Commit 066f4fe1 authored by Alex Hanselka's avatar Alex Hanselka

add rule to deny connections to runner manager

parent b1b4f779
......@@ -17,6 +17,17 @@ resource "google_compute_firewall" "runners-manager" {
}
}
resource "google_compute_firewall" "windows-runner-deny-manager" {
name = "windows-runner-deny-manager"
direction = "EGRESS"
network = var.network
priority = 950
target_tags = ["windows-runner"]
destination_ranges = [
"10.1.0.0/16"
]
}
resource "google_compute_firewall" "windows-runner-egress" {
name = "windows-runner-egress"
direction = "EGRESS"
......@@ -30,6 +41,18 @@ resource "google_compute_firewall" "windows-runner-egress" {
}
}
resource "google_compute_firewall" "windows-runner-deny-all-else" {
name = "windows-runner-deny-all-else"
direction = "EGRESS"
network = var.network
priority = 5000
target_tags = ["windows-runner"]
destination_ranges = "0.0.0.0/0"
deny {
}
}
#### Monitoring
resource "google_compute_firewall" "prometheus" {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment