was broken by being appended after the universal tcp accept. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note ```
This commit is contained in:
commit
d7e5a8b67e
@ -91,7 +91,7 @@ function config-ip-firewall {
|
||||
echo "Configuring IP firewall rules"
|
||||
|
||||
iptables -N KUBE-METADATA-SERVER
|
||||
iptables -A FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
|
||||
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
|
||||
|
||||
if [[ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]]; then
|
||||
iptables -A KUBE-METADATA-SERVER -j DROP
|
||||
|
@ -103,7 +103,7 @@ function config-ip-firewall {
|
||||
fi
|
||||
|
||||
iptables -N KUBE-METADATA-SERVER
|
||||
iptables -A FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
|
||||
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
|
||||
|
||||
if [[ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]]; then
|
||||
iptables -A KUBE-METADATA-SERVER -j DROP
|
||||
|
Loading…
Reference in New Issue
Block a user