Merge pull request #271628 from scvalex/kubernetes-flannel-dont-open-ports
kubernetes: don't always open flannel fw ports
This commit is contained in:
commit
d79be73295
1 changed files with 8 additions and 1 deletions
|
@ -13,6 +13,13 @@ in
|
|||
###### interface
|
||||
options.services.kubernetes.flannel = {
|
||||
enable = mkEnableOption (lib.mdDoc "flannel networking");
|
||||
|
||||
openFirewallPorts = mkOption {
|
||||
description = lib.mdDoc ''
|
||||
Whether to open the Flannel UDP ports in the firewall on all interfaces.'';
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
@ -38,7 +45,7 @@ in
|
|||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowedUDPPorts = [
|
||||
firewall.allowedUDPPorts = mkIf cfg.openFirewallPorts [
|
||||
8285 # flannel udp
|
||||
8472 # flannel vxlan
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue