From b28218f3dfd38fe3cbea846dad378a1a426c349a Mon Sep 17 00:00:00 2001
From: Michal Jura <mjura@suse.com>
Date: Fri, 25 Nov 2016 11:16:32 +0100
Subject: [PATCH] [suse] Update security group for kube_masters

We would like to open following ports on kube_master:
  - for debug handlers kubectl exec and kubectl run commands
      protocol: tcp, port: 10250
  - for application service
      protocol: tcp, port_range: 30000 to 32767
  - for flanneld udp and vxlan backend
      protocol: udp, port: 8285 and port: 8472

Change-Id: Ie40e5c90c0b246960ff94b917f285a810120c340
Partial-Bug: #1622949
---
 .../k8s_opensuse_v1/templates/kubecluster.yaml       | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/contrib/drivers/k8s_opensuse_v1/templates/kubecluster.yaml b/contrib/drivers/k8s_opensuse_v1/templates/kubecluster.yaml
index d929f0edda..e6fb54b968 100644
--- a/contrib/drivers/k8s_opensuse_v1/templates/kubecluster.yaml
+++ b/contrib/drivers/k8s_opensuse_v1/templates/kubecluster.yaml
@@ -360,6 +360,18 @@ resources:
         - protocol: tcp
           port_range_min: 6443
           port_range_max: 6443
+        - protocol: tcp
+          port_range_min: 10250
+          port_range_max: 10250
+        - protocol: tcp
+          port_range_min: 30000
+          port_range_max: 32767
+        - protocol: udp
+          port_range_min: 8285
+          port_range_max: 8285
+        - protocol: udp
+          port_range_min: 8472
+          port_range_max: 8472
 
   secgroup_kube_minion:
     type: OS::Neutron::SecurityGroup