mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
78 lines
2.5 KiB
Plaintext
78 lines
2.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_gcp/installing-gcp-user-infra.adoc
|
|
// * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
|
|
|
|
ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
|
|
:shared-vpc:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="installation-creating-gcp-firewall-rules-vpc_{context}"]
|
|
= Creating firewall rules in {gcp-short}
|
|
|
|
You must create firewall rules in {gcp-first} for your
|
|
{product-title} cluster to use. One way to create these components is
|
|
to modify the provided Deployment Manager template.
|
|
|
|
[NOTE]
|
|
====
|
|
If you do not use the provided Deployment Manager template to create your {gcp-short}
|
|
infrastructure, you must review the provided information and manually create
|
|
the infrastructure. If your cluster does not initialize correctly, you might
|
|
have to contact Red Hat support with your installation logs.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* Ensure you defined the variables in the _Exporting common variables_ and _Creating load balancers in {gcp-short}_ sections.
|
|
|
|
.Procedure
|
|
|
|
. Copy the template from the
|
|
*Deployment Manager template for firewall rules*
|
|
section of this topic and save it as `03_firewall.py` on your computer. This
|
|
template describes the security groups that your cluster requires.
|
|
|
|
. Create a `03_firewall.yaml` resource definition file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cat <<EOF >03_firewall.yaml
|
|
imports:
|
|
- path: 03_firewall.py
|
|
|
|
resources:
|
|
- name: cluster-firewall
|
|
type: 03_firewall.py
|
|
properties:
|
|
allowed_external_cidr: '0.0.0.0/0' <1>
|
|
infra_id: '${INFRA_ID}' <2>
|
|
cluster_network: '${CLUSTER_NETWORK}' <3>
|
|
network_cidr: '${NETWORK_CIDR}' <4>
|
|
EOF
|
|
----
|
|
<1> `allowed_external_cidr` is the CIDR range that can access the cluster API and SSH to the bootstrap host. For an internal cluster, set this value to `${NETWORK_CIDR}`.
|
|
<2> `infra_id` is the `INFRA_ID` infrastructure name from the extraction step.
|
|
<3> `cluster_network` is the `selfLink` URL to the cluster network.
|
|
<4> `network_cidr` is the CIDR of the VPC network, for example `10.0.0.0/16`.
|
|
|
|
. Create the deployment by using the `gcloud` CLI:
|
|
+
|
|
ifdef::shared-vpc[]
|
|
[source,terminal]
|
|
----
|
|
$ gcloud deployment-manager deployments create ${INFRA_ID}-firewall --config 03_firewall.yaml --project ${HOST_PROJECT} --account ${HOST_PROJECT_ACCOUNT}
|
|
----
|
|
endif::shared-vpc[]
|
|
ifndef::shared-vpc[]
|
|
[source,terminal]
|
|
----
|
|
$ gcloud deployment-manager deployments create ${INFRA_ID}-firewall --config 03_firewall.yaml
|
|
----
|
|
endif::shared-vpc[]
|
|
|
|
ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
|
|
:!shared-vpc:
|
|
endif::[]
|