Skip to content

Commit

Permalink
Merge pull request kubernetes#3730 from iterion/add-ipip-to-kuberouter
Browse files Browse the repository at this point in the history 
Automatic merge from submit-queue.

Add node-to-master IPIP to kuberouter

Like Calico and Romana, Kube Router needs IPIP traffic from nodes to masters to be allowed. This adds that firewall rule for all clusters set up with Kube Router.

See:
cloudnativelabs/kube-router#208
  • Loading branch information
Kubernetes Submit Queue committed Nov 3, 2017
2 parents aadc2e1 + fd8fe5e commit f3affcb
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions pkg/model/firewall.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,10 @@ func (b *FirewallModelBuilder) applyNodeToMasterAllowSpecificPorts(c *fi.ModelBu
tcpPorts = append(tcpPorts, 4001)
tcpPorts = append(tcpPorts, 9600)
}

if b.Cluster.Spec.Networking.Kuberouter != nil {
protocols = append(protocols, ProtocolIPIP)
}
}

for _, udpPort := range udpPorts {
Expand Down Expand Up @@ -226,6 +230,10 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
protocols = append(protocols, ProtocolIPIP)
}

if b.Cluster.Spec.Networking.Kuberouter != nil {
protocols = append(protocols, ProtocolIPIP)
}

for _, r := range udpRanges {
c.AddTask(&awstasks.SecurityGroupRule{
Name: s(fmt.Sprintf("node-to-master-udp-%d-%d", r.From, r.To)),
Expand Down

0 comments on commit f3affcb

Please sign in to comment.