kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hack/update-expected.sh

This commit is contained in:
John Gardiner Myers 2023-10-03 22:31:02 -07:00
parent 2fbc7cf979
commit 3f1ee1e820
23 changed files with 1584 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf
View File

@ -773,6 +773,7 @@ resource "aws_lb" "bastion-bastionuserdata-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-bastionuserdata-e-4grhsv"
security_groups = [aws_security_group.bastion-elb-bastionuserdata-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-bastionuserdata-example-com.id
}
@ -1075,6 +1076,17 @@ resource "aws_security_group" "bastion-bastionuserdata-example-com" {
vpc_id = aws_vpc.bastionuserdata-example-com.id
}
resource "aws_security_group" "bastion-elb-bastionuserdata-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.bastionuserdata.example.com"
tags = {
"KubernetesCluster" = "bastionuserdata.example.com"
"Name" = "bastion-elb.bastionuserdata.example.com"
"kubernetes.io/cluster/bastionuserdata.example.com" = "owned"
}
vpc_id = aws_vpc.bastionuserdata-example-com.id
}
resource "aws_security_group" "masters-bastionuserdata-example-com" {
description = "Security group for masters"
name = "masters.bastionuserdata.example.com"
@ -1097,11 +1109,11 @@ resource "aws_security_group" "nodes-bastionuserdata-example-com" {
vpc_id = aws_vpc.bastionuserdata-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-bastionuserdata-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-bastionuserdata-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
@ -1115,11 +1127,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-bastionuserdata-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-bastionuserdata-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
@ -1160,6 +1172,15 @@ resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-egr
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-ingress-icmp-3to4-bastion-elb-bastionuserdata-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-ingress-tcp-22to22-masters-bastionuserdata-example-com" {
from_port = 22
protocol = "tcp"
@ -1178,6 +1199,42 @@ resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-ing
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-bastionuserdata-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-bastionuserdata-example-com-ingress-icmp-3to4-bastion-bastionuserdata-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-bastionuserdata-example-com-ingress-tcp-22to22-bastion-bastionuserdata-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1295,11 +1352,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.api-elb-bastionuserdata-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 4
type = "ingress"
}
@ -1308,7 +1383,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 4
type = "ingress"
}

118
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -638,6 +638,7 @@ resource "aws_lb" "api-complex-example-com" {
internal = false
load_balancer_type = "network"
name = "api-complex-example-com-vd3t5n"
security_groups = ["sg-exampleid5", "sg-exampleid6", aws_security_group.api-elb-complex-example-com.id]
subnet_mapping {
allocation_id = "eipalloc-012345a678b9cdefa"
subnet_id = aws_subnet.us-test-1a-complex-example-com.id
@ -1027,20 +1028,20 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-com
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-complex-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-complex-example-com" {
from_port = 443
prefix_list_ids = ["pl-44444444"]
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-1-1-1-0--24-ingress-tcp-443to443-masters-complex-example-com" {
resource "aws_security_group_rule" "from-1-1-1-0--24-ingress-tcp-443to443-api-elb-complex-example-com" {
cidr_blocks = ["1.1.1.0/24"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 443
type = "ingress"
}
@ -1063,6 +1064,24 @@ resource "aws_security_group_rule" "from-1-1-1-1--32-ingress-tcp-22to22-nodes-co
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-complex-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-complex-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-complex-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1163,41 +1182,59 @@ resource "aws_security_group_rule" "from-nodes-complex-example-com-ingress-udp-1
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "https-lb-to-master-10-1-0-0--16" {
cidr_blocks = ["10.1.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "https-lb-to-master-10-2-0-0--16" {
cidr_blocks = ["10.2.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-1-1-1-0--24" {
cidr_blocks = ["1.1.1.0/24"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-complex-example-com.id
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-pl-44444444" {
from_port = 3
prefix_list_ids = ["pl-44444444"]
protocol = "icmp"
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-complex-example-com.id
source_security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-pl-44444444" {
from_port = -1
prefix_list_ids = ["pl-44444444"]
protocol = "icmpv6"
security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = -1
type = "ingress"
}
resource "aws_security_group_rule" "nodeport-tcp-external-to-node-1-2-3-4--32" {
cidr_blocks = ["1.2.3.4/32"]
from_port = 28000
@ -1234,22 +1271,13 @@ resource "aws_security_group_rule" "nodeport-udp-external-to-node-10-20-30-0--24
type = "ingress"
}
resource "aws_security_group_rule" "tcp-api-1-1-1-0--24" {
cidr_blocks = ["1.1.1.0/24"]
from_port = 8443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 8443
type = "ingress"
}
resource "aws_security_group_rule" "tcp-api-pl-44444444" {
from_port = 8443
prefix_list_ids = ["pl-44444444"]
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 8443
type = "ingress"
resource "aws_security_group_rule" "tcp-api-cp" {
from_port = 8443
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.api-elb-complex-example-com.id
to_port = 8443
type = "ingress"
}
resource "aws_sqs_queue" "complex-example-com-nth" {

