github.com/SUSE/skuba@v1.4.17/ci/infra/aws/security-groups-load-balancer.tf

github.com/SUSE/skuba@v1.4.17/ci/infra/aws/security-groups-load-balancer.tf (about)

     1  # A security group for the ELB so it is accessible via the web
     2  resource "aws_security_group" "elb" {
     3    name        = "${var.stack_name}-elb"
     4    description = "give access to kube api server"
     5    vpc_id      = aws_vpc.platform.id
     6  
     7    tags = merge(
     8      local.basic_tags,
     9      {
    10        "Name"  = "${var.stack_name}-elb"
    11        "Class" = "SecurityGroup"
    12      },
    13    )
    14  
    15    # HTTP access from anywhere
    16    ingress {
    17      from_port   = 80
    18      to_port     = 80
    19      protocol    = "tcp"
    20      cidr_blocks = ["0.0.0.0/0"]
    21    }
    22  
    23    # HTTPS access from anywhere
    24    ingress {
    25      from_port   = 443
    26      to_port     = 443
    27      protocol    = "tcp"
    28      cidr_blocks = ["0.0.0.0/0"]
    29    }
    30  
    31    ingress {
    32      from_port   = 6443
    33      to_port     = 6443
    34      protocol    = "tcp"
    35      cidr_blocks = ["0.0.0.0/0"]
    36      description = "kubernetes API server"
    37    }
    38  
    39    # Allow access to dex (32000) and gangway (32001)
    40    ingress {
    41      from_port   = 32000
    42      to_port     = 32001
    43      protocol    = "tcp"
    44      cidr_blocks = ["0.0.0.0/0"]
    45      description = "dex and gangway"
    46    }
    47  }
    48