kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use consistent naming for the remaining SGRs

This commit is contained in:
Ole Markus With 2020-11-07 11:59:36 +01:00
parent e109c9c583
commit afbd057286
49 changed files with 3855 additions and 3855 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/model/awsmodel/api_loadbalancer.go
View File

@ -283,7 +283,7 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
Egress: fi.Bool(true),
SecurityGroup: lbSG,
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
// Allow traffic into the ELB from KubernetesAPIAccess CIDRs
@ -298,7 +298,7 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
SecurityGroup: lbSG,
ToPort: fi.Int64(443),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
// Allow ICMP traffic required for PMTU discovery
c.AddTask(&awstasks.SecurityGroupRule{
@ -331,7 +331,7 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
SecurityGroup: masterGroup.Task,
ToPort: fi.Int64(443),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
// Allow ICMP traffic required for PMTU discovery
c.AddTask(&awstasks.SecurityGroupRule{

12
pkg/model/bastion.go
View File

@ -84,7 +84,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
Egress: fi.Bool(true),
CIDR: s("0.0.0.0/0"),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
// Allow incoming SSH traffic to bastions, through the ELB
@ -99,7 +99,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
FromPort: i64(22),
ToPort: i64(22),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
// Allow bastion nodes to SSH to masters
@ -114,7 +114,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
FromPort: i64(22),
ToPort: i64(22),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
}
@ -130,7 +130,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
FromPort: i64(22),
ToPort: i64(22),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
}
@ -159,7 +159,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
CIDR: s("0.0.0.0/0"),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
// Allow external access to ELB
@ -174,7 +174,7 @@ func (b *BastionModelBuilder) Build(c *fi.ModelBuilderContext) error {
ToPort: i64(22),
CIDR: s(sshAccess),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
var elbSubnets []*awstasks.Subnet

6
pkg/model/external_access.go
View File

@ -71,7 +71,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error {
ToPort: i64(22),
CIDR: s(sshAccess),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
for _, nodeGroup := range nodeGroups {
@ -85,7 +85,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error {
ToPort: i64(22),
CIDR: s(sshAccess),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
}
}
@ -140,7 +140,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.ModelBuilderContext) error {
ToPort: i64(443),
CIDR: s(apiAccess),
}
c.AddTask(t)
b.AddDirectionalGroupRule(c, t)
}
}
}

2
pkg/model/firewall.go
View File

@ -442,6 +442,6 @@ func generateName(o *awstasks.SecurityGroupRule) string {
src = fi.StringValue(o.SecurityGroup.Name)
}
return fmt.Sprintf("%s-%s-%s-%dto%d-%s", src, direction,
return fmt.Sprintf("from-%s-%s-%s-%dto%d-%s", src, direction,
proto, fi.Int64Value(o.FromPort), fi.Int64Value(o.ToPort), dst)
}

254
tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf
View File

@ -699,7 +699,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-bastionuserdata-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-bastionuserdata-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-bastionuserdata-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-bastionuserdata-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -708,16 +726,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -726,7 +735,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-bastionuserdata-example-com-ingress-tcp-22to22-bastion-bastionuserdata-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-ingress-tcp-22to22-masters-bastionuserdata-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
@ -735,7 +762,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-bastionuserdata-example-com-ingress-tcp-22to22-nodes-bastionuserdata-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
@ -744,13 +771,94 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-bastionuserdata-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-bastionuserdata-example-com-ingress-all-0to0-masters-bastionuserdata-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-bastionuserdata-example-com-ingress-all-0to0-nodes-bastionuserdata-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-ingress-4-0to0-masters-bastionuserdata-example-com" {
from_port = 0
protocol = "4"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-ingress-all-0to0-nodes-bastionuserdata-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-ingress-tcp-1to2379-masters-bastionuserdata-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-ingress-tcp-2382to4000-masters-bastionuserdata-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-ingress-tcp-4003to65535-masters-bastionuserdata-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-bastionuserdata-example-com-ingress-udp-1to65535-masters-bastionuserdata-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -771,114 +879,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-bastionuserdata-example-com-ingress-all-0to0-masters-bastionuserdata-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-bastionuserdata-example-com-ingress-all-0to0-nodes-bastionuserdata-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-4-0to0-masters-bastionuserdata-example-com" {
from_port = 0
protocol = "4"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-all-0to0-nodes-bastionuserdata-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-tcp-1to2379-masters-bastionuserdata-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-tcp-2382to4000-masters-bastionuserdata-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-tcp-4003to65535-masters-bastionuserdata-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-udp-1to65535-masters-bastionuserdata-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-bastionuserdata-example-com.id
source_security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-bastionuserdata-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-bastionuserdata-example-com" {
description = "Security group for api ELB"
name = "api-elb.bastionuserdata.example.com"

300
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -573,7 +573,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmasterscomplexexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommasterscomplexexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -585,7 +585,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodescomplexexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodescomplexexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -597,7 +597,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb111024": {
"AWSEC2SecurityGroupIngressfrom111024ingresstcp443to443masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -609,7 +609,31 @@
"CidrIp": "1.1.1.0/24"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb20010850040": {
"AWSEC2SecurityGroupIngressfrom111132ingresstcp22to22masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "1.1.1.1/32"
}
},
"AWSEC2SecurityGroupIngressfrom111132ingresstcp22to22nodescomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "1.1.1.1/32"
}
},
"AWSEC2SecurityGroupIngressfrom20010850040ingresstcp443to443masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -621,6 +645,128 @@
"CidrIpv6": "2001:0:8500::/40"
}
},
"AWSEC2SecurityGroupIngressfrom2001085a348ingresstcp22to22masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIpv6": "2001:0:85a3::/48"
}
},
"AWSEC2SecurityGroupIngressfrom2001085a348ingresstcp22to22nodescomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIpv6": "2001:0:85a3::/48"
}
},
"AWSEC2SecurityGroupIngressfrommasterscomplexexamplecomingressall0to0masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommasterscomplexexamplecomingressall0to0nodescomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingressall0to0nodescomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingresstcp1to2379masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingresstcp2382to4000masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingresstcp4003to65535masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingressudp1to65535masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -681,34 +827,6 @@
"CidrIpv6": "2001:0:8500::/40"
}
},
"AWSEC2SecurityGroupIngressmasterscomplexexamplecomingressall0to0masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmasterscomplexexamplecomingressall0to0nodescomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodeporttcpexternaltonode102030024": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -757,124 +875,6 @@
"CidrIp": "1.2.3.4/32"
}
},
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingressall0to0nodescomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingresstcp1to2379masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingresstcp2382to4000masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingresstcp4003to65535masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingressudp1to65535masterscomplexexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster111132": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "1.1.1.1/32"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster2001085a348": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIpv6": "2001:0:85a3::/48"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode111132": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "1.1.1.1/32"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode2001085a348": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIpv6": "2001:0:85a3::/48"
}
},
"AWSEC2SecurityGroupIngresstcpapi111024": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {

238
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -566,7 +566,7 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.complex-example-com.id
}
resource "aws_security_group_rule" "https-api-elb-1-1-1-0--24" {
resource "aws_security_group_rule" "from-1-1-1-0--24-ingress-tcp-443to443-masters-complex-example-com" {
cidr_blocks = ["1.1.1.0/24"]
from_port = 443
protocol = "tcp"
@ -575,7 +575,25 @@ resource "aws_security_group_rule" "https-api-elb-1-1-1-0--24" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-2001_0_8500__--40" {
resource "aws_security_group_rule" "from-1-1-1-1--32-ingress-tcp-22to22-masters-complex-example-com" {
cidr_blocks = ["1.1.1.1/32"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-1-1-1-1--32-ingress-tcp-22to22-nodes-complex-example-com" {
cidr_blocks = ["1.1.1.1/32"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-2001_0_8500__--40-ingress-tcp-443to443-masters-complex-example-com" {
cidr_blocks = ["2001:0:8500::/40"]
from_port = 443
protocol = "tcp"
@ -584,6 +602,105 @@ resource "aws_security_group_rule" "https-api-elb-2001_0_8500__--40" {
type = "ingress"
}
resource "aws_security_group_rule" "from-2001_0_85a3__--48-ingress-tcp-22to22-masters-complex-example-com" {
cidr_blocks = ["2001:0:85a3::/48"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-2001_0_85a3__--48-ingress-tcp-22to22-nodes-complex-example-com" {
cidr_blocks = ["2001:0:85a3::/48"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-complex-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-complex-example-com-ingress-all-0to0-masters-complex-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-complex-example-com-ingress-all-0to0-nodes-complex-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-complex-example-com.id
source_security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-complex-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-complex-example-com-ingress-all-0to0-nodes-complex-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-complex-example-com-ingress-tcp-1to2379-masters-complex-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-complex-example-com-ingress-tcp-2382to4000-masters-complex-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-complex-example-com-ingress-tcp-4003to65535-masters-complex-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-complex-example-com-ingress-udp-1to65535-masters-complex-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
cidr_blocks = ["172.20.0.0/16"]
from_port = 443
@ -629,33 +746,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-2001_0_8500__--40" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-complex-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-complex-example-com-ingress-all-0to0-masters-complex-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-complex-example-com-ingress-all-0to0-nodes-complex-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-complex-example-com.id
source_security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodeport-tcp-external-to-node-1-2-3-4--32" {
cidr_blocks = ["1.2.3.4/32"]
from_port = 28000
@ -692,96 +782,6 @@ resource "aws_security_group_rule" "nodeport-udp-external-to-node-10-20-30-0--24
type = "ingress"
}
resource "aws_security_group_rule" "nodes-complex-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-all-0to0-nodes-complex-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-tcp-1to2379-masters-complex-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-tcp-2382to4000-masters-complex-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-tcp-4003to65535-masters-complex-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-udp-1to65535-masters-complex-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-complex-example-com.id
source_security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-1-1-1-1--32" {
cidr_blocks = ["1.1.1.1/32"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-2001_0_85a3__--48" {
cidr_blocks = ["2001:0:85a3::/48"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-1-1-1-1--32" {
cidr_blocks = ["1.1.1.1/32"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-2001_0_85a3__--48" {
cidr_blocks = ["2001:0:85a3::/48"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-complex-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "tcp-api-1-1-1-0--24" {
cidr_blocks = ["1.1.1.0/24"]
from_port = 8443

