Authorize Inbound Traffic for Your EKF Deployment¶
This section will walk you through allowing trusted CIDRs to reach services running in your EKF deployment, including Rok and Rok Registry.
To sync between Rok clusters, you need to allow the Rok clusters to talk to your Rok Registry. Even if your Rok cluster and your Rok Registry cluster are co-located, you still need to go through this guide to allow outbound connections re-enter the cluster.
What You'll Need¶
Go to your GitOps repository, inside your
management environment:root@rok-tools:~# cd ~/ops/deployments
Edit the Kustomize patch, based on how you have exposed your services.
Application Load Balancer (AWS)
Classic Load Balancer (AWS)
Azure Load Balancer (Azure)
Network Load Balancer (Google Cloud)
Commit your changes:
root@rok-tools:~/ops/deployments# git commit \ > -am "Reconfigure trusted CIDRs for NGINX"
Apply the kustomization:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/nginx-ingress-controller/overlays/deploy
You have successfully allowed trusted CIDRs to reach services running in your EKF deployment.