Automatically open a firewall when creating a GCE load balancer.

2015-07-08 22:02:10 -07:00
parent 869df32d00
commit a8f02e5472
6 changed files with 102 additions and 12 deletions
--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@@ -1833,6 +1833,16 @@ func TestValidateService(t *testing.T) {
 			},
 			numErrs: 0,
 		},
+		{
+			// For now we open firewalls, and its insecure if we open 10250, remove this
+			// when we have better protections in place.
+			name: "invalid port type=LoadBalancer",
+			tweakSvc: func(s *api.Service) {
+				s.Spec.Type = api.ServiceTypeLoadBalancer
+				s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "kubelet", Port: 10250, Protocol: "TCP", TargetPort: util.NewIntOrStringFromInt(12345)})
+			},
+			numErrs: 1,
+		},
 	}

 	for _, tc := range testCases {