github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-19 16:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: Allow communication between pods on workers and pods using the primary cluster security group (optional) (#892)

Browse Source 
NOTES: New variable `worker_create_cluster_primary_security_group_rules` to allow communication between pods on workers and pods using the primary cluster security group (Managed Node Groups or Fargate). It defaults to `false` to avoid potential conflicts with existing security group rules users may have implemented.
This commit is contained in:
Simon Gurcke
2020-05-31 06:43:26 +10:00
committed by GitHub
parent 7ffe5fa88f
commit 3fefc2a66c
5 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
workers.tf
View File

@@ -338,6 +338,28 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
type = "ingress"
}
resource "aws_security_group_rule" "workers_ingress_cluster_primary" {
count = var.worker_create_security_group && var.worker_create_cluster_primary_security_group_rules && var.cluster_version >= 1.14 && var.create_eks ? 1 : 0
description = "Allow pods running on workers to receive communication from cluster primary security group (e.g. Fargate pods)."
protocol = "all"
security_group_id = local.worker_security_group_id
source_security_group_id = local.cluster_primary_security_group_id
from_port = 0
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "cluster_primary_ingress_workers" {
count = var.worker_create_security_group && var.worker_create_cluster_primary_security_group_rules && var.cluster_version >= 1.14 && var.create_eks ? 1 : 0
description = "Allow pods running on workers to send communication to cluster primary security group (e.g. Fargate pods)."
protocol = "all"
security_group_id = local.cluster_primary_security_group_id
source_security_group_id = local.worker_security_group_id
from_port = 0
to_port = 65535
type = "ingress"
}
resource "aws_iam_role" "workers" {
count = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
name_prefix = var.workers_role_name != "" ? null : aws_eks_cluster.this[0].name