Updated on 2024-08-16 GMT+08:00

Security Groups

Check Items

Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.

This check item is performed only for clusters using VPC networking. For clusters using other networking, skip this check item.

Solution

Log in to the VPC console, choose Access Control > Security Groups, and enter the target cluster name in the search box. Two security groups are expected to display:

  • The security group name is cluster name-node-xxx. This security group is associated with the worker nodes.
  • The security group name is cluster name-control-xxx. This security group is associated with the master nodes.
Figure 1 Cluster security groups

Click the node security group and ensure that the following rules are configured to allow the master node to access the node using ICMP.

Figure 2 Node security group rules

If the preceding security group rule is unavailable, add the rule with the following configurations to the node security group: Set Protocol & Port to Protocols/ICMP and All, and Source to Security group and the master security group. Describe the rule as "Created by CCE,please don't modify! Used by the master node to access the worker node."

Figure 3 Allowing ICMP for the master security group