github.com/openshift/installer@v1.4.17/upi/gcp/03_firewall.py (about) 1 def GenerateConfig(context): 2 3 resources = [{ 4 'name': context.properties['infra_id'] + '-bootstrap-in-ssh', 5 'type': 'compute.v1.firewall', 6 'properties': { 7 'network': context.properties['cluster_network'], 8 'allowed': [{ 9 'IPProtocol': 'tcp', 10 'ports': ['22'] 11 }], 12 'sourceRanges': [context.properties['allowed_external_cidr']], 13 'targetTags': [context.properties['infra_id'] + '-bootstrap'] 14 } 15 }, { 16 'name': context.properties['infra_id'] + '-api', 17 'type': 'compute.v1.firewall', 18 'properties': { 19 'network': context.properties['cluster_network'], 20 'allowed': [{ 21 'IPProtocol': 'tcp', 22 'ports': ['6443'] 23 }], 24 'sourceRanges': [context.properties['allowed_external_cidr']], 25 'targetTags': [context.properties['infra_id'] + '-master'] 26 } 27 }, { 28 'name': context.properties['infra_id'] + '-health-checks', 29 'type': 'compute.v1.firewall', 30 'properties': { 31 'network': context.properties['cluster_network'], 32 'allowed': [{ 33 'IPProtocol': 'tcp', 34 'ports': ['6080', '6443', '22624'] 35 }], 36 'sourceRanges': ['35.191.0.0/16', '130.211.0.0/22', '209.85.152.0/22', '209.85.204.0/22'], 37 'targetTags': [context.properties['infra_id'] + '-master'] 38 } 39 }, { 40 'name': context.properties['infra_id'] + '-etcd', 41 'type': 'compute.v1.firewall', 42 'properties': { 43 'network': context.properties['cluster_network'], 44 'allowed': [{ 45 'IPProtocol': 'tcp', 46 'ports': ['2379-2380'] 47 }], 48 'sourceTags': [context.properties['infra_id'] + '-master'], 49 'targetTags': [context.properties['infra_id'] + '-master'] 50 } 51 }, { 52 'name': context.properties['infra_id'] + '-control-plane', 53 'type': 'compute.v1.firewall', 54 'properties': { 55 'network': context.properties['cluster_network'], 56 'allowed': [{ 57 'IPProtocol': 'tcp', 58 'ports': ['10257'] 59 },{ 60 'IPProtocol': 'tcp', 61 'ports': ['10259'] 62 },{ 63 'IPProtocol': 'tcp', 64 'ports': ['22623'] 65 }], 66 'sourceTags': [ 67 context.properties['infra_id'] + '-master', 68 context.properties['infra_id'] + '-worker' 69 ], 70 'targetTags': [context.properties['infra_id'] + '-master'] 71 } 72 }, { 73 'name': context.properties['infra_id'] + '-internal-network', 74 'type': 'compute.v1.firewall', 75 'properties': { 76 'network': context.properties['cluster_network'], 77 'allowed': [{ 78 'IPProtocol': 'icmp' 79 },{ 80 'IPProtocol': 'tcp', 81 'ports': ['22'] 82 }], 83 'sourceRanges': [context.properties['network_cidr']], 84 'targetTags': [ 85 context.properties['infra_id'] + '-master', 86 context.properties['infra_id'] + '-worker' 87 ] 88 } 89 }, { 90 'name': context.properties['infra_id'] + '-internal-cluster', 91 'type': 'compute.v1.firewall', 92 'properties': { 93 'network': context.properties['cluster_network'], 94 'allowed': [{ 95 'IPProtocol': 'udp', 96 'ports': ['4789', '6081'] 97 },{ 98 'IPProtocol': 'udp', 99 'ports': ['500', '4500'] 100 },{ 101 'IPProtocol': 'esp', 102 },{ 103 'IPProtocol': 'tcp', 104 'ports': ['9000-9999'] 105 },{ 106 'IPProtocol': 'udp', 107 'ports': ['9000-9999'] 108 },{ 109 'IPProtocol': 'tcp', 110 'ports': ['10250'] 111 },{ 112 'IPProtocol': 'tcp', 113 'ports': ['30000-32767'] 114 },{ 115 'IPProtocol': 'udp', 116 'ports': ['30000-32767'] 117 }], 118 'sourceTags': [ 119 context.properties['infra_id'] + '-master', 120 context.properties['infra_id'] + '-worker' 121 ], 122 'targetTags': [ 123 context.properties['infra_id'] + '-master', 124 context.properties['infra_id'] + '-worker' 125 ] 126 } 127 }] 128 129 return {'resources': resources}