Verified Commit bd0007b4 authored by Hugo's avatar Hugo
Browse files

add custom firewall config

parent caae9bc3
......@@ -29,10 +29,17 @@
rule: allow
from_ip: "{{cluster.network.cloudCidr}}"
comment: internal
vars:
tf_path: "terraform/terraform.tfstate.d/{{ lookup('env', 'ENV') }}/terraform.tfstate"
tf: "{{ lookup('file', tf_path) | from_json }}"
cluster: "{{ tf.outputs.cluster.value }}"
- name: allow extras
community.general.ufw:
rule: allow
port: "{{ item.value.port }}"
proto: "{{ item.value.proto }}"
comment: "{{ item.key }}"
when: cluster.firewall is defined and cluster.firewall.allow is defined
loop: "{{ cluster.firewall.allow | dict2items }}"
loop_control:
label: "{{ item.key }}"
- name: deny all traffic
community.general.ufw:
......
......@@ -37,5 +37,5 @@ module "cluster" {
}
output "cluster" {
value = module.cluster
}
\ No newline at end of file
value = merge(local.config, module.cluster)
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment