Skip to content

Commit f6b287f

Browse files
committed
fix: add cilium security group rules to sks example
1 parent 84460fb commit f6b287f

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

examples/sks/main.tf

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ resource "exoscale_security_group_rule" "kubelet" {
4040
user_security_group_id = exoscale_security_group.my_sks_security_group.id
4141
}
4242

43+
# mandatory rules for Calico CNI (default)
4344
resource "exoscale_security_group_rule" "calico_vxlan" {
4445
security_group_id = exoscale_security_group.my_sks_security_group.id
4546
description = "VXLAN (Calico)"
@@ -51,6 +52,40 @@ resource "exoscale_security_group_rule" "calico_vxlan" {
5152
user_security_group_id = exoscale_security_group.my_sks_security_group.id
5253
}
5354

55+
# mandatory rules for Cilium CNI (default)
56+
# resource "exoscale_security_group_rule" "cilium_icmp_health" {
57+
# security_group_id = exoscale_security_group.my_sks_security_group.id
58+
# description = "Cilium ICMP healthcheck"
59+
# type = "INGRESS"
60+
# protocol = "ICMP"
61+
# icmp_type = 8
62+
# icmp_code = 0
63+
# # (beetwen worker nodes only)
64+
# user_security_group_id = exoscale_security_group.my_sks_security_group.id
65+
# }
66+
67+
# resource "exoscale_security_group_rule" "cilium_vxlan" {
68+
# security_group_id = exoscale_security_group.my_sks_security_group.id
69+
# description = "VXLan (Cilium)"
70+
# type = "INGRESS"
71+
# protocol = "UDP"
72+
# start_port = 8472
73+
# end_port = 8472
74+
# # (beetwen worker nodes only)
75+
# user_security_group_id = exoscale_security_group.my_sks_security_group.id
76+
# }
77+
78+
# resource "exoscale_security_group_rule" "cilium_udp_health" {
79+
# security_group_id = exoscale_security_group.my_sks_security_group.id
80+
# description = "Cilium UDP healthcheck"
81+
# type = "INGRESS"
82+
# protocol = "UDP"
83+
# start_port = 4240
84+
# end_port = 4240
85+
# # (beetwen worker nodes only)
86+
# user_security_group_id = exoscale_security_group.my_sks_security_group.id
87+
# }
88+
5489
resource "exoscale_security_group_rule" "nodeport_tcp" {
5590
security_group_id = exoscale_security_group.my_sks_security_group.id
5691
description = "Nodeport TCP services"

0 commit comments

Comments
 (0)