56
tests/integration/update_cluster/compress/kubernetes.tf
View File

@ -418,7 +418,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.compress-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-compress-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-compress-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-compress-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -427,7 +445,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-compress-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-compress-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -436,7 +454,7 @@ resource "aws_security_group_rule" "masters-compress-example-com-egress-all-0to0
type = "egress"
}
resource "aws_security_group_rule" "masters-compress-example-com-ingress-all-0to0-masters-compress-example-com" {
resource "aws_security_group_rule" "from-masters-compress-example-com-ingress-all-0to0-masters-compress-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-compress-example-com.id
@ -445,7 +463,7 @@ resource "aws_security_group_rule" "masters-compress-example-com-ingress-all-0to
type = "ingress"
}
resource "aws_security_group_rule" "masters-compress-example-com-ingress-all-0to0-nodes-compress-example-com" {
resource "aws_security_group_rule" "from-masters-compress-example-com-ingress-all-0to0-nodes-compress-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-compress-example-com.id
@ -454,7 +472,7 @@ resource "aws_security_group_rule" "masters-compress-example-com-ingress-all-0to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-compress-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -463,7 +481,7 @@ resource "aws_security_group_rule" "nodes-compress-example-com-egress-all-0to0-0
type = "egress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-all-0to0-nodes-compress-example-com" {
resource "aws_security_group_rule" "from-nodes-compress-example-com-ingress-all-0to0-nodes-compress-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-compress-example-com.id
@ -472,7 +490,7 @@ resource "aws_security_group_rule" "nodes-compress-example-com-ingress-all-0to0-
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-1to2379-masters-compress-example-com" {
resource "aws_security_group_rule" "from-nodes-compress-example-com-ingress-tcp-1to2379-masters-compress-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
@ -481,7 +499,7 @@ resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-1to23
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-2382to4000-masters-compress-example-com" {
resource "aws_security_group_rule" "from-nodes-compress-example-com-ingress-tcp-2382to4000-masters-compress-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
@ -490,7 +508,7 @@ resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-2382t
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-4003to65535-masters-compress-example-com" {
resource "aws_security_group_rule" "from-nodes-compress-example-com-ingress-tcp-4003to65535-masters-compress-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
@ -499,7 +517,7 @@ resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-4003t
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-udp-1to65535-masters-compress-example-com" {
resource "aws_security_group_rule" "from-nodes-compress-example-com-ingress-udp-1to65535-masters-compress-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-compress-example-com.id
@ -508,24 +526,6 @@ resource "aws_security_group_rule" "nodes-compress-example-com-ingress-udp-1to65
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-compress-example-com" {
description = "Security group for masters"
name = "masters.compress.example.com"

70
tests/integration/update_cluster/containerd-custom/cloudformation.json
View File

@ -473,7 +473,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmasterscontainerdexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommasterscontainerdexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -485,7 +485,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodescontainerdexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodescontainerdexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -497,7 +497,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -509,7 +533,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfrommasterscontainerdexamplecomingressall0to0masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -523,7 +547,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfrommasterscontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -537,7 +561,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingress40to0masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingress40to0masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -551,7 +575,7 @@
"IpProtocol": "4"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -565,7 +589,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp1to2379masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingresstcp1to2379masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -579,7 +603,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp2382to4000masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingresstcp2382to4000masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -593,7 +617,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp4003to65535masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingresstcp4003to65535masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -607,7 +631,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressudp1to65535masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingressudp1to65535masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -621,30 +645,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmasterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

70
tests/integration/update_cluster/containerd/cloudformation.json
View File

@ -473,7 +473,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmasterscontainerdexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommasterscontainerdexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -485,7 +485,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodescontainerdexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodescontainerdexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -497,7 +497,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -509,7 +533,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfrommasterscontainerdexamplecomingressall0to0masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -523,7 +547,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfrommasterscontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -537,7 +561,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingress40to0masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingress40to0masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -551,7 +575,7 @@
"IpProtocol": "4"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -565,7 +589,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp1to2379masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingresstcp1to2379masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -579,7 +603,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp2382to4000masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingresstcp2382to4000masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -593,7 +617,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp4003to65535masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingresstcp4003to65535masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -607,7 +631,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressudp1to65535masterscontainerdexamplecom": {
"AWSEC2SecurityGroupIngressfromnodescontainerdexamplecomingressudp1to65535masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -621,30 +645,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmasterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

68
tests/integration/update_cluster/docker-custom/cloudformation.json
View File

@ -473,7 +473,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmastersdockerexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommastersdockerexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -485,7 +485,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesdockerexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesdockerexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -497,7 +497,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersdockerexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesdockerexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -509,7 +533,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersdockerexamplecomingressall0to0mastersdockerexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersdockerexamplecomingressall0to0mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -523,7 +547,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersdockerexamplecomingressall0to0nodesdockerexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersdockerexamplecomingressall0to0nodesdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -537,7 +561,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesdockerexamplecomingressall0to0nodesdockerexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesdockerexamplecomingressall0to0nodesdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -551,7 +575,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesdockerexamplecomingresstcp1to2379mastersdockerexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesdockerexamplecomingresstcp1to2379mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -565,7 +589,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesdockerexamplecomingresstcp2382to4000mastersdockerexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesdockerexamplecomingresstcp2382to4000mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -579,7 +603,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesdockerexamplecomingresstcp4003to65535mastersdockerexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesdockerexamplecomingresstcp4003to65535mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -593,7 +617,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesdockerexamplecomingressudp1to65535mastersdockerexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesdockerexamplecomingressudp1to65535mastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -607,30 +631,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersdockerexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesdockerexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmastersdockerexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

56
tests/integration/update_cluster/existing_iam/kubernetes.tf
View File

@ -696,7 +696,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.existing-iam-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-existing-iam-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-existing-iam-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-existing-iam-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -705,7 +723,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-existing-iam-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-existing-iam-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -714,7 +732,7 @@ resource "aws_security_group_rule" "masters-existing-iam-example-com-egress-all-
type = "egress"
}
resource "aws_security_group_rule" "masters-existing-iam-example-com-ingress-all-0to0-masters-existing-iam-example-com" {
resource "aws_security_group_rule" "from-masters-existing-iam-example-com-ingress-all-0to0-masters-existing-iam-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
@ -723,7 +741,7 @@ resource "aws_security_group_rule" "masters-existing-iam-example-com-ingress-all
type = "ingress"
}
resource "aws_security_group_rule" "masters-existing-iam-example-com-ingress-all-0to0-nodes-existing-iam-example-com" {
resource "aws_security_group_rule" "from-masters-existing-iam-example-com-ingress-all-0to0-nodes-existing-iam-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
@ -732,7 +750,7 @@ resource "aws_security_group_rule" "masters-existing-iam-example-com-ingress-all
type = "ingress"
}
resource "aws_security_group_rule" "nodes-existing-iam-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-existing-iam-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -741,7 +759,7 @@ resource "aws_security_group_rule" "nodes-existing-iam-example-com-egress-all-0t
type = "egress"
}
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-all-0to0-nodes-existing-iam-example-com" {
resource "aws_security_group_rule" "from-nodes-existing-iam-example-com-ingress-all-0to0-nodes-existing-iam-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
@ -750,7 +768,7 @@ resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-all-0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-1to2379-masters-existing-iam-example-com" {
resource "aws_security_group_rule" "from-nodes-existing-iam-example-com-ingress-tcp-1to2379-masters-existing-iam-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
@ -759,7 +777,7 @@ resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-1
type = "ingress"
}
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-2382to4000-masters-existing-iam-example-com" {
resource "aws_security_group_rule" "from-nodes-existing-iam-example-com-ingress-tcp-2382to4000-masters-existing-iam-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
@ -768,7 +786,7 @@ resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-2
type = "ingress"
}
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-4003to65535-masters-existing-iam-example-com" {
resource "aws_security_group_rule" "from-nodes-existing-iam-example-com-ingress-tcp-4003to65535-masters-existing-iam-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
@ -777,7 +795,7 @@ resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-4
type = "ingress"
}
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-udp-1to65535-masters-existing-iam-example-com" {
resource "aws_security_group_rule" "from-nodes-existing-iam-example-com-ingress-udp-1to65535-masters-existing-iam-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
@ -786,24 +804,6 @@ resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-udp-1
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-existing-iam-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-existing-iam-example-com" {
description = "Security group for masters"
name = "masters.existing-iam.example.com"

68
tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json
View File

@ -469,7 +469,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmastersminimalexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommastersminimalexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -481,7 +481,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesminimalexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesminimalexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -493,7 +493,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -505,7 +529,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersminimalexamplecomingressall0to0mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -519,7 +543,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0nodesminimalexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersminimalexamplecomingressall0to0nodesminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -533,7 +557,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressall0to0nodesminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingressall0to0nodesminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -547,7 +571,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp1to2379mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingresstcp1to2379mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -561,7 +585,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp2382to4000mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingresstcp2382to4000mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -575,7 +599,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp4003to65535mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingresstcp4003to65535mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -589,7 +613,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressudp1to65535mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingressudp1to65535mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -603,30 +627,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

608
tests/integration/update_cluster/existing_sg/kubernetes.tf
View File

@ -798,7 +798,52 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.existingsg-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-existingsg-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-sg-master-1a-Master" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = "sg-master-1a"
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-sg-master-1b-Master" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = "sg-master-1b"
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-sg-nodes-Node" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = "sg-nodes"
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-existingsg-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = "sg-elb"
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-existingsg-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -807,13 +852,265 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-existingsg-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = "sg-elb"
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-existingsg-example-com-ingress-all-0to0-masters-existingsg-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-existingsg-example-com-ingress-all-0to0-sg-master-1a-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-existingsg-example-com-ingress-all-0to0-sg-master-1b-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-existingsg-example-com-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1a-Master-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-sg-master-1a-Master-ingress-all-0to0-masters-existingsg-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1a-Master-ingress-all-0to0-sg-master-1a-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1a-Master-ingress-all-0to0-sg-master-1b-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1a-Master-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1b-Master-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-sg-master-1b-Master-ingress-all-0to0-masters-existingsg-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1b-Master-ingress-all-0to0-sg-master-1a-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1b-Master-ingress-all-0to0-sg-master-1b-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-master-1b-Master-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = "sg-nodes"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-1to2379-masters-existingsg-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-1to2379-sg-master-1a-Master" {
from_port = 1
protocol = "tcp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-1to2379-sg-master-1b-Master" {
from_port = 1
protocol = "tcp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-2382to4000-masters-existingsg-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-2382to4000-sg-master-1a-Master" {
from_port = 2382
protocol = "tcp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-2382to4000-sg-master-1b-Master" {
from_port = 2382
protocol = "tcp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-4003to65535-masters-existingsg-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-4003to65535-sg-master-1a-Master" {
from_port = 4003
protocol = "tcp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-tcp-4003to65535-sg-master-1b-Master" {
from_port = 4003
protocol = "tcp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-udp-1to65535-masters-existingsg-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-udp-1to65535-sg-master-1a-Master" {
from_port = 1
protocol = "udp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-sg-nodes-Node-ingress-udp-1to65535-sg-master-1b-Master" {
from_port = 1
protocol = "udp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -852,303 +1149,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-existingsg-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-masters-existingsg-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-sg-master-1a-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-sg-master-1b-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1a-Master-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-masters-existingsg-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-sg-master-1a-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-sg-master-1b-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = "sg-master-1a"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1b-Master-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-masters-existingsg-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-sg-master-1a-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-sg-master-1b-Master" {
from_port = 0
protocol = "-1"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = "sg-master-1b"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-all-0to0-sg-nodes-Node" {
from_port = 0
protocol = "-1"
security_group_id = "sg-nodes"
source_security_group_id = "sg-nodes"
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-1to2379-masters-existingsg-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-1to2379-sg-master-1a-Master" {
from_port = 1
protocol = "tcp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-1to2379-sg-master-1b-Master" {
from_port = 1
protocol = "tcp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-2382to4000-masters-existingsg-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-2382to4000-sg-master-1a-Master" {
from_port = 2382
protocol = "tcp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-2382to4000-sg-master-1b-Master" {
from_port = 2382
protocol = "tcp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-4003to65535-masters-existingsg-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-4003to65535-sg-master-1a-Master" {
from_port = 4003
protocol = "tcp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-4003to65535-sg-master-1b-Master" {
from_port = 4003
protocol = "tcp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-udp-1to65535-masters-existingsg-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-udp-1to65535-sg-master-1a-Master" {
from_port = 1
protocol = "udp"
security_group_id = "sg-master-1a"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "sg-nodes-Node-ingress-udp-1to65535-sg-master-1b-Master" {
from_port = 1
protocol = "udp"
security_group_id = "sg-master-1b"
source_security_group_id = "sg-nodes"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-existingsg-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0-sg-master-1a" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = "sg-master-1a"
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0-sg-master-1b" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = "sg-master-1b"
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0-sg-nodes" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = "sg-nodes"
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-existingsg-example-com" {
description = "Security group for masters"
name = "masters.existingsg.example.com"

68
tests/integration/update_cluster/externallb/cloudformation.json
View File

@ -488,7 +488,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmastersexternallbexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommastersexternallbexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -500,7 +500,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesexternallbexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesexternallbexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -512,7 +512,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -524,7 +548,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersexternallbexamplecomingressall0to0mastersexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersexternallbexamplecomingressall0to0mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -538,7 +562,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersexternallbexamplecomingressall0to0nodesexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersexternallbexamplecomingressall0to0nodesexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -552,7 +576,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingressall0to0nodesexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesexternallbexamplecomingressall0to0nodesexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -566,7 +590,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingresstcp1to2379mastersexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesexternallbexamplecomingresstcp1to2379mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -580,7 +604,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingresstcp2382to4000mastersexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesexternallbexamplecomingresstcp2382to4000mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -594,7 +618,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingresstcp4003to65535mastersexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesexternallbexamplecomingresstcp4003to65535mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -608,7 +632,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingressudp1to65535mastersexternallbexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesexternallbexamplecomingressudp1to65535mastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -622,30 +646,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmastersexternallbexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

56
tests/integration/update_cluster/externallb/kubernetes.tf
View File

@ -434,7 +434,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.externallb-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-externallb-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-externallb-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-externallb-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-externallb-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-externallb-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -443,7 +461,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-externallb-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-externallb-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -452,7 +470,7 @@ resource "aws_security_group_rule" "masters-externallb-example-com-egress-all-0t
type = "egress"
}
resource "aws_security_group_rule" "masters-externallb-example-com-ingress-all-0to0-masters-externallb-example-com" {
resource "aws_security_group_rule" "from-masters-externallb-example-com-ingress-all-0to0-masters-externallb-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-externallb-example-com.id
@ -461,7 +479,7 @@ resource "aws_security_group_rule" "masters-externallb-example-com-ingress-all-0
type = "ingress"
}
resource "aws_security_group_rule" "masters-externallb-example-com-ingress-all-0to0-nodes-externallb-example-com" {
resource "aws_security_group_rule" "from-masters-externallb-example-com-ingress-all-0to0-nodes-externallb-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externallb-example-com.id
@ -470,7 +488,7 @@ resource "aws_security_group_rule" "masters-externallb-example-com-ingress-all-0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externallb-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-externallb-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -479,7 +497,7 @@ resource "aws_security_group_rule" "nodes-externallb-example-com-egress-all-0to0
type = "egress"
}
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-all-0to0-nodes-externallb-example-com" {
resource "aws_security_group_rule" "from-nodes-externallb-example-com-ingress-all-0to0-nodes-externallb-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externallb-example-com.id
@ -488,7 +506,7 @@ resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-all-0to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-1to2379-masters-externallb-example-com" {
resource "aws_security_group_rule" "from-nodes-externallb-example-com-ingress-tcp-1to2379-masters-externallb-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-externallb-example-com.id
@ -497,7 +515,7 @@ resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-1to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-2382to4000-masters-externallb-example-com" {
resource "aws_security_group_rule" "from-nodes-externallb-example-com-ingress-tcp-2382to4000-masters-externallb-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-externallb-example-com.id
@ -506,7 +524,7 @@ resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-238
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-4003to65535-masters-externallb-example-com" {
resource "aws_security_group_rule" "from-nodes-externallb-example-com-ingress-tcp-4003to65535-masters-externallb-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-externallb-example-com.id
@ -515,7 +533,7 @@ resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-400
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-udp-1to65535-masters-externallb-example-com" {
resource "aws_security_group_rule" "from-nodes-externallb-example-com-ingress-udp-1to65535-masters-externallb-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-externallb-example-com.id
@ -524,24 +542,6 @@ resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-udp-1to
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-externallb-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-externallb-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-externallb-example-com" {
description = "Security group for masters"
name = "masters.externallb.example.com"

212
tests/integration/update_cluster/externalpolicies/kubernetes.tf
View File

@ -530,7 +530,34 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.externalpolicies-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-externalpolicies-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-externalpolicies-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-externalpolicies-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-externalpolicies-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -539,13 +566,85 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-externalpolicies-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-externalpolicies-example-com-ingress-all-0to0-masters-externalpolicies-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-externalpolicies-example-com-ingress-all-0to0-nodes-externalpolicies-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-externalpolicies-example-com-ingress-all-0to0-nodes-externalpolicies-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-externalpolicies-example-com-ingress-tcp-1to2379-masters-externalpolicies-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-externalpolicies-example-com-ingress-tcp-2382to4000-masters-externalpolicies-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-externalpolicies-example-com-ingress-tcp-4003to65535-masters-externalpolicies-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-externalpolicies-example-com-ingress-udp-1to65535-masters-externalpolicies-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -566,33 +665,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-externalpolicies-example-com-ingress-all-0to0-masters-externalpolicies-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-externalpolicies-example-com-ingress-all-0to0-nodes-externalpolicies-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodeport-tcp-external-to-node-1-2-3-4--32" {
cidr_blocks = ["1.2.3.4/32"]
from_port = 28000
@ -629,78 +701,6 @@ resource "aws_security_group_rule" "nodeport-udp-external-to-node-10-20-30-0--24
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-all-0to0-nodes-externalpolicies-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-tcp-1to2379-masters-externalpolicies-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-tcp-2382to4000-masters-externalpolicies-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-tcp-4003to65535-masters-externalpolicies-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-udp-1to65535-masters-externalpolicies-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-externalpolicies-example-com" {
description = "Security group for api ELB"
name = "api-elb.externalpolicies.example.com"

