File tree Expand file tree Collapse file tree 3 files changed +124
-247
lines changed
config/clusterctl-templates Expand file tree Collapse file tree 3 files changed +124
-247
lines changed Load Diff This file was deleted.
Original file line number Diff line number Diff line change 2929 partition : ${METAL_PARTITION}
3030 nodeNetworkID : ${METAL_NODE_NETWORK_ID}
3131 controlPlaneIP : ${CONTROL_PLANE_IP}
32+ firewallDeploymentRef :
33+ name : ${CLUSTER_NAME}
34+ ---
35+ apiVersion : infrastructure.cluster.x-k8s.io/v1alpha1
36+ kind : MetalStackFirewallDeployment
37+ metadata :
38+ name : ${CLUSTER_NAME}
39+ namespace : ${NAMESPACE}
40+ spec :
41+ autoUpdate :
42+ machineImage : true
43+ firewallTemplateRef :
44+ name : ${CLUSTER_NAME}
45+ ---
46+ apiVersion : infrastructure.cluster.x-k8s.io/v1alpha1
47+ kind : MetalStackFirewallTemplate
48+ metadata :
49+ name : ${CLUSTER_NAME}
50+ namespace : ${NAMESPACE}
51+ spec :
52+ image : ${FIREWALL_MACHINE_IMAGE}
53+ size : ${FIREWALL_MACHINE_SIZE}
54+ networks : ${FIREWALL_EXTERNAL_NETWORKS:=["internet"]}
55+ partition : ${METAL_PARTITION}
56+ project : ${METAL_PROJECT_ID}
57+ initialRuleSet :
58+ egress :
59+ - comment : allow outgoing HTTP and HTTPS traffic
60+ ports :
61+ - 80
62+ - 443
63+ protocol : TCP
64+ to :
65+ - 0.0.0.0/0
66+ - comment : allow outgoing DNS traffic via TCP
67+ ports :
68+ - 53
69+ protocol : TCP
70+ to :
71+ - 0.0.0.0/0
72+ - comment : allow outgoing traffic to control plane for ccm
73+ ports :
74+ - 8080
75+ protocol : TCP
76+ to :
77+ - 0.0.0.0/0 # could be more specific
78+ - comment : allow outgoing DNS and NTP traffic via UDP
79+ ports :
80+ - 53
81+ - 123
82+ protocol : UDP
83+ to :
84+ - 0.0.0.0/0
85+
86+ ingress :
87+ - comment : allow incoming HTTP and HTTPS traffic
88+ ports :
89+ - 80
90+ - 443
91+ protocol : TCP
92+ from :
93+ - 0.0.0.0/0 # could be more specific
3294---
3395apiVersion : infrastructure.cluster.x-k8s.io/v1alpha1
3496kind : MetalStackMachineTemplate
Original file line number Diff line number Diff line change 2929 partition : ${METAL_PARTITION}
3030 nodeNetworkID : ${METAL_NODE_NETWORK_ID}
3131 controlPlaneIP : ${CONTROL_PLANE_IP}
32+ firewallDeploymentRef :
33+ name : ${CLUSTER_NAME}
34+ ---
35+ apiVersion : infrastructure.cluster.x-k8s.io/v1alpha1
36+ kind : MetalStackFirewallDeployment
37+ metadata :
38+ name : ${CLUSTER_NAME}
39+ namespace : ${NAMESPACE}
40+ spec :
41+ autoUpdate :
42+ machineImage : true
43+ firewallTemplateRef :
44+ name : ${CLUSTER_NAME}
45+ ---
46+ apiVersion : infrastructure.cluster.x-k8s.io/v1alpha1
47+ kind : MetalStackFirewallTemplate
48+ metadata :
49+ name : ${CLUSTER_NAME}
50+ namespace : ${NAMESPACE}
51+ spec :
52+ image : ${FIREWALL_MACHINE_IMAGE}
53+ size : ${FIREWALL_MACHINE_SIZE}
54+ networks : ${FIREWALL_EXTERNAL_NETWORKS:=["internet"]}
55+ partition : ${METAL_PARTITION}
56+ project : ${METAL_PROJECT_ID}
57+ initialRuleSet :
58+ egress :
59+ - comment : allow outgoing HTTP and HTTPS traffic
60+ ports :
61+ - 80
62+ - 443
63+ protocol : TCP
64+ to :
65+ - 0.0.0.0/0
66+ - comment : allow outgoing DNS traffic via TCP
67+ ports :
68+ - 53
69+ protocol : TCP
70+ to :
71+ - 0.0.0.0/0
72+ - comment : allow outgoing traffic to control plane for ccm
73+ ports :
74+ - 8080
75+ protocol : TCP
76+ to :
77+ - 0.0.0.0/0 # could be more specific
78+ - comment : allow outgoing DNS and NTP traffic via UDP
79+ ports :
80+ - 53
81+ - 123
82+ protocol : UDP
83+ to :
84+ - 0.0.0.0/0
85+
86+ ingress :
87+ - comment : allow incoming HTTP and HTTPS traffic
88+ ports :
89+ - 80
90+ - 443
91+ protocol : TCP
92+ from :
93+ - 0.0.0.0/0 # could be more specific
3294---
3395apiVersion : infrastructure.cluster.x-k8s.io/v1alpha1
3496kind : MetalStackMachineTemplate
You can’t perform that action at this time.
0 commit comments