jonny/terraform-gcp-k8s
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
terraform-gcp-k8s/k8s-master/firewall.tf
Jonny Ervine 88b85b2c84 new file: ansible/inv-gcp.yml 
new file:   ansible/inventory/gce.ini
	new file:   ansible/inventory/gce.py
	new file:   ansible/master-node-create.yaml
	new file:   ansible/secrets.py
	new file:   ansible/test-inv
	new file:   ansible/test.yaml
	new file:   ansible/work-kube-config.yaml
	new file:   ansible/worker-config.yaml
	new file:   ansible/yum-config-manager.yaml
	new file:   gcp-lb/main.tf
	new file:   gcp-lb/outputs.tf
	new file:   gcp-lb/provider.tf
	new file:   gcp-lb/variables.tf
	new file:   k8s-master/firewall.tf
	new file:   k8s-master/main.tf
	new file:   k8s-master/network.tf
	new file:   k8s-master/outputs.tf
	new file:   k8s-master/provider.tf
	new file:   k8s-master/scripts/get-metadata-gce.sh
	new file:   k8s-master/scripts/id_ecdsa
	new file:   k8s-master/scripts/id_ecdsa.pub
	new file:   k8s-master/scripts/startup.sh
	new file:   k8s-master/variables.tf
	new file:   k8s-workers/firewall.tf
	new file:   k8s-workers/main.tf
	new file:   k8s-workers/outputs.tf
	new file:   k8s-workers/provider.tf
	new file:   k8s-workers/scripts/get-metadata-gce.sh
	new file:   k8s-workers/scripts/id_ecdsa
	new file:   k8s-workers/scripts/id_ecdsa.pub
	new file:   k8s-workers/scripts/startup.sh
	new file:   k8s-workers/variables.tf
	new file:   main.tf
	new file:   provider.tf
	new file:   variables.tf
	new file:   versions.tf
Initial commit
2020-02-19 08:24:39 +00:00

170 lines
4.0 KiB
HCL
Raw Permalink Blame History

resource "google_compute_firewall" "ssh" {
name = "${var.network}-firewall-ssh"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["22"]
}
target_tags = ["${var.network}-firewall-ssh"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "http" {
name = "${var.network}-firewall-http"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["80"]
}
target_tags = ["${var.network}-firewall-http"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "https" {
name = "${var.network}-firewall-https"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["443"]
}
target_tags = ["${var.network}-firewall-https"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "icmp" {
name = "${var.network}-firewall-icmp"
network = google_compute_network.k8s-network.name
allow {
protocol = "icmp"
}
target_tags = ["${var.network}-firewall-icmp"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "postgresql" {
name = "${var.network}-firewall-postgresql"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["5432"]
}
target_tags = ["${var.network}-firewall-postgresql"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-openshift-console" {
name = "${var.network}-firewall-openshift-console"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["8443"]
}
target_tags = ["${var.network}-firewall-openshift-console"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-secure-forward" {
name = "${var.network}-firewall-secure-forward"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["24284"]
}
target_tags = ["${var.network}-firewall-secure-forward"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-k8s-apiserver" {
name = "${var.network}-firewall-k8s-apiserver"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["6443"]
}
target_tags = ["${var.network}-firewall-k8s-apiserver"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-k8s-etcd-api" {
name = "${var.network}-firewall-k8s-etcd-api"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["2379",
"2380",
]
}
target_tags = ["${var.network}-firewall-k8s-etcd-api"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-k8s-kubelet-api" {
name = "${var.network}-firewall-k8s-kubelet-api"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["10250"]
}
target_tags = ["${var.network}-firewall-k8s-kubelet-api"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-k8s-kube-scheduler" {
name = "${var.network}-firewall-k8s-kube-scheduler"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["10251"]
}
target_tags = ["${var.network}-firewall-k8s-kube-scheduler"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-k8s-kube-controller" {
name = "${var.network}-firewall-k8s-kube-controller"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["10252"]
}
target_tags = ["${var.network}-firewall-k8s-kube-controller"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_firewall" "firewall-k8s-nodeports" {
name = "${var.network}-firewall-k8s-nodeports"
network = google_compute_network.k8s-network.name
allow {
protocol = "tcp"
ports = ["30000-32676"]
}
target_tags = ["${var.network}-firewall-k8s-nodeports"]
source_ranges = ["0.0.0.0/0"]
}
Reference in New Issue View Git Blame Copy Permalink