diff --git a/manifests/profile/kubernetes/kubelet.pp b/manifests/profile/kubernetes/kubelet.pp index 7f2452761..0e3084c63 100644 --- a/manifests/profile/kubernetes/kubelet.pp +++ b/manifests/profile/kubernetes/kubelet.pp @@ -82,7 +82,7 @@ ; '200 Cluster NodePorts': - dport => '30000-32767', + dport => '30000:32767', ; '200 Cluster Prometheus': diff --git a/manifests/profile/networking/firewall.pp b/manifests/profile/networking/firewall.pp index a6185b81e..cb8d14844 100644 --- a/manifests/profile/networking/firewall.pp +++ b/manifests/profile/networking/firewall.pp @@ -113,7 +113,7 @@ firewallchain { default: ensure => 'present', - purge => true, + purge => $internal_routing != 'kubernetes_calico', policy => 'accept', ; diff --git a/spec/classes/profile/kubernetes/kubelet_spec.rb b/spec/classes/profile/kubernetes/kubelet_spec.rb index d185dbb23..812493882 100644 --- a/spec/classes/profile/kubernetes/kubelet_spec.rb +++ b/spec/classes/profile/kubernetes/kubelet_spec.rb @@ -93,7 +93,7 @@ [%w[2379 2380 2381], 'etcd', 'tcp'], [10250, 'kubelet', 'tcp'], [6443, 'kubernetes API', 'tcp'], - %w[30000-32767 NodePorts tcp], + %w[30000:32767 NodePorts tcp], [9100, 'Prometheus', 'tcp'], ].each do |ports, purpose, proto| it do diff --git a/spec/classes/profile/networking/firewall_spec.rb b/spec/classes/profile/networking/firewall_spec.rb index c58761c49..e6fbac4e6 100644 --- a/spec/classes/profile/networking/firewall_spec.rb +++ b/spec/classes/profile/networking/firewall_spec.rb @@ -113,13 +113,13 @@ it do expect(subject).to contain_firewallchain("#{chain}:filter:IPv4") .with_ensure('present') - .with_purge(true) + .with_purge(false) end it do expect(subject).to contain_firewallchain("#{chain}:filter:IPv6") .with_ensure('present') - .with_purge(true) + .with_purge(false) end end end diff --git a/spec/classes/role/kubernetes_spec.rb b/spec/classes/role/kubernetes_spec.rb index 2dba6d6e5..9533056f2 100644 --- a/spec/classes/role/kubernetes_spec.rb +++ b/spec/classes/role/kubernetes_spec.rb @@ -53,12 +53,12 @@ it { is_expected.to contain_class('Nebula::Profile::Ntp') } - it { is_expected.not_to contain_resources('firewall').with_purge(true) } + it { is_expected.not_to contain_resources('firewall').with_purge(false) } it do expect(subject).to contain_firewallchain('INPUT:filter:IPv4').with( ensure: 'present', - purge: true, + purge: false, ignore: ['-j cali-INPUT', '-j KUBE-FIREWALL', '-j KUBE-SERVICES', @@ -69,7 +69,7 @@ it do expect(subject).to contain_firewallchain('OUTPUT:filter:IPv4').with( ensure: 'present', - purge: true, + purge: false, ignore: ['-j cali-OUTPUT', '-j KUBE-FIREWALL', '-j KUBE-SERVICES'], @@ -79,7 +79,7 @@ it do expect(subject).to contain_firewallchain('FORWARD:filter:IPv4').with( ensure: 'present', - purge: true, + purge: false, ignore: ['-j cali-FORWARD', '-j KUBE-FORWARD', '-j KUBE-SERVICES'], diff --git a/spec/defines/exposed_port_spec.rb b/spec/defines/exposed_port_spec.rb index 639380956..b9ee8aa4d 100644 --- a/spec/defines/exposed_port_spec.rb +++ b/spec/defines/exposed_port_spec.rb @@ -86,14 +86,14 @@ let(:title) { '400 Who knows' } let(:params) { { block: 'developers' } } - context 'with port "30000-32967"' do + context 'with port "30000:32967"' do let(:params) do - super().merge(port: '30000-32967') + super().merge(port: '30000:32967') end it do expect(subject).to contain_firewall('400 Who knows: Developers') - .with_dport('30000-32967') + .with_dport('30000:32967') end end