From 67faee67d60603f726f61f2a3be8e032b7d59274 Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Wed, 19 May 2021 15:52:31 -0700
Subject: [PATCH] Add RKE2 supervisor port to security group

---
 drivers/amazonec2/amazonec2.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/drivers/amazonec2/amazonec2.go b/drivers/amazonec2/amazonec2.go
index 7714a1bc63..0359450845 100644
--- a/drivers/amazonec2/amazonec2.go
+++ b/drivers/amazonec2/amazonec2.go
@@ -58,6 +58,7 @@ var (
 	kubeApiPort                          = 6443
 	httpPort                             = 80
 	httpsPort                            = 443
+	supervisorPort                       = 9345
 	nodeExporter                         = 9796
 	etcdPorts                            = []int64{2379, 2380}
 	clusterManagerPorts                  = []int64{6443, 6443}
@@ -1313,6 +1314,20 @@ func (d *Driver) configureSecurityGroupPermissions(group *ec2.SecurityGroup) ([]
 			})
 		}
 
+		// rke2 supervisor
+		if !hasPortsInbound[fmt.Sprintf("%d/tcp", supervisorPort)] {
+			inboundPerms = append(inboundPerms, &ec2.IpPermission{
+				IpProtocol: aws.String("tcp"),
+				FromPort:   aws.Int64(int64(supervisorPort)),
+				ToPort:     aws.Int64(int64(supervisorPort)),
+				UserIdGroupPairs: []*ec2.UserIdGroupPair{
+					{
+						GroupId: group.GroupId,
+					},
+				},
+			})
+		}
+
 		// etcd
 		if !hasPortsInbound[fmt.Sprintf("%d/tcp", etcdPorts[0])] {
 			inboundPerms = append(inboundPerms, &ec2.IpPermission{