How to auto-generate security group¶

When two Bash components are in a connection relationship, the orchestration engine can auto-generate a security group to enable the traffic between them. For the auto generation of security groups, users specify the port property.

On the component Bash_1, specify the port 8080.
On the component Bash_2, specify the port 27017.

../_images/7-Bash-auto-secgroup.png — Figure 1. Specify the port property for auto-generated security group¶

Expected result:

Because Compute_1 is a public compute, a security group is generated for the Compute_1, which allows the traffic from the public network (i.e., allow the TCP protocol from the remote IP 0.0.0.0/0 on port 8080).
Because Bash_1 connects to Bash_2 internally, a security group is generated for the Compute_2, which allows the private traffic from the Compute_1 (i.e., allow the TCP protocol from the remote security group of Compute_1 on port 27017).
The Open Telekom Cloud console also shows the auto-generated security groups attached to the ports of the two compute nodes. The figure below shows an example that the security group is auto-generated for the Compute_2 accordingly.

../_images/7-Bash-auto-secgroup-otc.png — Figure 2. Example of auto-generated security group on the OTC console¶

last updated: 2024-11-13 13:47 UTC - commit: 5b758d5c766d54d4e5841d3c65e5b420d565a5e3