allow all udp/icmp traffic along with tcp traffic within VPCs; add po…

…rts for NB and konnectivity to firewall (#529)
linode · Oct 1, 2024 · f828b25 · f828b25
1 parent acc1084
commit f828b25
Showing 1 changed file with 27 additions and 2 deletions.
diff --git a/templates/infra/linodeFirewall.yaml b/templates/infra/linodeFirewall.yaml
@@ -12,18 +12,43 @@ spec:
  inboundPolicy: DROP
  inboundRules:
  - action: ACCEPT
- label: intra-cluster
+ label: intra-cluster-tcp
  ports: "1-65535"
  protocol: "TCP"
  addresses:
  ipv4:
  - "10.0.0.0/8"
+ description: accept all tcp traffic within the vpc
+ - action: ACCEPT
+ label: intra-cluster-udp
+ ports: "1-65535"
+ protocol: "UDP"
+ addresses:
+ ipv4:
+ - "10.0.0.0/8"
+ description: accept all udp traffic within the vpc
+ - action: ACCEPT
+ label: intra-cluster-icmp
+ protocol: "ICMP"
+ addresses:
+ ipv4:
+ - "10.0.0.0/8"
+ description: accept all icmp traffic within the vpc
  - action: ACCEPT
  addresses:
  ipv4:
  - 0.0.0.0/0
  ipv6:
  - ::/0
- ports: "6443"
+ ports: 6443, 8132
  protocol: TCP
  label: inbound-api-server
+ description: accept all api server and Konnectivity related traffic
+ - action: ACCEPT
+ addresses:
+ ipv4:
+ - 192.168.255.0/24
+ ports: 30000-30100
+ protocol: TCP
+ label: accept-NodeBalancer
+ description: accept traffic from the entire NodeBalancer CIDR to the NodePort service range