fix(firewall): ensure slave nodes can access ALL masters API point

!48
2024-03-18 19:09:17 +09:30
parent 89b5593abf
commit 17e3318c3c
1 changed files with 7 additions and 2 deletions
--- a/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
+++ b/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
@ -149,8 +149,13 @@
      {#- All cluster Hosts -#}
-
+      {%- if 
-      {%- if nfc_role_kubernetes_master | default(false) | bool -%}
+        nfc_role_kubernetes_master | default(false) | bool
          and
        kubernetes_host not in groups['kubernetes_master']
          and
        '-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT' not in data.firewall_rules
      -%}
        {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT'] -%}