default install firewall rules blocks access to the API #19

New Issue

Closed

opened 2024-03-13 16:49:43 +00:00 by jon_nfc · 4 comments

jon_nfc commented 2024-03-13 16:49:43 +00:00 (Migrated from gitlab.com)

Copy Link

The default install of firewall rules block pods from accessing the API. the pod subnet needs to be added to the default rules.

work around

# Set input and forward table policy to accept
iptables --policy INPUT ACCEPT
iptables --policy FORWARD ACCEPT

NOTE: The above iptables commands open the firewall up to all ports. Don't use these commands on a production system.

The default install of firewall rules block pods from accessing the API. the pod subnet needs to be added to the default rules. ### work around ``` bash # Set input and forward table policy to accept iptables --policy INPUT ACCEPT iptables --policy FORWARD ACCEPT ``` **NOTE:** _The above iptables commands open the firewall up to all ports. Don't use these commands on a production system._

jon_nfc commented 2024-03-13 16:49:44 +00:00 (Migrated from gitlab.com)

Copy Link

added 5m of time spent

added 5m of time spent

jon_nfc commented 2024-03-18 09:47:52 +00:00 (Migrated from gitlab.com)

Copy Link

assigned to @jon_nfc

assigned to @jon_nfc

jon_nfc commented 2024-03-18 09:48:06 +00:00 (Migrated from gitlab.com)

Copy Link

mentioned in commit ec94414383

mentioned in commit ec94414383f514a033e42bf7c48a944251a5df27

jon_nfc (Migrated from gitlab.com) closed this issue 2024-03-18 10:00:50 +00:00

jon_nfc commented 2024-03-18 10:00:51 +00:00 (Migrated from gitlab.com)

Copy Link

mentioned in commit 17ff472577

mentioned in commit 17ff4725773f33bb74c338fb6c8cb8c49d9c2b7e

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

remove-cni

master

1.13.2

1.13.1

1.13.0

1.12.0

1.11.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.0

1.8.1-a2

1.8.1-a1

1.8.0

1.7.2

1.7.1

1.7.0

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.3.0

0.2.0

0.2.0rc1

0.2.0rc0

0.1.0

0.0.1

Labels

Clear labels

Bug

Used in discussion about a bug in comments or commits

CVE-2023-5764

Denotes items related to the CVE

CodeReview

Used in comments (issues/MR/commits) to denote code review related items

Documentation

Documentation items

Feature

Used in discussion about a Feature in comments or commits

Lint

Used in comments (issues/MR/commits) to denote lint tasks todo, done, fixed

Privacy

Used in comments (issues/MR/commits) to denote privacy related items

Security

Used in comments (issues/MR/commits) to denote Security related items

breaking-change

label used to denote that the issue/Merge Request does/will introduce a breaking change

bug::reproducable

Given to an issue when the bug has been confirmed as re-producable. Can also be used in comments and commits.

bug::unable to reproduce

Given to an issue when the bug that is not able to be reproduced. Can also be used in comments and commits.

code review::complete

code review::not started

code review::rejected

code review::underway

difficulty::Full Development

Level 3. Difficulty representing that the task to complete must be planned and created.

difficulty::Good First Issue

Level 1. Difficulty representing that the task is very simple and with limited knowledge can be completed.

difficulty::Prior Knowledge

Level 2. Difficulty representing that the task requires some prior knowledge of either the technology or the project for task completion.

documentation::complete

Issues, Merge Requests

documentation::no change required

Issues, Merge Requests and used to denote no documentation changes required

documentation::not started

Issues, Merge Requests

documentation::stalled

Issues, Merge Requests

documentation::underway

Issues, Merge Requests

impact::0

impact::1

impact::2

impact::3

impact::4

impact::5

ops::ansible-roles

OPS project tag

ops::automation

ops::gitlab-ci

OPS project tag

ops::marcas

OPS project tag

ops::python-gitlab-management

OPS project tag

ops::website

priority::0

priority::1

priority::2

priority::3

priority::4

priority::5

stage::Ready for Development

stage::develop

Stage for use in Issues and Merge Requests. Can also be used in discussion in comments and commits

stage::feedback required

stage::planning

Stage for use in Issues and Merge Requests. Can also be used in discussion in comments and commits

stage::test

Stage for use in Issues and Merge Requests. Can also be used in discussion in comments and commits

stale

Label given to issues/merge requests that are considered stale due to no collaboration and is a mark for closure.

