mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-26 06:19:33 +01:00
ef18f19ec4
* Change port range from keyword "all" to "1-65535", which is the same but with digitalocean provider 0.1.3 doesn't produce a diff * Rearrange egress firewall rules to order the Digtial Ocean API and provider returns. In current testing, this fixes the last diff that was present on `terraform plan`.
54 lines
1.4 KiB
HCL
54 lines
1.4 KiB
HCL
resource "digitalocean_firewall" "rules" {
|
|
name = "${var.cluster_name}"
|
|
|
|
tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"]
|
|
|
|
# allow ssh, http/https ingress, and peer-to-peer traffic
|
|
inbound_rule = [
|
|
{
|
|
protocol = "tcp"
|
|
port_range = "22"
|
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
|
},
|
|
{
|
|
protocol = "tcp"
|
|
port_range = "80"
|
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
|
},
|
|
{
|
|
protocol = "tcp"
|
|
port_range = "443"
|
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
|
},
|
|
{
|
|
protocol = "udp"
|
|
port_range = "1-65535"
|
|
source_tags = ["${digitalocean_tag.controllers.name}", "${digitalocean_tag.workers.name}"]
|
|
},
|
|
{
|
|
protocol = "tcp"
|
|
port_range = "1-65535"
|
|
source_tags = ["${digitalocean_tag.controllers.name}", "${digitalocean_tag.workers.name}"]
|
|
},
|
|
]
|
|
|
|
# allow all outbound traffic
|
|
outbound_rule = [
|
|
{
|
|
protocol = "tcp"
|
|
port_range = "1-65535"
|
|
destination_addresses = ["0.0.0.0/0", "::/0"]
|
|
},
|
|
{
|
|
protocol = "udp"
|
|
port_range = "1-65535"
|
|
destination_addresses = ["0.0.0.0/0", "::/0"]
|
|
},
|
|
{
|
|
protocol = "icmp"
|
|
port_range = "1-65535"
|
|
destination_addresses = ["0.0.0.0/0", "::/0"]
|
|
},
|
|
]
|
|
}
|