54
tests/integration/update_cluster/existing_sg/kubernetes.tf
View File

@ -1643,6 +1643,60 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-sg-master-1a-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = "sg-elb"
source_security_group_id = "sg-master-1a"
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-sg-master-1b-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = "sg-elb"
source_security_group_id = "sg-master-1b"
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = "sg-elb"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-elb"
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp-sg-master-1a" {
from_port = 3
protocol = "icmp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-elb"
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp-sg-master-1b" {
from_port = 3
protocol = "icmp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-elb"
to_port = 4
type = "ingress"
}
resource "aws_sqs_queue" "existingsg-example-com-nth" {
message_retention_seconds = 300
name = "existingsg-example-com-nth"

18
tests/integration/update_cluster/externalpolicies/kubernetes.tf
View File

@ -1052,6 +1052,24 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-externalpolicies-example-com.id
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.api-elb-externalpolicies-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "nodeport-tcp-external-to-node-1-2-3-4--32" {
cidr_blocks = ["1.2.3.4/32"]
from_port = 28000

70
tests/integration/update_cluster/minimal-dns-none/kubernetes.tf
View File

@ -572,6 +572,7 @@ resource "aws_lb" "api-minimal-example-com" {
internal = false
load_balancer_type = "network"
name = "api-minimal-example-com-gecgf7"
security_groups = [aws_security_group.api-elb-minimal-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.us-test-1a-minimal-example-com.id
}
@ -864,11 +865,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-min
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 443
type = "ingress"
}
@ -891,15 +892,33 @@ resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-nodes-minimal-
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-minimal-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1000,41 +1019,50 @@ resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-example-com.id
security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-minimal-example-com.id
source_security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.masters-minimal-example-com.id
security_group_id = aws_security_group.api-elb-minimal-example-com.id
to_port = -1
type = "ingress"
}
resource "aws_security_group_rule" "kops-controller-lb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 3988
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 3988
type = "ingress"
}
resource "aws_sqs_queue" "minimal-example-com-nth" {
message_retention_seconds = 300
name = "minimal-example-com-nth"

61
tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf
View File

@ -619,6 +619,7 @@ resource "aws_lb" "api-minimal-ipv6-example-com" {
ip_address_type = "dualstack"
load_balancer_type = "network"
name = "api-minimal-ipv6-example--jhj9te"
security_groups = [aws_security_group.api-elb-minimal-ipv6-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-minimal-ipv6-example-com.id
}
@ -1031,11 +1032,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-min
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
@ -1058,15 +1059,33 @@ resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-nodes-minimal-
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1176,28 +1195,46 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = -1
type = "ingress"
}

61
tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf
View File

@ -619,6 +619,7 @@ resource "aws_lb" "api-minimal-ipv6-example-com" {
ip_address_type = "dualstack"
load_balancer_type = "network"
name = "api-minimal-ipv6-example--jhj9te"
security_groups = [aws_security_group.api-elb-minimal-ipv6-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-minimal-ipv6-example-com.id
}
@ -1031,11 +1032,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-min
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
@ -1058,15 +1059,33 @@ resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-nodes-minimal-
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1167,28 +1186,46 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = -1
type = "ingress"
}

61
tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf
View File

@ -619,6 +619,7 @@ resource "aws_lb" "api-minimal-ipv6-example-com" {
ip_address_type = "dualstack"
load_balancer_type = "network"
name = "api-minimal-ipv6-example--jhj9te"
security_groups = [aws_security_group.api-elb-minimal-ipv6-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-minimal-ipv6-example-com.id
}
@ -1023,11 +1024,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-min
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
@ -1050,15 +1051,33 @@ resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-nodes-minimal-
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1159,28 +1178,46 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = -1
type = "ingress"
}

61
tests/integration/update_cluster/minimal-ipv6/kubernetes.tf
View File

@ -619,6 +619,7 @@ resource "aws_lb" "api-minimal-ipv6-example-com" {
ip_address_type = "dualstack"
load_balancer_type = "network"
name = "api-minimal-ipv6-example--jhj9te"
security_groups = [aws_security_group.api-elb-minimal-ipv6-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-minimal-ipv6-example-com.id
}
@ -1023,11 +1024,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-min
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
@ -1050,15 +1051,33 @@ resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-nodes-minimal-
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1159,28 +1178,46 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = -1
type = "ingress"
}

