From 70832ea9abb7397f8c5763563ae7eb0b8f9b220e Mon Sep 17 00:00:00 2001 From: Richard Case Date: Mon, 1 Oct 2018 09:14:15 +0100 Subject: [PATCH 1/2] Allow 443 between control plane and nodes To help witj metrics collection from the nodes port 443 has been opened between the control plane and node group. Issue #233 --- pkg/cfn/builder/vpc.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/cfn/builder/vpc.go b/pkg/cfn/builder/vpc.go index b0d74f2079..9dcc05c160 100644 --- a/pkg/cfn/builder/vpc.go +++ b/pkg/cfn/builder/vpc.go @@ -103,6 +103,14 @@ func (n *nodeGroupResourceSet) addResourcesForSecurityGroups() { FromPort: nodeMinPort, ToPort: nodeMaxPort, }) + n.newResource("IngressInterClusterAPI", &gfn.AWSEC2SecurityGroupIngress{ + GroupId: refSG, + SourceSecurityGroupId: refCP, + Description: gfn.NewString("Allow control plane to communicate with " + desc + " (API)"), + IpProtocol: tcp, + FromPort: apiPort, + ToPort: apiPort, + }) n.newResource("EgressInterCluster", &gfn.AWSEC2SecurityGroupEgress{ GroupId: refCP, DestinationSecurityGroupId: refSG, From da49ed083c09c575d3a93034232b68cb2c2bba84 Mon Sep 17 00:00:00 2001 From: Richard Case Date: Mon, 1 Oct 2018 09:22:44 +0100 Subject: [PATCH 2/2] Fixed tests --- pkg/cfn/builder/api_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cfn/builder/api_test.go b/pkg/cfn/builder/api_test.go index e9dc454b07..ee419db058 100644 --- a/pkg/cfn/builder/api_test.go +++ b/pkg/cfn/builder/api_test.go @@ -17,7 +17,7 @@ import ( ) const ( - totalNodeResources = 11 + totalNodeResources = 12 clusterName = "ferocious-mushroom-1532594698" endpoint = "https://DE37D8AFB23F7275D2361AD6B2599143.yl4.us-west-2.eks.amazonaws.com" caCert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EWXdOekExTlRBMU5Wb1hEVEk0TURZd05EQTFOVEExTlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWJoCnpvZElYR0drckNSZE1jUmVEN0YvMnB1NFZweTdvd3FEVDgrdk9zeGs2bXFMNWxQd3ZicFhmYkE3R0xzMDVHa0wKaDdqL0ZjcU91cnMwUFZSK3N5REtuQXltdDFORWxGNllGQktSV1dUQ1hNd2lwN1pweW9XMXdoYTlJYUlPUGxCTQpPTEVlckRabFVrVDFVV0dWeVdsMmxPeFgxa2JhV2gvakptWWdkeW5jMXhZZ3kxa2JybmVMSkkwLzVUVTRCajJxClB1emtrYW5Xd3lKbGdXQzhBSXlpWW82WFh2UVZmRzYrM3RISE5XM1F1b3ZoRng2MTFOYnl6RUI3QTdtZGNiNmgKR0ZpWjdOeThHZnFzdjJJSmI2Nk9FVzBSdW9oY1k3UDZPdnZmYnlKREhaU2hqTStRWFkxQXN5b3g4Ri9UelhHSgpQUWpoWUZWWEVhZU1wQmJqNmNFQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFCa2hKRVd4MHk1LzlMSklWdXJ1c1hZbjN6Z2EKRkZ6V0JsQU44WTlqUHB3S2t0Vy9JNFYyUGg3bWY2Z3ZwZ3Jhc2t1Slk1aHZPcDdBQmcxSTFhaHUxNUFpMUI0ZApuMllRaDlOaHdXM2pKMmhuRXk0VElpb0gza2JFdHRnUVB2bWhUQzNEYUJreEpkbmZJSEJCV1RFTTU1czRwRmxUClpzQVJ3aDc1Q3hYbjdScVU0akpKcWNPaTRjeU5qeFVpRDBqR1FaTmNiZWEyMkRCeTJXaEEzUWZnbGNScGtDVGUKRDVPS3NOWlF4MW9MZFAwci9TSmtPT1NPeUdnbVJURTIrODQxN21PRW02Z3RPMCszdWJkbXQ0aENsWEtFTTZYdwpuQWNlK0JxVUNYblVIN2ZNS3p2TDE5UExvMm5KbFU1TnlCbU1nL1pNVHVlUy80eFZmKy94WnpsQ0Q1WT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="