74 lines
1.8 KiB
HCL
74 lines
1.8 KiB
HCL
resource "aws_security_group" "dskdemo-allow-security" {
|
|
name = "dskdemo-allow-security-new"
|
|
description = "Allow inbound traffic"
|
|
vpc_id = var.VPC_ID
|
|
|
|
ingress {
|
|
description = "SSH"
|
|
from_port = 22
|
|
to_port = 22
|
|
protocol = "tcp"
|
|
cidr_blocks = ["118.223.123.161/32"]
|
|
}
|
|
ingress {
|
|
description = "etcd"
|
|
from_port = 2379
|
|
to_port = 2380
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
ingress {
|
|
description = "kubelet api"
|
|
from_port = 10250
|
|
to_port = 10250
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
ingress {
|
|
description = "Cilium Geneve or VXLAN"
|
|
from_port = 8472
|
|
to_port = 8472
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
ingress {
|
|
description = "Cilium Health Check"
|
|
from_port = 4240
|
|
to_port = 4240
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
ingress {
|
|
description = "api-server"
|
|
from_port = 6443
|
|
to_port = 6443
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
ingress {
|
|
description = "node port range"
|
|
from_port = 30000
|
|
to_port = 32767
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
ingress {
|
|
description = "Cilium Operator"
|
|
from_port = 2379
|
|
to_port = 2379
|
|
protocol = "tcp"
|
|
cidr_blocks = ["172.24.2.0/24"]
|
|
}
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
ipv6_cidr_blocks = ["::/0"]
|
|
}
|
|
|
|
tags = {
|
|
Name = "dskdemo-allow-security"
|
|
}
|
|
}
|