87
tests/integration/update_cluster/private-shared-ip/kubernetes.tf
View File

@ -754,6 +754,7 @@ resource "aws_lb" "bastion-private-shared-ip-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-private-shared-ip-eepmph"
security_groups = [aws_security_group.bastion-elb-private-shared-ip-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-private-shared-ip-example-com.id
}
@ -1037,6 +1038,17 @@ resource "aws_security_group" "api-elb-private-shared-ip-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-elb-private-shared-ip-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.private-shared-ip.example.com"
tags = {
"KubernetesCluster" = "private-shared-ip.example.com"
"Name" = "bastion-elb.private-shared-ip.example.com"
"kubernetes.io/cluster/private-shared-ip.example.com" = "owned"
}
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-private-shared-ip-example-com" {
description = "Security group for bastion"
name = "bastion.private-shared-ip.example.com"
@ -1070,11 +1082,11 @@ resource "aws_security_group" "nodes-private-shared-ip-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-private-shared-ip-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-private-shared-ip-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
@ -1088,11 +1100,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-private-shared-ip-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-private-shared-ip-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
@ -1115,6 +1127,42 @@ resource "aws_security_group_rule" "from-api-elb-private-shared-ip-example-com-e
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-ip-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-ip-example-com-ingress-icmp-3to4-bastion-private-shared-ip-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-ip-example-com-ingress-tcp-22to22-bastion-private-shared-ip-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1133,6 +1181,15 @@ resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-e
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-ingress-icmp-3to4-bastion-elb-private-shared-ip-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-ingress-tcp-22to22-masters-private-shared-ip-example-com" {
from_port = 22
protocol = "tcp"
@ -1268,11 +1325,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.api-elb-private-shared-ip-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 4
type = "ingress"
}
@ -1281,7 +1356,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/private-shared-subnet/kubernetes.tf
View File

@ -749,6 +749,7 @@ resource "aws_lb" "bastion-private-shared-subnet-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-private-shared-su-5ol32q"
security_groups = [aws_security_group.bastion-elb-private-shared-subnet-example-com.id]
subnet_mapping {
subnet_id = "subnet-abcdef"
}
@ -974,6 +975,17 @@ resource "aws_security_group" "api-elb-private-shared-subnet-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-elb-private-shared-subnet-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.private-shared-subnet.example.com"
tags = {
"KubernetesCluster" = "private-shared-subnet.example.com"
"Name" = "bastion-elb.private-shared-subnet.example.com"
"kubernetes.io/cluster/private-shared-subnet.example.com" = "owned"
}
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-private-shared-subnet-example-com" {
description = "Security group for bastion"
name = "bastion.private-shared-subnet.example.com"
@ -1007,11 +1019,11 @@ resource "aws_security_group" "nodes-private-shared-subnet-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-private-shared-subnet-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-private-shared-subnet-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
@ -1025,11 +1037,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-private-shared-subnet-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-private-shared-subnet-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
@ -1052,6 +1064,42 @@ resource "aws_security_group_rule" "from-api-elb-private-shared-subnet-example-c
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-subnet-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-subnet-example-com-ingress-icmp-3to4-bastion-private-shared-subnet-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-private-shared-subnet-example-com-ingress-tcp-22to22-bastion-private-shared-subnet-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1070,6 +1118,15 @@ resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-c
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-com-ingress-icmp-3to4-bastion-elb-private-shared-subnet-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-com-ingress-tcp-22to22-masters-private-shared-subnet-example-com" {
from_port = 22
protocol = "tcp"
@ -1205,11 +1262,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.api-elb-private-shared-subnet-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 4
type = "ingress"
}
@ -1218,7 +1293,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 4
type = "ingress"
}

93
tests/integration/update_cluster/privatecalico/kubernetes.tf
View File

@ -768,6 +768,7 @@ resource "aws_lb" "bastion-privatecalico-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatecalico-exa-hocohm"
security_groups = [aws_security_group.bastion-elb-privatecalico-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatecalico-example-com.id
}
@ -1067,6 +1068,17 @@ resource "aws_security_group" "api-elb-privatecalico-example-com" {
vpc_id = aws_vpc.privatecalico-example-com.id
}
resource "aws_security_group" "bastion-elb-privatecalico-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatecalico.example.com"
tags = {
"KubernetesCluster" = "privatecalico.example.com"
"Name" = "bastion-elb.privatecalico.example.com"
"kubernetes.io/cluster/privatecalico.example.com" = "owned"
}
vpc_id = aws_vpc.privatecalico-example-com.id
}
resource "aws_security_group" "bastion-privatecalico-example-com" {
description = "Security group for bastion"
name = "bastion.privatecalico.example.com"
@ -1100,11 +1112,11 @@ resource "aws_security_group" "nodes-privatecalico-example-com" {
vpc_id = aws_vpc.privatecalico-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatecalico-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecalico-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
@ -1118,20 +1130,20 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatecalico-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatecalico-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-bastion-privatecalico-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-bastion-elb-privatecalico-example-com" {
from_port = 22
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
@ -1163,6 +1175,42 @@ resource "aws_security_group_rule" "from-api-elb-privatecalico-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecalico-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecalico-example-com-ingress-icmp-3to4-bastion-privatecalico-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecalico-example-com-ingress-tcp-22to22-bastion-privatecalico-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1181,6 +1229,15 @@ resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-ingress-icmp-3to4-bastion-elb-privatecalico-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
source_security_group_id = aws_security_group.bastion-privatecalico-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-ingress-tcp-22to22-masters-privatecalico-example-com" {
from_port = 22
protocol = "tcp"
@ -1325,11 +1382,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatecalico-example-com.id
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.api-elb-privatecalico-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 4
type = "ingress"
}
@ -1338,7 +1413,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 4
type = "ingress"
}
@ -1356,7 +1431,7 @@ resource "aws_security_group_rule" "icmpv6-pmtu-ssh-nlb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = -1
type = "ingress"
}

87
tests/integration/update_cluster/privatecanal/kubernetes.tf
View File

@ -772,6 +772,7 @@ resource "aws_lb" "bastion-privatecanal-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatecanal-exam-hmhsp5"
security_groups = [aws_security_group.bastion-elb-privatecanal-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatecanal-example-com.id
}
@ -1071,6 +1072,17 @@ resource "aws_security_group" "api-elb-privatecanal-example-com" {
vpc_id = aws_vpc.privatecanal-example-com.id
}
resource "aws_security_group" "bastion-elb-privatecanal-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatecanal.example.com"
tags = {
"KubernetesCluster" = "privatecanal.example.com"
"Name" = "bastion-elb.privatecanal.example.com"
"kubernetes.io/cluster/privatecanal.example.com" = "owned"
}
vpc_id = aws_vpc.privatecanal-example-com.id
}
resource "aws_security_group" "bastion-privatecanal-example-com" {
description = "Security group for bastion"
name = "bastion.privatecanal.example.com"
@ -1104,11 +1116,11 @@ resource "aws_security_group" "nodes-privatecanal-example-com" {
vpc_id = aws_vpc.privatecanal-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatecanal-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecanal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
@ -1122,11 +1134,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatecanal-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatecanal-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
@ -1149,6 +1161,42 @@ resource "aws_security_group_rule" "from-api-elb-privatecanal-example-com-egress
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecanal-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecanal-example-com-ingress-icmp-3to4-bastion-privatecanal-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecanal-example-com-ingress-tcp-22to22-bastion-privatecanal-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1167,6 +1215,15 @@ resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-egress
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-ingress-icmp-3to4-bastion-elb-privatecanal-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
source_security_group_id = aws_security_group.bastion-privatecanal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-ingress-tcp-22to22-masters-privatecanal-example-com" {
from_port = 22
protocol = "tcp"
@ -1302,11 +1359,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatecanal-example-com.id
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.api-elb-privatecanal-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 4
type = "ingress"
}
@ -1315,7 +1390,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/privatecilium-eni/kubernetes.tf
View File

@ -772,6 +772,7 @@ resource "aws_lb" "bastion-privatecilium-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatecilium-exa-l2ms01"
security_groups = [aws_security_group.bastion-elb-privatecilium-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatecilium-example-com.id
}
@ -1063,6 +1064,17 @@ resource "aws_security_group" "api-elb-privatecilium-example-com" {
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group" "bastion-elb-privatecilium-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatecilium.example.com"
tags = {
"KubernetesCluster" = "privatecilium.example.com"
"Name" = "bastion-elb.privatecilium.example.com"
"kubernetes.io/cluster/privatecilium.example.com" = "owned"
}
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group" "bastion-privatecilium-example-com" {
description = "Security group for bastion"
name = "bastion.privatecilium.example.com"
@ -1096,11 +1108,11 @@ resource "aws_security_group" "nodes-privatecilium-example-com" {
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatecilium-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
@ -1114,11 +1126,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatecilium-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
@ -1141,6 +1153,42 @@ resource "aws_security_group_rule" "from-api-elb-privatecilium-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-icmp-3to4-bastion-privatecilium-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-tcp-22to22-bastion-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1159,6 +1207,15 @@ resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-icmp-3to4-bastion-elb-privatecilium-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-masters-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
@ -1294,11 +1351,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
@ -1307,7 +1382,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/privatecilium/kubernetes.tf
View File

@ -772,6 +772,7 @@ resource "aws_lb" "bastion-privatecilium-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatecilium-exa-l2ms01"
security_groups = [aws_security_group.bastion-elb-privatecilium-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatecilium-example-com.id
}
@ -1063,6 +1064,17 @@ resource "aws_security_group" "api-elb-privatecilium-example-com" {
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group" "bastion-elb-privatecilium-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatecilium.example.com"
tags = {
"KubernetesCluster" = "privatecilium.example.com"
"Name" = "bastion-elb.privatecilium.example.com"
"kubernetes.io/cluster/privatecilium.example.com" = "owned"
}
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group" "bastion-privatecilium-example-com" {
description = "Security group for bastion"
name = "bastion.privatecilium.example.com"
@ -1096,11 +1108,11 @@ resource "aws_security_group" "nodes-privatecilium-example-com" {
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatecilium-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
@ -1114,11 +1126,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatecilium-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
@ -1141,6 +1153,42 @@ resource "aws_security_group_rule" "from-api-elb-privatecilium-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-icmp-3to4-bastion-privatecilium-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-tcp-22to22-bastion-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1159,6 +1207,15 @@ resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-icmp-3to4-bastion-elb-privatecilium-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-masters-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
@ -1294,11 +1351,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
@ -1307,7 +1382,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/privatecilium2/kubernetes.tf
View File

@ -772,6 +772,7 @@ resource "aws_lb" "bastion-privatecilium-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatecilium-exa-l2ms01"
security_groups = [aws_security_group.bastion-elb-privatecilium-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatecilium-example-com.id
}
@ -1079,6 +1080,17 @@ resource "aws_security_group" "api-elb-privatecilium-example-com" {
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group" "bastion-elb-privatecilium-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatecilium.example.com"
tags = {
"KubernetesCluster" = "privatecilium.example.com"
"Name" = "bastion-elb.privatecilium.example.com"
"kubernetes.io/cluster/privatecilium.example.com" = "owned"
}
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group" "bastion-privatecilium-example-com" {
description = "Security group for bastion"
name = "bastion.privatecilium.example.com"
@ -1112,11 +1124,11 @@ resource "aws_security_group" "nodes-privatecilium-example-com" {
vpc_id = aws_vpc.privatecilium-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatecilium-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
@ -1130,11 +1142,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatecilium-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
@ -1157,6 +1169,42 @@ resource "aws_security_group_rule" "from-api-elb-privatecilium-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-icmp-3to4-bastion-privatecilium-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-tcp-22to22-bastion-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1175,6 +1223,15 @@ resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-icmp-3to4-bastion-elb-privatecilium-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-masters-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
@ -1310,11 +1367,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}
@ -1323,7 +1398,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf
View File

@ -789,6 +789,7 @@ resource "aws_lb" "bastion-privateciliumadvanced-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privateciliumadva-0jni40"
security_groups = [aws_security_group.bastion-elb-privateciliumadvanced-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privateciliumadvanced-example-com.id
}
@ -1096,6 +1097,17 @@ resource "aws_security_group" "api-elb-privateciliumadvanced-example-com" {
vpc_id = aws_vpc.privateciliumadvanced-example-com.id
}
resource "aws_security_group" "bastion-elb-privateciliumadvanced-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privateciliumadvanced.example.com"
tags = {
"KubernetesCluster" = "privateciliumadvanced.example.com"
"Name" = "bastion-elb.privateciliumadvanced.example.com"
"kubernetes.io/cluster/privateciliumadvanced.example.com" = "owned"
}
vpc_id = aws_vpc.privateciliumadvanced-example-com.id
}
resource "aws_security_group" "bastion-privateciliumadvanced-example-com" {
description = "Security group for bastion"
name = "bastion.privateciliumadvanced.example.com"
@ -1129,11 +1141,11 @@ resource "aws_security_group" "nodes-privateciliumadvanced-example-com" {
vpc_id = aws_vpc.privateciliumadvanced-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privateciliumadvanced-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privateciliumadvanced-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
@ -1147,11 +1159,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privateciliumadvanced-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privateciliumadvanced-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
@ -1174,6 +1186,42 @@ resource "aws_security_group_rule" "from-api-elb-privateciliumadvanced-example-c
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateciliumadvanced-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateciliumadvanced-example-com-ingress-icmp-3to4-bastion-privateciliumadvanced-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateciliumadvanced-example-com-ingress-tcp-22to22-bastion-privateciliumadvanced-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1192,6 +1240,15 @@ resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-c
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-com-ingress-icmp-3to4-bastion-elb-privateciliumadvanced-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-com-ingress-tcp-22to22-masters-privateciliumadvanced-example-com" {
from_port = 22
protocol = "tcp"
@ -1327,11 +1384,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.api-elb-privateciliumadvanced-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 4
type = "ingress"
}
@ -1340,7 +1415,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 4
type = "ingress"
}

89
tests/integration/update_cluster/privatedns1/kubernetes.tf
View File

@ -852,6 +852,7 @@ resource "aws_lb" "bastion-privatedns1-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatedns1-examp-mbgbef"
security_groups = [aws_security_group.bastion-elb-privatedns1-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatedns1-example-com.id
}
@ -1152,6 +1153,19 @@ resource "aws_security_group" "api-elb-privatedns1-example-com" {
vpc_id = aws_vpc.privatedns1-example-com.id
}
resource "aws_security_group" "bastion-elb-privatedns1-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatedns1.example.com"
tags = {
"KubernetesCluster" = "privatedns1.example.com"
"Name" = "bastion-elb.privatedns1.example.com"
"Owner" = "John Doe"
"foo/bar" = "fib+baz"
"kubernetes.io/cluster/privatedns1.example.com" = "owned"
}
vpc_id = aws_vpc.privatedns1-example-com.id
}
resource "aws_security_group" "bastion-privatedns1-example-com" {
description = "Security group for bastion"
name = "bastion.privatedns1.example.com"
@ -1191,11 +1205,11 @@ resource "aws_security_group" "nodes-privatedns1-example-com" {
vpc_id = aws_vpc.privatedns1-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatedns1-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatedns1-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
@ -1209,11 +1223,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatedns1-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatedns1-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
@ -1236,6 +1250,42 @@ resource "aws_security_group_rule" "from-api-elb-privatedns1-example-com-egress-
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns1-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns1-example-com-ingress-icmp-3to4-bastion-privatedns1-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns1-example-com-ingress-tcp-22to22-bastion-privatedns1-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1254,6 +1304,15 @@ resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-egress-
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-ingress-icmp-3to4-bastion-elb-privatedns1-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
source_security_group_id = aws_security_group.bastion-privatedns1-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-ingress-tcp-22to22-masters-privatedns1-example-com" {
from_port = 22
protocol = "tcp"
@ -1389,11 +1448,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatedns1-example-com.id
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.api-elb-privatedns1-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 4
type = "ingress"
}
@ -1402,7 +1479,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/privatedns2/kubernetes.tf
View File

@ -763,6 +763,7 @@ resource "aws_lb" "bastion-privatedns2-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatedns2-examp-e704o2"
security_groups = [aws_security_group.bastion-elb-privatedns2-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatedns2-example-com.id
}
@ -1046,6 +1047,17 @@ resource "aws_security_group" "api-elb-privatedns2-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-elb-privatedns2-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatedns2.example.com"
tags = {
"KubernetesCluster" = "privatedns2.example.com"
"Name" = "bastion-elb.privatedns2.example.com"
"kubernetes.io/cluster/privatedns2.example.com" = "owned"
}
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-privatedns2-example-com" {
description = "Security group for bastion"
name = "bastion.privatedns2.example.com"
@ -1079,11 +1091,11 @@ resource "aws_security_group" "nodes-privatedns2-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatedns2-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatedns2-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
@ -1097,11 +1109,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatedns2-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatedns2-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
@ -1124,6 +1136,42 @@ resource "aws_security_group_rule" "from-api-elb-privatedns2-example-com-egress-
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns2-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns2-example-com-ingress-icmp-3to4-bastion-privatedns2-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatedns2-example-com-ingress-tcp-22to22-bastion-privatedns2-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1142,6 +1190,15 @@ resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-egress-
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-ingress-icmp-3to4-bastion-elb-privatedns2-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
source_security_group_id = aws_security_group.bastion-privatedns2-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-ingress-tcp-22to22-masters-privatedns2-example-com" {
from_port = 22
protocol = "tcp"
@ -1277,11 +1334,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatedns2-example-com.id
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.api-elb-privatedns2-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 4
type = "ingress"
}
@ -1290,7 +1365,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 4
type = "ingress"
}

