github.com/SUSE/skuba@v1.4.17/ci/infra/aws/security-groups-worker.tf

github.com/SUSE/skuba@v1.4.17/ci/infra/aws/security-groups-worker.tf (about)

     1  # This security group is deliberately left empty,
     2  # it's applied only to worker nodes.
     3  #
     4  # This security group is the only one with the
     5  # `kubernetes.io/cluster/<cluster name>` tag, that makes it discoverable by the
     6  # AWS CPI controller.
     7  # As a result of that, this is going to be the security group the CPI will
     8  # alter to add the rules needed to access the worker nodes from the AWS
     9  # resources dynamically provisioned by the CPI (eg: load balancers).
    10  resource "aws_security_group" "worker" {
    11    description = "security group rules for worker node"
    12    name        = "${var.stack_name}-worker"
    13    vpc_id      = aws_vpc.platform.id
    14  
    15    tags = merge(
    16      local.tags,
    17      {
    18        "Name"  = "${var.stack_name}-worker"
    19        "Class" = "SecurityGroup"
    20      },
    21    )
    22  }
    23