Commit 9e8c6be9 authored by Craig Miskell's avatar Craig Miskell

Merge branch 'remove-consul-firewall-rules-for-camoproxy' into 'master'

Remove consul firewall rules for camoproxy; consul has been removed

See merge request !867
parents 2066a881 8035fada
......@@ -1879,41 +1879,6 @@ resource "google_compute_firewall" "camoproxy-deny-internal-egress" {
target_tags = ["camoproxy"]
}
# With these exceptions:
resource "google_compute_firewall" "camoproxy-allow-to-consul-tcp" {
name = "${format("%v-camoproxy-allow-to-consul-tcp-internal", var.environment)}"
network = "${var.environment}"
priority = "400" # Needs to be before the default deny (500)
direction = "EGRESS"
allow {
protocol = "tcp"
ports = ["8300-8301"]
}
destination_ranges = ["10.0.0.0/8"] # Sadly broad, but consul is chatty and talks to all sorts
target_tags = ["camoproxy"]
}
resource "google_compute_firewall" "camoproxy-allow-to-consul-udp" {
name = "${format("%v-camoproxy-allow-to-consul-udp-internal", var.environment)}"
network = "${var.environment}"
priority = "400" # Needs to be before the default deny (500)
direction = "EGRESS"
allow {
protocol = "udp"
ports = ["8301"]
}
destination_ranges = ["10.0.0.0/8"] # Sadly broad, but consul is chatty and talks to all sorts
target_tags = ["camoproxy"]
}
#Simple url map; everything goes to the one backend
resource "google_compute_url_map" "camoproxy-lb" {
name = "${format("%v-camoproxy-lb", var.environment)}"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment