Merge pull request #1238 from danwinship/security-groups

drop unused security group, fix naming of VXLAN rules
openshift · Feb 13, 2019 · 17c0fa8 · 17c0fa8
2 parents d99dea5 + aa5a529
commit 17c0fa8
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 155 deletions.
diff --git a/data/data/aws/vpc/outputs.tf b/data/data/aws/vpc/outputs.tf
@@ -6,10 +6,6 @@ output "master_subnet_ids" {
   value = "${local.master_subnet_ids}"
 }
 
-output "etcd_sg_id" {
-  value = "${aws_security_group.etcd.id}"
-}
-
 output "master_sg_id" {
   value = "${aws_security_group.master.id}"
 }

diff --git a/data/data/aws/vpc/sg-etcd.tf b/data/data/aws/vpc/sg-etcd.tf
diff --git a/data/data/aws/vpc/sg-master.tf b/data/data/aws/vpc/sg-master.tf
@@ -86,7 +86,7 @@ resource "aws_security_group_rule" "master_ingress_heapster_from_worker" {
   to_port   = 4194
 }
 
-resource "aws_security_group_rule" "master_ingress_flannel" {
+resource "aws_security_group_rule" "master_ingress_vxlan" {
   type              = "ingress"
   security_group_id = "${aws_security_group.master.id}"
 
@@ -96,17 +96,7 @@ resource "aws_security_group_rule" "master_ingress_flannel" {
   self      = true
 }
 
-resource "aws_security_group_rule" "master_ingress_flannel_from_etcd" {
-  type                     = "ingress"
-  security_group_id        = "${aws_security_group.master.id}"
-  source_security_group_id = "${aws_security_group.etcd.id}"
-
-  protocol  = "udp"
-  from_port = 4789
-  to_port   = 4789
-}
-
-resource "aws_security_group_rule" "master_ingress_flannel_from_worker" {
+resource "aws_security_group_rule" "master_ingress_vxlan_from_worker" {
   type                     = "ingress"
   security_group_id        = "${aws_security_group.master.id}"
   source_security_group_id = "${aws_security_group.worker.id}"
@@ -255,13 +245,3 @@ resource "aws_security_group_rule" "master_ingress_services_from_console" {
   from_port = 30000
   to_port   = 32767
 }
-
-resource "aws_security_group_rule" "master_ingress_from_etcd" {
-  type                     = "ingress"
-  security_group_id        = "${aws_security_group.master.id}"
-  source_security_group_id = "${aws_security_group.etcd.id}"
-
-  protocol  = "tcp"
-  from_port = 0
-  to_port   = 65535
-}
diff --git a/data/data/aws/vpc/sg-worker.tf b/data/data/aws/vpc/sg-worker.tf
@@ -76,7 +76,7 @@ resource "aws_security_group_rule" "worker_ingress_heapster_from_master" {
   to_port   = 4194
 }
 
-resource "aws_security_group_rule" "worker_ingress_flannel" {
+resource "aws_security_group_rule" "worker_ingress_vxlan" {
   type              = "ingress"
   security_group_id = "${aws_security_group.worker.id}"
 
@@ -86,17 +86,7 @@ resource "aws_security_group_rule" "worker_ingress_flannel" {
   self      = true
 }
 
-resource "aws_security_group_rule" "worker_ingress_flannel_from_etcd" {
-  type                     = "ingress"
-  security_group_id        = "${aws_security_group.worker.id}"
-  source_security_group_id = "${aws_security_group.etcd.id}"
-
-  protocol  = "udp"
-  from_port = 4789
-  to_port   = 4789
-}
-
-resource "aws_security_group_rule" "worker_ingress_flannel_from_master" {
+resource "aws_security_group_rule" "worker_ingress_vxlan_from_master" {
   type                     = "ingress"
   security_group_id        = "${aws_security_group.worker.id}"
   source_security_group_id = "${aws_security_group.master.id}"
@@ -185,13 +175,3 @@ resource "aws_security_group_rule" "worker_ingress_services_from_console" {
   from_port = 30000
   to_port   = 32767
 }
-
-resource "aws_security_group_rule" "etcd_ingress_from_etcd" {
-  type                     = "ingress"
-  security_group_id        = "${aws_security_group.etcd.id}"
-  source_security_group_id = "${aws_security_group.etcd.id}"
-
-  protocol  = "tcp"
-  from_port = 0
-  to_port   = 65535
-}