Adding refresh by default

nandajavarma · nandajavarma · commit 15fe32035569 · 2022-08-09T16:12:56.000Z
diff --git a/install/infra/modules/eks/kubernetes.tf b/install/infra/modules/eks/kubernetes.tf
@@ -20,17 +20,42 @@ module "vpc" {
   enable_dns_hostnames = true
 }
 
+resource "aws_security_group_rule" "eks-worker-ingress-self" {
+  description              = "Allow node to communicate with each other"
+  from_port                = 0
+  protocol                 = "-1"
+  security_group_id        = aws_security_group.nodes.id
+  source_security_group_id = aws_security_group.nodes.id
+  to_port                  = 65535
+  type                     = "ingress"
+}
+
+resource "aws_security_group_rule" "eks-worker-ingress-cluster" {
+  description              = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
+  from_port                = 1025
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.nodes.id
+  source_security_group_id = aws_security_group.nodes.id
+  to_port                  = 65535
+  type                     = "ingress"
+}
+
+### Worker Node Access to EKS Master
+resource "aws_security_group_rule" "eks-cluster-ingress-node-https" {
+  description              = "Allow pods to communicate with the cluster API Server"
+  from_port                = 443
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.nodes.id
+  source_security_group_id = aws_security_group.nodes.id
+  to_port                  = 443
+  type                     = "ingress"
+}
+
+
 resource "aws_security_group" "nodes" {
   name   = "nodes-sg-${var.cluster_name}"
   vpc_id = module.vpc.vpc_id
 
-  ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
   egress {
     from_port   = 0
     to_port     = 0
diff --git a/install/infra/single-cluster/aws/Makefile b/install/infra/single-cluster/aws/Makefile
@@ -6,22 +6,37 @@
 init:
 	@terraform init
 
+touch-kubeconfig:
+	@touch kubeconfig
+
+cleanup-kubeconfig:
+	@rm kubeconfig
+
 .PHONY: plan
-plan: plan-cluster plan-cm-edns
+plan: touch-kubeconfig plan-cluster plan-cm-edns cleanup-kubeconfig
 
 .PHONY: apply
 apply: apply-cluster apply-tools
 
 .PHONY: destroy
 destroy: destroy-tools destroy-cluster
 
+.PHONY: refresh
+refresh:
+	@echo "Refreshing terraform state"
+	@terraform refresh
+	@echo ""
+	@echo "Done!"
+
 .PHONY: output
-output: output-done-msg output-url output-nameservers output-registry output-database output-storage output-issuer
+output: refresh output-done-msg output-url output-nameservers output-registry output-database output-storage output-issuer
 
 output-done-msg:
+	@echo ""
+	@echo ""
 	@echo "=========================="
 	@echo "🎉🥳🔥🧡🚀"
-	@echo "Your cloud infrastructure is ready to install Gitpod. Please visit"
+	@echo "Your AWS cloud infrastructure is ready to install Gitpod. Please visit"
 	@echo "https://www.gitpod.io/docs/self-hosted/latest/getting-started#step-4-install-gitpod"
 	@echo "for your next steps."
 	@echo "================="
