Add notes about single-interface kubernetes cluster.

2023-06-17 00:25:28 -04:00 · 2023-06-17 00:25:28 -04:00 · 6e18f5bc94
commit 6e18f5bc94
parent f3980dc821
1 changed files with 5 additions and 0 deletions
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@ -29,6 +29,11 @@ nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port
 block log all
 pass out on $ext_if

+# Single interface kubernetes cluster is working with the following run on mrmanager:
+#   doas route add -host 74.80.180.139 -int jail_nat
+# Plus this in pf.conf:
+#   pass quick from any to 74.80.180.139
+
 pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from $jail_nat_v4