Added network secutiry group commands
parent
8938dfb8c6
commit
2790d2e831
|
@ -55,6 +55,8 @@ az network vnet subnet create --name kubernetes --vnet-name kubernetes-the-hard-
|
||||||
|
|
||||||
### Firewall Rules
|
### Firewall Rules
|
||||||
|
|
||||||
|
> This section only applies to gcloud
|
||||||
|
|
||||||
Create a firewall rule that allows internal communication across all protocols:
|
Create a firewall rule that allows internal communication across all protocols:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -89,6 +91,37 @@ kubernetes-the-hard-way-allow-external kubernetes-the-hard-way INGRESS 1000
|
||||||
kubernetes-the-hard-way-allow-internal kubernetes-the-hard-way INGRESS 1000 tcp,udp,icmp Fals
|
kubernetes-the-hard-way-allow-internal kubernetes-the-hard-way INGRESS 1000 tcp,udp,icmp Fals
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Network Security Group
|
||||||
|
|
||||||
|
> This section only applies to azure
|
||||||
|
|
||||||
|
Create a [Network Security Group](https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview) to allow https, ssh, and ICMP inbound traffic.
|
||||||
|
|
||||||
|
```
|
||||||
|
az network nsg create \
|
||||||
|
--name kubernetes-the-hard-way-nsg
|
||||||
|
|
||||||
|
az network nsg rule create \
|
||||||
|
--name kubernetes-the-hard-way-inbound-tcp \
|
||||||
|
--nsg-name kubernetes-the-hard-way-nsg \
|
||||||
|
--priority 100 \
|
||||||
|
--access ALLOW \
|
||||||
|
--source-address-prefixes 0.0.0.0/0 \
|
||||||
|
--destination-port-ranges 22 6443 \
|
||||||
|
--protocol Tcp \
|
||||||
|
--direction Inbound
|
||||||
|
|
||||||
|
az network nsg rule create \
|
||||||
|
--name kubernetes-the-hard-way-inbound-icmp \
|
||||||
|
--nsg-name kubernetes-the-hard-way-nsg \
|
||||||
|
--priority 200 \
|
||||||
|
--access ALLOW \
|
||||||
|
--source-address-prefixes 0.0.0.0/0 \
|
||||||
|
--destination-port-ranges "*" \
|
||||||
|
--protocol Icmp \
|
||||||
|
--direction Inbound
|
||||||
|
```
|
||||||
|
|
||||||
### Kubernetes Public IP Address
|
### Kubernetes Public IP Address
|
||||||
|
|
||||||
Allocate a static IP address that will be attached to the external load balancer fronting the Kubernetes API Servers:
|
Allocate a static IP address that will be attached to the external load balancer fronting the Kubernetes API Servers:
|
||||||
|
|
Loading…
Reference in New Issue