9. Security Group Creation | Creating K8s cluster using Terraform & Ansible | Devops Trail
devops #kubernetes #devopsonlinetraininginhyderabd #coding #automation
✔️𝐏𝐥𝐞𝐚𝐬𝐞 𝐞𝐧𝐜𝐨𝐮𝐫𝐚𝐠𝐞 𝐮𝐬 𝐛𝐲 𝐬𝐮𝐛𝐬𝐜𝐫𝐢𝐛𝐢𝐧𝐠 𝐭𝐨 𝐭𝐡𝐞 𝐜𝐡𝐚𝐧𝐧𝐞𝐥 𝐭𝐨 𝐮𝐩𝐥𝐨𝐚𝐝 𝐦𝐚𝐧𝐲 𝐦𝐨𝐫𝐞 𝐯𝐢𝐝𝐞𝐨𝐬.
✔️Join our Community for Devops related materials
https://chat.whatsapp.com/Igl5CwvYdZ9...
✔️Github Repo
https://github.com/Manohar-1305/ansib...
The video gives details Terraform Security Group Creation for creating Kubernetes cluster
Code:
► https://tinyurl.com/manohar123
resource "aws_security_group" "ssh_web_traffic_sg" {
name = "Combined-Security-Group"
description = "Allow SSH, HTTP, and HTTPS traffic"
vpc_id = aws_vpc.dev_vpc.id
ingress {
description = "Allow SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Allow Everything Outbound"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Allow_ssh-web_Traffic"
}
}
resource "aws_security_group" "kubernetes" {
name = "Kubernetes"
description = "Allow kubernetes API server, kubelet, etcd"
vpc_id = aws_vpc.dev_vpc.id
ingress {
description = "Allow port 6443"
from_port = 6443
to_port = 6443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow kubelet communiction"
from_port = 10250
to_port = 10250
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow kubelet communiction"
from_port = 10251
to_port = 10251
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow kubelet communiction"
from_port = 10252
to_port = 10252
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Allow Everything Outbound"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Allow_kubernetes_components"
}
}
resource "aws_security_group" "nat_gateway_sg" {
name = "NAS-GATEWAY-SG"
description = "Allow NAT GARTEWAY"
vpc_id = aws_vpc.dev_vpc.id
ingress {
description = "Allow inbound traffic from VPC CIDR"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["10.20.0.0/16"]
}
egress {
description = "Allow Everything Outbound"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Allow_nat_gateway_components"
}
}
resource "aws_security_group" "open_access_within_vpc" {
name = "open_access_within_vpc"
description = "security group to open access within vpc"
vpc_id = aws_vpc.dev_vpc.id
ingress {
description = "Allow inbound traffic within VPC CIDR"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["10.20.0.0/16"]
}
egress {
description = "Allow Outbound within vpc"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["10.20.0.0/16"]
}
tags = {
Name = "open_access_vpc_security_Group"
}
}
resource "aws_security_group" "node_port_group" {
name = "my_security_group"
description = "allow traffic on ports 30000-32767"
vpc_id = aws_vpc.dev_vpc.id
ingress {
from_port = 30000
to_port = 32767
protocol = "tcp"
cidr_blocks = ["10.20.0.0/16"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1" # Allows all outbound traffic
cidr_blocks = ["10.20.0.0/16"]
}
tags = {
Name = "node_port_Group"
}
}
}
resource "aws_security_group" "etcd_sg" {
name = "etcd-sg"
description = "SEcurity Group for etcd"
vpc_id = aws_vpc.dev_vpc.id
ingress {
description = "allow etcd client and peer communication"
from_port = 2379
to_port = 2380
protocol = "tcp"
cidr_blocks = ["10.20.0.0/16"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "etcd_security_Group"
}
}
I will posting videos daily for the the complete Kubernetes cluster creation, Kindly follow and subscribe to the channel and bookmark the playlist
Playlist-Kubernetes Cluster Creation: ► / playlistlist=pltlfj3eads7g1e2dbkjr2qfol7qv...
#aws #devopswithaws #kubernetes #docker #ittraining #devopstrainingvideos #devopswithaws #devopsschool #devopslife#devops #kubernetes #devopsonlinetraininginhyderabd #coding #automation