19 lines
819 B
YAML
19 lines
819 B
YAML
Resources:
|
|
HardK8sSg:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: security group for Kubernetes the hard way
|
|
VpcId: !ImportValue hard-k8s-vpc
|
|
SecurityGroupIngress:
|
|
# ingress internal traffic - allow all protocols/ports
|
|
- { "CidrIp": "10.240.0.0/24", "IpProtocol": "-1" } # master/worker nodes cidr range
|
|
- { "CidrIp": "10.200.0.0/16", "IpProtocol": "-1" } # pod cidr range
|
|
# ingress external traffic
|
|
- { "CidrIp": "0.0.0.0/0", "IpProtocol": "tcp", "FromPort": 6443, "ToPort": 6443 }
|
|
- { "CidrIp": "0.0.0.0/0", "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22 }
|
|
- { "CidrIp": "0.0.0.0/0", "IpProtocol": "icmp", "FromPort": -1, "ToPort": -1 }
|
|
|
|
Outputs:
|
|
SgId:
|
|
Value: !Ref HardK8sSg
|
|
Export: { Name: hard-k8s-sg } |