Allowing 443 to nodes from EKS service (#148)

Author: max-rocket-internet

CHANGELOG.md

@@ -12,6 +12,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 - A useful addition (slam dunk, @self 🔥)
 - Worker groups can be created with a specified IAM profile. (from @laverya)
 - exposed `aws_eks_cluster` create and destroy timeouts (by @RGPosadas)
+- Allow port 443 from EKS service to nodes to run `metrics-server`. (by @max-rocket-internet)
 
 ### Changed
 

workers.tf

@@ -90,6 +90,17 @@ resource "aws_security_group_rule" "workers_ingress_cluster" {
   count                    = "${var.worker_security_group_id == "" ? 1 : 0}"
 }
 
+resource "aws_security_group_rule" "workers_ingress_cluster_https" {
+  description              = "Allow pods running extension API servers on port 443 to receive communication from cluster control plane."
+  protocol                 = "tcp"
+  security_group_id        = "${aws_security_group.workers.id}"
+  source_security_group_id = "${local.cluster_security_group_id}"
+  from_port                = 443
+  to_port                  = 443
+  type                     = "ingress"
+  count                    = "${var.worker_security_group_id == "" ? 1 : 0}"
+}
+
 resource "aws_iam_role" "workers" {
   name_prefix        = "${aws_eks_cluster.this.name}"
   assume_role_policy = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"