lib/hetzner/infra/firewall.rb in hetzner-k3s-0.5.8 vs lib/hetzner/infra/firewall.rb in hetzner-k3s-0.5.9

@@ -5,13 +5,14 @@
     def initialize(hetzner_client:, cluster_name:)
       @hetzner_client = hetzner_client
       @cluster_name = cluster_name
     end
 
-    def create(high_availability:, networks:)
+    def create(high_availability:, ssh_networks:, api_networks:)
       @high_availability = high_availability
-      @networks = networks
+      @ssh_networks = ssh_networks
+      @api_networks = api_networks
       puts
 
       if (firewall = find_firewall)
         puts 'Firewall already exists, skipping.'
         puts
@@ -45,20 +46,20 @@
       puts
     end
 
     private
 
-    attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :networks
+    attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :ssh_networks, :api_networks
 
     def create_firewall_config
       rules = [
         {
           description: 'Allow port 22 (SSH)',
           direction: 'in',
           protocol: 'tcp',
           port: '22',
-          source_ips: networks,
+          source_ips: ssh_networks,
           destination_ips: []
         },
         {
           description: 'Allow ICMP (ping)',
           direction: 'in',
@@ -96,13 +97,10 @@
         rules << {
           description: 'Allow port 6443 (Kubernetes API server)',
           direction: 'in',
           protocol: 'tcp',
           port: '6443',
-          source_ips: [
-            '0.0.0.0/0',
-            '::/0'
-          ],
+          source_ips: api_networks,
           destination_ips: []
         }
       end
 
       {