Configure firewall rules #46
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paseaf
commented
Jul 8, 2022
| - Other VMs SSHD: `22` | ||
|
|
||
| Audit: | ||
| Gateway VM: |
There was a problem hiding this comment.
Grouping by VM might be more helpful for looking up opening ports.
The infra diagram can be used to look up available services
| - cAdvisor: `8088` | ||
| - Node Exporter: `9100` | ||
| - ContainerSSH auth-config server: `8080` | ||
| - ContainerSSH metrics server(TBD): `9101` |
| - SSH: `2333` | ||
| - cAdvisor: `8088` | ||
| - Node Exporter: `9100` | ||
| - ContainerSSH auth-config server: `8080` |
There was a problem hiding this comment.
removed auth-config from the infra diagram since it might be not very important to our project.
| @@ -62,7 +62,7 @@ resource "google_compute_instance" "sacrificial_vm" { | |||
| resource "google_compute_instance" "logger_vm" { | |||
| name = "logger-vm" | |||
| machine_type = var.machine_type | |||
| tags = ["observer"] | |||
| tags = ["logger"] | |||
There was a problem hiding this comment.
might be easier to identify
There was a problem hiding this comment.
yes, it makes sense, sorry for my bad naming sense xD
Closed
paseaf
commented
Jul 8, 2022
| # open gateway-port 9100 and 9101, to our prometheus and metrics server | ||
| resource "google_compute_firewall" "firewall_gateway_nodeexport" { | ||
| name = "firewall-gateway-nodeexport" | ||
| resource "google_compute_firewall" "allow_all_to_logger_vm_prometheus" { |
There was a problem hiding this comment.
still need it for testing metrics server later later.
could close it later
There was a problem hiding this comment.
ok, i need it as well ^^v
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR will
action_source_to_destination_service/portTesting the PR
terraform applyTakeaways
So we don't need to allow both ways for a connection.