scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-29 17:42:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8538df9856a1b7587c2d95b40f1a983a79272bcd
terraform-talos/scaleway/network-secgroup.tf
Serge Logvinov 960af5be7f labels, nated nodes, lb
2022-06-23 13:29:07 +03:00

153 lines
2.8 KiB
HCL
Raw Blame History

resource "scaleway_instance_security_group" "controlplane" {
name = "controlplane"
inbound_default_policy = "drop"
outbound_default_policy = "accept"
inbound_rule {
action = "accept"
protocol = "ANY"
ip_range = local.main_subnet
}
inbound_rule {
action = "accept"
protocol = "TCP"
port = 4240
ip_range = "::/0"
}
dynamic "inbound_rule" {
for_each = var.whitelist_admins
content {
action = "accept"
protocol = "TCP"
port = "6443"
ip_range = length(split("/", inbound_rule.value)) == 2 ? inbound_rule.value : "${inbound_rule.value}/32"
}
}
dynamic "inbound_rule" {
for_each = var.whitelist_admins
content {
action = "accept"
protocol = "TCP"
port = "50000"
ip_range = length(split("/", inbound_rule.value)) == 2 ? inbound_rule.value : "${inbound_rule.value}/32"
}
}
dynamic "inbound_rule" {
for_each = ["2379", "2380"]
content {
action = "accept"
protocol = "TCP"
port = inbound_rule.value
}
}
# KubeSpan
inbound_rule {
action = "accept"
protocol = "UDP"
port = 51820
}
inbound_rule {
action = "accept"
protocol = "UDP"
port = 51820
ip_range = "::/0"
}
inbound_rule {
action = "accept"
protocol = "ICMP"
ip_range = "::/0"
}
}
resource "scaleway_instance_security_group" "web" {
name = "web"
inbound_default_policy = "drop"
outbound_default_policy = "accept"
dynamic "inbound_rule" {
for_each = ["80", "443"]
content {
action = "accept"
protocol = "TCP"
port = inbound_rule.value
}
}
inbound_rule {
action = "accept"
protocol = "ANY"
ip_range = local.main_subnet
}
# KubeSpan
inbound_rule {
action = "accept"
protocol = "UDP"
port = 51820
}
inbound_rule {
action = "accept"
protocol = "UDP"
port = 51820
ip_range = "::/0"
}
inbound_rule {
action = "accept"
protocol = "TCP"
port = 4240
ip_range = "::/0"
}
inbound_rule {
action = "accept"
protocol = "ICMP"
ip_range = "::/0"
}
}
resource "scaleway_instance_security_group" "worker" {
name = "worker"
inbound_default_policy = "drop"
outbound_default_policy = "accept"
inbound_rule {
action = "accept"
protocol = "ANY"
ip_range = local.main_subnet
}
# KubeSpan
inbound_rule {
action = "accept"
protocol = "UDP"
port = 51820
}
inbound_rule {
action = "accept"
protocol = "UDP"
port = 51820
ip_range = "::/0"
}
inbound_rule {
action = "accept"
protocol = "TCP"
port = 4240
ip_range = "::/0"
}
inbound_rule {
action = "accept"
protocol = "ICMP"
ip_range = "::/0"
}
}
Reference in New Issue View Git Blame Copy Permalink