Closed stephanlindauer closed 7 years ago
aaronlevy
commented
7 years ago @stephanlindauer we should probably document allowing traffic between both masters and workers on the pod network. So maybe updating the ingress rules from both master/worker to state source could be from master & worker?
stephanlindauer
commented
7 years ago not 100% sure what you mean. the ports are already mentioned in the Worker Node Inbound section. or do you want to add a new table for inboud rules that should be applied to both master and worker nodes?
aaronlevy
commented
7 years ago Sorry for the vagueness. We likely also need to allow master->worker pod traffic (and master to master pod traffic). Looks like we're only allowing pod traffic to be sourced from workers.
We mention opening all TCP traffic between worker/master, but not in the case for these UDP ports.
So I think it would just be a change of source=master & worker for the flannel rules in both the ingress tables.
stephanlindauer
commented
7 years ago ok understood. makes sense. ;) i changed the pr accordingly.
aaronlevy
commented
7 years ago LGTM, thanks!
aaronlevy
commented
7 years ago Oh actually, would you mind squashing into a single commit?
stephanlindauer
commented
7 years ago yup. done.
those ports have to be open on the master as well. otherwise things like kube-proxy+dashboard wont work.