зеркало из https://github.com/Azure/acs-engine.git
Remove unreachable NSG code (#4164)
This commit is contained in:
Cecile Robert-Michon
Jack Francis
Родитель
4ad1e7b8f2
Коммит
32d46a1206
|
|
@ -95,108 +95,61 @@
|
||||||
{{end}}
|
{{end}}
|
||||||
{{if IsHostedMaster}}
|
{{if IsHostedMaster}}
|
||||||
{{if not IsCustomVNET}}
|
{{if not IsCustomVNET}}
|
||||||
,{
|
,{
|
||||||
"apiVersion": "[variables('apiVersionNetwork')]",
|
"apiVersion": "[variables('apiVersionNetwork')]",
|
||||||
"dependsOn": [
|
"dependsOn": [
|
||||||
"[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
|
"[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
|
||||||
{{if not IsAzureCNI}}
|
{{if not IsAzureCNI}}
|
||||||
,
|
,
|
||||||
"[concat('Microsoft.Network/routeTables/', variables('routeTableName'))]"
|
"[concat('Microsoft.Network/routeTables/', variables('routeTableName'))]"
|
||||||
{{end}}
|
{{end}}
|
||||||
],
|
],
|
||||||
"location": "[variables('location')]",
|
"location": "[variables('location')]",
|
||||||
"name": "[variables('virtualNetworkName')]",
|
"name": "[variables('virtualNetworkName')]",
|
||||||
"properties": {
|
"properties": {
|
||||||
"addressSpace": {
|
"addressSpace": {
|
||||||
"addressPrefixes": [
|
"addressPrefixes": [
|
||||||
"[parameters('vnetCidr')]"
|
"[parameters('vnetCidr')]"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"subnets": [
|
||||||
|
{
|
||||||
|
"name": "[variables('subnetName')]",
|
||||||
|
"properties": {
|
||||||
|
"addressPrefix": "[parameters('masterSubnet')]",
|
||||||
|
"networkSecurityGroup": {
|
||||||
|
"id": "[variables('nsgID')]"
|
||||||
|
}
|
||||||
|
{{if not IsAzureCNI}}
|
||||||
|
,
|
||||||
|
"routeTable": {
|
||||||
|
"id": "[variables('routeTableID')]"
|
||||||
|
}
|
||||||
|
{{end}}
|
||||||
|
}
|
||||||
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"subnets": [
|
"type": "Microsoft.Network/virtualNetworks"
|
||||||
{
|
}
|
||||||
"name": "[variables('subnetName')]",
|
|
||||||
"properties": {
|
|
||||||
"addressPrefix": "[parameters('masterSubnet')]",
|
|
||||||
"networkSecurityGroup": {
|
|
||||||
"id": "[variables('nsgID')]"
|
|
||||||
}
|
|
||||||
{{if not IsAzureCNI}}
|
|
||||||
,
|
|
||||||
"routeTable": {
|
|
||||||
"id": "[variables('routeTableID')]"
|
|
||||||
}
|
|
||||||
{{end}}
|
{{end}}
|
||||||
}
|
{{if not IsAzureCNI}}
|
||||||
}
|
,{
|
||||||
]
|
"apiVersion": "[variables('apiVersionNetwork')]",
|
||||||
|
"location": "[variables('location')]",
|
||||||
|
"name": "[variables('routeTableName')]",
|
||||||
|
"type": "Microsoft.Network/routeTables"
|
||||||
|
}
|
||||||
|
{{end}}
|
||||||
|
,{
|
||||||
|
"apiVersion": "[variables('apiVersionNetwork')]",
|
||||||
|
"location": "[variables('location')]",
|
||||||
|
"name": "[variables('nsgName')]",
|
||||||
|
"properties": {
|
||||||
|
"securityRules": []
|
||||||
},
|
},
|
||||||
"type": "Microsoft.Network/virtualNetworks"
|
"type": "Microsoft.Network/networkSecurityGroups"
|
||||||
}
|
}
|
||||||
{{end}}
|
|
||||||
{{if not IsAzureCNI}}
|
|
||||||
,{
|
|
||||||
"apiVersion": "[variables('apiVersionNetwork')]",
|
|
||||||
"location": "[variables('location')]",
|
|
||||||
"name": "[variables('routeTableName')]",
|
|
||||||
"type": "Microsoft.Network/routeTables"
|
|
||||||
}
|
|
||||||
{{end}}
|
|
||||||
,{
|
|
||||||
"apiVersion": "[variables('apiVersionNetwork')]",
|
|
||||||
"location": "[variables('location')]",
|
|
||||||
"name": "[variables('nsgName')]",
|
|
||||||
"properties": {
|
|
||||||
"securityRules": [
|
|
||||||
{{if .HasWindows}}
|
|
||||||
{
|
|
||||||
"name": "allow_rdp",
|
|
||||||
"properties": {
|
|
||||||
"access": "Allow",
|
|
||||||
"description": "Allow RDP traffic to master",
|
|
||||||
"destinationAddressPrefix": "*",
|
|
||||||
"destinationPortRange": "3389-3389",
|
|
||||||
"direction": "Inbound",
|
|
||||||
"priority": 102,
|
|
||||||
"protocol": "Tcp",
|
|
||||||
"sourceAddressPrefix": "*",
|
|
||||||
"sourcePortRange": "*"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{{end}}
|
|
||||||
{{if not IsHostedMaster}}
|
|
||||||
{
|
|
||||||
"name": "allow_ssh",
|
|
||||||
"properties": {
|
|
||||||
"access": "Allow",
|
|
||||||
"description": "Allow SSH traffic to master",
|
|
||||||
"destinationAddressPrefix": "*",
|
|
||||||
"destinationPortRange": "22-22",
|
|
||||||
"direction": "Inbound",
|
|
||||||
"priority": 101,
|
|
||||||
"protocol": "Tcp",
|
|
||||||
"sourceAddressPrefix": "*",
|
|
||||||
"sourcePortRange": "*"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "allow_kube_tls",
|
|
||||||
"properties": {
|
|
||||||
"access": "Allow",
|
|
||||||
"description": "Allow kube-apiserver (tls) traffic to master",
|
|
||||||
"destinationAddressPrefix": "*",
|
|
||||||
"destinationPortRange": "443-443",
|
|
||||||
"direction": "Inbound",
|
|
||||||
"priority": 100,
|
|
||||||
"protocol": "Tcp",
|
|
||||||
"sourceAddressPrefix": "*",
|
|
||||||
"sourcePortRange": "*"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
{{end}}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"type": "Microsoft.Network/networkSecurityGroups"
|
|
||||||
}
|
|
||||||
{{else}}
|
{{else}}
|
||||||
{{if IsMasterVirtualMachineScaleSets}}
|
{{if IsMasterVirtualMachineScaleSets}}
|
||||||
,{{template "k8s/kubernetesmasterresourcesvmss.t" .}}
|
,{{template "k8s/kubernetesmasterresourcesvmss.t" .}}
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче