feat(gcp): exposes port 53 (UDP) on master nodes to public

As we are using an internal DNS server, for resolution across
envrironments, we need to expose port 53 (UDP) on master nodes

terraform/bundles/gcp/master-nodes/main.tf

@@ -33,6 +33,7 @@ module "master-nodes-firewall" {
   network_name                = var.network
   target_tags                 = local.k3s_masters_tags
   allow_ssh                   = true
+  allow_dns_traffic           = true
 }
 
 module "master-nodes" {

terraform/modules/gcp/firewall/main.tf

@@ -19,7 +19,6 @@ locals {
       protocol    = "tcp"
       ports       = ["6443"]
     },
-
     {
       description = "k3s masters: flannel wireguard_native communication, source: https://docs.k3s.io/installation/requirements#networking"
       protocol    = "udp"
@@ -57,6 +56,14 @@ locals {
     },
   ]
 
+  incoming_dns_traffic = [
+    {
+      description = "allows dns communication"
+      protocol    = "udp"
+      ports       = ["53"]
+    },
+  ]
+
   node_ports = [
     {
       description = "open node ports"
@@ -138,6 +145,14 @@ resource "google_compute_firewall" "k3s_master_nodes_public" {
     }
   }
 
+  dynamic "allow" {
+    for_each = { for k, v in local.incoming_dns_traffic : k => v if var.allow_dns_traffic }
+    content {
+      protocol = allow.value.protocol
+      ports    = allow.value.ports
+    }
+  }
+
   // Target tags can be used to apply this rule to specific instances
   target_tags = var.target_tags
 

terraform/modules/gcp/firewall/variables.tf

@@ -46,3 +46,9 @@ variable "allow_ssh" {
   type        = bool
   description = "should allow node ports ?"
 }
+
+variable "allow_dns_traffic" {
+  type        = bool
+  description = "should allow dns traffic ?"
+  default     = false
+}