Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up firewall rules for cluster in GCP deployer #132

Closed
kawych opened this issue May 3, 2018 · 10 comments · Fixed by #352
Closed

Set up firewall rules for cluster in GCP deployer #132

kawych opened this issue May 3, 2018 · 10 comments · Fixed by #352
Assignees
@mkjelland

Comments

@kawych
Copy link
Contributor

kawych commented May 3, 2018

In clusters created with GCP deployer, pods can't connect to ports exposed by Kubelet on other nodes. For my cluster "test1" I worked it around adding a firewall rule:

Targets: test1-worker
Source IP ranges: 192.168.1.0/24, 192.168.0.0/24
Protocols: tcp
Action: ALLOW

192.168.1.0/24, 192.168.0.0/24 are IP ranges of pods in my cluster.

cc @karan @krousey
@spew
Copy link
Contributor

spew commented May 10, 2018

Taking a look at fixing this one.

@spew
Copy link
Contributor

spew commented May 11, 2018

I have reproduced this issue, there is active work going on in this area by @mkjelland

@spew
Copy link
Contributor

spew commented May 11, 2018

Issue assigned to @mkjelland

@rsdcastro rsdcastro added this to the cluster-api-alpha-implementation milestone May 29, 2018
@mkjelland mkjelland mentioned this issue Jun 15, 2018
Merged
@kawych
Copy link
Contributor Author

kawych commented Jun 25, 2018

@spew @mkjelland

This is not fixed yet. The firewall rule added in #352 enables communication between cluster nodes, but does not allow connections from pods running on a cluster to ports exposed from other nodes.

@spew
Copy link
Contributor

spew commented Jun 25, 2018

/reopen

@k8s-ci-robot
Copy link
Contributor

@spew: you can't re-open an issue/PR unless you authored it or you are assigned to it.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spew
Copy link
Contributor

spew commented Jun 25, 2018

@mkjelland can you take a look at this one?

@mkjelland
Copy link
Contributor

/reopen
I'll take another look, thanks!

@k8s-ci-robot k8s-ci-robot reopened this Jun 25, 2018
@roberthbailey
Copy link
Contributor

@kawych - is this relevant to the google provider in clusterctl? The gcp deployer code is going away prior to the alpha release of the cluster api.

@roberthbailey roberthbailey mentioned this issue Dec 4, 2018
Closed
@roberthbailey
Copy link
Contributor

Manually moved to kubernetes-sigs/cluster-api-provider-gcp#70.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkjelland mkjelland

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add firewall rules in cluster controller mkjelland/cluster-api
6 participants
@rsdcastro @kawych @spew @roberthbailey @k8s-ci-robot @mkjelland