Commits on Apr 19, 2017

1. modules/aws: tighten security groups …

   Currently masters and workers share a pretty open security group.
   Furthermore workers expose ingress traffic at critical k8s ports like
   10250 and 10255.
   
   This fixes it by removing the common cluster default security group and
   specifying separate ingress/egress rules reflecting settings from the
   current tectonic installer.
   
   It also assigns only one security group for masters and workers.
   
   Fixes coreos#248, coreos#243, coreos#227

   Sergiusz Urbaniak committed Apr 19, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for 43d0c35
   • Browse repository at this point

   Copy the full SHA

   43d0c35 View commit details

   Browse the repository at this point in the history

2. Documentation/generic-platform: change flannel port to 4789 …

   ... because that one is configured and recommended since it is the IANA
   based one. Tools like tcpdump then decode vxlan packets natively.
   
   The old port (8472) is retained as the default port in the kernel for
   backwards compatibility purposes only, see [1].
   
   Other projects also switched to the new IANA assigned port.
   
   [1] http://lxr.free-electrons.com/source/drivers/net/vxlan.c#L43

   Sergiusz Urbaniak committed Apr 19, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for 797d9d1
   • Browse repository at this point

   Copy the full SHA

   797d9d1 View commit details

   Browse the repository at this point in the history