resource "google_compute_firewall" "ssh" { name = "${var.network}-firewall-ssh" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["22"] } target_tags = ["${var.network}-firewall-ssh"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "http" { name = "${var.network}-firewall-http" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["80"] } target_tags = ["${var.network}-firewall-http"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "https" { name = "${var.network}-firewall-https" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["443"] } target_tags = ["${var.network}-firewall-https"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "icmp" { name = "${var.network}-firewall-icmp" network = google_compute_network.k8s-network.name allow { protocol = "icmp" } target_tags = ["${var.network}-firewall-icmp"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "postgresql" { name = "${var.network}-firewall-postgresql" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["5432"] } target_tags = ["${var.network}-firewall-postgresql"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-openshift-console" { name = "${var.network}-firewall-openshift-console" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["8443"] } target_tags = ["${var.network}-firewall-openshift-console"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-secure-forward" { name = "${var.network}-firewall-secure-forward" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["24284"] } target_tags = ["${var.network}-firewall-secure-forward"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-k8s-apiserver" { name = "${var.network}-firewall-k8s-apiserver" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["6443"] } target_tags = ["${var.network}-firewall-k8s-apiserver"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-k8s-etcd-api" { name = "${var.network}-firewall-k8s-etcd-api" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["2379", "2380", ] } target_tags = ["${var.network}-firewall-k8s-etcd-api"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-k8s-kubelet-api" { name = "${var.network}-firewall-k8s-kubelet-api" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["10250"] } target_tags = ["${var.network}-firewall-k8s-kubelet-api"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-k8s-kube-scheduler" { name = "${var.network}-firewall-k8s-kube-scheduler" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["10251"] } target_tags = ["${var.network}-firewall-k8s-kube-scheduler"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-k8s-kube-controller" { name = "${var.network}-firewall-k8s-kube-controller" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["10252"] } target_tags = ["${var.network}-firewall-k8s-kube-controller"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "firewall-k8s-nodeports" { name = "${var.network}-firewall-k8s-nodeports" network = google_compute_network.k8s-network.name allow { protocol = "tcp" ports = ["30000-32676"] } target_tags = ["${var.network}-firewall-k8s-nodeports"] source_ranges = ["0.0.0.0/0"] }