class matrix::lb (
) {
  $ips = lookup('sourceips', undef, undef, undef)
  $ips.each | String $ip | {
    if $::facts['sunet_nftables_enabled'] == 'yes' {
      sunet::nftables::allow { "nft_testip${ip}_ingress":
      port   =>   8443,
      from   =>   $ip,
      }
      sunet::nftables::allow { "nft_testip${ip}_kubeapi":
      port   =>   16443,
      from   =>   $ip,
      }
    }
  }
}