56
tests/integration/update_cluster/ha/kubernetes.tf
View File

@ -758,7 +758,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.ha-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-ha-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-ha-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-ha-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-ha-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-ha-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -767,7 +785,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-ha-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-ha-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -776,7 +794,7 @@ resource "aws_security_group_rule" "masters-ha-example-com-egress-all-0to0-0-0-0
type = "egress"
}
resource "aws_security_group_rule" "masters-ha-example-com-ingress-all-0to0-masters-ha-example-com" {
resource "aws_security_group_rule" "from-masters-ha-example-com-ingress-all-0to0-masters-ha-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-ha-example-com.id
@ -785,7 +803,7 @@ resource "aws_security_group_rule" "masters-ha-example-com-ingress-all-0to0-mast
type = "ingress"
}
resource "aws_security_group_rule" "masters-ha-example-com-ingress-all-0to0-nodes-ha-example-com" {
resource "aws_security_group_rule" "from-masters-ha-example-com-ingress-all-0to0-nodes-ha-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-ha-example-com.id
@ -794,7 +812,7 @@ resource "aws_security_group_rule" "masters-ha-example-com-ingress-all-0to0-node
type = "ingress"
}
resource "aws_security_group_rule" "nodes-ha-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-ha-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -803,7 +821,7 @@ resource "aws_security_group_rule" "nodes-ha-example-com-egress-all-0to0-0-0-0-0
type = "egress"
}
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-all-0to0-nodes-ha-example-com" {
resource "aws_security_group_rule" "from-nodes-ha-example-com-ingress-all-0to0-nodes-ha-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-ha-example-com.id
@ -812,7 +830,7 @@ resource "aws_security_group_rule" "nodes-ha-example-com-ingress-all-0to0-nodes-
type = "ingress"
}
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-1to2379-masters-ha-example-com" {
resource "aws_security_group_rule" "from-nodes-ha-example-com-ingress-tcp-1to2379-masters-ha-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-ha-example-com.id
@ -821,7 +839,7 @@ resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-1to2379-mas
type = "ingress"
}
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-2382to4000-masters-ha-example-com" {
resource "aws_security_group_rule" "from-nodes-ha-example-com-ingress-tcp-2382to4000-masters-ha-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-ha-example-com.id
@ -830,7 +848,7 @@ resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-2382to4000-
type = "ingress"
}
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-4003to65535-masters-ha-example-com" {
resource "aws_security_group_rule" "from-nodes-ha-example-com-ingress-tcp-4003to65535-masters-ha-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-ha-example-com.id
@ -839,7 +857,7 @@ resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-4003to65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-udp-1to65535-masters-ha-example-com" {
resource "aws_security_group_rule" "from-nodes-ha-example-com-ingress-udp-1to65535-masters-ha-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-ha-example-com.id
@ -848,24 +866,6 @@ resource "aws_security_group_rule" "nodes-ha-example-com-ingress-udp-1to65535-ma
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-ha-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-ha-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-ha-example-com" {
description = "Security group for masters"
name = "masters.ha.example.com"

68
tests/integration/update_cluster/launch_templates/cloudformation.json
View File

@ -488,7 +488,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmasterslaunchtemplatesexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommasterslaunchtemplatesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -500,7 +500,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodeslaunchtemplatesexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodeslaunchtemplatesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -512,7 +512,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodeslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -524,7 +548,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmasterslaunchtemplatesexamplecomingressall0to0masterslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfrommasterslaunchtemplatesexamplecomingressall0to0masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -538,7 +562,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmasterslaunchtemplatesexamplecomingressall0to0nodeslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfrommasterslaunchtemplatesexamplecomingressall0to0nodeslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -552,7 +576,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingressall0to0nodeslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodeslaunchtemplatesexamplecomingressall0to0nodeslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -566,7 +590,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingresstcp1to2379masterslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodeslaunchtemplatesexamplecomingresstcp1to2379masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -580,7 +604,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingresstcp2382to4000masterslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodeslaunchtemplatesexamplecomingresstcp2382to4000masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -594,7 +618,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingresstcp4003to65535masterslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodeslaunchtemplatesexamplecomingresstcp4003to65535masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -608,7 +632,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingressudp1to65535masterslaunchtemplatesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodeslaunchtemplatesexamplecomingressudp1to65535masterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -622,30 +646,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

56
tests/integration/update_cluster/launch_templates/kubernetes.tf
View File

@ -547,7 +547,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.launchtemplates-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-launchtemplates-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-launchtemplates-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-launchtemplates-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -556,7 +574,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-launchtemplates-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-launchtemplates-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -565,7 +583,7 @@ resource "aws_security_group_rule" "masters-launchtemplates-example-com-egress-a
type = "egress"
}
resource "aws_security_group_rule" "masters-launchtemplates-example-com-ingress-all-0to0-masters-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-masters-launchtemplates-example-com-ingress-all-0to0-masters-launchtemplates-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
@ -574,7 +592,7 @@ resource "aws_security_group_rule" "masters-launchtemplates-example-com-ingress-
type = "ingress"
}
resource "aws_security_group_rule" "masters-launchtemplates-example-com-ingress-all-0to0-nodes-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-masters-launchtemplates-example-com-ingress-all-0to0-nodes-launchtemplates-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
@ -583,7 +601,7 @@ resource "aws_security_group_rule" "masters-launchtemplates-example-com-ingress-
type = "ingress"
}
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-launchtemplates-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -592,7 +610,7 @@ resource "aws_security_group_rule" "nodes-launchtemplates-example-com-egress-all
type = "egress"
}
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-all-0to0-nodes-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-nodes-launchtemplates-example-com-ingress-all-0to0-nodes-launchtemplates-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
@ -601,7 +619,7 @@ resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-al
type = "ingress"
}
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tcp-1to2379-masters-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-nodes-launchtemplates-example-com-ingress-tcp-1to2379-masters-launchtemplates-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
@ -610,7 +628,7 @@ resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tc
type = "ingress"
}
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tcp-2382to4000-masters-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-nodes-launchtemplates-example-com-ingress-tcp-2382to4000-masters-launchtemplates-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
@ -619,7 +637,7 @@ resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tc
type = "ingress"
}
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tcp-4003to65535-masters-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-nodes-launchtemplates-example-com-ingress-tcp-4003to65535-masters-launchtemplates-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
@ -628,7 +646,7 @@ resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tc
type = "ingress"
}
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-udp-1to65535-masters-launchtemplates-example-com" {
resource "aws_security_group_rule" "from-nodes-launchtemplates-example-com-ingress-udp-1to65535-masters-launchtemplates-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
@ -637,24 +655,6 @@ resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-ud
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-launchtemplates-example-com" {
description = "Security group for masters"
name = "masters.launchtemplates.example.com"

68
tests/integration/update_cluster/minimal-cloudformation/cloudformation.json
View File

@ -473,7 +473,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmastersminimalexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommastersminimalexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -485,7 +485,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesminimalexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesminimalexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -497,7 +497,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -509,7 +533,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersminimalexamplecomingressall0to0mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -523,7 +547,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0nodesminimalexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersminimalexamplecomingressall0to0nodesminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -537,7 +561,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressall0to0nodesminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingressall0to0nodesminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -551,7 +575,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp1to2379mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingresstcp1to2379mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -565,7 +589,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp2382to4000mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingresstcp2382to4000mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -579,7 +603,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp4003to65535mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingresstcp4003to65535mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -593,7 +617,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressudp1to65535mastersminimalexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesminimalexamplecomingressudp1to65535mastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -607,30 +631,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmastersminimalexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

56
tests/integration/update_cluster/minimal-gp3/kubernetes.tf
View File

@ -434,7 +434,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.minimal-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -443,7 +461,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -452,7 +470,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-
type = "egress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -461,7 +479,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-minimal-example-com.id
@ -470,7 +488,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -479,7 +497,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-
type = "egress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-minimal-example-com.id
@ -488,7 +506,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-n
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -497,7 +515,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to237
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -506,7 +524,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -515,7 +533,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -524,24 +542,6 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to655
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-minimal-example-com" {
description = "Security group for masters"
name = "masters.minimal.example.com"

60
tests/integration/update_cluster/minimal-json/kubernetes.tf.json
View File

@ -517,7 +517,27 @@
}
},
"aws_security_group_rule": {
"https-external-to-master-0-0-0-0--0": {
"from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"from_port": 22,
"to_port": 22,
"protocol": "tcp",
"cidr_blocks": [
"0.0.0.0/0"
]
},
"from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
"from_port": 22,
"to_port": 22,
"protocol": "tcp",
"cidr_blocks": [
"0.0.0.0/0"
]
},
"from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"from_port": 443,
@ -527,7 +547,7 @@
"0.0.0.0/0"
]
},
"masters-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": {
"from-masters-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": {
"type": "egress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"from_port": 0,
@ -537,7 +557,7 @@
"0.0.0.0/0"
]
},
"masters-minimal-json-example-com-ingress-all-0to0-masters-minimal-json-example-com": {
"from-masters-minimal-json-example-com-ingress-all-0to0-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
@ -545,7 +565,7 @@
"to_port": 0,
"protocol": "-1"
},
"masters-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": {
"from-masters-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
@ -553,7 +573,7 @@
"to_port": 0,
"protocol": "-1"
},
"nodes-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": {
"from-nodes-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": {
"type": "egress",
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
"from_port": 0,
@ -563,7 +583,7 @@
"0.0.0.0/0"
]
},
"nodes-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": {
"from-nodes-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
@ -571,7 +591,7 @@
"to_port": 0,
"protocol": "-1"
},
"nodes-minimal-json-example-com-ingress-tcp-1to2379-masters-minimal-json-example-com": {
"from-nodes-minimal-json-example-com-ingress-tcp-1to2379-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
@ -579,7 +599,7 @@
"to_port": 2379,
"protocol": "tcp"
},
"nodes-minimal-json-example-com-ingress-tcp-2382to4000-masters-minimal-json-example-com": {
"from-nodes-minimal-json-example-com-ingress-tcp-2382to4000-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
@ -587,7 +607,7 @@
"to_port": 4000,
"protocol": "tcp"
},
"nodes-minimal-json-example-com-ingress-tcp-4003to65535-masters-minimal-json-example-com": {
"from-nodes-minimal-json-example-com-ingress-tcp-4003to65535-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
@ -595,33 +615,13 @@
"to_port": 65535,
"protocol": "tcp"
},
"nodes-minimal-json-example-com-ingress-udp-1to65535-masters-minimal-json-example-com": {
"from-nodes-minimal-json-example-com-ingress-udp-1to65535-masters-minimal-json-example-com": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
"from_port": 1,
"to_port": 65535,
"protocol": "udp"
},
"ssh-external-to-master-0-0-0-0--0": {
"type": "ingress",
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
"from_port": 22,
"to_port": 22,
"protocol": "tcp",
"cidr_blocks": [
"0.0.0.0/0"
]
},
"ssh-external-to-node-0-0-0-0--0": {
"type": "ingress",
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
"from_port": 22,
"to_port": 22,
"protocol": "tcp",
"cidr_blocks": [
"0.0.0.0/0"
]
}
},
"aws_subnet": {

