Remove AWS security rule allowing ICMP packets to nodes
* Deny ICMP packets for consistency across Typhoon clusters on various clouds and because there isn't much need to allow them
This commit is contained in:
parent
da5d2c5321
commit
bbf2c13eef
|
@ -4,6 +4,10 @@ Notable changes between versions.
|
||||||
|
|
||||||
## Latest
|
## Latest
|
||||||
|
|
||||||
|
#### AWS
|
||||||
|
|
||||||
|
* Remove firewall rule allowing ICMP packets to nodes
|
||||||
|
|
||||||
#### Bare-Metal
|
#### Bare-Metal
|
||||||
|
|
||||||
* Remove `controller_networkds` and `worker_networkds` variables. Use Container Linux Config snippets [#277](https://github.com/poseidon/typhoon/pull/277)
|
* Remove `controller_networkds` and `worker_networkds` variables. Use Container Linux Config snippets [#277](https://github.com/poseidon/typhoon/pull/277)
|
||||||
|
|
|
@ -11,16 +11,6 @@ resource "aws_security_group" "controller" {
|
||||||
tags = "${map("Name", "${var.cluster_name}-controller")}"
|
tags = "${map("Name", "${var.cluster_name}-controller")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group_rule" "controller-icmp" {
|
|
||||||
security_group_id = "${aws_security_group.controller.id}"
|
|
||||||
|
|
||||||
type = "ingress"
|
|
||||||
protocol = "icmp"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 0
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_security_group_rule" "controller-ssh" {
|
resource "aws_security_group_rule" "controller-ssh" {
|
||||||
security_group_id = "${aws_security_group.controller.id}"
|
security_group_id = "${aws_security_group.controller.id}"
|
||||||
|
|
||||||
|
@ -217,16 +207,6 @@ resource "aws_security_group" "worker" {
|
||||||
tags = "${map("Name", "${var.cluster_name}-worker")}"
|
tags = "${map("Name", "${var.cluster_name}-worker")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group_rule" "worker-icmp" {
|
|
||||||
security_group_id = "${aws_security_group.worker.id}"
|
|
||||||
|
|
||||||
type = "ingress"
|
|
||||||
protocol = "icmp"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 0
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_security_group_rule" "worker-ssh" {
|
resource "aws_security_group_rule" "worker-ssh" {
|
||||||
security_group_id = "${aws_security_group.worker.id}"
|
security_group_id = "${aws_security_group.worker.id}"
|
||||||
|
|
||||||
|
|
|
@ -11,16 +11,6 @@ resource "aws_security_group" "controller" {
|
||||||
tags = "${map("Name", "${var.cluster_name}-controller")}"
|
tags = "${map("Name", "${var.cluster_name}-controller")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group_rule" "controller-icmp" {
|
|
||||||
security_group_id = "${aws_security_group.controller.id}"
|
|
||||||
|
|
||||||
type = "ingress"
|
|
||||||
protocol = "icmp"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 0
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_security_group_rule" "controller-ssh" {
|
resource "aws_security_group_rule" "controller-ssh" {
|
||||||
security_group_id = "${aws_security_group.controller.id}"
|
security_group_id = "${aws_security_group.controller.id}"
|
||||||
|
|
||||||
|
@ -217,16 +207,6 @@ resource "aws_security_group" "worker" {
|
||||||
tags = "${map("Name", "${var.cluster_name}-worker")}"
|
tags = "${map("Name", "${var.cluster_name}-worker")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group_rule" "worker-icmp" {
|
|
||||||
security_group_id = "${aws_security_group.worker.id}"
|
|
||||||
|
|
||||||
type = "ingress"
|
|
||||||
protocol = "icmp"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 0
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_security_group_rule" "worker-ssh" {
|
resource "aws_security_group_rule" "worker-ssh" {
|
||||||
security_group_id = "${aws_security_group.worker.id}"
|
security_group_id = "${aws_security_group.worker.id}"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue