Fix to allow traffic for eks fargate pods (#2)

posquit0 · web-flow · commit 31ebac14d7e3 · 2022-01-02T01:23:58.000+09:00
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.13.0
+0.14.0
diff --git a/modules/eks-cluster/security-groups.tf b/modules/eks-cluster/security-groups.tf
@@ -7,6 +7,35 @@ locals {
 }
 
 
+###################################################
+# Cluster Security Group Rules
+###################################################
+
+resource "aws_security_group_rule" "node" {
+  security_group_id = aws_eks_cluster.this.vpc_config[0].cluster_security_group_id
+  type              = "ingress"
+  description       = "Allow nodes to communicate to the cluster security group(for fargate pods)."
+
+  protocol    = "-1"
+  from_port   = 0
+  to_port     = 0
+
+  source_security_group_id = module.security_group__node.id
+}
+
+resource "aws_security_group_rule" "pod" {
+  security_group_id = aws_eks_cluster.this.vpc_config[0].cluster_security_group_id
+  type              = "ingress"
+  description       = "Allow pods to communicate to the cluster security group(for fargate pods)."
+
+  protocol    = "-1"
+  from_port   = 0
+  to_port     = 0
+
+  source_security_group_id = module.security_group__pod.id
+}
+
+
 ###################################################
 # Security Group for Control Plane
 ###################################################
@@ -231,6 +260,15 @@ module "security_group__pod" {
 
       source_security_group_id = module.security_group__node.id
     },
+    {
+      id          = "all/cluster"
+      description = "Allow pods to communicate from the cluster security group(for fargate pods)."
+      protocol    = "-1"
+      from_port   = 0
+      to_port     = 0
+
+      source_security_group_id = aws_eks_cluster.this.vpc_config[0].cluster_security_group_id
+    },
     {
       id          = "metrics-server/control-plane"
       description = "Allow pods to receive metrics-server communication from the cluster control plane."
