Skip to content

Commit

Permalink
Merge pull request #1563 from dcbw/ovn-ports
Browse files Browse the repository at this point in the history 
aws: allow GENEVE (6081) and OVN database ports (6641 & 6642)
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot committed Jul 8, 2019
2 parents d5a71c5 + 4a4adfe commit 7cedd27
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 0 deletions.
40 changes: 40 additions & 0 deletions data/data/aws/vpc/sg-master.tf
View file
Expand Up @@ -83,6 +83,46 @@ resource "aws_security_group_rule" "master_ingress_vxlan_from_worker" {
to_port = 4789
}

resource "aws_security_group_rule" "master_ingress_geneve" {
type = "ingress"
security_group_id = aws_security_group.master.id

protocol = "udp"
from_port = 6081
to_port = 6081
self = true
}

resource "aws_security_group_rule" "master_ingress_geneve_from_worker" {
type = "ingress"
security_group_id = aws_security_group.master.id
source_security_group_id = aws_security_group.worker.id

protocol = "udp"
from_port = 6081
to_port = 6081
}

resource "aws_security_group_rule" "master_ingress_ovndb" {
type = "ingress"
security_group_id = aws_security_group.master.id

protocol = "tcp"
from_port = 6641
to_port = 6642
self = true
}

resource "aws_security_group_rule" "master_ingress_ovndb_from_worker" {
type = "ingress"
security_group_id = aws_security_group.master.id
source_security_group_id = aws_security_group.worker.id

protocol = "tcp"
from_port = 6641
to_port = 6642
}

resource "aws_security_group_rule" "master_ingress_internal" {
type = "ingress"
security_group_id = aws_security_group.master.id
Expand Down
20 changes: 20 additions & 0 deletions data/data/aws/vpc/sg-worker.tf
View file
Expand Up @@ -63,6 +63,26 @@ resource "aws_security_group_rule" "worker_ingress_vxlan_from_master" {
to_port = 4789
}

resource "aws_security_group_rule" "worker_ingress_geneve" {
type = "ingress"
security_group_id = aws_security_group.worker.id

protocol = "udp"
from_port = 6081
to_port = 6081
self = true
}

resource "aws_security_group_rule" "worker_ingress_geneve_from_master" {
type = "ingress"
security_group_id = aws_security_group.worker.id
source_security_group_id = aws_security_group.master.id

protocol = "udp"
from_port = 6081
to_port = 6081
}

resource "aws_security_group_rule" "worker_ingress_internal" {
type = "ingress"
security_group_id = aws_security_group.worker.id
Expand Down

0 comments on commit 7cedd27

Please sign in to comment.