You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Provide the management-CIDR config surface for the host firewall. The host's own SSH/mgmt access is solo-provisioner/host-level config (it protects the bare-metal host the provisioner runs on) — it is NOT installed-component config, so it does not belong in a component's values.
Acceptance criteria:
Add --mgmt-cidrs (and --ssh-port, ICMP policy) to kube cluster install, forwarded to network firewall create.
Profile-driven default: a host-level HostConfig.ManagementCIDRs (pkg/models/config.go); profiles are global per-machine, so the default applies to whatever node type the host runs.
Epic: #777 — Host network firewall (node-agnostic)
Design: v4 design §8.4.1.
Provide the management-CIDR config surface for the host firewall. The host's own SSH/mgmt access is solo-provisioner/host-level config (it protects the bare-metal host the provisioner runs on) — it is NOT installed-component config, so it does not belong in a component's values.
Acceptance criteria:
--mgmt-cidrs(and--ssh-port, ICMP policy) tokube cluster install, forwarded tonetwork firewall create.HostConfig.ManagementCIDRs(pkg/models/config.go); profiles are global per-machine, so the default applies to whatever node type the host runs.network firewall add/remove/set --mgmt-cidrverbs (Story 1.1 — Implementnetwork firewallverbs on theinet hosttable #757) — no re-install required.--icmp-mgmt/--icmp-public) depends on the same mgmt-CIDR set (planning note 9).block node installinput.