We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.]
custom_role
-P INPUT DROP -A INPUT -p tcp -m multiport --dports 30000:32767 -j ACCEPT
Sysprep alters the rules by replacing INPUT DROP with INPUT ACCEPT which defeats the purpose of configuring the strict rule.
INPUT DROP
INPUT ACCEPT
I suggest we move these 2 tasks out of sysprep and into setup role maybe? That way custom roles can over ride them if needed.
setup
What did you expect to happen: User configured iptables rules should not be tampered by image-builder.
Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]
Environment:
Project (Image Builder for Cluster API, kube-deploy/imagebuilder, konfigadm):
Additional info for Image Builder for Cluster API related issues:
/etc/os-release
cmd /c ver
kubectl version
/kind bug [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels]
CC: @codenrhoden
The text was updated successfully, but these errors were encountered:
@kkeshavamurthy Yeah, I see what you are saying. I think relocating those two tasks into setup/tasks/photon.yml is a good solution.
setup/tasks/photon.yml
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
What steps did you take and what happened:
[A clear and concise description on how to REPRODUCE the bug.]
custom_role
. ExSysprep alters the rules by replacing
INPUT DROP
withINPUT ACCEPT
which defeats the purpose of configuring the strict rule.I suggest we move these 2 tasks out of sysprep and into
setup
role maybe? That way custom roles can over ride them if needed.What did you expect to happen:
User configured iptables rules should not be tampered by image-builder.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
Project (Image Builder for Cluster API, kube-deploy/imagebuilder, konfigadm):
Additional info for Image Builder for Cluster API related issues:
/etc/os-release
, orcmd /c ver
):kubectl version
):/kind bug
[One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels]
CC: @codenrhoden
The text was updated successfully, but these errors were encountered: