New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support firewall/security-group #90

Open

sp-yduck opened this issue Oct 9, 2023 · 1 comment

Assignees

Labels

Collaborator

sp-yduck commented Oct 9, 2023

/kind feature

Describe the solution you'd like
[A clear and concise description of what you want to happen.]

Support firewall/security groups configuration (ref: https://kubernetes.io/docs/reference/networking/ports-and-protocols/)
It should be an option (enable/disable)

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

Cluster-api-provider-proxmox version:
Proxmox VE version:
Kubernetes version: (use kubectl version):
OS (e.g. from /etc/os-release):

The text was updated successfully, but these errors were encountered:

sp-yduck self-assigned this

sp-yduck added enhancement api-change and removed api-change labels

Collaborator Author

sp-yduck commented Oct 25, 2023 •

edited

Loading

infra-cluster controller

create default security groups following https://kubernetes.io/docs/reference/networking/ports-and-protocols/
- for controlplane vm
- for whole vm
create rules on these security groups
create ip set [1]
- for controlplane
- for other nodes
create alias (since vm ip can be changed, better to use alias than IP/CIDR) and update ip set created at [1]
- for controlplane vip

infra-machine controller

insert sercurity groups
- user can choose multiple SGs that nodes will be
create alias at DC level and add these alias to ip set created at [1]
- for each vm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment