From a7f631e7c9b45c5cd5ee05c32f8de404d4927ba0 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Thu, 16 Apr 2020 07:32:33 +0200 Subject: [PATCH] Apply suggestions from code review Co-Authored-By: Peter Rifel --- nodeup/pkg/model/cilium.go | 6 +++--- pkg/model/firewall.go | 6 +++++- .../additional_cidr/cloudformation.json | 4 ++-- .../update_cluster/additional_cidr/kubernetes.tf | 4 ++-- .../additional_user-data/cloudformation.json | 4 ++-- .../update_cluster/api_elb_cross_zone/kubernetes.tf | 4 ++-- .../bastionadditional_user-data/kubernetes.tf | 4 ++-- .../update_cluster/complex/cloudformation.json | 4 ++-- .../integration/update_cluster/complex/kubernetes.tf | 4 ++-- .../containerd-cloudformation/cloudformation.json | 4 ++-- .../update_cluster/existing_iam/kubernetes.tf | 4 ++-- .../existing_iam_cloudformation/cloudformation.json | 4 ++-- .../update_cluster/existing_sg/kubernetes.tf | 12 ++++++------ .../update_cluster/externallb/cloudformation.json | 4 ++-- .../update_cluster/externallb/kubernetes.tf | 4 ++-- .../update_cluster/externalpolicies/kubernetes.tf | 4 ++-- tests/integration/update_cluster/ha/kubernetes.tf | 4 ++-- .../launch_templates/cloudformation.json | 4 ++-- .../update_cluster/launch_templates/kubernetes.tf | 4 ++-- .../minimal-cloudformation/cloudformation.json | 4 ++-- .../update_cluster/minimal-json/kubernetes.tf.json | 4 ++-- .../update_cluster/minimal-tf11/kubernetes.tf | 4 ++-- .../integration/update_cluster/minimal/kubernetes.tf | 4 ++-- .../mixed_instances/cloudformation.json | 4 ++-- .../update_cluster/mixed_instances/kubernetes.tf | 4 ++-- .../mixed_instances_spot/cloudformation.json | 4 ++-- .../mixed_instances_spot/kubernetes.tf | 4 ++-- .../nosshkey-cloudformation/cloudformation.json | 4 ++-- .../update_cluster/nosshkey/kubernetes.tf | 4 ++-- .../private-shared-subnet/kubernetes.tf | 4 ++-- .../update_cluster/privatecalico/cloudformation.json | 4 ++-- .../update_cluster/privatecalico/kubernetes.tf | 4 ++-- .../update_cluster/privatecanal/kubernetes.tf | 4 ++-- .../update_cluster/privatedns1/kubernetes.tf | 4 ++-- .../update_cluster/privatedns2/kubernetes.tf | 4 ++-- .../update_cluster/privateflannel/kubernetes.tf | 4 ++-- .../update_cluster/privatekopeio/kubernetes.tf | 4 ++-- .../update_cluster/privateweave/kubernetes.tf | 4 ++-- .../update_cluster/restrict_access/kubernetes.tf | 4 ++-- .../update_cluster/shared_subnet/kubernetes.tf | 4 ++-- .../update_cluster/shared_vpc/kubernetes.tf | 4 ++-- .../update_cluster/unmanaged/kubernetes.tf | 4 ++-- 42 files changed, 92 insertions(+), 88 deletions(-) diff --git a/nodeup/pkg/model/cilium.go b/nodeup/pkg/model/cilium.go index 739e1ed8fc..0840e2925d 100644 --- a/nodeup/pkg/model/cilium.go +++ b/nodeup/pkg/model/cilium.go @@ -47,7 +47,7 @@ func (b *CiliumBuilder) Build(c *fi.ModelBuilderContext) error { return nil } - if err := b.builldBPFMount(c); err != nil { + if err := b.buildBPFMount(c); err != nil { return err } @@ -61,7 +61,7 @@ func (b *CiliumBuilder) Build(c *fi.ModelBuilderContext) error { } -func (b *CiliumBuilder) builldBPFMount(c *fi.ModelBuilderContext) error { +func (b *CiliumBuilder) buildBPFMount(c *fi.ModelBuilderContext) error { var fsdata unix.Statfs_t err := unix.Statfs("/sys/fs/bpf", &fsdata) @@ -163,7 +163,7 @@ func (b *CiliumBuilder) buildCiliumEtcdSecrets(c *fi.ModelBuilderContext) error privateKeyBytes := pkiutil.EncodePrivateKeyPEM(privateKey) certConfig := &certutil.Config{ - CommonName: "kube-apiserver", + CommonName: "cilium", Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, } diff --git a/pkg/model/firewall.go b/pkg/model/firewall.go index 81de7f0816..7cb4ebfb42 100644 --- a/pkg/model/firewall.go +++ b/pkg/model/firewall.go @@ -240,11 +240,15 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu // Don't allow nodes to access etcd peer port tcpBlocked[2380] = true tcpBlocked[2381] = true - tcpBlocked[2382] = true udpRanges := []portRange{{From: 1, To: 65535}} protocols := []Protocol{} + if b.Cluster.Spec.Networking.Cilium != nil && b.Cluster.Spec.Networking.Cilium.EtcdManaged { + // Block the etcd peer port + tcpBlocked[2382] = true + } + if b.Cluster.Spec.Networking.Calico != nil { // Calico needs to access etcd // TODO: Remove, replace with etcd in calico manifest diff --git a/tests/integration/update_cluster/additional_cidr/cloudformation.json b/tests/integration/update_cluster/additional_cidr/cloudformation.json index bc033fdba5..2ba080d50a 100644 --- a/tests/integration/update_cluster/additional_cidr/cloudformation.json +++ b/tests/integration/update_cluster/additional_cidr/cloudformation.json @@ -350,7 +350,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -359,7 +359,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionalcidrexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/additional_cidr/kubernetes.tf b/tests/integration/update_cluster/additional_cidr/kubernetes.tf index 99326ddeb6..535930b53c 100644 --- a/tests/integration/update_cluster/additional_cidr/kubernetes.tf +++ b/tests/integration/update_cluster/additional_cidr/kubernetes.tf @@ -546,8 +546,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-additionalcidr-example-com.id source_security_group_id = aws_security_group.nodes-additionalcidr-example-com.id diff --git a/tests/integration/update_cluster/additional_user-data/cloudformation.json b/tests/integration/update_cluster/additional_user-data/cloudformation.json index 095d364977..2d6506fd3d 100644 --- a/tests/integration/update_cluster/additional_user-data/cloudformation.json +++ b/tests/integration/update_cluster/additional_user-data/cloudformation.json @@ -350,7 +350,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -359,7 +359,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/api_elb_cross_zone/kubernetes.tf b/tests/integration/update_cluster/api_elb_cross_zone/kubernetes.tf index 497091555d..5c13c755ac 100644 --- a/tests/integration/update_cluster/api_elb_cross_zone/kubernetes.tf +++ b/tests/integration/update_cluster/api_elb_cross_zone/kubernetes.tf @@ -453,8 +453,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-crosszone-example-com.id source_security_group_id = aws_security_group.nodes-crosszone-example-com.id diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index 88611f22c9..3e7c741486 