[magnum] security groups for magnum nodes
Is there an option for adding security groups to a given magnum template, and thus the nodes that such a template would create? I have an NFS server, and it is setup to only allow connections from nodes with the "nfs" security group. A few pods in my cluster mount the NFS server, and are blocked as a result. Is it possible to setup magnum so that it adds the "nfs" security group to the worker nodes (it would be alright if it has to be worker and control nodes)? Thank you! -- *Vivian Rook (They/Them)* Site Reliability Engineer Wikimedia Foundation <https://wikimediafoundation.org/>
Hi Vivian, I'm not aware of that, sorry. As an alternative, have you tried adding the security group of the workers to the NFS server instead? Regards, Jake On 4/3/2023 5:09 am, Vivian Rook wrote:
Is there an option for adding security groups to a given magnum template, and thus the nodes that such a template would create?
I have an NFS server, and it is setup to only allow connections from nodes with the "nfs" security group. A few pods in my cluster mount the NFS server, and are blocked as a result. Is it possible to setup magnum so that it adds the "nfs" security group to the worker nodes (it would be alright if it has to be worker and control nodes)?
Thank you!
-- *Vivian Rook (They/Them) * Site Reliability Engineer Wikimedia Foundation <https://wikimediafoundation.org/>
Hi Jake, Yeah I gave that a try, and it does work. Though when I've tried similar it causes problems with removing a cluster, failing on not being able to remove the cluster security group because something other than the cluster is using it. Mostly that is the answer that I was looking for, that this feature doesn't exist. So I can add and remove the security group manually, and can probably do something better in terraform, but we're not quite there yet :) Thank you! On Tue, Mar 7, 2023 at 8:16 PM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Vivian,
I'm not aware of that, sorry.
As an alternative, have you tried adding the security group of the workers to the NFS server instead?
Regards, Jake
On 4/3/2023 5:09 am, Vivian Rook wrote:
Is there an option for adding security groups to a given magnum template, and thus the nodes that such a template would create?
I have an NFS server, and it is setup to only allow connections from nodes with the "nfs" security group. A few pods in my cluster mount the NFS server, and are blocked as a result. Is it possible to setup magnum so that it adds the "nfs" security group to the worker nodes (it would be alright if it has to be worker and control nodes)?
Thank you!
-- *Vivian Rook (They/Them) * Site Reliability Engineer Wikimedia Foundation <https://wikimediafoundation.org/>
-- *Vivian Rook (They/Them)* Site Reliability Engineer Wikimedia Foundation <https://wikimediafoundation.org/>
participants (2)
-
Jake Yip
-
Vivian Rook