openshift/installer
1
0
Fork 0
mirror of https://github.com/openshift/installer.git synced 2026-02-05 06:46:36 +01:00
Code Issues Releases Activity

Bug 1748162: upi/aws, gcp: Open port 6081 for GENEVE

Browse Source 
This allows for use of the GENEVE overlay network, bringing UPI in to
parity with IPI.
This commit is contained in:
Casey Callendrello
2019-09-09 17:22:09 +02:00
parent 926a44dd15
commit c36fe1d31e
2 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
upi/aws/cloudformation/03_cluster_security.yaml
View File

@@ -114,6 +114,26 @@ Resources:
ToPort: 4789
IpProtocol: udp
MasterIngressGeneve:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt MasterSecurityGroup.GroupId
SourceSecurityGroupId: !GetAtt MasterSecurityGroup.GroupId
Description: Geneve packets
FromPort: 6081
ToPort: 6081
IpProtocol: udp
MasterIngressWorkerGeneve:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt MasterSecurityGroup.GroupId
SourceSecurityGroupId: !GetAtt WorkerSecurityGroup.GroupId
Description: Geneve packets
FromPort: 6081
ToPort: 6081
IpProtocol: udp
MasterIngressInternal:
Type: AWS::EC2::SecurityGroupIngress
Properties:
@@ -184,7 +204,7 @@ Resources:
ToPort: 4789
IpProtocol: udp
WorkerIngressWorkerVxlan:
WorkerIngressMasterVxlan:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt WorkerSecurityGroup.GroupId
@@ -194,6 +214,26 @@ Resources:
ToPort: 4789
IpProtocol: udp
WorkerIngressGeneve:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt WorkerSecurityGroup.GroupId
SourceSecurityGroupId: !GetAtt WorkerSecurityGroup.GroupId
Description: Geneve packets
FromPort: 6081
ToPort: 6081
IpProtocol: udp
WorkerIngressMasterGeneve:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt WorkerSecurityGroup.GroupId
SourceSecurityGroupId: !GetAtt MasterSecurityGroup.GroupId
Description: Geneve packets
FromPort: 6081
ToPort: 6081
IpProtocol: udp
WorkerIngressInternal:
Type: AWS::EC2::SecurityGroupIngress
Properties:

16
upi/gcp/03_security.py
View File

@@ -64,25 +64,25 @@ def GenerateConfig(context):
'targetTags': [context.properties['infra_id'] + '-master']
}
}, {
'name': context.properties['infra_id'] + '-master-in-vxlan',
'name': context.properties['infra_id'] + '-master-in-overlay',
'type': 'compute.v1.firewall',
'properties': {
'network': context.properties['cluster_network'],
'allowed': [{
'IPProtocol': 'udp',
'ports': ['4789']
'ports': ['4789', '6081']
}],
'sourceTags': [context.properties['infra_id'] + '-master'],
'targetTags': [context.properties['infra_id'] + '-master']
}
}, {
'name': context.properties['infra_id'] + '-master-in-vxlan-from-worker',
'name': context.properties['infra_id'] + '-master-in-overlay-from-worker',
'type': 'compute.v1.firewall',
'properties': {
'network': context.properties['cluster_network'],
'allowed': [{
'IPProtocol': 'udp',
'ports': ['4789']
'ports': ['4789', '6081']
}],
'sourceTags': [context.properties['infra_id'] + '-worker'],
'targetTags': [context.properties['infra_id'] + '-master']
@@ -267,25 +267,25 @@ def GenerateConfig(context):
'targetTags': [context.properties['infra_id'] + '-worker']
}
}, {
'name': context.properties['infra_id'] + '-worker-in-vxlan',
'name': context.properties['infra_id'] + '-worker-in-overlay',
'type': 'compute.v1.firewall',
'properties': {
'network': context.properties['cluster_network'],
'allowed': [{
'IPProtocol': 'udp',
'ports': ['4789']
'ports': ['4789', '6081']
}],
'sourceTags': [context.properties['infra_id'] + '-worker'],
'targetTags': [context.properties['infra_id'] + '-worker']
}
}, {
'name': context.properties['infra_id'] + '-worker-in-vxlan-from-master',
'name': context.properties['infra_id'] + '-worker-in-overlay-from-master',
'type': 'compute.v1.firewall',
'properties': {
'network': context.properties['cluster_network'],
'allowed': [{
'IPProtocol': 'udp',
'ports': ['4789']
'ports': ['4789', '6081']
}],
'sourceTags': [context.properties['infra_id'] + '-master'],
'targetTags': [context.properties['infra_id'] + '-worker']