github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Default firewall port to TCP when unspecified.

pull/6/head
Prashanth Balasubramanian 2016-03-28 10:29:31 -07:00
parent e01feae75a
commit 7436fc6261
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/cloudprovider/providers/gce/gce.go
View File

@ -924,6 +924,11 @@ func (gce *GCECloud) firewallObject(name, region, desc string, sourceRanges nets
TargetTags: hostTags, TargetTags: hostTags,
Allowed: []*compute.FirewallAllowed{ Allowed: []*compute.FirewallAllowed{
{ {
// TODO: Make this more generic. Currently this method is only
// used to create firewall rules for loadbalancers, which have
// exactly one protocol, so we can never end up with a list of
// mixed TCP and UDP ports. It should be possible to use a
// single firewall rule for both a TCP and UDP lb.
IPProtocol: strings.ToLower(string(ports[0].Protocol)), IPProtocol: strings.ToLower(string(ports[0].Protocol)),
Ports: allowedPorts, Ports: allowedPorts,
}, },
@ -1237,8 +1242,13 @@ func (gce *GCECloud) CreateFirewall(name, desc string, sourceRanges netsets.IPNe
// TODO: This completely breaks modularity in the cloudprovider but the methods // TODO: This completely breaks modularity in the cloudprovider but the methods
// shared with the TCPLoadBalancer take api.ServicePorts. // shared with the TCPLoadBalancer take api.ServicePorts.
svcPorts := []api.ServicePort{} svcPorts := []api.ServicePort{}
// TODO: Currently the only consumer of this method is the GCE L7
// loadbalancer controller, which never needs a protocol other than TCP.
// We should pipe through a mapping of port:protocol and default to TCP
// if UDP ports are required. This means the method signature will change
// forcing downstream clients to refactor interfaces.
for _, p := range ports { for _, p := range ports {
svcPorts = append(svcPorts, api.ServicePort{Port: int(p)}) svcPorts = append(svcPorts, api.ServicePort{Port: int(p), Protocol: api.ProtocolTCP})
} }
hosts, err := gce.getInstancesByNames(hostNames) hosts, err := gce.getInstancesByNames(hostNames)
if err != nil { if err != nil {
@ -1266,8 +1276,13 @@ func (gce *GCECloud) UpdateFirewall(name, desc string, sourceRanges netsets.IPNe
// TODO: This completely breaks modularity in the cloudprovider but the methods // TODO: This completely breaks modularity in the cloudprovider but the methods
// shared with the TCPLoadBalancer take api.ServicePorts. // shared with the TCPLoadBalancer take api.ServicePorts.
svcPorts := []api.ServicePort{} svcPorts := []api.ServicePort{}
// TODO: Currently the only consumer of this method is the GCE L7
// loadbalancer controller, which never needs a protocol other than TCP.
// We should pipe through a mapping of port:protocol and default to TCP
// if UDP ports are required. This means the method signature will change,
// forcing downstream clients to refactor interfaces.
for _, p := range ports { for _, p := range ports {
svcPorts = append(svcPorts, api.ServicePort{Port: int(p)}) svcPorts = append(svcPorts, api.ServicePort{Port: int(p), Protocol: api.ProtocolTCP})
} }
hosts, err := gce.getInstancesByNames(hostNames) hosts, err := gce.getInstancesByNames(hostNames)
if err != nil { if err != nil {