Make it possible to disallow any internal communications

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-29 20:32:36 +02:00 · 2019-05-29 20:32:36 +02:00 · 66cda5eb15
commit 66cda5eb15
parent f4156c3db7
2 changed files with 9 additions and 0 deletions
--- a/roles/openshift/project/defaults/main.yml
+++ b/roles/openshift/project/defaults/main.yml
@ -1,2 +1,3 @@
 ---
 allow_fas_db: false
+allow_phx2: true
--- a/roles/openshift/project/templates/egresspolicy.yml
+++ b/roles/openshift/project/templates/egresspolicy.yml
@ -15,6 +15,14 @@ spec:
    to:
      cidrSelector: "10.5.126.99/32"
 {% endif %}
+{% endif %}
+{% if not allow_phx2 %}
+  - type: Deny
+    to:
+      cidrSelector: "10.0.0.0/8"
+  - type: Deny
+    to:
+      cidrSelector: "209.132.181.0/25"
 {% endif %}
  - type: Allow
    to: