Authorize Inbound Traffic for Your Rok Sync Daemon¶
This section will walk you through allowing trusted CIDRs to reach the Rok Sync daemon running in your cluster.
Note
To sync between Rok clusters, you need to allow all Rok Sync daemons to talk to each other.
Overview
What You’ll Need¶
- A configured management environment.
- An exposed Rok Sync daemon.
- A list of CIDRs that you want to have access to the Rok Sync daemon including the outbound IP addresses of your existing clusters.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsEdit the Kustomize patch, based on your cloud provider.
Edit
rok/rok-sync/overlays/deploy/patches/service-elb.yaml
and configureloadBalancerSourceRanges
to allow access from Rok Registry and the rest of your Rok clusters.spec: loadBalancerSourceRanges: - "198.51.100.1/32" # <-- Update this line with one of your trusted CIDRs - "203.0.113.1/32" # <-- Update this line with one of your trusted CIDRsThis section is a work in progress.
This section is a work in progress.
Commit your changes:
root@rok-tools:~/ops/deployments# git commit \ > -am "Reconfigure trusted CIDRs for Rok Sync daemon"Apply the kustomization:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/rok-sync/overlays/deploy
Summary¶
You have successfully allowed trusted CIDRs to access the Rok Sync daemon running in your cluster.
What’s Next¶
You can check out the rest of the maintenance operations that you can perform on your cluster.