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -639,8 +639,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4001" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4001" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-bastionuserdata-example-com.id source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index 6520b00444..80f2d98584 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -495,7 +495,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -504,7 +504,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodescomplexexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf index 7a202e1f8f..df6d4ad669 100644 --- a/tests/integration/update_cluster/complex/kubernetes.tf +++ b/tests/integration/update_cluster/complex/kubernetes.tf @@ -459,8 +459,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-complex-example-com.id source_security_group_id = aws_security_group.nodes-complex-example-com.id diff --git a/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json b/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json index 67be6a8758..80774ad5fa 100644 --- a/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json @@ -350,7 +350,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -359,7 +359,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index b5ac85b3f9..62ec92de28 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -438,8 +438,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-existing-iam-example-com.id source_security_group_id = aws_security_group.nodes-existing-iam-example-com.id diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json index d008de67e1..da898c020e 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json @@ -346,7 +346,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -355,7 +355,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesminimalexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index c123dc316e..f22ad6bc9d 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -770,8 +770,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-sg-master type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-default" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-default" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-existingsg-example-com.id source_security_group_id = "sg-nodes" @@ -779,8 +779,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-defaul type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-sg-master-1a" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-master-1a" { + from_port = 2382 protocol = "tcp" security_group_id = "sg-master-1a" source_security_group_id = "sg-nodes" @@ -788,8 +788,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-sg-mas type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000-sg-nodes-sg-master-1b" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-master-1b" { + from_port = 2382 protocol = "tcp" security_group_id = "sg-master-1b" source_security_group_id = "sg-nodes" diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index 8ccf77287c..5960ddacd0 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -359,7 +359,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -368,7 +368,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index b25216eac0..098bc9eed3 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -367,8 +367,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-externallb-example-com.id source_security_group_id = aws_security_group.nodes-externallb-example-com.id diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index fe897dbb22..56eb11fae4 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -463,8 +463,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-externalpolicies-example-com.id source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index d382df8bde..3111041946 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -546,8 +546,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-ha-example-com.id source_security_group_id = aws_security_group.nodes-ha-example-com.id diff --git a/tests/integration/update_cluster/launch_templates/cloudformation.json b/tests/integration/update_cluster/launch_templates/cloudformation.json index 26fe308327..cfb4a0e841 100644 --- a/tests/integration/update_cluster/launch_templates/cloudformation.json +++ b/tests/integration/update_cluster/launch_templates/cloudformation.json @@ -807,7 +807,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -816,7 +816,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/launch_templates/kubernetes.tf b/tests/integration/update_cluster/launch_templates/kubernetes.tf index 3af3629001..f7abc21cc6 100644 --- a/tests/integration/update_cluster/launch_templates/kubernetes.tf +++ b/tests/integration/update_cluster/launch_templates/kubernetes.tf @@ -662,8 +662,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-launchtemplates-example-com.id source_security_group_id = aws_security_group.nodes-launchtemplates-example-com.id diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json index c8f66185e1..ac9c90f590 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json @@ -350,7 +350,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -359,7 +359,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesminimalexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json index 5b4ad3ada4..15f94b4765 100644 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json @@ -420,11 +420,11 @@ "to_port": 2379, "protocol": "tcp" }, - "node-to-master-tcp-2383-4000": { + "node-to-master-tcp-2382-4000": { "type": "ingress", "security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}", "source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}", - "from_port": 2383, + "from_port": 2382, "to_port": 4000, "protocol": "tcp" }, diff --git a/tests/integration/update_cluster/minimal-tf11/kubernetes.tf b/tests/integration/update_cluster/minimal-tf11/kubernetes.tf index 1839a0085a..702756d76e 100644 --- a/tests/integration/update_cluster/minimal-tf11/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-tf11/kubernetes.tf @@ -399,11 +399,11 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { protocol = "tcp" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { type = "ingress" security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 2383 + from_port = 2382 to_port = 4000 protocol = "tcp" } diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index 1c94f75ed2..5eebd317d4 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -352,8 +352,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-minimal-example-com.id source_security_group_id = aws_security_group.nodes-minimal-example-com.id diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index ebe7c41750..eacb458ee0 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -621,7 +621,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -630,7 +630,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index ea9a42b994..b2a5f1cbc1 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -594,8 +594,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-mixedinstances-example-com.id source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index ae60f8da76..c39725c9e8 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -622,7 +622,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -631,7 +631,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index f882903e62..ead756f480 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -594,8 +594,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-mixedinstances-example-com.id source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id diff --git a/tests/integration/update_cluster/nosshkey-cloudformation/cloudformation.json b/tests/integration/update_cluster/nosshkey-cloudformation/cloudformation.json index dd27b3aa8a..28741346f0 100644 --- a/tests/integration/update_cluster/nosshkey-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/nosshkey-cloudformation/cloudformation.json @@ -348,7 +348,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834000": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -357,7 +357,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesnosshkeyexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/nosshkey/kubernetes.tf b/tests/integration/update_cluster/nosshkey/kubernetes.tf index de3703e1f2..d5ffdee718 100644 --- a/tests/integration/update_cluster/nosshkey/kubernetes.tf +++ b/tests/integration/update_cluster/nosshkey/kubernetes.tf @@ -446,8 +446,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-nosshkey-example-com.id source_security_group_id = aws_security_group.nodes-nosshkey-example-com.id diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 9dcd856a9e..de7000fafb 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -549,8 +549,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index 390ab17349..47740acccf 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -637,7 +637,7 @@ "IpProtocol": "tcp" } }, - "AWSEC2SecurityGroupIngressnodetomastertcp23834001": { + "AWSEC2SecurityGroupIngressnodetomastertcp23824001": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { @@ -646,7 +646,7 @@ "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom" }, - "FromPort": 2383, + "FromPort": 2382, "ToPort": 4001, "IpProtocol": "tcp" } diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index d50c4a1f30..2712fc5295 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -638,8 +638,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4001" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4001" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privatecalico-example-com.id source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index d10c745a66..c372150d6d 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -629,8 +629,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privatecanal-example-com.id source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index 036ad008fa..d53527906e 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -682,8 +682,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privatedns1-example-com.id source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 8f0c99f997..1f9dd709a4 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -615,8 +615,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privatedns2-example-com.id source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 652b949656..d2e12bbd92 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -629,8 +629,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privateflannel-example-com.id source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 48e4aae0e7..d084e99dc4 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -651,8 +651,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privatekopeio-example-com.id source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index 48ddc35f36..3a111b1144 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -629,8 +629,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-privateweave-example-com.id source_security_group_id = aws_security_group.nodes-privateweave-example-com.id diff --git a/tests/integration/update_cluster/restrict_access/kubernetes.tf b/tests/integration/update_cluster/restrict_access/kubernetes.tf index e694656a90..43e5673fd7 100644 --- a/tests/integration/update_cluster/restrict_access/kubernetes.tf +++ b/tests/integration/update_cluster/restrict_access/kubernetes.tf @@ -361,8 +361,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-restrictaccess-example-com.id source_security_group_id = aws_security_group.nodes-restrictaccess-example-com.id diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index 0240281a87..6b5ad7285a 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -317,8 +317,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-sharedsubnet-example-com.id source_security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index 775f5dfd1f..5498432631 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -338,8 +338,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-sharedvpc-example-com.id source_security_group_id = aws_security_group.nodes-sharedvpc-example-com.id diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 659116fbce..1a201013a1 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -554,8 +554,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" } -resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" { - from_port = 2383 +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + from_port = 2382 protocol = "tcp" security_group_id = aws_security_group.masters-unmanaged-example-com.id source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id