68 lines
2.4 KiB
HCL
68 lines
2.4 KiB
HCL
resource "triton_firewall_rule" "allow_ssh" {
|
|
description = "Allow ssh traffic on port tcp/22 to all machines."
|
|
rule = "FROM any TO all vms ALLOW tcp PORT 22"
|
|
enabled = true
|
|
}
|
|
|
|
resource "triton_firewall_rule" "allow_http" {
|
|
description = "Allow http traffic on port tcp/80 to all machines."
|
|
rule = "FROM any TO tag \"kube_node\" ALLOW tcp PORT 80"
|
|
enabled = true
|
|
}
|
|
|
|
resource "triton_firewall_rule" "allow_https" {
|
|
description = "Allow https traffic on port tcp/443 to all machines."
|
|
rule = "FROM any TO tag \"kube_node\" ALLOW tcp PORT 443"
|
|
enabled = true
|
|
}
|
|
|
|
resource "triton_firewall_rule" "allow_kube_proxy" {
|
|
description = "Allow kube_proxy traffic on port tcp/10250 to all machines."
|
|
rule = "FROM any TO tag \"kube_node\" ALLOW tcp PORT 10250"
|
|
enabled = true
|
|
}
|
|
|
|
resource "triton_firewall_rule" "allow_kube_api" {
|
|
description = "Allow kube-api traffic on port tcp/6443 to all kube_node machines."
|
|
rule = "FROM any TO all vms ALLOW tcp PORT 6443"
|
|
enabled = true
|
|
}
|
|
|
|
|
|
# resource "triton_firewall_rule" "allow_etcd_api" {
|
|
# description = "Allow kube-api traffic on port tcp/2380 to all kube_node machines."
|
|
# rule = "FROM any TO tag \"kube_node\" ALLOW tcp PORT 2380"
|
|
# enabled = true
|
|
# }
|
|
|
|
# resource "triton_firewall_rule" "allow_etcd_api_2" {
|
|
# description = "Allow kube-api traffic on port tcp/2379 to all kube_node machines."
|
|
# rule = "FROM any TO tag \"kube_node\" ALLOW tcp PORT 2379"
|
|
# enabled = true
|
|
# }
|
|
|
|
# resource "triton_firewall_rule" "allow_calico_vxlan" {
|
|
# description = "Allow vxlan traffic on port udp/47809 to all kube_node machines."
|
|
# rule = "FROM tag \"kube_node\" TO tag \"kube_node\" ALLOW udp PORT 4789"
|
|
# enabled = true
|
|
#}
|
|
|
|
resource "triton_firewall_rule" "allow_internal_udp" {
|
|
description = "Allow udp internal traffic between all kube_node machines."
|
|
rule = "FROM tag \"kube_node\" TO tag \"kube_node\" ALLOW udp PORT all"
|
|
enabled = true
|
|
}
|
|
|
|
resource "triton_firewall_rule" "allow_internal_tcp" {
|
|
description = "Allow tcp internal traffic between all kube_node machines."
|
|
rule = "FROM tag \"kube_node\" TO tag \"kube_node\" ALLOW tcp PORT all"
|
|
enabled = true
|
|
}
|
|
|
|
resource "triton_firewall_rule" "allow_internal_icmp" {
|
|
description = "Allow icmp internal traffic between all kube_node machines."
|
|
rule = "FROM tag \"kube_node\" TO tag \"kube_node\" ALLOW icmp TYPE 8 CODE 0"
|
|
enabled = true
|
|
}
|
|
|