feat: added rules to allow UDP to be used for node port ranges

robo-cap · hyder · commit dc41e912409f · 2024-11-18T23:01:52.000+11:00
diff --git a/modules/network/nsg-loadbalancers-int.tf b/modules/network/nsg-loadbalancers-int.tf
@@ -19,6 +19,9 @@ locals {
       "Allow TCP egress from internal load balancers to workers for Node Ports" : {
         protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg,
       },
+      "Allow UDP egress from internal load balancers to workers for Node Ports" : {
+        protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg,
+      },
       "Allow ICMP egress from internal load balancers to worker nodes for path discovery" : {
         protocol = local.icmp_protocol, port = local.all_ports, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg,
       },
diff --git a/modules/network/nsg-loadbalancers-pub.tf b/modules/network/nsg-loadbalancers-pub.tf
@@ -19,6 +19,9 @@ locals {
       "Allow TCP egress from public load balancers to workers nodes for NodePort traffic" : {
         protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg,
       },
+      "Allow UDP egress from public load balancers to workers nodes for NodePort traffic" : {
+        protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg,
+      },
       "Allow TCP egress from public load balancers to worker nodes for health checks" : {
         protocol = local.tcp_protocol, port = local.health_check_port, destination = local.worker_nsg_id, destination_type = local.rule_type_nsg,
       },
diff --git a/modules/network/nsg-workers.tf b/modules/network/nsg-workers.tf
@@ -66,6 +66,9 @@ locals {
       "Allow TCP ingress to workers from internal load balancers" : {
         protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.int_lb_nsg_id, source_type = local.rule_type_nsg,
       },
+      "Allow UDP ingress to workers from internal load balancers" : {
+        protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.int_lb_nsg_id, source_type = local.rule_type_nsg,
+      },
       "Allow TCP ingress to workers for health check from internal load balancers" : {
         protocol = local.tcp_protocol, port = local.health_check_port, source = local.int_lb_nsg_id, source_type = local.rule_type_nsg,
       },
@@ -75,6 +78,9 @@ locals {
       "Allow TCP ingress to workers from public load balancers" : {
         protocol = local.tcp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.pub_lb_nsg_id, source_type = local.rule_type_nsg,
       },
+      "Allow UDP ingress to workers from public load balancers" : {
+        protocol = local.udp_protocol, port_min = local.node_port_min, port_max = local.node_port_max, source = local.pub_lb_nsg_id, source_type = local.rule_type_nsg,
+      },
       "Allow TCP ingress to workers for health check from public load balancers" : {
         protocol = local.tcp_protocol, port = local.health_check_port, source = local.pub_lb_nsg_id, source_type = local.rule_type_nsg,
       },
