kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15331 from justinsb/gce_address_family_ipalias 

gce: set ip address family on all FirewallRule tasks
This commit is contained in:
Kubernetes Prow Robot 2023-04-19 10:11:11 -07:00 committed by GitHub
parent 71f0e6933b be588e830f
commit 2ef477f190
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/model/gcemodel/api_loadbalancer.go
View File

@ -107,6 +107,7 @@ func createPublicLB(b *APILoadBalancerBuilder, c *fi.CloudupModelBuilderContext)
Name: s(b.NameForFirewallRule("pod-cidrs-to-https-api")),
Lifecycle: b.Lifecycle,
Network: network,
Family: gcetasks.AddressFamilyIPv4, // ip alias is always ipv4
SourceRanges: []string{b.Cluster.Spec.Networking.PodCIDR},
TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)},
Allowed: []string{"tcp:" + strconv.Itoa(wellknownports.KubeAPIServer)},

1
pkg/model/gcemodel/external_access.go
View File

@ -121,6 +121,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.CloudupModelBuilderContext) err
Name: s(b.NameForFirewallRule("pod-cidrs-to-https-api")),
Lifecycle: b.Lifecycle,
Network: network,
Family: gcetasks.AddressFamilyIPv4, // ip alias is always ipv4
SourceRanges: []string{b.Cluster.Spec.Networking.PodCIDR},
TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)},
Allowed: []string{"tcp:" + strconv.Itoa(wellknownports.KubeAPIServer)},