Added network secutiry group commands

pull/758/head
Tom English 2023-12-21 06:03:02 -05:00
parent 8938dfb8c6
commit 2790d2e831
1 changed files with 33 additions and 0 deletions

View File

@ -55,6 +55,8 @@ az network vnet subnet create --name kubernetes --vnet-name kubernetes-the-hard-
### Firewall Rules
> This section only applies to gcloud
Create a firewall rule that allows internal communication across all protocols:
```
@ -89,6 +91,37 @@ kubernetes-the-hard-way-allow-external kubernetes-the-hard-way INGRESS 1000
kubernetes-the-hard-way-allow-internal kubernetes-the-hard-way INGRESS 1000 tcp,udp,icmp Fals
```
### Network Security Group
> This section only applies to azure
Create a [Network Security Group](https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview) to allow https, ssh, and ICMP inbound traffic.
```
az network nsg create \
--name kubernetes-the-hard-way-nsg
az network nsg rule create \
--name kubernetes-the-hard-way-inbound-tcp \
--nsg-name kubernetes-the-hard-way-nsg \
--priority 100 \
--access ALLOW \
--source-address-prefixes 0.0.0.0/0 \
--destination-port-ranges 22 6443 \
--protocol Tcp \
--direction Inbound
az network nsg rule create \
--name kubernetes-the-hard-way-inbound-icmp \
--nsg-name kubernetes-the-hard-way-nsg \
--priority 200 \
--access ALLOW \
--source-address-prefixes 0.0.0.0/0 \
--destination-port-ranges "*" \
--protocol Icmp \
--direction Inbound
```
### Kubernetes Public IP Address
Allocate a static IP address that will be attached to the external load balancer fronting the Kubernetes API Servers: