-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically create firewall rules for networks #593
Comments
cc @lubronzhan |
So I was thinking do we add another condition or modify the existing? |
We will need to delete some existing rules and add more rules to define more granular rules. For example, firewall rules for control plane and worker nodes should be different. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
I'd like to work on this, @pydctw is this still up for assignment? |
@SubhasmitaSw guess it is |
@SubhasmitaSw, this is a much needed feature. Go for it. |
I may be a bit slow to respond, but I'm working on it! /assign |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
@SubhasmitaSw are you still working in it? Can I help you with anything? |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/kind feature
Describe the solution you'd like
Currently, a user needs to create and delete firewall rules manually if they want to use a network other than
default
one. CAPG should automate this and create firewall rules for networks created by CAPG.Also, firewall rules should allow only necessary traffic flow and restrict source/destinations, meaning current firewall rules need to be refined -> It may not require a full design doc but research and discussion w/community will be needed before full implementation.
Anything else you would like to add:
Where firewall rules are created manually for e2e tests: https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/scripts/ci-e2e.sh#L108-L116
The text was updated successfully, but these errors were encountered: