From 1836c689906ac1fd60c42904cee8e43aa634756a Mon Sep 17 00:00:00 2001 From: Simone Ruffilli Date: Tue, 24 Oct 2023 21:46:04 +0200 Subject: [PATCH] Hierarchical rules update (#1809) --- .../data/hierarchical-ingress-rules.yaml | 30 ++++++++++++------- .../data/hierarchical-ingress-rules.yaml | 30 ++++++++++++------- .../data/hierarchical-ingress-rules.yaml | 30 ++++++++++++------- .../data/hierarchical-ingress-rules.yaml | 30 ++++++++++++------- .../data/hierarchical-ingress-rules.yaml | 30 ++++++++++++------- 5 files changed, 95 insertions(+), 55 deletions(-) diff --git a/fast/stages/2-networking-a-peering/data/hierarchical-ingress-rules.yaml b/fast/stages/2-networking-a-peering/data/hierarchical-ingress-rules.yaml index 0aa722bb39..27971add7f 100644 --- a/fast/stages/2-networking-a-peering/data/hierarchical-ingress-rules.yaml +++ b/fast/stages/2-networking-a-peering/data/hierarchical-ingress-rules.yaml @@ -1,11 +1,11 @@ # skip boilerplate check -allow-admins: - description: Access from the admin subnet to all subnets - priority: 1000 - match: - source_ranges: - - rfc1918 +# allow-admins: +# description: Access from the admin subnet to all subnets +# priority: 1000 +# match: +# source_ranges: +# - rfc1918 allow-healthchecks: description: Enable HTTP and HTTPS healthchecks @@ -14,8 +14,8 @@ allow-healthchecks: source_ranges: - healthchecks layer4_configs: - - protocol: tcp - ports: ["80", "443"] + - protocol: tcp + ports: ["80", "443"] allow-ssh-from-iap: description: Enable SSH from IAP @@ -24,8 +24,8 @@ allow-ssh-from-iap: source_ranges: - 35.235.240.0/20 layer4_configs: - - protocol: tcp - ports: ["22"] + - protocol: tcp + ports: ["22"] allow-icmp: description: Enable ICMP @@ -34,4 +34,12 @@ allow-icmp: source_ranges: - 0.0.0.0/0 layer4_configs: - - protocol: icmp + - protocol: icmp + +allow-nat-ranges: + description: Enable NAT ranges for VPC serverless connector + priority: 1001 + match: + source_ranges: + - 107.178.230.64/26 + - 35.199.224.0/19 diff --git a/fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml b/fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml index 0aa722bb39..27971add7f 100644 --- a/fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml +++ b/fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml @@ -1,11 +1,11 @@ # skip boilerplate check -allow-admins: - description: Access from the admin subnet to all subnets - priority: 1000 - match: - source_ranges: - - rfc1918 +# allow-admins: +# description: Access from the admin subnet to all subnets +# priority: 1000 +# match: +# source_ranges: +# - rfc1918 allow-healthchecks: description: Enable HTTP and HTTPS healthchecks @@ -14,8 +14,8 @@ allow-healthchecks: source_ranges: - healthchecks layer4_configs: - - protocol: tcp - ports: ["80", "443"] + - protocol: tcp + ports: ["80", "443"] allow-ssh-from-iap: description: Enable SSH from IAP @@ -24,8 +24,8 @@ allow-ssh-from-iap: source_ranges: - 35.235.240.0/20 layer4_configs: - - protocol: tcp - ports: ["22"] + - protocol: tcp + ports: ["22"] allow-icmp: description: Enable ICMP @@ -34,4 +34,12 @@ allow-icmp: source_ranges: - 0.0.0.0/0 layer4_configs: - - protocol: icmp + - protocol: icmp + +allow-nat-ranges: + description: Enable NAT ranges for VPC serverless connector + priority: 1001 + match: + source_ranges: + - 107.178.230.64/26 + - 35.199.224.0/19 diff --git a/fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml b/fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml index 0aa722bb39..27971add7f 100644 --- a/fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml +++ b/fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml @@ -1,11 +1,11 @@ # skip boilerplate check -allow-admins: - description: Access from the admin subnet to all subnets - priority: 1000 - match: - source_ranges: - - rfc1918 +# allow-admins: +# description: Access from the admin subnet to all subnets +# priority: 1000 +# match: +# source_ranges: +# - rfc1918 allow-healthchecks: description: Enable HTTP and HTTPS healthchecks @@ -14,8 +14,8 @@ allow-healthchecks: source_ranges: - healthchecks layer4_configs: - - protocol: tcp - ports: ["80", "443"] + - protocol: tcp + ports: ["80", "443"] allow-ssh-from-iap: description: Enable SSH from IAP @@ -24,8 +24,8 @@ allow-ssh-from-iap: source_ranges: - 35.235.240.0/20 layer4_configs: - - protocol: tcp - ports: ["22"] + - protocol: tcp + ports: ["22"] allow-icmp: description: Enable ICMP @@ -34,4 +34,12 @@ allow-icmp: source_ranges: - 0.0.0.0/0 layer4_configs: - - protocol: icmp + - protocol: icmp + +allow-nat-ranges: + description: Enable NAT ranges for VPC serverless connector + priority: 1001 + match: + source_ranges: + - 107.178.230.64/26 + - 35.199.224.0/19 diff --git a/fast/stages/2-networking-d-separate-envs/data/hierarchical-ingress-rules.yaml b/fast/stages/2-networking-d-separate-envs/data/hierarchical-ingress-rules.yaml index 0aa722bb39..27971add7f 100644 --- a/fast/stages/2-networking-d-separate-envs/data/hierarchical-ingress-rules.yaml +++ b/fast/stages/2-networking-d-separate-envs/data/hierarchical-ingress-rules.yaml @@ -1,11 +1,11 @@ # skip boilerplate check -allow-admins: - description: Access from the admin subnet to all subnets - priority: 1000 - match: - source_ranges: - - rfc1918 +# allow-admins: +# description: Access from the admin subnet to all subnets +# priority: 1000 +# match: +# source_ranges: +# - rfc1918 allow-healthchecks: description: Enable HTTP and HTTPS healthchecks @@ -14,8 +14,8 @@ allow-healthchecks: source_ranges: - healthchecks layer4_configs: - - protocol: tcp - ports: ["80", "443"] + - protocol: tcp + ports: ["80", "443"] allow-ssh-from-iap: description: Enable SSH from IAP @@ -24,8 +24,8 @@ allow-ssh-from-iap: source_ranges: - 35.235.240.0/20 layer4_configs: - - protocol: tcp - ports: ["22"] + - protocol: tcp + ports: ["22"] allow-icmp: description: Enable ICMP @@ -34,4 +34,12 @@ allow-icmp: source_ranges: - 0.0.0.0/0 layer4_configs: - - protocol: icmp + - protocol: icmp + +allow-nat-ranges: + description: Enable NAT ranges for VPC serverless connector + priority: 1001 + match: + source_ranges: + - 107.178.230.64/26 + - 35.199.224.0/19 diff --git a/fast/stages/2-networking-e-nva-bgp/data/hierarchical-ingress-rules.yaml b/fast/stages/2-networking-e-nva-bgp/data/hierarchical-ingress-rules.yaml index 0aa722bb39..27971add7f 100644 --- a/fast/stages/2-networking-e-nva-bgp/data/hierarchical-ingress-rules.yaml +++ b/fast/stages/2-networking-e-nva-bgp/data/hierarchical-ingress-rules.yaml @@ -1,11 +1,11 @@ # skip boilerplate check -allow-admins: - description: Access from the admin subnet to all subnets - priority: 1000 - match: - source_ranges: - - rfc1918 +# allow-admins: +# description: Access from the admin subnet to all subnets +# priority: 1000 +# match: +# source_ranges: +# - rfc1918 allow-healthchecks: description: Enable HTTP and HTTPS healthchecks @@ -14,8 +14,8 @@ allow-healthchecks: source_ranges: - healthchecks layer4_configs: - - protocol: tcp - ports: ["80", "443"] + - protocol: tcp + ports: ["80", "443"] allow-ssh-from-iap: description: Enable SSH from IAP @@ -24,8 +24,8 @@ allow-ssh-from-iap: source_ranges: - 35.235.240.0/20 layer4_configs: - - protocol: tcp - ports: ["22"] + - protocol: tcp + ports: ["22"] allow-icmp: description: Enable ICMP @@ -34,4 +34,12 @@ allow-icmp: source_ranges: - 0.0.0.0/0 layer4_configs: - - protocol: icmp + - protocol: icmp + +allow-nat-ranges: + description: Enable NAT ranges for VPC serverless connector + priority: 1001 + match: + source_ranges: + - 107.178.230.64/26 + - 35.199.224.0/19