56
tests/integration/update_cluster/minimal/kubernetes.tf
View File

@ -430,7 +430,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.minimal-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -439,7 +457,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -448,7 +466,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-
type = "egress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -457,7 +475,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-minimal-example-com.id
@ -466,7 +484,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -475,7 +493,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-
type = "egress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-minimal-example-com.id
@ -484,7 +502,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-n
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -493,7 +511,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to237
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -502,7 +520,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -511,7 +529,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -520,24 +538,6 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to655
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-minimal-example-com" {
description = "Security group for masters"
name = "masters.minimal.example.com"

68
tests/integration/update_cluster/mixed_instances/cloudformation.json
View File

@ -902,7 +902,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmastersmixedinstancesexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommastersmixedinstancesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -914,7 +914,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesmixedinstancesexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesmixedinstancesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -926,7 +926,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -938,7 +962,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -952,7 +976,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -966,7 +990,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -980,7 +1004,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -994,7 +1018,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -1008,7 +1032,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -1022,7 +1046,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -1036,30 +1060,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

56
tests/integration/update_cluster/mixed_instances/kubernetes.tf
View File

@ -776,7 +776,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.mixedinstances-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-mixedinstances-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-mixedinstances-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-mixedinstances-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -785,7 +803,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -794,7 +812,7 @@ resource "aws_security_group_rule" "masters-mixedinstances-example-com-egress-al
type = "egress"
}
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-masters-mixedinstances-example-com-ingress-all-0to0-masters-mixedinstances-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -803,7 +821,7 @@ resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-a
type = "ingress"
}
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-masters-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
@ -812,7 +830,7 @@ resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-a
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -821,7 +839,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-egress-all-
type = "egress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
@ -830,7 +848,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-all
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-1to2379-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-tcp-1to2379-masters-mixedinstances-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -839,7 +857,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-2382to4000-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-tcp-2382to4000-masters-mixedinstances-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -848,7 +866,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-4003to65535-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-tcp-4003to65535-masters-mixedinstances-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -857,7 +875,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-udp-1to65535-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-udp-1to65535-masters-mixedinstances-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -866,24 +884,6 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-udp
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-mixedinstances-example-com" {
description = "Security group for masters"
name = "masters.mixedinstances.example.com"

68
tests/integration/update_cluster/mixed_instances_spot/cloudformation.json
View File

@ -903,7 +903,7 @@
]
}
},
"AWSEC2SecurityGroupEgressmastersmixedinstancesexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrommastersmixedinstancesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -915,7 +915,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesmixedinstancesexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesmixedinstancesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -927,7 +927,31 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -939,7 +963,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -953,7 +977,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfrommastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -967,7 +991,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -981,7 +1005,7 @@
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -995,7 +1019,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -1009,7 +1033,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -1023,7 +1047,7 @@
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -1037,30 +1061,6 @@
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

56
tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf
View File

@ -776,7 +776,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.mixedinstances-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-mixedinstances-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-mixedinstances-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-mixedinstances-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -785,7 +803,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -794,7 +812,7 @@ resource "aws_security_group_rule" "masters-mixedinstances-example-com-egress-al
type = "egress"
}
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-masters-mixedinstances-example-com-ingress-all-0to0-masters-mixedinstances-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -803,7 +821,7 @@ resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-a
type = "ingress"
}
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-masters-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
@ -812,7 +830,7 @@ resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-a
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -821,7 +839,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-egress-all-
type = "egress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
@ -830,7 +848,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-all
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-1to2379-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-tcp-1to2379-masters-mixedinstances-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -839,7 +857,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-2382to4000-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-tcp-2382to4000-masters-mixedinstances-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -848,7 +866,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-4003to65535-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-tcp-4003to65535-masters-mixedinstances-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -857,7 +875,7 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp
type = "ingress"
}
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-udp-1to65535-masters-mixedinstances-example-com" {
resource "aws_security_group_rule" "from-nodes-mixedinstances-example-com-ingress-udp-1to65535-masters-mixedinstances-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
@ -866,24 +884,6 @@ resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-udp
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-mixedinstances-example-com" {
description = "Security group for masters"
name = "masters.mixedinstances.example.com"

322
tests/integration/update_cluster/private-shared-ip/cloudformation.json
View File

@ -684,7 +684,7 @@
}
}
},
"AWSEC2SecurityGroupEgressapielbegress": {
"AWSEC2SecurityGroupEgressfromapielbprivatesharedipexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -696,19 +696,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionelbegress": {
"AWSEC2SecurityGroupEgressfrombastionelbprivatesharedipexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -720,7 +708,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressmastersprivatesharedipexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrombastionprivatesharedipexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressfrommastersprivatesharedipexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -732,7 +732,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesprivatesharedipexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesprivatesharedipexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -744,35 +744,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22bastionelbprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
"Ref": "AWSEC2SecurityGroupbastionelbprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontonodessh": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443apielbprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -784,6 +768,146 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrombastionelbprivatesharedipexamplecomingresstcp22to22bastionprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivatesharedipexamplecomingresstcp22to22mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivatesharedipexamplecomingresstcp22to22nodesprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivatesharedipexamplecomingressall0to0mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivatesharedipexamplecomingressall0to0nodesprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatesharedipexamplecomingressall0to0nodesprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatesharedipexamplecomingresstcp1to2379mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatesharedipexamplecomingresstcp2382to4000mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatesharedipexamplecomingresstcp4003to65535mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatesharedipexamplecomingressudp1to65535mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -810,130 +934,6 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersprivatesharedipexamplecomingressall0to0mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersprivatesharedipexamplecomingressall0to0nodesprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivatesharedipexamplecomingressall0to0nodesprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivatesharedipexamplecomingresstcp1to2379mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivatesharedipexamplecomingresstcp2382to4000mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivatesharedipexamplecomingresstcp4003to65535mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivatesharedipexamplecomingressudp1to65535mastersprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatesharedipexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshelbtobastion": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatesharedipexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltobastionelb00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatesharedipexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupapielbprivatesharedipexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

236
tests/integration/update_cluster/private-shared-ip/kubernetes.tf
View File

@ -675,7 +675,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-private-shared-ip-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-private-shared-ip-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-private-shared-ip-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-private-shared-ip-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -684,16 +702,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -702,7 +711,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-private-shared-ip-example-com-ingress-tcp-22to22-bastion-private-shared-ip-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-ingress-tcp-22to22-masters-private-shared-ip-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
@ -711,7 +738,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-private-shared-ip-example-com-ingress-tcp-22to22-nodes-private-shared-ip-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
@ -720,13 +747,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-private-shared-ip-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-private-shared-ip-example-com-ingress-all-0to0-masters-private-shared-ip-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-private-shared-ip-example-com-ingress-all-0to0-nodes-private-shared-ip-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-ip-example-com-ingress-all-0to0-nodes-private-shared-ip-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-ip-example-com-ingress-tcp-1to2379-masters-private-shared-ip-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-ip-example-com-ingress-tcp-2382to4000-masters-private-shared-ip-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-ip-example-com-ingress-tcp-4003to65535-masters-private-shared-ip-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-ip-example-com-ingress-udp-1to65535-masters-private-shared-ip-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -747,105 +846,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-private-shared-ip-example-com-ingress-all-0to0-masters-private-shared-ip-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-private-shared-ip-example-com-ingress-all-0to0-nodes-private-shared-ip-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-ip-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-private-shared-ip-example-com-ingress-all-0to0-nodes-private-shared-ip-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-ip-example-com-ingress-tcp-1to2379-masters-private-shared-ip-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-ip-example-com-ingress-tcp-2382to4000-masters-private-shared-ip-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-ip-example-com-ingress-tcp-4003to65535-masters-private-shared-ip-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-ip-example-com-ingress-udp-1to65535-masters-private-shared-ip-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-ip-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-ip-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-private-shared-ip-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-private-shared-ip-example-com" {
description = "Security group for api ELB"
name = "api-elb.private-shared-ip.example.com"

236
tests/integration/update_cluster/private-shared-subnet/kubernetes.tf
View File

@ -618,7 +618,25 @@ resource "aws_route53_record" "api-private-shared-subnet-example-com" {
zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-private-shared-subnet-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-private-shared-subnet-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-private-shared-subnet-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -627,16 +645,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -645,7 +654,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-private-shared-subnet-example-com-ingress-tcp-22to22-bastion-private-shared-subnet-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-com-ingress-tcp-22to22-masters-private-shared-subnet-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
@ -654,7 +681,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-private-shared-subnet-example-com-ingress-tcp-22to22-nodes-private-shared-subnet-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
@ -663,13 +690,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-private-shared-subnet-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-private-shared-subnet-example-com-ingress-all-0to0-masters-private-shared-subnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-private-shared-subnet-example-com-ingress-all-0to0-nodes-private-shared-subnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-subnet-example-com-ingress-all-0to0-nodes-private-shared-subnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-subnet-example-com-ingress-tcp-1to2379-masters-private-shared-subnet-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-subnet-example-com-ingress-tcp-2382to4000-masters-private-shared-subnet-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-subnet-example-com-ingress-tcp-4003to65535-masters-private-shared-subnet-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-private-shared-subnet-example-com-ingress-udp-1to65535-masters-private-shared-subnet-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -690,105 +789,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-private-shared-subnet-example-com-ingress-all-0to0-masters-private-shared-subnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-private-shared-subnet-example-com-ingress-all-0to0-nodes-private-shared-subnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-all-0to0-nodes-private-shared-subnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-tcp-1to2379-masters-private-shared-subnet-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-tcp-2382to4000-masters-private-shared-subnet-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-tcp-4003to65535-masters-private-shared-subnet-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-udp-1to65535-masters-private-shared-subnet-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-private-shared-subnet-example-com.id
source_security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-private-shared-subnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-private-shared-subnet-example-com" {
description = "Security group for api ELB"
name = "api-elb.private-shared-subnet.example.com"

