diff options
| author | Henning Baldersheim <balder@yahoo-inc.com> | 2023-01-16 16:23:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-16 16:23:20 +0100 |
| commit | 529acb49e1369a4bf1842cd7e84de91caf66b769 (patch) | |
| tree | 7664a780d0e66281513d8fb21edec7278d5c2f23 /node-repository | |
| parent | 2ee6905f0c6535fe95cc0516e4634f3ac37414b2 (diff) | |
Revert "open wireguard port for config servers (#25586)"
This reverts commit 2ee6905f0c6535fe95cc0516e4634f3ac37414b2.
Diffstat (limited to 'node-repository')
| -rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 1baa8086772..e61f9b79d75 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -26,11 +26,9 @@ import java.util.stream.StreamSupport; public record NodeAcl(Node node, Set<TrustedNode> trustedNodes, Set<String> trustedNetworks, - Set<Integer> trustedPorts, - Set<Integer> trustedUdpPorts) { + Set<Integer> trustedPorts) { private static final Set<Integer> RPC_PORTS = Set.of(19070); - private static final int WIREGUARD_PORT = 51820; public NodeAcl { Objects.requireNonNull(node, "node must be non-null"); @@ -42,7 +40,6 @@ public record NodeAcl(Node node, public static NodeAcl from(Node node, NodeList allNodes, LoadBalancers loadBalancers) { Set<TrustedNode> trustedNodes = new TreeSet<>(Comparator.comparing(TrustedNode::hostname)); Set<Integer> trustedPorts = new LinkedHashSet<>(); - Set<Integer> trustedUdpPorts = new LinkedHashSet<>(); Set<String> trustedNetworks = new LinkedHashSet<>(); // For all cases below, trust: @@ -89,12 +86,10 @@ public record NodeAcl(Node node, // - port 19070 (RPC) from all tenant nodes (and their hosts, in case traffic is NAT-ed via parent) // - port 19070 (RPC) from all proxy nodes (and their hosts, in case traffic is NAT-ed via parent) // - port 4443 from the world - // - udp port 51820 from the world trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.host, NodeType.tenant, NodeType.proxyhost, NodeType.proxy), RPC_PORTS)); trustedPorts.add(4443); - trustedUdpPorts.add(WIREGUARD_PORT); } case proxy -> { // Proxy nodes trust: @@ -114,7 +109,7 @@ public record NodeAcl(Node node, default -> throw new IllegalArgumentException("Don't know how to create ACL for " + node + " of type " + node.type()); } - return new NodeAcl(node, trustedNodes, trustedNetworks, trustedPorts, trustedUdpPorts); + return new NodeAcl(node, trustedNodes, trustedNetworks, trustedPorts); } public record TrustedNode(String hostname, NodeType type, Set<String> ipAddresses, Set<Integer> ports) { |