AWS: Add variable expose_nodeports

This boolean type variable is used to expose node ports in the security group of AWS installation. By default this variable is set to `false`. Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
kinvolk · Apr 2, 2020 · 39dd779 · 39dd779
1 parent 0c5bc2b
commit 39dd779
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 4 deletions.
diff --git a/assets/lokomotive-kubernetes/aws/flatcar-linux/kubernetes/security.tf b/assets/lokomotive-kubernetes/aws/flatcar-linux/kubernetes/security.tf
@@ -335,3 +335,15 @@ resource "aws_security_group_rule" "worker-egress" {
   cidr_blocks      = ["0.0.0.0/0"]
   ipv6_cidr_blocks = ["::/0"]
 }
+
+resource "aws_security_group_rule" "worker-nodeport" {
+  count = var.expose_nodeports ? 1 : 0
+
+  security_group_id = aws_security_group.worker.id
+
+  type      = "ingress"
+  protocol  = "tcp"
+  from_port = 30000
+  to_port   = 32767
+  self      = true
+}
diff --git a/assets/lokomotive-kubernetes/aws/flatcar-linux/kubernetes/variables.tf b/assets/lokomotive-kubernetes/aws/flatcar-linux/kubernetes/variables.tf
@@ -15,6 +15,12 @@ variable "dns_zone_id" {
   description = "AWS Route53 DNS Zone ID (e.g. Z3PAABBCFAKEC0)"
 }
 
+variable "expose_nodeports" {
+  type        = bool
+  default     = false
+  description = "Expose node ports 30000-32767 in the security group"
+}
+
 # instances
 
 variable "controller_count" {