From 3c471d9dd8cd21d49ba20d8124dafa7133bab5d1 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 9 Oct 2021 23:15:12 +0200
Subject: [PATCH] calico: Add firewall rules for wireguard in terraform

---
 terraform/firewall.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index 667e9a447..c9c141521 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -59,6 +59,13 @@ resource "hcloud_firewall" "k8s-node" {
       port            = "5473"
       source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
   }
+  rule {
+      description     = "Calico Wireguard"
+      direction       = "in"
+      protocol        = "udp"
+      port            = "51820"
+      source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+  }
   # Host level services, including the node exporter on ports 9100-9101.
   rule {
       description     = "Host level services"
-- 
GitLab