github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make an 'allow-ssh-on-all-nodes' firewall rule when on a non-default network.

pull/6/head
Max Forbes 2015-01-07 18:08:26 -08:00
parent a19bb1bd29
commit c3322bc97d
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/gke/config-common.sh
View File

@ -26,6 +26,7 @@ CLUSTER_API_VERSION="${CLUSTER_API_VERSION:-}"
# because we use the 'default' network by default. # because we use the 'default' network by default.
NETWORK="${NETWORK:-default}" NETWORK="${NETWORK:-default}"
NETWORK_RANGE="${NETWORK_RANGE:-10.240.0.0/16}" NETWORK_RANGE="${NETWORK_RANGE:-10.240.0.0/16}"
FIREWALL_SSH="${FIREWALL_SSH:-${NETWORK}-allow-ssh}"
GCLOUD="${GCLOUD:-gcloud}" GCLOUD="${GCLOUD:-gcloud}"
GCLOUD_CONFIG_DIR="${GCLOUD_CONFIG_DIR:-${HOME}/.config/gcloud/kubernetes}" GCLOUD_CONFIG_DIR="${GCLOUD_CONFIG_DIR:-${HOME}/.config/gcloud/kubernetes}"
ENABLE_CLUSTER_DNS=false ENABLE_CLUSTER_DNS=false

11
cluster/gke/util.sh
View File

@ -94,6 +94,17 @@ function kube-up() {
gcloud compute networks create "${NETWORK}" --range "${NETWORK_RANGE}" gcloud compute networks create "${NETWORK}" --range "${NETWORK_RANGE}"
fi fi
# Allow SSH on all nodes in the network. This doesn't actually check whether
# such a rule exists, only whether we've created this exact rule.
if ! gcloud compute firewall-rules describe "${FIREWALL_SSH}" &>/dev/null; then
echo "Creating new firewall for SSH: ${FIREWALL_SSH}" >&2
gcloud compute firewall-rules create "${FIREWALL_SSH}" \
--allow="tcp:22" \
--network="${NETWORK}" \
--project="${PROJECT}" \
--source-ranges="0.0.0.0/0"
fi
# Bring up the cluster. # Bring up the cluster.
"${GCLOUD}" preview container clusters create "${CLUSTER_NAME}" \ "${GCLOUD}" preview container clusters create "${CLUSTER_NAME}" \
--zone="${ZONE}" \ --zone="${ZONE}" \