diff options
| author | Spike <avlampson+git@gmail.com> | 2019-05-09 14:18:09 +0100 |
|---|---|---|
| committer | Spike <avlampson+git@gmail.com> | 2019-05-09 14:18:09 +0100 |
| commit | 1c0b57878c9ac06b707ce52a2f381b244f4ea7ac (patch) | |
| tree | 12eb7a493152732852535c2e424e00fe20ba6896 /terraform/sg.tf | |
| parent | 3057ba38e7d47b79bd7872e12e70a9f46057a4bc (diff) | |
| download | sensyne_demo-1c0b57878c9ac06b707ce52a2f381b244f4ea7ac.zip sensyne_demo-1c0b57878c9ac06b707ce52a2f381b244f4ea7ac.tar.gz sensyne_demo-1c0b57878c9ac06b707ce52a2f381b244f4ea7ac.tar.bz2 | |
Adding cluster, and security groups to allow comms with worker nodes
Diffstat (limited to 'terraform/sg.tf')
| -rw-r--r-- | terraform/sg.tf | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/terraform/sg.tf b/terraform/sg.tf index 6aff1d6..21f30f1 100644 --- a/terraform/sg.tf +++ b/terraform/sg.tf @@ -25,3 +25,52 @@ resource "aws_security_group_rule" "sensyne_demo_cluster_remote_access" { type = "ingress" } +resource "aws_security_group" "sensyne_demo_node" { + name = "sensyne_demo_node" + description = "Security group for all nodes in the cluster" + vpc_id = "${aws_vpc.sensyne_demo_vpc.id}" + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = "${ + map( + "Name", "sensyne-demo-worker-node", + ) + }" +} + +resource "aws_security_group_rule" "sensyne_demo_node_ingress_self" { + description = "Allow node to communicate with each other" + from_port = 0 + protocol = "-1" + security_group_id = "${aws_security_group.sensyne_demo_node.id}" + source_security_group_id = "${aws_security_group.sensyne_demo_node.id}" + to_port = 65535 + type = "ingress" +} + +resource "aws_security_group_rule" "sensyne_demo_node_ingress_cluster" { + description = "Allow worker Kubelets and pods to receive communication from the cluster control plane" + from_port = 1025 + protocol = "tcp" + security_group_id = "${aws_security_group.sensyne_demo_node.id}" + source_security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" + to_port = 65535 + type = "ingress" +} + +resource "aws_security_group_rule" "sensyne_demo_cluster_ingress_node_https" { + description = "Allow pods to communicate with the cluster API Server" + from_port = 443 + protocol = "tcp" + security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" + source_security_group_id = "${aws_security_group.sensyne_demo_node.id}" + to_port = 443 + type = "ingress" +} + |