diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index fffcb3ccea89746e33182c29ba06288b5cf72def..77e9100ad4f3ca9132831b69a4549e9375504474 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -16,43 +16,43 @@ resource "hcloud_firewall" "k8s-node" {
"::/0"
]
}
- # Kublet
rule {
+ description = "Kublet"
direction = "in"
protocol = "tcp"
port = "10250"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
- # Kubernetes node port
rule {
+ description = "Kubernetes NodePort"
direction = "in"
protocol = "tcp"
port = "30000-32767"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
- # Kubernetes node port
rule {
+ description = "Kubernetes NodePort"
direction = "in"
protocol = "udp"
port = "30000-32767"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
- # Calico BGP
rule {
+ description = "Calico BGP"
direction = "in"
protocol = "tcp"
port = "179"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
- # Calico VXLAN
rule {
+ description = "Calico VXLAN"
direction = "in"
protocol = "udp"
port = "4789"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
- # Calico Typha
rule {
+ description = "Calico Typha"
direction = "in"
protocol = "tcp"
port = "5473"
@@ -60,6 +60,7 @@ resource "hcloud_firewall" "k8s-node" {
}
# Host level services, including the node exporter on ports 9100-9101.
rule {
+ description = "Host level services"
direction = "in"
protocol = "tcp"
port = "9000-9999"
@@ -67,6 +68,7 @@ resource "hcloud_firewall" "k8s-node" {
}
# Host level services, including the node exporter on ports 9100-9101.
rule {
+ description = "Host level services"
direction = "in"
protocol = "udp"
port = "9000-9999"