From d9e0f76f4357631bc3492a495c78e74d62891e6d Mon Sep 17 00:00:00 2001 From: Gabe <70963120+ntwkninja@users.noreply.github.com> Date: Tue, 28 Mar 2023 21:00:37 -0500 Subject: [PATCH] delete extra sg configs (#118) --- modules/eks/main.tf | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/modules/eks/main.tf b/modules/eks/main.tf index c6c073f2..04e0843d 100644 --- a/modules/eks/main.tf +++ b/modules/eks/main.tf @@ -39,39 +39,6 @@ module "aws_eks" { } } - node_security_group_additional_rules = { - # Extend node-to-node security group rules. Recommended and required for the Add-ons - ingress_self_all = { - description = "Node to node all ports/protocols" - protocol = "-1" - from_port = 0 - to_port = 0 - type = "ingress" - self = true - } - # Recommended outbound traffic for Node groups - egress_all = { - description = "Node all egress" - protocol = "-1" - from_port = 0 - to_port = 0 - type = "egress" - cidr_blocks = ["0.0.0.0/0"] - ipv6_cidr_blocks = ["::/0"] - } - # Allows Control Plane Nodes to talk to Worker nodes on all ports. Added this to simplify the example and further avoid issues with Add-ons communication with Control plane. - # This can be restricted further to specific port based on the requirement for each Add-on e.g., metrics-server 4443, spark-operator 8080, karpenter 8443 etc. - # Change this according to your security requirements if needed - ingress_cluster_to_node_all_traffic = { - description = "Cluster API to Nodegroup all traffic" - protocol = "-1" - from_port = 0 - to_port = 0 - type = "ingress" - source_cluster_security_group = true - } - } - create_aws_auth_configmap = local.create_aws_auth_configmap manage_aws_auth_configmap = var.manage_aws_auth_configmap