feat: update dns resolver acls (#246)

- add dmz acl - add common acl - add loopback/ceph/physical subnets to main acl Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/246
2025-04-06 16:44:16 +10:00 · 2025-04-06 16:44:16 +10:00 · b6ea353cfb
commit b6ea353cfb
parent c225564bdb
1 changed files with 17 additions and 0 deletions
--- a/hieradata/roles/infra/dns/resolver.yaml
+++ b/hieradata/roles/infra/dns/resolver.yaml
@ -10,6 +10,22 @@ profiles::dns::resolver::acls:
      - 198.18.15.0/24
      - 198.18.16.0/24
      - 198.18.17.0/24
+      - 198.18.18.0/24
+      - 198.18.19.0/24
+      - 198.18.20.0/24
+      - 198.18.21.0/24
+      - 198.18.22.0/24
+      - 198.18.23.0/24
+  acl-dmz:
+    addresses:
+      - 198.18.24.0/24
+  acl-common:
+    addresses:
+      - 198.18.25.0/24
+      - 198.18.26.0/24
+      - 198.18.27.0/24
+      - 198.18.28.0/24
+      - 198.18.29.0/24
  acl-nomad-jobs:
    addresses:
      - 198.18.64.0/24
@ -83,3 +99,4 @@ profiles::dns::resolver::views:
    match_clients:
      - acl-main.unkin.net
      - acl-nomad-jobs
+      - acl-common