Add firewall and security rules for Cilium/Hubble metrics

* Add firewall or security riles to allow node-to-node traffic on ports 9962-9965 for Cilium and Hubble metrics. Cilium runs with host network, so these require cloud firewall changes
2025-07-24 03:11:33 +02:00 · 2024-05-13 08:38:36 -07:00
parent 1d63592c42
commit cc80ec9b98
9 changed files with 199 additions and 12 deletions
--- a/digital-ocean/flatcar-linux/kubernetes/network.tf
+++ b/digital-ocean/flatcar-linux/kubernetes/network.tf
@ -32,6 +32,13 @@ resource "digitalocean_firewall" "rules" {
    source_tags = [digitalocean_tag.controllers.name, digitalocean_tag.workers.name]
  }

+  # Cilium metrics
+  inbound_rule {
+    protocol    = "tcp"
+    port_range  = "9962-9965"
+    source_tags = [digitalocean_tag.controllers.name, digitalocean_tag.workers.name]
+  }
+
  # IANA vxlan (flannel, calico)
  inbound_rule {
    protocol    = "udp"