From dc41e912409f73d559b183d83867af1d177e1dd6 Mon Sep 17 00:00:00 2001 From: Andrei Ilas Date: Mon, 18 Nov 2024 13:06:58 +0200 Subject: [PATCH] feat: added rules to allow UDP to be used for node port ranges --- modules/network/nsg-loadbalancers-int.tf | 3 +++ modules/network/nsg-loadbalancers-pub.tf | 3 +++ modules/network/nsg-workers.tf | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/modules/network/nsg-loadbalancers-int.tf b/modules/network/nsg-loadbalancers-int.tf index 890a938d..8fcf8f7b 100644 --- a/modules/network/nsg-loadbalancers-int.tf +++ b/modules/network/nsg-loadbalancers-int.tf @@ -19,6 +19,9 @@ locals { "Allow TCP egress from internal load balancers to workers for Node Ports" : { protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg, }, + "Allow UDP egress from internal load balancers to workers for Node Ports" : { + protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg, + }, "Allow ICMP egress from internal load balancers to worker nodes for path discovery" : { protocol = local.icmp_protocol, port = local.all_ports, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg, }, diff --git a/modules/network/nsg-loadbalancers-pub.tf b/modules/network/nsg-loadbalancers-pub.tf index fee94020..01e3915b 100644 --- a/modules/network/nsg-loadbalancers-pub.tf +++ b/modules/network/nsg-loadbalancers-pub.tf @@ -19,6 +19,9 @@ locals { "Allow TCP egress from public load balancers to workers nodes for NodePort traffic" : { protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg, }, + "Allow UDP egress from public load balancers to workers nodes for NodePort traffic" : { + protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg, + }, "Allow TCP egress from public load balancers to worker nodes for health checks" : { protocol = local.tcp_protocol, port = local.health_check_port, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg, }, diff --git a/modules/network/nsg-workers.tf b/modules/network/nsg-workers.tf index f270cccd..04190a65 100644 --- a/modules/network/nsg-workers.tf +++ b/modules/network/nsg-workers.tf @@ -66,6 +66,9 @@ locals { "Allow TCP ingress to workers from internal load balancers" : { protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.int_lb_nsg_id, source_type = local.rule_type_nsg, }, + "Allow UDP ingress to workers from internal load balancers" : { + protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.int_lb_nsg_id, source_type = local.rule_type_nsg, + }, "Allow TCP ingress to workers for health check from internal load balancers" : { protocol = local.tcp_protocol, port = local.health_check_port, source = local.int_lb_nsg_id, source_type = local.rule_type_nsg, }, @@ -75,6 +78,9 @@ locals { "Allow TCP ingress to workers from public load balancers" : { protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.pub_lb_nsg_id, source_type = local.rule_type_nsg, }, + "Allow UDP ingress to workers from public load balancers" : { + protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.pub_lb_nsg_id, source_type = local.rule_type_nsg, + }, "Allow TCP ingress to workers for health check from public load balancers" : { protocol = local.tcp_protocol, port = local.health_check_port, source = local.pub_lb_nsg_id, source_type = local.rule_type_nsg, },