Skip to content

Commit

Permalink
Hierarchical rules update (#1809)
Browse files Browse the repository at this point in the history
  • Loading branch information
sruffilli authored Oct 24, 2023
1 parent 1378214 commit 1836c68
Show file tree
Hide file tree
Showing 5 changed files with 95 additions and 55 deletions.
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# skip boilerplate check

allow-admins:
description: Access from the admin subnet to all subnets
priority: 1000
match:
source_ranges:
- rfc1918
# allow-admins:
# description: Access from the admin subnet to all subnets
# priority: 1000
# match:
# source_ranges:
# - rfc1918

allow-healthchecks:
description: Enable HTTP and HTTPS healthchecks
Expand All @@ -14,8 +14,8 @@ allow-healthchecks:
source_ranges:
- healthchecks
layer4_configs:
- protocol: tcp
ports: ["80", "443"]
- protocol: tcp
ports: ["80", "443"]

allow-ssh-from-iap:
description: Enable SSH from IAP
Expand All @@ -24,8 +24,8 @@ allow-ssh-from-iap:
source_ranges:
- 35.235.240.0/20
layer4_configs:
- protocol: tcp
ports: ["22"]
- protocol: tcp
ports: ["22"]

allow-icmp:
description: Enable ICMP
Expand All @@ -34,4 +34,12 @@ allow-icmp:
source_ranges:
- 0.0.0.0/0
layer4_configs:
- protocol: icmp
- protocol: icmp

allow-nat-ranges:
description: Enable NAT ranges for VPC serverless connector
priority: 1001
match:
source_ranges:
- 107.178.230.64/26
- 35.199.224.0/19
30 changes: 19 additions & 11 deletions fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# skip boilerplate check

allow-admins:
description: Access from the admin subnet to all subnets
priority: 1000
match:
source_ranges:
- rfc1918
# allow-admins:
# description: Access from the admin subnet to all subnets
# priority: 1000
# match:
# source_ranges:
# - rfc1918

allow-healthchecks:
description: Enable HTTP and HTTPS healthchecks
Expand All @@ -14,8 +14,8 @@ allow-healthchecks:
source_ranges:
- healthchecks
layer4_configs:
- protocol: tcp
ports: ["80", "443"]
- protocol: tcp
ports: ["80", "443"]

allow-ssh-from-iap:
description: Enable SSH from IAP
Expand All @@ -24,8 +24,8 @@ allow-ssh-from-iap:
source_ranges:
- 35.235.240.0/20
layer4_configs:
- protocol: tcp
ports: ["22"]
- protocol: tcp
ports: ["22"]

allow-icmp:
description: Enable ICMP
Expand All @@ -34,4 +34,12 @@ allow-icmp:
source_ranges:
- 0.0.0.0/0
layer4_configs:
- protocol: icmp
- protocol: icmp

allow-nat-ranges:
description: Enable NAT ranges for VPC serverless connector
priority: 1001
match:
source_ranges:
- 107.178.230.64/26
- 35.199.224.0/19
30 changes: 19 additions & 11 deletions fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# skip boilerplate check

allow-admins:
description: Access from the admin subnet to all subnets
priority: 1000
match:
source_ranges:
- rfc1918
# allow-admins:
# description: Access from the admin subnet to all subnets
# priority: 1000
# match:
# source_ranges:
# - rfc1918

allow-healthchecks:
description: Enable HTTP and HTTPS healthchecks
Expand All @@ -14,8 +14,8 @@ allow-healthchecks:
source_ranges:
- healthchecks
layer4_configs:
- protocol: tcp
ports: ["80", "443"]
- protocol: tcp
ports: ["80", "443"]

allow-ssh-from-iap:
description: Enable SSH from IAP
Expand All @@ -24,8 +24,8 @@ allow-ssh-from-iap:
source_ranges:
- 35.235.240.0/20
layer4_configs:
- protocol: tcp
ports: ["22"]
- protocol: tcp
ports: ["22"]

allow-icmp:
description: Enable ICMP
Expand All @@ -34,4 +34,12 @@ allow-icmp:
source_ranges:
- 0.0.0.0/0
layer4_configs:
- protocol: icmp
- protocol: icmp

allow-nat-ranges:
description: Enable NAT ranges for VPC serverless connector
priority: 1001
match:
source_ranges:
- 107.178.230.64/26
- 35.199.224.0/19
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# skip boilerplate check

allow-admins:
description: Access from the admin subnet to all subnets
priority: 1000
match:
source_ranges:
- rfc1918
# allow-admins:
# description: Access from the admin subnet to all subnets
# priority: 1000
# match:
# source_ranges:
# - rfc1918

allow-healthchecks:
description: Enable HTTP and HTTPS healthchecks
Expand All @@ -14,8 +14,8 @@ allow-healthchecks:
source_ranges:
- healthchecks
layer4_configs:
- protocol: tcp
ports: ["80", "443"]
- protocol: tcp
ports: ["80", "443"]

allow-ssh-from-iap:
description: Enable SSH from IAP
Expand All @@ -24,8 +24,8 @@ allow-ssh-from-iap:
source_ranges:
- 35.235.240.0/20
layer4_configs:
- protocol: tcp
ports: ["22"]
- protocol: tcp
ports: ["22"]

allow-icmp:
description: Enable ICMP
Expand All @@ -34,4 +34,12 @@ allow-icmp:
source_ranges:
- 0.0.0.0/0
layer4_configs:
- protocol: icmp
- protocol: icmp

allow-nat-ranges:
description: Enable NAT ranges for VPC serverless connector
priority: 1001
match:
source_ranges:
- 107.178.230.64/26
- 35.199.224.0/19
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# skip boilerplate check

allow-admins:
description: Access from the admin subnet to all subnets
priority: 1000
match:
source_ranges:
- rfc1918
# allow-admins:
# description: Access from the admin subnet to all subnets
# priority: 1000
# match:
# source_ranges:
# - rfc1918

allow-healthchecks:
description: Enable HTTP and HTTPS healthchecks
Expand All @@ -14,8 +14,8 @@ allow-healthchecks:
source_ranges:
- healthchecks
layer4_configs:
- protocol: tcp
ports: ["80", "443"]
- protocol: tcp
ports: ["80", "443"]

allow-ssh-from-iap:
description: Enable SSH from IAP
Expand All @@ -24,8 +24,8 @@ allow-ssh-from-iap:
source_ranges:
- 35.235.240.0/20
layer4_configs:
- protocol: tcp
ports: ["22"]
- protocol: tcp
ports: ["22"]

allow-icmp:
description: Enable ICMP
Expand All @@ -34,4 +34,12 @@ allow-icmp:
source_ranges:
- 0.0.0.0/0
layer4_configs:
- protocol: icmp
- protocol: icmp

allow-nat-ranges:
description: Enable NAT ranges for VPC serverless connector
priority: 1001
match:
source_ranges:
- 107.178.230.64/26
- 35.199.224.0/19

0 comments on commit 1836c68

Please sign in to comment.