...
 
Commits (2)
......@@ -1879,41 +1879,6 @@ resource "google_compute_firewall" "camoproxy-deny-internal-egress" {
target_tags = ["camoproxy"]
}
# With these exceptions:
resource "google_compute_firewall" "camoproxy-allow-to-consul-tcp" {
name = "${format("%v-camoproxy-allow-to-consul-tcp-internal", var.environment)}"
network = "${var.environment}"
priority = "400" # Needs to be before the default deny (500)
direction = "EGRESS"
allow {
protocol = "tcp"
ports = ["8300-8301"]
}
destination_ranges = ["10.0.0.0/8"] # Sadly broad, but consul is chatty and talks to all sorts
target_tags = ["camoproxy"]
}
resource "google_compute_firewall" "camoproxy-allow-to-consul-udp" {
name = "${format("%v-camoproxy-allow-to-consul-udp-internal", var.environment)}"
network = "${var.environment}"
priority = "400" # Needs to be before the default deny (500)
direction = "EGRESS"
allow {
protocol = "udp"
ports = ["8301"]
}
destination_ranges = ["10.0.0.0/8"] # Sadly broad, but consul is chatty and talks to all sorts
target_tags = ["camoproxy"]
}
#Simple url map; everything goes to the one backend
resource "google_compute_url_map" "camoproxy-lb" {
name = "${format("%v-camoproxy-lb", var.environment)}"
......