mirror of
https://github.com/vcscsvcscs/OCI-Kubernetes-cluster-with-traefik.git
synced 2025-08-12 13:59:09 +02:00
119 lines
2.4 KiB
HCL
119 lines
2.4 KiB
HCL
resource "oci_core_security_list" "private_subnet_sl" {
|
|
compartment_id = var.compartment_ocid
|
|
vcn_id = var.vcn_id
|
|
|
|
display_name = "${var.cluster_name}-${var.environment}-private-subnet-sl"
|
|
|
|
egress_security_rules {
|
|
stateless = false
|
|
destination = "0.0.0.0/0"
|
|
destination_type = "CIDR_BLOCK"
|
|
protocol = "all"
|
|
}
|
|
|
|
ingress_security_rules {
|
|
stateless = false
|
|
source = "10.0.0.0/16"
|
|
source_type = "CIDR_BLOCK"
|
|
protocol = "all"
|
|
}
|
|
|
|
ingress_security_rules {
|
|
stateless = false
|
|
source = "10.0.0.0/24"
|
|
source_type = "CIDR_BLOCK"
|
|
protocol = "6"
|
|
tcp_options {
|
|
min = 10256
|
|
max = 10256
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
stateless = false
|
|
source = "10.0.0.0/24"
|
|
source_type = "CIDR_BLOCK"
|
|
protocol = "6"
|
|
tcp_options {
|
|
min = 31600
|
|
max = 31600
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "oci_core_security_list" "public_subnet_sl" {
|
|
compartment_id = var.compartment_ocid
|
|
vcn_id = var.vcn_id
|
|
|
|
display_name = "${var.cluster_name}-${var.environment}-public-subnet-sl"
|
|
|
|
egress_security_rules {
|
|
stateless = false
|
|
destination = "0.0.0.0/0"
|
|
destination_type = "CIDR_BLOCK"
|
|
protocol = "all"
|
|
}
|
|
|
|
egress_security_rules {
|
|
stateless = false
|
|
destination = "10.0.1.0/24"
|
|
destination_type = "CIDR_BLOCK"
|
|
protocol = "6"
|
|
tcp_options {
|
|
min = 31600
|
|
max = 31600
|
|
}
|
|
}
|
|
|
|
egress_security_rules {
|
|
stateless = false
|
|
destination = "10.0.1.0/24"
|
|
destination_type = "CIDR_BLOCK"
|
|
protocol = "6"
|
|
tcp_options {
|
|
min = 10256
|
|
max = 10256
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
protocol = "6"
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
stateless = false
|
|
|
|
tcp_options {
|
|
max = 80
|
|
min = 80
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
stateless = false
|
|
source = "10.0.0.0/16"
|
|
source_type = "CIDR_BLOCK"
|
|
protocol = "all"
|
|
}
|
|
|
|
ingress_security_rules {
|
|
stateless = false
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
protocol = "6"
|
|
tcp_options {
|
|
min = 6443
|
|
max = 6443
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
stateless = false
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
protocol = "6"
|
|
tcp_options {
|
|
min = 443
|
|
max = 443
|
|
}
|
|
}
|
|
} |