triage

Tag given to issues/merge requests requiring triaging by the team.

triage::not_confidential

This tag is given by the triage bot so that URLs can be added to an issue/comment. A triage policy for NFC wide should remove this label.

type::CI / CD

type::automation

This type is used to denote an automation job

type::bug

Type for Issues and Merge Requests. Can also be used in discussion in comments and commits

type::compliance

type::discussion

Type for Issues. Can also be used in discussion in comments.

type::documentation

Type for Issues and Merge Requests. Can also be used in discussion in comments and commits

type::feature

type for Issues and Merge Requests. Can also be used in discussion in comments and commits

type::invalid

label given to tickets that require no action or are deem as invalid.

type::quality assurance

Type for Issues and Merge Requests. Can also be used in discussion in comments and commits

type::question

Type for Issues. Can also be used in discussion in comments.

type::security

Type for Issues and Merge Requests.

type::specification

Design specification

v1.0.0

Version that is affected

v1.0.1

Version that is affected

v1.1.0

Version that is affected

v1.1.1

Version that is affected

v1.1.2

Version that is affected

v1.10.0

Version that is affected

v1.10.1

Version that is affected

v1.10.2

Version that is affected

v1.10.3

Version that is affected

v1.11.0

Version that is affected

v1.12.0

Version that is affected

v1.13.0

Version that is affected

v1.13.1

Version that is affected

v1.13.2

Version that is affected

v1.2.0

Version that is affected

v1.3.0

Version that is affected

v1.4.0

Version that is affected

v1.5.0

Version that is affected

v1.6.0

Version that is affected

v1.7.0

Version that is affected

v1.7.1

Version that is affected

v1.7.2

Version that is affected

v1.8.0

Version that is affected

v1.8.1-a1

Version that is affected

v1.8.1-a2

Version that is affected

v1.9.0

Version that is affected

workflow::complete

Issues, Merge Requests

workflow::not ready

workflow::not ready::blocked

workflow::not started

Issues, Merge Requests

workflow::ready to commence

Issues, Merge Requests

workflow::stalled

Label given to issues/merge requests where no work has occured in x days iaw triage policy.

workflow::underway

Issues, Merge Requests

workflow::underway::develop

Area/CI-CD

Documentation changes

Area/Documentation

Documentation changes

Area/Security

This is security issue

Area/Testing

Issue or pull request related to testing

Bug

Failure to Confirm

Bug exists due to not confirming/testing code

Bug

Regression

THe bug is a regression of a feature

Bug

To be Confirmed

This bug is not confirmed

Bug

Unable to Reproduce

A developer can not re-create/re-produce the bug

Compat/Breaking

Breaking change that won't be backward compatible

Impact

Critical

1

The impact is critical in that it is blocking or prevents usage.

Impact

High

2

The impact requires that changes be made for continuted usage.

Impact

Low

4

The impact requires the user approach from a different angle for continued usage.

Impact

Medium

3

The impact requires a workaround for continued usage.

Impact

Very Low

5

The impact has a slight effect on usage.

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Priority

Very High

1

The priority is critical

Priority

Very Low

5

The priority is very low

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

Type

Bug

Something is not working

Type

Epic

Epic User Story

Type

Feature

Feature / Module

Type

Incident

Something occured related to a service

Type

RFE

Request for Enhancement

Type

Task

A work item that must be done

Urgency

Low

4

Prioritize this amoungst your list of things to do.

Urgency

Major

1

Urgency is so high it should have been dealt with last week.

Urgency

Medium

3

Start as soon as possible.

Urgency

Very High

2

Urgency is high enough to warrant near immediate commencement.

Urgency

Very Low

5

Add this to your list of things to do.

No Label

difficulty::Good First Issue

impact::2

priority::5

type::feature

v1.1.2

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

jason jon

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: ansible-collections/kubernetes#19

No description provided.