-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcreate_secgroup_rules.yml
144 lines (124 loc) · 3.76 KB
/
create_secgroup_rules.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# Add Rule to etcd security group
# - name: etcd access for k8s
# local_action:
# module: cs_securitygroup_rule
# name: "{{ etcd_security_group_name }}"
# start_port: 4001
# end_port: 4001
# user_security_group: "{{ k8s_security_group_name }}"
# Rules for the k8s security group
# internal
- name: flannel etcd 2379
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 2379
end_port: 2379
user_security_group: "{{ k8s_security_group_name }}"
- name: flannel etcd 2380
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 2380
end_port: 2380
user_security_group: "{{ k8s_security_group_name }}"
- name: k8s 8080
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 8080
end_port: 8080
user_security_group: "{{ k8s_security_group_name }}"
- name: flannel UDP 8472
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 8472
end_port: 8472
protocol: udp
user_security_group: "{{ k8s_security_group_name }}"
- name: kubelet logs and exec TCP 10250
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 10250
end_port: 10250
protocol: tcp
user_security_group: "{{ k8s_security_group_name }}"
- name: prometheus scrape node exporter TCP 9100
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 9100
end_port: 9100
protocol: tcp
user_security_group: "{{ k8s_security_group_name }}"
- name: prometheus scrape kubernetes-nodes TCP 10255
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 10255
end_port: 10255
protocol: tcp
user_security_group: "{{ k8s_security_group_name }}"
# external access
- name: SSH for k8s
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 22
end_port: 22
- name: k8s public secure
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 443
end_port: 443
- name: kibana
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 5601
end_port: 5601
- name: prometheus
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 9090
end_port: 9090
- name: grafana (prometheus)
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 3000
end_port: 3000
- name: grafana2 (heapster)
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 3002
end_port: 3002
- name: k8s dashboard addon
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 9999
end_port: 9999
- name: nodePort random service range
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 30000
end_port: 33000
- name: traefik gui
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 8080
end_port: 8080
- name: traefik
local_action:
module: cs_securitygroup_rule
security_group: "{{ k8s_security_group_name }}"
start_port: 80
end_port: 80