ansible-collections/kubernetes
2
0
Fork 0
Code Issues 8 Pull Requests 1 Actions Projects Releases 28 Wiki Activity

feat(firewall): add required rules for calico operator

Browse Source 
!17
This commit is contained in:
Jon Lockwood
2024-01-30 19:07:20 +09:30
parent 5925a26c60
commit 8919486b6b
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
templates/iptables-kubernetes.rules.j2
View File

@ -114,6 +114,9 @@
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-embedded-etcd -s ' + master_host + ' -j ACCEPT'] -%}
{# {%- set data.firewall_rules = data.firewall_rules + ['-I INPUT -s ' + master_host + ' -p tcp -m multiport --dports 2380 -j ACCEPT'] -%} #}
{%- if '-I kubernetes-api -s ' + master_host + ' -j ACCEPT' not in data.firewall_rules -%}
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-api -s ' + master_host + ' -j ACCEPT'] -%}
{%- endif -%}
@ -122,6 +125,8 @@
{%- endif -%}
{%- endif -%}
{%- endfor -%}
{%- if
@ -159,6 +164,10 @@
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-typha -s ' + kubernetes_host + ' -j ACCEPT'] -%}
{%- endif -%}