Merge pull request #10 from Faire/aodan.xin/add_engress_rules_to_allowed_cird

aodanxin · web-flow · commit dd54edeacdcf · 2025-11-20T13:17:14.000-05:00
Support stateless egress rules to allowed CIDRs
diff --git a/modules/network/nsg-controlplane.tf b/modules/network/nsg-controlplane.tf
@@ -82,6 +82,11 @@ locals {
         protocol = local.tcp_protocol, port = local.apiserver_port, source = allowed_cidr, source_type = local.rule_type_cidr
       }
     },
+    { for allowed_cidr in var.control_plane_allowed_cidrs :
+      "Allow TCP egress from kube-apiserver to ${allowed_cidr}" => {
+        protocol = local.tcp_protocol, port = local.apiserver_port, destination = allowed_cidr, destination_type = local.rule_type_cidr
+      }
+    },  // Allow egress to allowed CIDRs. This could be removed once https://github.com/oracle-terraform-modules/terraform-oci-oke/pull/1044/files#diff-22581a25add62ab66a7fea3ec452a13a8be27d31e3b467ae2b6c1230b9d77a10R158-R162 is merged.
     var.allow_rules_cp
   ) : {}
 }

Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,11 @@ locals {`
`82`	`82`	`protocol = local.tcp_protocol, port = local.apiserver_port, source = allowed_cidr, source_type = local.rule_type_cidr`
`83`	`83`	`}`
`84`	`84`	`},`
	`85`	`+ { for allowed_cidr in var.control_plane_allowed_cidrs :`
	`86`	`+ "Allow TCP egress from kube-apiserver to ${allowed_cidr}" => {`
	`87`	`+ protocol = local.tcp_protocol, port = local.apiserver_port, destination = allowed_cidr, destination_type = local.rule_type_cidr`
	`88`	`+ }`
	`89`	`+ }, // Allow egress to allowed CIDRs. This could be removed once https://github.com/oracle-terraform-modules/terraform-oci-oke/pull/1044/files#diff-22581a25add62ab66a7fea3ec452a13a8be27d31e3b467ae2b6c1230b9d77a10R158-R162 is merged.`
`85`	`90`	`var.allow_rules_cp`
`86`	`91`	`) : {}`
`87`	`92`	`}`