From 2790d2e8310606192a9ee803e581d9f1a67d17c7 Mon Sep 17 00:00:00 2001 From: Tom English Date: Thu, 21 Dec 2023 06:03:02 -0500 Subject: [PATCH] Added network secutiry group commands --- docs/03-compute-resources.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docs/03-compute-resources.md b/docs/03-compute-resources.md index 23d0c58..e3b07c8 100644 --- a/docs/03-compute-resources.md +++ b/docs/03-compute-resources.md @@ -55,6 +55,8 @@ az network vnet subnet create --name kubernetes --vnet-name kubernetes-the-hard- ### Firewall Rules +> This section only applies to gcloud + Create a firewall rule that allows internal communication across all protocols: ``` @@ -89,6 +91,37 @@ kubernetes-the-hard-way-allow-external kubernetes-the-hard-way INGRESS 1000 kubernetes-the-hard-way-allow-internal kubernetes-the-hard-way INGRESS 1000 tcp,udp,icmp Fals ``` +### Network Security Group + +> This section only applies to azure + +Create a [Network Security Group](https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview) to allow https, ssh, and ICMP inbound traffic. + +``` +az network nsg create \ + --name kubernetes-the-hard-way-nsg + +az network nsg rule create \ + --name kubernetes-the-hard-way-inbound-tcp \ + --nsg-name kubernetes-the-hard-way-nsg \ + --priority 100 \ + --access ALLOW \ + --source-address-prefixes 0.0.0.0/0 \ + --destination-port-ranges 22 6443 \ + --protocol Tcp \ + --direction Inbound + +az network nsg rule create \ + --name kubernetes-the-hard-way-inbound-icmp \ + --nsg-name kubernetes-the-hard-way-nsg \ + --priority 200 \ + --access ALLOW \ + --source-address-prefixes 0.0.0.0/0 \ + --destination-port-ranges "*" \ + --protocol Icmp \ + --direction Inbound +``` + ### Kubernetes Public IP Address Allocate a static IP address that will be attached to the external load balancer fronting the Kubernetes API Servers: