mirror of https://github.com/kubernetes/kops.git
Apply suggestions from code review
Co-Authored-By: Peter Rifel <rifelpet@users.noreply.github.com>
This commit is contained in:
Ole Markus With
Ole Markus With
parent
5cc9e4e63b
commit
a7f631e7c9
|
|
@ -47,7 +47,7 @@ func (b *CiliumBuilder) Build(c *fi.ModelBuilderContext) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
if err := b.builldBPFMount(c); err != nil {
|
||||
if err := b.buildBPFMount(c); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -61,7 +61,7 @@ func (b *CiliumBuilder) Build(c *fi.ModelBuilderContext) error {
|
|||
|
||||
}
|
||||
|
||||
func (b *CiliumBuilder) builldBPFMount(c *fi.ModelBuilderContext) error {
|
||||
func (b *CiliumBuilder) buildBPFMount(c *fi.ModelBuilderContext) error {
|
||||
|
||||
var fsdata unix.Statfs_t
|
||||
err := unix.Statfs("/sys/fs/bpf", &fsdata)
|
||||
|
|
@ -163,7 +163,7 @@ func (b *CiliumBuilder) buildCiliumEtcdSecrets(c *fi.ModelBuilderContext) error
|
|||
privateKeyBytes := pkiutil.EncodePrivateKeyPEM(privateKey)
|
||||
|
||||
certConfig := &certutil.Config{
|
||||
CommonName: "kube-apiserver",
|
||||
CommonName: "cilium",
|
||||
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -240,11 +240,15 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
|
|||
// Don't allow nodes to access etcd peer port
|
||||
tcpBlocked[2380] = true
|
||||
tcpBlocked[2381] = true
|
||||
tcpBlocked[2382] = true
|
||||
|
||||
udpRanges := []portRange{{From: 1, To: 65535}}
|
||||
protocols := []Protocol{}
|
||||
|
||||
if b.Cluster.Spec.Networking.Cilium != nil && b.Cluster.Spec.Networking.Cilium.EtcdManaged {
|
||||
// Block the etcd peer port
|
||||
tcpBlocked[2382] = true
|
||||
}
|
||||
|
||||
if b.Cluster.Spec.Networking.Calico != nil {
|
||||
// Calico needs to access etcd
|
||||
// TODO: Remove, replace with etcd in calico manifest
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -359,7 +359,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesadditionalcidrexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -546,8 +546,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-additionalcidr-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-additionalcidr-example-com.id
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -359,7 +359,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -453,8 +453,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-crosszone-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-crosszone-example-com.id
|
||||
|
|
|
|||
|
|
@ -639,8 +639,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4001" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4001" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
|
|
|
|||
|
|
@ -495,7 +495,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -504,7 +504,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -459,8 +459,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -359,7 +359,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -438,8 +438,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
|
|
|
|||
|
|
@ -346,7 +346,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -355,7 +355,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -770,8 +770,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-sg-master
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-default" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-default" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = "sg-nodes"
|
||||
|
|
@ -779,8 +779,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-defaul
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-sg-master-1a" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-master-1a" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = "sg-nodes"
|
||||
|
|
@ -788,8 +788,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-sg-mas
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-sg-master-1b" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-master-1b" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = "sg-nodes"
|
||||
|
|
|
|||
|
|
@ -359,7 +359,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -368,7 +368,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -367,8 +367,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
|
|
|
|||
|
|
@ -463,8 +463,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
|
|
|
|||
|
|
@ -546,8 +546,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
|
|
|
|||
|
|
@ -807,7 +807,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -816,7 +816,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -662,8 +662,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -359,7 +359,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -420,11 +420,11 @@
|
|||
"to_port": 2379,
|
||||
"protocol": "tcp"
|
||||
},
|
||||
"node-to-master-tcp-2383-4000": {
|
||||
"node-to-master-tcp-2382-4000": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"from_port": 2383,
|
||||
"from_port": 2382,
|
||||
"to_port": 4000,
|
||||
"protocol": "tcp"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -399,11 +399,11 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
protocol = "tcp"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
type = "ingress"
|
||||
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
|
||||
source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
|
||||
from_port = 2383
|
||||
from_port = 2382
|
||||
to_port = 4000
|
||||
protocol = "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -352,8 +352,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
|
|
|
|||
|
|
@ -621,7 +621,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -630,7 +630,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -594,8 +594,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
|
|
|
|||
|
|
@ -622,7 +622,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -631,7 +631,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -594,8 +594,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
|
|
|
|||
|
|
@ -348,7 +348,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -357,7 +357,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesnosshkeyexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4000,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -446,8 +446,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-nosshkey-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-nosshkey-example-com.id
|
||||
|
|
|
|||
|
|
@ -549,8 +549,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
|
|
|
|||
|
|
@ -637,7 +637,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834001": {
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824001": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -646,7 +646,7 @@
|
|||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 2383,
|
||||
"FromPort": 2382,
|
||||
"ToPort": 4001,
|
||||
"IpProtocol": "tcp"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -638,8 +638,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4001" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4001" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
|
|
|
|||
|
|
@ -629,8 +629,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
|
|
|
|||
|
|
@ -682,8 +682,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
|
|
|
|||
|
|
@ -615,8 +615,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
|
|
|
|||
|
|
@ -629,8 +629,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
|
|
|
|||
|
|
@ -651,8 +651,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
|
|
|
|||
|
|
@ -629,8 +629,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
|
|
|
|||
|
|
@ -361,8 +361,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-restrictaccess-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-restrictaccess-example-com.id
|
||||
|
|
|
|||
|
|
@ -317,8 +317,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
|
|
|
|||
|
|
@ -338,8 +338,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
|
|
|
|||
|
|
@ -554,8 +554,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
from_port = 2383
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
|
|
|
|||
Loading…
Reference in New Issue