Azure
/
acs-engine
зеркало из https://github.com/Azure/acs-engine.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Remove unreachable NSG code (#4164)

This commit is contained in:
Cecile Robert-Michon 2018-11-02 12:45:25 -07:00 коммит произвёл Jack Francis
Родитель 4ad1e7b8f2
Коммит 32d46a1206
1 изменённых файлов: 50 добавлений и 97 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

147
parts/k8s/kubernetesbase.t
Просмотреть файл

@ -95,108 +95,61 @@
{{end}}
{{if IsHostedMaster}}
{{if not IsCustomVNET}}
,{
"apiVersion": "[variables('apiVersionNetwork')]",
"dependsOn": [
"[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
{{if not IsAzureCNI}}
,
"[concat('Microsoft.Network/routeTables/', variables('routeTableName'))]"
{{end}}
],
"location": "[variables('location')]",
"name": "[variables('virtualNetworkName')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetCidr')]"
,{
"apiVersion": "[variables('apiVersionNetwork')]",
"dependsOn": [
"[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
{{if not IsAzureCNI}}
,
"[concat('Microsoft.Network/routeTables/', variables('routeTableName'))]"
{{end}}
],
"location": "[variables('location')]",
"name": "[variables('virtualNetworkName')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetCidr')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[parameters('masterSubnet')]",
"networkSecurityGroup": {
"id": "[variables('nsgID')]"
}
{{if not IsAzureCNI}}
,
"routeTable": {
"id": "[variables('routeTableID')]"
}
{{end}}
}
}
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[parameters('masterSubnet')]",
"networkSecurityGroup": {
"id": "[variables('nsgID')]"
}
{{if not IsAzureCNI}}
,
"routeTable": {
"id": "[variables('routeTableID')]"
}
"type": "Microsoft.Network/virtualNetworks"
}
{{end}}
}
}
]
{{if not IsAzureCNI}}
,{
"apiVersion": "[variables('apiVersionNetwork')]",
"location": "[variables('location')]",
"name": "[variables('routeTableName')]",
"type": "Microsoft.Network/routeTables"
}
{{end}}
,{
"apiVersion": "[variables('apiVersionNetwork')]",
"location": "[variables('location')]",
"name": "[variables('nsgName')]",
"properties": {
"securityRules": []
},
"type": "Microsoft.Network/virtualNetworks"
"type": "Microsoft.Network/networkSecurityGroups"
}
{{end}}
{{if not IsAzureCNI}}
,{
"apiVersion": "[variables('apiVersionNetwork')]",
"location": "[variables('location')]",
"name": "[variables('routeTableName')]",
"type": "Microsoft.Network/routeTables"
}
{{end}}
,{
"apiVersion": "[variables('apiVersionNetwork')]",
"location": "[variables('location')]",
"name": "[variables('nsgName')]",
"properties": {
"securityRules": [
{{if .HasWindows}}
{
"name": "allow_rdp",
"properties": {
"access": "Allow",
"description": "Allow RDP traffic to master",
"destinationAddressPrefix": "*",
"destinationPortRange": "3389-3389",
"direction": "Inbound",
"priority": 102,
"protocol": "Tcp",
"sourceAddressPrefix": "*",
"sourcePortRange": "*"
}
},
{{end}}
{{if not IsHostedMaster}}
{
"name": "allow_ssh",
"properties": {
"access": "Allow",
"description": "Allow SSH traffic to master",
"destinationAddressPrefix": "*",
"destinationPortRange": "22-22",
"direction": "Inbound",
"priority": 101,
"protocol": "Tcp",
"sourceAddressPrefix": "*",
"sourcePortRange": "*"
}
},
{
"name": "allow_kube_tls",
"properties": {
"access": "Allow",
"description": "Allow kube-apiserver (tls) traffic to master",
"destinationAddressPrefix": "*",
"destinationPortRange": "443-443",
"direction": "Inbound",
"priority": 100,
"protocol": "Tcp",
"sourceAddressPrefix": "*",
"sourcePortRange": "*"
}
}
{{end}}
]
},
"type": "Microsoft.Network/networkSecurityGroups"
}
{{else}}
{{if IsMasterVirtualMachineScaleSets}}
,{{template "k8s/kubernetesmasterresourcesvmss.t" .}}