terraform: azure: dont expose full nodeport range

edgelesssys · Oct 7, 2024 · 5e6066c · 5e6066c
1 parent ef9a6fd
commit 5e6066c
Showing 1 changed file with 1 addition and 11 deletions.
diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf
@@ -252,11 +252,7 @@ resource "azurerm_network_security_group" "security_group" {
 
 resource "azurerm_network_security_rule" "nsg_rule" {
   for_each = {
-    for o in concat(
-      local.ports,
-      [{ name = "nodeports", port = local.ports_node_range, priority = 200 }]
-    )
-    : o.name => o
+    for o in local.ports : o.name => o
   }
 
   name                        = each.value.name
@@ -299,12 +295,6 @@ module "scale_set_group" {
   subnet_id                 = azurerm_subnet.node_subnet.id
   backend_address_pool_ids  = each.value.role == "control-plane" ? [module.loadbalancer_backend_control_plane.backendpool_id] : []
   marketplace_image         = var.marketplace_image
-
-  # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been
-  # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not
-  # our Constellation update).
-  # TODO(@3u13r): Remove this dependency after v2.18.0 has been released.
-  depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all]
 }
 
 module "jump_host" {