cloud/azure: make icmp_allow_all
rule ICMP-only
#12559
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Historically, KKP created an Azure NSG that had a workaround/hack in place to only allow IMCP traffic:
This has been in the code forever, the link goes to a 2015 page, and in the mean time Azure has introduced ICMP as protocol for NSG rules. So this PR does the following things:
icmp_allow_all
rule to actually only allow IMCP as protocolicmp_allow_all
rule before the TCP and UDP deny-all rules in priorityBecause Azure is implemented as reconciling provider, this change will be applied to existing clusters as well.
Which issue(s) this PR fixes:
Fixes #
What type of PR is this?
/kind cleanup
Special notes for your reviewer:
Does this PR introduce a user-facing change? Then add your Release Note here:
Documentation: