Restrict k8s worker node addresses.

This commit is contained in:
Joseph Hanson 2024-04-08 08:00:07 -05:00
parent 951b206a6b
commit efe2069153
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o

View file

@ -9,7 +9,7 @@ set firewall global-options all-ping 'enable'
set firewall group address-group router-addresses address 10.0.0.1 set firewall group address-group router-addresses address 10.0.0.1
set firewall group address-group router-addresses address 127.0.0.1 set firewall group address-group router-addresses address 127.0.0.1
set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes
set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.254' # worker nodes set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.79' # worker nodes
set firewall group address-group k8s_api address '10.5.0.2' set firewall group address-group k8s_api address '10.5.0.2'
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx