github.com/SUSE/skuba@v1.4.17/ci/infra/aws/security-groups-master.tf

github.com/SUSE/skuba@v1.4.17/ci/infra/aws/security-groups-master.tf (about)

     1  resource "aws_security_group" "master" {
     2    description = "security rules for master nodes"
     3    name        = "${var.stack_name}-master"
     4    vpc_id      = aws_vpc.platform.id
     5  
     6    tags = merge(
     7      local.basic_tags,
     8      {
     9        "Name"  = "${var.stack_name}-master"
    10        "Class" = "SecurityGroup"
    11      },
    12    )
    13  
    14    # etcd - internal
    15    ingress {
    16      from_port   = 2379
    17      to_port     = 2380
    18      protocol    = "tcp"
    19      cidr_blocks = [var.vpc_cidr_block]
    20      description = "etcd"
    21    }
    22  
    23    # api-server - everywhere
    24    ingress {
    25      from_port   = 6443
    26      to_port     = 6443
    27      protocol    = "tcp"
    28      cidr_blocks = ["0.0.0.0/0"]
    29      description = "kubernetes api-server"
    30    }
    31  }
    32