我正在学习AWS和Terraform,现在作为一个例子,我正在寻找创造或多或少复杂的东西。在此回购https://github.com/opencredo/k8s-terraform-ansible-sample中,我发现此类Terrafrom代码可以保护vpc安全组https://github.com/opencredo/k8s-terraform-ansible-sample/blob/master/terraform/vpc.tf#L122:L128:
# Allow all traffic from the API ELB
ingress {
from_port = 0
to_port = 0
protocol = "-1"
security_groups = ["${aws_security_group.kubernetes_api.id}"]
}
对我来说特别有趣的是security_groups论点。当然,我可以检查Terraform文档,但即使它没有说我很多。此security_groups个kubernetes_api链接到kubernetes_api ELB https://github.com/opencredo/k8s-terraform-ansible-sample/blob/master/terraform/k8s_controllers.tf#L68:L92附加的security_groups安全组https://github.com/opencredo/k8s-terraform-ansible-sample/blob/master/terraform/k8s_controllers.tf#L41。
让我们回到我的问题。 vpc安全组中的Interface究竟在做什么?