fw rules
This commit is contained in:
parent
29e839e3a6
commit
f258ff1998
|
@ -67,7 +67,7 @@ resource "google_composer_environment" "orch-cmp-0" {
|
|||
env_variables = merge(
|
||||
var.composer_config.env_variables, {
|
||||
BQ_LOCATION = var.location
|
||||
DF_KMS_KEY = try(var.service_encryption_keys.dataflow, null)
|
||||
DF_KMS_KEY = try(var.service_encryption_keys.dataflow, "")
|
||||
DTL_L0_PRJ = module.lake-0-project.project_id
|
||||
DTL_L0_BQ_DATASET = module.lake-0-bq-0.dataset_id
|
||||
DTL_L0_GCS = module.lake-0-cs-0.url
|
||||
|
|
|
@ -1,35 +1,27 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress-allow-composer-nodes:
|
||||
description: "Allow traffic on Cloud Composer subnet"
|
||||
description: "Allow traffic to Composer nodes."
|
||||
direction: INGRESS
|
||||
action: allow
|
||||
sources: []
|
||||
ranges:
|
||||
- 10.128.48.0/24
|
||||
ranges: []
|
||||
targets:
|
||||
- composer-worker
|
||||
use_service_accounts: false
|
||||
rules:
|
||||
- protocol: tcp
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
- 3306
|
||||
- 3307
|
||||
ports: [80, 443, 3306, 3307]
|
||||
|
||||
ingress-allow-dataflow-load:
|
||||
description: "Allow traffic on Cloud Dataflow subnet"
|
||||
description: "Allow traffic to Dataflow nodes."
|
||||
direction: INGRESS
|
||||
action: allow
|
||||
sources: []
|
||||
ranges:
|
||||
- 10.128.48.0/24
|
||||
targets:
|
||||
ranges: []
|
||||
targets:
|
||||
- dataflow
|
||||
use_service_accounts: false
|
||||
rules:
|
||||
- protocol: tcp
|
||||
ports:
|
||||
- 12345
|
||||
- 12346
|
||||
ports: [12345, 12346]
|
||||
|
|
|
@ -1,35 +1,27 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress-allow-composer-nodes:
|
||||
description: "Allow traffic on Cloud Composer subnet"
|
||||
description: "Allow traffic to Composer nodes."
|
||||
direction: INGRESS
|
||||
action: allow
|
||||
sources: []
|
||||
ranges:
|
||||
- 10.128.48.0/24
|
||||
ranges: []
|
||||
targets:
|
||||
- composer-worker
|
||||
use_service_accounts: false
|
||||
rules:
|
||||
- protocol: tcp
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
- 3306
|
||||
- 3307
|
||||
ports: [80, 443, 3306, 3307]
|
||||
|
||||
ingress-allow-dataflow-load:
|
||||
description: "Allow traffic on Cloud Dataflow subnet"
|
||||
description: "Allow traffic to Dataflow nodes."
|
||||
direction: INGRESS
|
||||
action: allow
|
||||
sources: []
|
||||
ranges:
|
||||
- 10.128.48.0/24
|
||||
targets:
|
||||
ranges: []
|
||||
targets:
|
||||
- dataflow
|
||||
use_service_accounts: false
|
||||
rules:
|
||||
- protocol: tcp
|
||||
ports:
|
||||
- 12345
|
||||
- 12346
|
||||
ports: [12345, 12346]
|
||||
|
|
Loading…
Reference in New Issue