Home > Net >  How can I make it so each instance in my node-group module use a specific security group?
How can I make it so each instance in my node-group module use a specific security group?

Time:07-05

module "self_managed_node_group" {
  source = "terraform-aws-modules/eks/aws//modules/self-managed-node-group"

  name                = "separate-self-mng"
  cluster_name        = aws_eks_cluster.eks.id
  cluster_version     = "1.22"
  cluster_endpoint    = aws_eks_cluster.eks.endpoint
  cluster_auth_base64 = aws_eks_cluster.eks.certificate_authority[0].data

  vpc_id = module.vpc.vpc_id
  subnet_ids = [
    module.vpc.private_subnets[0],
    module.vpc.private_subnets[1],
    module.vpc.private_subnets[2],
  ]
  vpc_security_group_ids = [
    aws_security_group.node-sg[0].id,
    aws_security_group.node-sg[1].id,
    aws_security_group.node-sg[2].id
  ]

  min_size     = 3
  max_size     = 6
  desired_size = 3

  key_name            = aws_key_pair.bastion_auth.id
  security_group_name = "node-sg"

  launch_template_name = aws_launch_template.node.id
  instance_type        = "t2.micro"
}

resource "aws_security_group" "node-sg" {

  count = var.azs
  name   = "node-security-group-${count.index}"
  vpc_id = module.vpc.vpc_id

  ingress {
    protocol    = "tcp"
    from_port   = 22
    to_port     = 22
    security_groups = [aws_security_group.bastion-sg[count.index].id]
  }

  egress {
    protocol    = -1
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
}

I have 3 separate security groups: node-sg[0]. node-sg[1] and node-sg[2]. Right now in my self_managed_node_group module, the only way I could add all 3 was like-so:

vpc_security_group_ids = [
    aws_security_group.node-sg[0].id,
    aws_security_group.node-sg[1].id,
    aws_security_group.node-sg[2].id
  ]

This obviously assigns all three security groups to each node that gets deployed. What I want instead, is my first node that gets created to use node-sg[0], my second node to use node-sg[1] and my third node to use node-sg[2] but I can't figure out how to make that work

CodePudding user response:

You can't do what you want, unless you fork and manually modify self-managed-node-group module.

As you can see in its source code:

security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))

there is no functionality to iterate over var.vpc_security_group_ids for individual nodes. var.vpc_security_group_ids is used as a whole list, and entire list is assigned to each node.

Page link:https//www.codepudding.com/net/464778.html

Prev:Inappropriate value for attribute "security_groups": element 0: string required
Next:How do I create 3 separate security groups from 1 security group resource block?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding