diff options
Diffstat (limited to 'terraform/sg.tf')
| -rw-r--r-- | terraform/sg.tf | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/terraform/sg.tf b/terraform/sg.tf index 6aff1d6..21f30f1 100644 --- a/terraform/sg.tf +++ b/terraform/sg.tf @@ -25,3 +25,52 @@ resource "aws_security_group_rule" "sensyne_demo_cluster_remote_access" { type = "ingress" } +resource "aws_security_group" "sensyne_demo_node" { + name = "sensyne_demo_node" + description = "Security group for all nodes in the cluster" + vpc_id = "${aws_vpc.sensyne_demo_vpc.id}" + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = "${ + map( + "Name", "sensyne-demo-worker-node", + ) + }" +} + +resource "aws_security_group_rule" "sensyne_demo_node_ingress_self" { + description = "Allow node to communicate with each other" + from_port = 0 + protocol = "-1" + security_group_id = "${aws_security_group.sensyne_demo_node.id}" + source_security_group_id = "${aws_security_group.sensyne_demo_node.id}" + to_port = 65535 + type = "ingress" +} + +resource "aws_security_group_rule" "sensyne_demo_node_ingress_cluster" { + description = "Allow worker Kubelets and pods to receive communication from the cluster control plane" + from_port = 1025 + protocol = "tcp" + security_group_id = "${aws_security_group.sensyne_demo_node.id}" + source_security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" + to_port = 65535 + type = "ingress" +} + +resource "aws_security_group_rule" "sensyne_demo_cluster_ingress_node_https" { + description = "Allow pods to communicate with the cluster API Server" + from_port = 443 + protocol = "tcp" + security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" + source_security_group_id = "${aws_security_group.sensyne_demo_node.id}" + to_port = 443 + type = "ingress" +} + |