# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ######### apiVersion: compute.cnrm.cloud.google.com/v1beta1 kind: ComputeFirewall metadata: labels: label-one: "value-one" name: allow-egress-internet-pu namespace: common annotations: cnrm.cloud.google.com/project-id: net-prm-prj-common-12345 # kpt-set: ${net-perimeter-prj-common-id} spec: description: Allow egress to the internet direction: EGRESS deny: - protocol: icmp - protocol: udp sourceRanges: - 0.0.0.0/0 networkRef: name: public-perimeter targetTags: - "allow-egress-internet-pu" priority: 1000 disabled: false logConfig: metadata: EXCLUDE_ALL_METADATA --- apiVersion: compute.cnrm.cloud.google.com/v1beta1 kind: ComputeFirewall metadata: labels: label-one: "value-one" name: allow-ssh-ingressp namespace: common annotations: cnrm.cloud.google.com/project-id: net-prm-prj-common-12345 # kpt-set: ${net-perimeter-prj-common-id} spec: description: Allow SSH Connections from the internet direction: INGRESS deny: - protocol: tcp ports: - "22" sourceRanges: - 0.0.0.0/0 networkRef: name: public-perimeter targetTags: - "allow-ssh" priority: 1000 disabled: false logConfig: metadata: EXCLUDE_ALL_METADATA