ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openvidu-deployment: elastic & ha - Add security group ingress rules for media and master node communication 7880

pull/856/head
cruizba 2025-10-10 14:51:55 +02:00
parent 1ca0e8e4e1
commit 95f4326f9a
6 changed files with 121 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml
View File

@ -1678,6 +1678,15 @@ Resources:
ToPort: 1935 ToPort: 1935
CidrIpv6: ::/0 CidrIpv6: ::/0
OpenViduMediaNodeToMasterNodeClusterPortIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt OpenViduMasterNodeSG.GroupId
IpProtocol: tcp
FromPort: 7880
ToPort: 7880
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
OpenViduMediaNodeToMasterNodeRedisIngress: OpenViduMediaNodeToMasterNodeRedisIngress:
Type: AWS::EC2::SecurityGroupIngress Type: AWS::EC2::SecurityGroupIngress
Properties: Properties:

23
openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep
View File

@ -1766,6 +1766,29 @@ resource openviduMasterNodeASG 'Microsoft.Network/applicationSecurityGroups@2024
location: location location: location
} }
resource mediaToMasterClusterIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG
name: 'mediaNode_to_masterNode_CLUSTER_INGRESS'
properties: {
protocol: 'Tcp'
sourceApplicationSecurityGroups: [
{
id: openviduMediaNodeASG.id
}
]
sourcePortRange: '*'
destinationApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
destinationPortRange: '7880'
access: 'Allow'
priority: 145
direction: 'Inbound'
}
}
resource mediaToMasterRedisIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { resource mediaToMasterRedisIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG parent: openviduMasterNodeNSG
name: 'mediaNode_to_masterNode_REDIS_INGRESS' name: 'mediaNode_to_masterNode_REDIS_INGRESS'

30
openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json
View File

@ -5,7 +5,7 @@
"_generator": { "_generator": {
"name": "bicep", "name": "bicep",
"version": "0.37.4.10188", "version": "0.37.4.10188",
"templateHash": "2817356128446679614" "templateHash": "10094209354917441049"
} }
}, },
"parameters": { "parameters": {
@ -1055,6 +1055,34 @@
"name": "[format('{0}-masterNodeASG', parameters('stackName'))]", "name": "[format('{0}-masterNodeASG', parameters('stackName'))]",
"location": "[variables('location')]" "location": "[variables('location')]"
}, },
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', format('{0}-masterNoderNSG', parameters('stackName')), 'mediaNode_to_masterNode_CLUSTER_INGRESS')]",
"properties": {
"protocol": "Tcp",
"sourceApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
}
],
"sourcePortRange": "*",
"destinationApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"destinationPortRange": "7880",
"access": "Allow",
"priority": 145,
"direction": "Inbound"
},
"dependsOn": [
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNoderNSG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
]
},
{ {
"type": "Microsoft.Network/networkSecurityGroups/securityRules", "type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01", "apiVersion": "2023-11-01",

9
openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
View File

@ -1991,6 +1991,15 @@ Resources:
ToPort: 7001 ToPort: 7001
SourceSecurityGroupId: !Ref OpenViduMasterNodeSG SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
OpenViduMediaNodeToMasterNodeClusterPortIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref OpenViduMasterNodeSG
IpProtocol: tcp
FromPort: 7880
ToPort: 7880
SourceSecurityGroupId: !Ref OpenViduMediaNodeSG
OpenViduMediaNodeToMasterRedisIngressSG: OpenViduMediaNodeToMasterRedisIngressSG:
Type: AWS::EC2::SecurityGroupIngress Type: AWS::EC2::SecurityGroupIngress
Properties: Properties:

23
openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep
View File

@ -2396,6 +2396,29 @@ resource loadBalancerToMasterIngress 'Microsoft.Network/networkSecurityGroups/se
} }
} }
resource masterToMasterClusterIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG
name: 'masterNode_to_masterNode_CLUSTER_INGRESS'
properties: {
protocol: 'Tcp'
sourceApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
sourcePortRange: '7880'
destinationApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
destinationPortRange: '7880'
access: 'Allow'
priority: 115
direction: 'Inbound'
}
}
resource masterToMasterRedisIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { resource masterToMasterRedisIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG parent: openviduMasterNodeNSG
name: 'masterNode_to_masterNode_REDIS_INGRESS' name: 'masterNode_to_masterNode_REDIS_INGRESS'

29
openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json
View File

@ -5,7 +5,7 @@
"_generator": { "_generator": {
"name": "bicep", "name": "bicep",
"version": "0.37.4.10188", "version": "0.37.4.10188",
"templateHash": "715418153284332793" "templateHash": "9275960504660161817"
} }
}, },
"parameters": { "parameters": {
@ -1626,6 +1626,33 @@
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]" "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]"
] ]
}, },
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'masterNode_to_masterNode_CLUSTER_INGRESS')]",
"properties": {
"protocol": "Tcp",
"sourceApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"sourcePortRange": "7880",
"destinationApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"destinationPortRange": "7880",
"access": "Allow",
"priority": 115,
"direction": "Inbound"
},
"dependsOn": [
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]"
]
},
{ {
"type": "Microsoft.Network/networkSecurityGroups/securityRules", "type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01", "apiVersion": "2023-11-01",