87
tests/integration/update_cluster/privateflannel/kubernetes.tf
View File

@ -772,6 +772,7 @@ resource "aws_lb" "bastion-privateflannel-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privateflannel-ex-753531"
security_groups = [aws_security_group.bastion-elb-privateflannel-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privateflannel-example-com.id
}
@ -1071,6 +1072,17 @@ resource "aws_security_group" "api-elb-privateflannel-example-com" {
vpc_id = aws_vpc.privateflannel-example-com.id
}
resource "aws_security_group" "bastion-elb-privateflannel-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privateflannel.example.com"
tags = {
"KubernetesCluster" = "privateflannel.example.com"
"Name" = "bastion-elb.privateflannel.example.com"
"kubernetes.io/cluster/privateflannel.example.com" = "owned"
}
vpc_id = aws_vpc.privateflannel-example-com.id
}
resource "aws_security_group" "bastion-privateflannel-example-com" {
description = "Security group for bastion"
name = "bastion.privateflannel.example.com"
@ -1104,11 +1116,11 @@ resource "aws_security_group" "nodes-privateflannel-example-com" {
vpc_id = aws_vpc.privateflannel-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privateflannel-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privateflannel-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
@ -1122,11 +1134,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privateflannel-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privateflannel-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
@ -1149,6 +1161,42 @@ resource "aws_security_group_rule" "from-api-elb-privateflannel-example-com-egre
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateflannel-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateflannel-example-com-ingress-icmp-3to4-bastion-privateflannel-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privateflannel-example-com-ingress-tcp-22to22-bastion-privateflannel-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1167,6 +1215,15 @@ resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-egre
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-ingress-icmp-3to4-bastion-elb-privateflannel-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
source_security_group_id = aws_security_group.bastion-privateflannel-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-ingress-tcp-22to22-masters-privateflannel-example-com" {
from_port = 22
protocol = "tcp"
@ -1302,11 +1359,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privateflannel-example-com.id
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.api-elb-privateflannel-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 4
type = "ingress"
}
@ -1315,7 +1390,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 4
type = "ingress"
}

93
tests/integration/update_cluster/privatekopeio/kubernetes.tf
View File

@ -778,6 +778,7 @@ resource "aws_lb" "bastion-privatekopeio-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-privatekopeio-exa-d8ef8e"
security_groups = [aws_security_group.bastion-elb-privatekopeio-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-privatekopeio-example-com.id
}
@ -1088,6 +1089,17 @@ resource "aws_security_group" "api-elb-privatekopeio-example-com" {
vpc_id = aws_vpc.privatekopeio-example-com.id
}
resource "aws_security_group" "bastion-elb-privatekopeio-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.privatekopeio.example.com"
tags = {
"KubernetesCluster" = "privatekopeio.example.com"
"Name" = "bastion-elb.privatekopeio.example.com"
"kubernetes.io/cluster/privatekopeio.example.com" = "owned"
}
vpc_id = aws_vpc.privatekopeio-example-com.id
}
resource "aws_security_group" "bastion-privatekopeio-example-com" {
description = "Security group for bastion"
name = "bastion.privatekopeio.example.com"
@ -1121,11 +1133,11 @@ resource "aws_security_group" "nodes-privatekopeio-example-com" {
vpc_id = aws_vpc.privatekopeio-example-com.id
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-privatekopeio-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatekopeio-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
@ -1139,20 +1151,20 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-privatekopeio-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-privatekopeio-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-8-0--22-ingress-tcp-22to22-bastion-privatekopeio-example-com" {
resource "aws_security_group_rule" "from-172-20-8-0--22-ingress-tcp-22to22-bastion-elb-privatekopeio-example-com" {
cidr_blocks = ["172.20.8.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
@ -1175,6 +1187,42 @@ resource "aws_security_group_rule" "from-api-elb-privatekopeio-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatekopeio-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatekopeio-example-com-ingress-icmp-3to4-bastion-privatekopeio-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-privatekopeio-example-com-ingress-tcp-22to22-bastion-privatekopeio-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1193,6 +1241,15 @@ resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-egres
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-ingress-icmp-3to4-bastion-elb-privatekopeio-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
source_security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-ingress-tcp-22to22-masters-privatekopeio-example-com" {
from_port = 22
protocol = "tcp"
@ -1328,11 +1385,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-privatekopeio-example-com.id
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.api-elb-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}
@ -1341,7 +1416,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}
@ -1350,7 +1425,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-8-0--22" {
cidr_blocks = ["172.20.8.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 4
type = "ingress"
}

