From b399da9d3a8ca1420e1f062ebb289c842d08e924 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Thu, 29 Nov 2018 11:34:25 -0600
Subject: [PATCH] Allow compute nodes access to private docker image server

Update the NAT firewall rules to allow the compute nodes to pull docker
images from our private server operating on port 9001.

This can be reverted once we have a public server on ports 80/443.

Change-Id: I427e13819eaf54aa6dd5248056494d4f9a825f51
Story: 2002843
Task: 27031
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
---
 puppet-manifests/src/modules/platform/manifests/kubernetes.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
index a97be91fed..964e864184 100644
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@@ -299,10 +299,11 @@ class platform::kubernetes::worker
   }
 }
 
+# TODO: remove port 9001 once we have a public docker image registry using standard ports.
 class platform::kubernetes::firewall::params (
   $transport = 'tcp',
   $table = 'nat',
-  $dports = [80, 443],
+  $dports = [80, 443, 9001],
   $chain = 'POSTROUTING',
   $jump = 'SNAT',
 ) {}