@@ -40,6 +40,7 @@ resource "exoscale_security_group_rule" "kubelet" {
4040 user_security_group_id = . my_sks_security_group . id
4141}
4242
43+ # mandatory rules for Calico CNI (default)
4344resource "exoscale_security_group_rule" "calico_vxlan" {
4445 security_group_id = . my_sks_security_group . id
4546 description = " VXLAN (Calico)"
@@ -51,6 +52,40 @@ resource "exoscale_security_group_rule" "calico_vxlan" {
5152 user_security_group_id = . my_sks_security_group . id
5253}
5354
55+ # mandatory rules for Cilium CNI (default)
56+ # resource "exoscale_security_group_rule" "cilium_icmp_health" {
57+ # security_group_id = exoscale_security_group.my_sks_security_group.id
58+ # description = "Cilium ICMP healthcheck"
59+ # type = "INGRESS"
60+ # protocol = "ICMP"
61+ # icmp_type = 8
62+ # icmp_code = 0
63+ # # (beetwen worker nodes only)
64+ # user_security_group_id = exoscale_security_group.my_sks_security_group.id
65+ # }
66+
67+ # resource "exoscale_security_group_rule" "cilium_vxlan" {
68+ # security_group_id = exoscale_security_group.my_sks_security_group.id
69+ # description = "VXLan (Cilium)"
70+ # type = "INGRESS"
71+ # protocol = "UDP"
72+ # start_port = 8472
73+ # end_port = 8472
74+ # # (beetwen worker nodes only)
75+ # user_security_group_id = exoscale_security_group.my_sks_security_group.id
76+ # }
77+
78+ # resource "exoscale_security_group_rule" "cilium_udp_health" {
79+ # security_group_id = exoscale_security_group.my_sks_security_group.id
80+ # description = "Cilium UDP healthcheck"
81+ # type = "INGRESS"
82+ # protocol = "UDP"
83+ # start_port = 4240
84+ # end_port = 4240
85+ # # (beetwen worker nodes only)
86+ # user_security_group_id = exoscale_security_group.my_sks_security_group.id
87+ # }
88+
5489resource "exoscale_security_group_rule" "nodeport_tcp" {
5590 security_group_id = . my_sks_security_group . id
5691 description = " Nodeport TCP services"
0 commit comments