350
tests/integration/update_cluster/privatecalico/cloudformation.json
View File

@ -757,7 +757,7 @@
}
}
},
"AWSEC2SecurityGroupEgressapielbegress": {
"AWSEC2SecurityGroupEgressfromapielbprivatecalicoexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -769,19 +769,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionelbegress": {
"AWSEC2SecurityGroupEgressfrombastionelbprivatecalicoexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -793,7 +781,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressmastersprivatecalicoexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrombastionprivatecalicoexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressfrommastersprivatecalicoexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -805,7 +805,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesprivatecalicoexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesprivatecalicoexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -817,35 +817,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22bastionelbprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
"Ref": "AWSEC2SecurityGroupbastionelbprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontonodessh": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443apielbprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -857,6 +841,160 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrombastionelbprivatecalicoexamplecomingresstcp22to22bastionprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivatecalicoexamplecomingresstcp22to22mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivatecalicoexamplecomingresstcp22to22nodesprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivatecalicoexamplecomingressall0to0mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivatecalicoexamplecomingressall0to0nodesprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatecalicoexamplecomingress40to0mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 65535,
"IpProtocol": "4"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatecalicoexamplecomingressall0to0nodesprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatecalicoexamplecomingresstcp1to2379mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatecalicoexamplecomingresstcp2382to4000mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatecalicoexamplecomingresstcp4003to65535mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivatecalicoexamplecomingressudp1to65535mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -883,144 +1021,6 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersprivatecalicoexamplecomingressall0to0mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersprivatecalicoexamplecomingressall0to0nodesprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingress40to0mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 65535,
"IpProtocol": "4"
}
},
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingressall0to0nodesprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingresstcp1to2379mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingresstcp2382to4000mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingresstcp4003to65535mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingressudp1to65535mastersprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshelbtobastion": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivatecalicoexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltobastionelb00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivatecalicoexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupapielbprivatecalicoexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

254
tests/integration/update_cluster/privatecalico/kubernetes.tf
View File

@ -698,7 +698,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privatecalico-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecalico-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatecalico-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecalico-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -707,16 +725,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -725,7 +734,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatecalico-example-com-ingress-tcp-22to22-bastion-privatecalico-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-ingress-tcp-22to22-masters-privatecalico-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
@ -734,7 +761,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatecalico-example-com-ingress-tcp-22to22-nodes-privatecalico-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
@ -743,13 +770,94 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecalico-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatecalico-example-com-ingress-all-0to0-masters-privatecalico-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-4-0to0-masters-privatecalico-example-com" {
from_port = 0
protocol = "4"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-tcp-1to2379-masters-privatecalico-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-tcp-2382to4000-masters-privatecalico-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-tcp-4003to65535-masters-privatecalico-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecalico-example-com-ingress-udp-1to65535-masters-privatecalico-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -770,114 +878,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatecalico-example-com-ingress-all-0to0-masters-privatecalico-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-4-0to0-masters-privatecalico-example-com" {
from_port = 0
protocol = "4"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-tcp-1to2379-masters-privatecalico-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-tcp-2382to4000-masters-privatecalico-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-tcp-4003to65535-masters-privatecalico-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-udp-1to65535-masters-privatecalico-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecalico-example-com.id
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecalico-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatecalico-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatecalico.example.com"

236
tests/integration/update_cluster/privatecanal/kubernetes.tf
View File

@ -698,7 +698,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privatecanal-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecanal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatecanal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecanal-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -707,16 +725,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -725,7 +734,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatecanal-example-com-ingress-tcp-22to22-bastion-privatecanal-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-ingress-tcp-22to22-masters-privatecanal-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
@ -734,7 +761,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatecanal-example-com-ingress-tcp-22to22-nodes-privatecanal-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
@ -743,13 +770,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecanal-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatecanal-example-com-ingress-all-0to0-masters-privatecanal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatecanal-example-com-ingress-all-0to0-nodes-privatecanal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatecanal-example-com-ingress-all-0to0-nodes-privatecanal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecanal-example-com-ingress-tcp-1to2379-masters-privatecanal-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecanal-example-com-ingress-tcp-2382to4000-masters-privatecanal-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecanal-example-com-ingress-tcp-4003to65535-masters-privatecanal-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecanal-example-com-ingress-udp-1to65535-masters-privatecanal-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -770,105 +869,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatecanal-example-com-ingress-all-0to0-masters-privatecanal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecanal-example-com-ingress-all-0to0-nodes-privatecanal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-all-0to0-nodes-privatecanal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-tcp-1to2379-masters-privatecanal-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-tcp-2382to4000-masters-privatecanal-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-tcp-4003to65535-masters-privatecanal-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-udp-1to65535-masters-privatecanal-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecanal-example-com.id
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecanal-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecanal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatecanal-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatecanal.example.com"

322
tests/integration/update_cluster/privatecilium/cloudformation.json
View File

@ -757,7 +757,7 @@
}
}
},
"AWSEC2SecurityGroupEgressapielbegress": {
"AWSEC2SecurityGroupEgressfromapielbprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -769,19 +769,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionelbegress": {
"AWSEC2SecurityGroupEgressfrombastionelbprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -793,7 +781,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressmastersprivateciliumexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrombastionprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressfrommastersprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -805,7 +805,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesprivateciliumexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -817,35 +817,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22bastionelbprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontonodessh": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443apielbprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -857,6 +841,146 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrombastionelbprivateciliumexamplecomingresstcp22to22bastionprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivateciliumexamplecomingresstcp22to22mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivateciliumexamplecomingresstcp22to22nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivateciliumexamplecomingressall0to0mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingresstcp1to2379mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingresstcp2382to4000mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingresstcp4003to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingressudp1to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -883,130 +1007,6 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp1to2379mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp2382to4000mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp4003to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressudp1to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshelbtobastion": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltobastionelb00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupapielbprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

236
tests/integration/update_cluster/privatecilium/kubernetes.tf
View File

@ -698,7 +698,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privatecilium-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -707,16 +725,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -725,7 +734,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-tcp-22to22-bastion-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-masters-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
@ -734,7 +761,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-nodes-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
@ -743,13 +770,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatecilium-example-com-ingress-all-0to0-masters-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-2382to4000-masters-privatecilium-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-4003to65535-masters-privatecilium-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-udp-1to65535-masters-privatecilium-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -770,105 +869,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-masters-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-2382to4000-masters-privatecilium-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-4003to65535-masters-privatecilium-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-udp-1to65535-masters-privatecilium-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatecilium-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatecilium.example.com"

322
tests/integration/update_cluster/privatecilium2/cloudformation.json
View File

@ -757,7 +757,7 @@
}
}
},
"AWSEC2SecurityGroupEgressapielbegress": {
"AWSEC2SecurityGroupEgressfromapielbprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -769,19 +769,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionelbegress": {
"AWSEC2SecurityGroupEgressfrombastionelbprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -793,7 +781,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressmastersprivateciliumexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrombastionprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressfrommastersprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -805,7 +805,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesprivateciliumexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesprivateciliumexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -817,35 +817,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22bastionelbprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontonodessh": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443apielbprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -857,6 +841,146 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrombastionelbprivateciliumexamplecomingresstcp22to22bastionprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivateciliumexamplecomingresstcp22to22mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivateciliumexamplecomingresstcp22to22nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivateciliumexamplecomingressall0to0mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingresstcp1to2379mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingresstcp2382to4000mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingresstcp4003to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumexamplecomingressudp1to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -883,130 +1007,6 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp1to2379mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp2382to4000mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp4003to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressudp1to65535mastersprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshelbtobastion": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltobastionelb00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupapielbprivateciliumexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

236
tests/integration/update_cluster/privatecilium2/kubernetes.tf
View File

@ -698,7 +698,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privatecilium-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatecilium-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -707,16 +725,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -725,7 +734,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatecilium-example-com-ingress-tcp-22to22-bastion-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-masters-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
@ -734,7 +761,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatecilium-example-com-ingress-tcp-22to22-nodes-privatecilium-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
@ -743,13 +770,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatecilium-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatecilium-example-com-ingress-all-0to0-masters-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-2382to4000-masters-privatecilium-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-tcp-4003to65535-masters-privatecilium-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatecilium-example-com-ingress-udp-1to65535-masters-privatecilium-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -770,105 +869,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-masters-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-2382to4000-masters-privatecilium-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-4003to65535-masters-privatecilium-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-udp-1to65535-masters-privatecilium-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatecilium-example-com.id
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatecilium-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatecilium-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatecilium-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatecilium.example.com"

322
tests/integration/update_cluster/privateciliumadvanced/cloudformation.json
View File

@ -757,7 +757,7 @@
}
}
},
"AWSEC2SecurityGroupEgressapielbegress": {
"AWSEC2SecurityGroupEgressfromapielbprivateciliumadvancedexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -769,19 +769,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressbastionelbegress": {
"AWSEC2SecurityGroupEgressfrombastionelbprivateciliumadvancedexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -793,7 +781,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressmastersprivateciliumadvancedexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfrombastionprivateciliumadvancedexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressfrommastersprivateciliumadvancedexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -805,7 +805,7 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodesprivateciliumadvancedexamplecomegressall0to000000": {
"AWSEC2SecurityGroupEgressfromnodesprivateciliumadvancedexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
@ -817,35 +817,19 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22bastionelbprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressbastiontonodessh": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb00000": {
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443apielbprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
@ -857,6 +841,146 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrombastionelbprivateciliumadvancedexamplecomingresstcp22to22bastionprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivateciliumadvancedexamplecomingresstcp22to22mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrombastionprivateciliumadvancedexamplecomingresstcp22to22nodesprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivateciliumadvancedexamplecomingressall0to0mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommastersprivateciliumadvancedexamplecomingressall0to0nodesprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumadvancedexamplecomingressall0to0nodesprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumadvancedexamplecomingresstcp1to2379mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumadvancedexamplecomingresstcp2383to4000mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 2383,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumadvancedexamplecomingresstcp4003to65535mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesprivateciliumadvancedexamplecomingressudp1to65535mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
@ -883,130 +1007,6 @@
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmastersprivateciliumadvancedexamplecomingressall0to0mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmastersprivateciliumadvancedexamplecomingressall0to0nodesprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingressall0to0nodesprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingresstcp1to2379mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingresstcp2383to4000mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 2383,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingresstcp4003to65535mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingressudp1to65535mastersprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshelbtobastion": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionprivateciliumadvancedexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltobastionelb00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupbastionelbprivateciliumadvancedexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupapielbprivateciliumadvancedexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {

236
tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf
View File

@ -712,7 +712,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privateciliumadvanced-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privateciliumadvanced-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privateciliumadvanced-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privateciliumadvanced-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -721,16 +739,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -739,7 +748,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privateciliumadvanced-example-com-ingress-tcp-22to22-bastion-privateciliumadvanced-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-com-ingress-tcp-22to22-masters-privateciliumadvanced-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
@ -748,7 +775,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privateciliumadvanced-example-com-ingress-tcp-22to22-nodes-privateciliumadvanced-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
@ -757,13 +784,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privateciliumadvanced-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privateciliumadvanced-example-com-ingress-all-0to0-masters-privateciliumadvanced-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privateciliumadvanced-example-com-ingress-all-0to0-nodes-privateciliumadvanced-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-all-0to0-nodes-privateciliumadvanced-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-tcp-1to2379-masters-privateciliumadvanced-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-tcp-2383to4000-masters-privateciliumadvanced-example-com" {
from_port = 2383
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-tcp-4003to65535-masters-privateciliumadvanced-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateciliumadvanced-example-com-ingress-udp-1to65535-masters-privateciliumadvanced-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -784,105 +883,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privateciliumadvanced-example-com-ingress-all-0to0-masters-privateciliumadvanced-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privateciliumadvanced-example-com-ingress-all-0to0-nodes-privateciliumadvanced-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-all-0to0-nodes-privateciliumadvanced-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-tcp-1to2379-masters-privateciliumadvanced-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-tcp-2383to4000-masters-privateciliumadvanced-example-com" {
from_port = 2383
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-tcp-4003to65535-masters-privateciliumadvanced-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-udp-1to65535-masters-privateciliumadvanced-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateciliumadvanced-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privateciliumadvanced-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privateciliumadvanced-example-com" {
description = "Security group for api ELB"
name = "api-elb.privateciliumadvanced.example.com"

236
tests/integration/update_cluster/privatedns1/kubernetes.tf
View File

@ -777,7 +777,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privatedns1-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatedns1-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatedns1-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatedns1-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -786,16 +804,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -804,7 +813,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatedns1-example-com-ingress-tcp-22to22-bastion-privatedns1-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-ingress-tcp-22to22-masters-privatedns1-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
@ -813,7 +840,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatedns1-example-com-ingress-tcp-22to22-nodes-privatedns1-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
@ -822,13 +849,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatedns1-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatedns1-example-com-ingress-all-0to0-masters-privatedns1-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatedns1-example-com-ingress-all-0to0-nodes-privatedns1-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatedns1-example-com-ingress-all-0to0-nodes-privatedns1-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns1-example-com-ingress-tcp-1to2379-masters-privatedns1-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns1-example-com-ingress-tcp-2382to4000-masters-privatedns1-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns1-example-com-ingress-tcp-4003to65535-masters-privatedns1-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns1-example-com-ingress-udp-1to65535-masters-privatedns1-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -849,105 +948,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatedns1-example-com-ingress-all-0to0-masters-privatedns1-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatedns1-example-com-ingress-all-0to0-nodes-privatedns1-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-all-0to0-nodes-privatedns1-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-tcp-1to2379-masters-privatedns1-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-tcp-2382to4000-masters-privatedns1-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-tcp-4003to65535-masters-privatedns1-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-udp-1to65535-masters-privatedns1-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatedns1-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns1-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatedns1-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatedns1-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatedns1.example.com"

236
tests/integration/update_cluster/privatedns2/kubernetes.tf
View File

@ -684,7 +684,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privatedns2-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatedns2-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatedns2-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatedns2-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -693,16 +711,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -711,7 +720,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatedns2-example-com-ingress-tcp-22to22-bastion-privatedns2-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-ingress-tcp-22to22-masters-privatedns2-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
@ -720,7 +747,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatedns2-example-com-ingress-tcp-22to22-nodes-privatedns2-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
@ -729,13 +756,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatedns2-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatedns2-example-com-ingress-all-0to0-masters-privatedns2-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatedns2-example-com-ingress-all-0to0-nodes-privatedns2-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatedns2-example-com-ingress-all-0to0-nodes-privatedns2-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns2-example-com-ingress-tcp-1to2379-masters-privatedns2-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns2-example-com-ingress-tcp-2382to4000-masters-privatedns2-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns2-example-com-ingress-tcp-4003to65535-masters-privatedns2-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatedns2-example-com-ingress-udp-1to65535-masters-privatedns2-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -756,105 +855,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatedns2-example-com-ingress-all-0to0-masters-privatedns2-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatedns2-example-com-ingress-all-0to0-nodes-privatedns2-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-all-0to0-nodes-privatedns2-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-tcp-1to2379-masters-privatedns2-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-tcp-2382to4000-masters-privatedns2-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-tcp-4003to65535-masters-privatedns2-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-udp-1to65535-masters-privatedns2-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatedns2-example-com.id
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatedns2-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatedns2-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatedns2-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatedns2.example.com"

236
tests/integration/update_cluster/privateflannel/kubernetes.tf
View File

@ -698,7 +698,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privateflannel-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privateflannel-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privateflannel-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privateflannel-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -707,16 +725,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -725,7 +734,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privateflannel-example-com-ingress-tcp-22to22-bastion-privateflannel-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-ingress-tcp-22to22-masters-privateflannel-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
@ -734,7 +761,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privateflannel-example-com-ingress-tcp-22to22-nodes-privateflannel-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
@ -743,13 +770,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privateflannel-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privateflannel-example-com-ingress-all-0to0-masters-privateflannel-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privateflannel-example-com-ingress-all-0to0-nodes-privateflannel-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privateflannel-example-com-ingress-all-0to0-nodes-privateflannel-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateflannel-example-com-ingress-tcp-1to2379-masters-privateflannel-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateflannel-example-com-ingress-tcp-2382to4000-masters-privateflannel-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateflannel-example-com-ingress-tcp-4003to65535-masters-privateflannel-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateflannel-example-com-ingress-udp-1to65535-masters-privateflannel-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -770,105 +869,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privateflannel-example-com-ingress-all-0to0-masters-privateflannel-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privateflannel-example-com-ingress-all-0to0-nodes-privateflannel-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-all-0to0-nodes-privateflannel-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-tcp-1to2379-masters-privateflannel-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-tcp-2382to4000-masters-privateflannel-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-tcp-4003to65535-masters-privateflannel-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-udp-1to65535-masters-privateflannel-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privateflannel-example-com.id
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateflannel-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privateflannel-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privateflannel-example-com" {
description = "Security group for api ELB"
name = "api-elb.privateflannel.example.com"

236
tests/integration/update_cluster/privatekopeio/kubernetes.tf
View File

@ -720,7 +720,25 @@ resource "aws_route" "route-private-us-test-1b-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1b-privatekopeio-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privatekopeio-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privatekopeio-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatekopeio-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -729,16 +747,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -747,7 +756,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privatekopeio-example-com-ingress-tcp-22to22-bastion-privatekopeio-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-ingress-tcp-22to22-masters-privatekopeio-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
@ -756,7 +783,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privatekopeio-example-com-ingress-tcp-22to22-nodes-privatekopeio-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
@ -765,13 +792,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privatekopeio-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privatekopeio-example-com-ingress-all-0to0-masters-privatekopeio-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privatekopeio-example-com-ingress-all-0to0-nodes-privatekopeio-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privatekopeio-example-com-ingress-all-0to0-nodes-privatekopeio-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatekopeio-example-com-ingress-tcp-1to2379-masters-privatekopeio-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatekopeio-example-com-ingress-tcp-2382to4000-masters-privatekopeio-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatekopeio-example-com-ingress-tcp-4003to65535-masters-privatekopeio-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privatekopeio-example-com-ingress-udp-1to65535-masters-privatekopeio-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -792,105 +891,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privatekopeio-example-com-ingress-all-0to0-masters-privatekopeio-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privatekopeio-example-com-ingress-all-0to0-nodes-privatekopeio-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-all-0to0-nodes-privatekopeio-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-tcp-1to2379-masters-privatekopeio-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-tcp-2382to4000-masters-privatekopeio-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-tcp-4003to65535-masters-privatekopeio-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-udp-1to65535-masters-privatekopeio-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privatekopeio-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privatekopeio-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privatekopeio-example-com" {
description = "Security group for api ELB"
name = "api-elb.privatekopeio.example.com"

236
tests/integration/update_cluster/privateweave/kubernetes.tf
View File

@ -698,7 +698,25 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
route_table_id = aws_route_table.private-us-test-1a-privateweave-example-com.id
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-privateweave-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privateweave-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-privateweave-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privateweave-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -707,16 +725,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privateweave-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -725,7 +734,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-privateweave-example-com-ingress-tcp-22to22-bastion-privateweave-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateweave-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateweave-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-privateweave-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-privateweave-example-com-ingress-tcp-22to22-masters-privateweave-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
@ -734,7 +761,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-privateweave-example-com-ingress-tcp-22to22-nodes-privateweave-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
@ -743,13 +770,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-privateweave-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateweave-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-privateweave-example-com-ingress-all-0to0-masters-privateweave-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-privateweave-example-com-ingress-all-0to0-nodes-privateweave-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-privateweave-example-com-ingress-all-0to0-nodes-privateweave-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateweave-example-com-ingress-tcp-1to2379-masters-privateweave-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateweave-example-com-ingress-tcp-2382to4000-masters-privateweave-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateweave-example-com-ingress-tcp-4003to65535-masters-privateweave-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-privateweave-example-com-ingress-udp-1to65535-masters-privateweave-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -770,105 +869,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateweave-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-privateweave-example-com-ingress-all-0to0-masters-privateweave-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-privateweave-example-com-ingress-all-0to0-nodes-privateweave-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-all-0to0-nodes-privateweave-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-tcp-1to2379-masters-privateweave-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-tcp-2382to4000-masters-privateweave-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-tcp-4003to65535-masters-privateweave-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-udp-1to65535-masters-privateweave-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-privateweave-example-com.id
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-privateweave-example-com.id
source_security_group_id = aws_security_group.bastion-elb-privateweave-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-privateweave-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-privateweave-example-com" {
description = "Security group for api ELB"
name = "api-elb.privateweave.example.com"

56
tests/integration/update_cluster/public-jwks/kubernetes.tf
View File

@ -462,7 +462,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.minimal-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -471,7 +489,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -480,7 +498,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-
type = "egress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -489,7 +507,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-minimal-example-com.id
@ -498,7 +516,7 @@ resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -507,7 +525,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-
type = "egress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-minimal-example-com.id
@ -516,7 +534,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-n
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -525,7 +543,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to237
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -534,7 +552,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -543,7 +561,7 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to
type = "ingress"
}
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-minimal-example-com.id
@ -552,24 +570,6 @@ resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to655
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-minimal-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-minimal-example-com" {
description = "Security group for masters"
name = "masters.minimal.example.com"

56
tests/integration/update_cluster/shared_subnet/kubernetes.tf
View File

@ -395,7 +395,25 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" {
user_data = filebase64("${path.module}/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data")
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-sharedsubnet-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-sharedsubnet-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-sharedsubnet-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -404,7 +422,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-sharedsubnet-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-sharedsubnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -413,7 +431,7 @@ resource "aws_security_group_rule" "masters-sharedsubnet-example-com-egress-all-
type = "egress"
}
resource "aws_security_group_rule" "masters-sharedsubnet-example-com-ingress-all-0to0-masters-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-masters-sharedsubnet-example-com-ingress-all-0to0-masters-sharedsubnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
@ -422,7 +440,7 @@ resource "aws_security_group_rule" "masters-sharedsubnet-example-com-ingress-all
type = "ingress"
}
resource "aws_security_group_rule" "masters-sharedsubnet-example-com-ingress-all-0to0-nodes-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-masters-sharedsubnet-example-com-ingress-all-0to0-nodes-sharedsubnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
@ -431,7 +449,7 @@ resource "aws_security_group_rule" "masters-sharedsubnet-example-com-ingress-all
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-sharedsubnet-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -440,7 +458,7 @@ resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-egress-all-0t
type = "egress"
}
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-all-0to0-nodes-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedsubnet-example-com-ingress-all-0to0-nodes-sharedsubnet-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
@ -449,7 +467,7 @@ resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-all-0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-1to2379-masters-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedsubnet-example-com-ingress-tcp-1to2379-masters-sharedsubnet-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
@ -458,7 +476,7 @@ resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-1
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-2382to4000-masters-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedsubnet-example-com-ingress-tcp-2382to4000-masters-sharedsubnet-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
@ -467,7 +485,7 @@ resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-2
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-4003to65535-masters-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedsubnet-example-com-ingress-tcp-4003to65535-masters-sharedsubnet-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
@ -476,7 +494,7 @@ resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-4
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-udp-1to65535-masters-sharedsubnet-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedsubnet-example-com-ingress-udp-1to65535-masters-sharedsubnet-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
@ -485,24 +503,6 @@ resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-udp-1
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-sharedsubnet-example-com" {
description = "Security group for masters"
name = "masters.sharedsubnet.example.com"

56
tests/integration/update_cluster/shared_vpc/kubernetes.tf
View File

@ -416,7 +416,25 @@ resource "aws_route" "route-0-0-0-0--0" {
route_table_id = aws_route_table.sharedvpc-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-sharedvpc-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-sharedvpc-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-sharedvpc-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
@ -425,7 +443,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-sharedvpc-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-sharedvpc-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -434,7 +452,7 @@ resource "aws_security_group_rule" "masters-sharedvpc-example-com-egress-all-0to
type = "egress"
}
resource "aws_security_group_rule" "masters-sharedvpc-example-com-ingress-all-0to0-masters-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-masters-sharedvpc-example-com-ingress-all-0to0-masters-sharedvpc-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
@ -443,7 +461,7 @@ resource "aws_security_group_rule" "masters-sharedvpc-example-com-ingress-all-0t
type = "ingress"
}
resource "aws_security_group_rule" "masters-sharedvpc-example-com-ingress-all-0to0-nodes-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-masters-sharedvpc-example-com-ingress-all-0to0-nodes-sharedvpc-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
@ -452,7 +470,7 @@ resource "aws_security_group_rule" "masters-sharedvpc-example-com-ingress-all-0t
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-egress-all-0to0-0-0-0-0--0" {
resource "aws_security_group_rule" "from-nodes-sharedvpc-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -461,7 +479,7 @@ resource "aws_security_group_rule" "nodes-sharedvpc-example-com-egress-all-0to0-
type = "egress"
}
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-all-0to0-nodes-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedvpc-example-com-ingress-all-0to0-nodes-sharedvpc-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
@ -470,7 +488,7 @@ resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-all-0to0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-1to2379-masters-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedvpc-example-com-ingress-tcp-1to2379-masters-sharedvpc-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
@ -479,7 +497,7 @@ resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-1to2
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-2382to4000-masters-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedvpc-example-com-ingress-tcp-2382to4000-masters-sharedvpc-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
@ -488,7 +506,7 @@ resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-2382
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-4003to65535-masters-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedvpc-example-com-ingress-tcp-4003to65535-masters-sharedvpc-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
@ -497,7 +515,7 @@ resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-4003
type = "ingress"
}
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-udp-1to65535-masters-sharedvpc-example-com" {
resource "aws_security_group_rule" "from-nodes-sharedvpc-example-com-ingress-udp-1to65535-masters-sharedvpc-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
@ -506,24 +524,6 @@ resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-udp-1to6
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-sharedvpc-example-com" {
description = "Security group for masters"
name = "masters.sharedvpc.example.com"

236
tests/integration/update_cluster/unmanaged/kubernetes.tf
View File

@ -623,7 +623,25 @@ resource "aws_route53_record" "api-unmanaged-example-com" {
zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
}
resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-bastion-elb-unmanaged-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb-unmanaged-example-com" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-unmanaged-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "from-api-elb-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -632,16 +650,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-egress" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "from-bastion-elb-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
@ -650,7 +659,25 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
}
resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "from-bastion-elb-unmanaged-example-com-ingress-tcp-22to22-bastion-unmanaged-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
source_security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-ingress-tcp-22to22-masters-unmanaged-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
@ -659,7 +686,7 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "from-bastion-unmanaged-example-com-ingress-tcp-22to22-nodes-unmanaged-example-com" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
@ -668,13 +695,85 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
}
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "from-masters-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.api-elb-unmanaged-example-com.id
to_port = 443
type = "ingress"
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-masters-unmanaged-example-com-ingress-all-0to0-masters-unmanaged-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-masters-unmanaged-example-com-ingress-all-0to0-nodes-unmanaged-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "from-nodes-unmanaged-example-com-ingress-all-0to0-nodes-unmanaged-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-unmanaged-example-com-ingress-tcp-1to2379-masters-unmanaged-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-unmanaged-example-com-ingress-tcp-2382to4000-masters-unmanaged-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-unmanaged-example-com-ingress-tcp-4003to65535-masters-unmanaged-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "from-nodes-unmanaged-example-com-ingress-udp-1to65535-masters-unmanaged-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "https-elb-to-master" {
@ -695,105 +794,6 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
type = "ingress"
}
resource "aws_security_group_rule" "masters-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-unmanaged-example-com-ingress-all-0to0-masters-unmanaged-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-unmanaged-example-com-ingress-all-0to0-nodes-unmanaged-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-all-0to0-nodes-unmanaged-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-tcp-1to2379-masters-unmanaged-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-tcp-2382to4000-masters-unmanaged-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-tcp-4003to65535-masters-unmanaged-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-udp-1to65535-masters-unmanaged-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-unmanaged-example-com.id
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-unmanaged-example-com.id
source_security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.bastion-elb-unmanaged-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "api-elb-unmanaged-example-com" {
description = "Security group for api ELB"
name = "api-elb.unmanaged.example.com"