def _enable_cross_fleet_communication(self,
fleets: List[AutoScalingGroup]):
security_groups: List[SecurityGroup] = [
fleet.node.find_child("InstanceSecurityGroup") for fleet in fleets
]
security_groups = list(set(security_groups)) # deduplication
"""
This is horrible but we can't actually specify a common security group for all the ASGs, like managed nodes.
We could add an additional common security group but this would breaks services of type `LoadBalancer`
"""
for sg_target in security_groups:
for sg_source in security_groups:
rule_found = False
for rule, value in sg_target.to_ingress_rule_config().items():
if rule == "sourceSecurityGroupId" and value == sg_source.security_group_id:
rule_found = True
if not rule_found:
sg_target.connections.allow_from(sg_source,
Port.all_traffic())
def __attach_inter_worker_access_rule(self):
self._worker_security_group.connections.allow_from(
other=self._worker_security_group.connections,
port_range=Port.all_traffic())
def __attach_manager_full_access(self):
self._master_security_group.connections.allow_from(
other=self._manager_security_group.connections,
port_range=Port.all_traffic())