Authorize Inbound Traffic for Your Rok Sync Daemon

This section will walk you through allowing trusted CIDRs to reach the Rok Sync daemon running in your cluster.

Note

To sync between Rok clusters, you need to allow all Rok Sync daemons to talk to each other.

What You’ll Need

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Edit the Kustomize patch, based on your cloud provider.

    Edit rok/rok-sync/overlays/deploy/patches/service-elb.yaml and configure loadBalancerSourceRanges to allow access from Rok Registry and the rest of your Rok clusters.

    spec: loadBalancerSourceRanges: - "198.51.100.1/32" # <-- Update this line with one of your trusted CIDRs - "203.0.113.1/32" # <-- Update this line with one of your trusted CIDRs

    This section is a work in progress.

    This section is a work in progress.

  3. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit \ > -am "Reconfigure trusted CIDRs for Rok Sync daemon"
  4. Apply the kustomization:

    root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-sync/overlays/deploy

Summary

You have successfully allowed trusted CIDRs to access the Rok Sync daemon running in your cluster.

What’s Next

You can check out the rest of the maintenance operations that you can perform on your cluster.