Skip to content

Commit

Permalink
fix: Correct conditional map for cluster security group additional ru…
Browse files Browse the repository at this point in the history
…les (#1738)
  • Loading branch information
bryantbiggs authored Jan 6, 2022
1 parent d71ef01 commit a2c7caa
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 3 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -695,7 +695,7 @@ Full contributing [guidelines are covered here](https://github.com/terraform-aws
| <a name="input_cluster_endpoint_public_access_cidrs"></a> [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| <a name="input_cluster_identity_providers"></a> [cluster\_identity\_providers](#input\_cluster\_identity\_providers) | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | `any` | `{}` | no |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no |
| <a name="input_cluster_security_group_additional_rules"></a> [cluster\_security\_group\_additional\_rules](#input\_cluster\_security\_group\_additional\_rules) | List of additional security group rules to add to the cluster security group created | `map(any)` | `{}` | no |
| <a name="input_cluster_security_group_additional_rules"></a> [cluster\_security\_group\_additional\_rules](#input\_cluster\_security\_group\_additional\_rules) | List of additional security group rules to add to the cluster security group created | `any` | `{}` | no |
| <a name="input_cluster_security_group_description"></a> [cluster\_security\_group\_description](#input\_cluster\_security\_group\_description) | Description of the cluster security group created | `string` | `"EKS cluster security group"` | no |
| <a name="input_cluster_security_group_id"></a> [cluster\_security\_group\_id](#input\_cluster\_security\_group\_id) | Existing security group ID to be attached to the cluster. Required if `create_cluster_security_group` = `false` | `string` | `""` | no |
| <a name="input_cluster_security_group_name"></a> [cluster\_security\_group\_name](#input\_cluster\_security\_group\_name) | Name to use on cluster security group created | `string` | `null` | no |
Expand Down
11 changes: 11 additions & 0 deletions examples/eks_managed_node_group/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,17 @@ module "eks" {
resources = ["secrets"]
}]

cluster_security_group_additional_rules = {
admin_access = {
description = "Admin ingress to Kubernetes API"
cidr_blocks = ["10.97.0.0/30"]
protocol = "tcp"
from_port = 443
to_port = 443
type = "ingress"
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

Expand Down
2 changes: 1 addition & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ resource "aws_security_group" "cluster" {
}

resource "aws_security_group_rule" "cluster" {
for_each = local.create_cluster_sg ? merge(local.cluster_security_group_rules, var.cluster_security_group_additional_rules) : {}
for_each = { for k, v in merge(local.cluster_security_group_rules, var.cluster_security_group_additional_rules) : k => v if local.create_cluster_sg }

# Required
security_group_id = aws_security_group.cluster[0].id
Expand Down
2 changes: 1 addition & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ variable "cluster_security_group_description" {

variable "cluster_security_group_additional_rules" {
description = "List of additional security group rules to add to the cluster security group created"
type = map(any)
type = any
default = {}
}

Expand Down

0 comments on commit a2c7caa

Please sign in to comment.