From efe206915349d3dbd1c5b4b388d40e34f4d33c02 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Mon, 8 Apr 2024 08:00:07 -0500
Subject: [PATCH] Restrict k8s worker node addresses.

---
 config-parts/firewall.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config-parts/firewall.sh b/config-parts/firewall.sh
index cdfa8c6..2a00e4f 100644
--- a/config-parts/firewall.sh
+++ b/config-parts/firewall.sh
@@ -9,7 +9,7 @@ set firewall global-options all-ping 'enable'
 set firewall group address-group router-addresses address 10.0.0.1
 set firewall group address-group router-addresses address 127.0.0.1
 set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes
-set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.254' # worker nodes
+set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.79' # worker nodes
 set firewall group address-group k8s_api address '10.5.0.2'
 set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
 set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx