From ae13354dd3cab5e5511c8ab0e658604be1354b6f Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Mon, 7 Oct 2024 15:27:23 +0200 Subject: [PATCH] terraform: azure: dont expose full nodeport range --- terraform/infrastructure/azure/main.tf | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index b2178210411..147197ab3f1 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -252,11 +252,7 @@ resource "azurerm_network_security_group" "security_group" { resource "azurerm_network_security_rule" "nsg_rule" { for_each = { - for o in concat( - local.ports, - [{ name = "nodeports", port = local.ports_node_range, priority = 200 }] - ) - : o.name => o + for o in local.ports : o.name => o } name = each.value.name @@ -299,12 +295,6 @@ module "scale_set_group" { subnet_id = azurerm_subnet.node_subnet.id backend_address_pool_ids = each.value.role == "control-plane" ? [module.loadbalancer_backend_control_plane.backendpool_id] : [] marketplace_image = var.marketplace_image - - # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been - # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not - # our Constellation update). - # TODO(@3u13r): Remove this dependency after v2.18.0 has been released. - depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all] } module "jump_host" {