61
tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf
View File

@ -601,6 +601,7 @@ resource "aws_lb" "api-minimal-ipv6-example-com" {
ip_address_type = "dualstack"
load_balancer_type = "network"
name = "api-minimal-ipv6-example--jhj9te"
security_groups = [aws_security_group.api-elb-minimal-ipv6-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-minimal-ipv6-example-com.id
}
@ -1005,11 +1006,11 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-min
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
@ -1032,15 +1033,33 @@ resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-nodes-minimal-
type = "ingress"
}
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-masters-minimal-ipv6-example-com" {
resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-minimal-ipv6-example-com" {
from_port = 443
ipv6_cidr_blocks = ["::/0"]
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-api-elb-minimal-ipv6-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-minimal-ipv6-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1141,28 +1160,46 @@ resource "aws_security_group_rule" "from-nodes-minimal-ipv6-example-com-ingress-
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
source_security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
from_port = -1
ipv6_cidr_blocks = ["::/0"]
protocol = "icmpv6"
security_group_id = aws_security_group.masters-minimal-ipv6-example-com.id
security_group_id = aws_security_group.api-elb-minimal-ipv6-example-com.id
to_port = -1
type = "ingress"
}

93
tests/integration/update_cluster/unmanaged/kubernetes.tf
View File

@ -754,6 +754,7 @@ resource "aws_lb" "bastion-unmanaged-example-com" {
internal = false
load_balancer_type = "network"
name = "bastion-unmanaged-example-d7bn3d"
security_groups = [aws_security_group.bastion-elb-unmanaged-example-com.id]
subnet_mapping {
subnet_id = aws_subnet.utility-us-test-1a-unmanaged-example-com.id
}
@ -982,6 +983,17 @@ resource "aws_security_group" "api-elb-unmanaged-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-elb-unmanaged-example-com" {
description = "Security group for bastion ELB"
name = "bastion-elb.unmanaged.example.com"
tags = {
"KubernetesCluster" = "unmanaged.example.com"
"Name" = "bastion-elb.unmanaged.example.com"
"kubernetes.io/cluster/unmanaged.example.com" = "owned"
}
vpc_id = "vpc-12345678"
}
resource "aws_security_group" "bastion-unmanaged-example-com" {
description = "Security group for bastion"
name = "bastion.unmanaged.example.com"
@ -1015,11 +1027,11 @@ resource "aws_security_group" "nodes-unmanaged-example-com" {
vpc_id = "vpc-12345678"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-unmanaged-example-com" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-unmanaged-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
@ -1033,20 +1045,20 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-unmanaged-example-com" {
resource "aws_security_group_rule" "from-172-20-4-0--22-ingress-tcp-22to22-bastion-elb-unmanaged-example-com" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-172-20-8-0--22-ingress-tcp-22to22-bastion-unmanaged-example-com" {
resource "aws_security_group_rule" "from-172-20-8-0--22-ingress-tcp-22to22-bastion-elb-unmanaged-example-com" {
cidr_blocks = ["172.20.8.0/22"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
@ -1069,6 +1081,42 @@ resource "aws_security_group_rule" "from-api-elb-unmanaged-example-com-egress-al
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-unmanaged-example-com-egress-all-0to0-__--0" {
from_port = 0
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-elb-unmanaged-example-com-ingress-icmp-3to4-bastion-unmanaged-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
source_security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-elb-unmanaged-example-com-ingress-tcp-22to22-bastion-unmanaged-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
source_security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
@ -1087,6 +1135,15 @@ resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-egress-al
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-ingress-icmp-3to4-bastion-elb-unmanaged-example-com" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
source_security_group_id = aws_security_group.bastion-unmanaged-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-ingress-tcp-22to22-masters-unmanaged-example-com" {
from_port = 22
protocol = "tcp"
@ -1222,11 +1279,29 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-cp-to-elb" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.api-elb-unmanaged-example-com.id
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-elb-to-cp" {
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.api-elb-unmanaged-example-com.id
to_port = 4
type = "ingress"
}
resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 4
type = "ingress"
}
@ -1235,7 +1310,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-4-0--22" {
cidr_blocks = ["172.20.4.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 4
type = "ingress"
}
@ -1244,7 +1319,7 @@ resource "aws_security_group_rule" "icmp-pmtu-ssh-nlb-172-20-8-0--22" {
cidr_blocks = ["172.20.8.0/22"]
from_port = 3
protocol = "icmp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 4
type = "ingress"
}