feat: ensure all AKS required ports on api-server are exposed #3488
feat: ensure all AKS required ports on api-server are exposed #3488
Conversation
Hi @gtracer, if you run |
lgtm for the tunnel ports 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/azp run pr-e2e |
Azure Pipelines successfully started running 1 pipeline(s). |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gtracer, jackfrancis The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov Report
@@ Coverage Diff @@
## master #3488 +/- ##
=======================================
Coverage 73.17% 73.17%
=======================================
Files 147 147
Lines 25040 25040
=======================================
Hits 18323 18323
Misses 5583 5583
Partials 1134 1134
Continue to review full report at Codecov.
|
Reason for Change:
AKS requires two ports to be exposed beyond 443. These ports are used for tunnelfront to connect to tunnelend and when customers block them (firewall etc.) it causes clusters to fail
Issue Fixed:
Requirements:
Notes:
Looks to me like the apiserver connection check is sectioned to aks only since it is for hosted master but if that is wrong and aks-engine clusters could also trigger this code then please let me know as these ports are only needed for aks clusters