fix(terraform): enusre node ports can be accessed by load balancer

This is a band-aid fix over the underlying issues where the
DigitalOcean CCM-managed firewall can only open allow traffic for
NodePort services. Once digitalocean/digitalocean-cloud-controller-manager#588
is merged, this can be removed.

Author: akrantz01

terraform/networking.tf

@@ -32,6 +32,14 @@ resource "digitalocean_firewall" "control_plane" {
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
 
+  # Allow traffic from the VPC to NodePorts
+  # Temporary fix until https://github.com/digitalocean/digitalocean-cloud-controller-manager/pull/588 is merged
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "30000-32767"
+    source_addresses = [digitalocean_vpc.vpc.ip_range]
+  }
+
   dynamic "outbound_rule" {
     for_each = ["tcp", "udp"]
     content {
@@ -65,6 +73,14 @@ resource "digitalocean_firewall" "agent" {
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
 
+  # Allow traffic from the VPC to NodePorts
+  # Temporary fix until https://github.com/digitalocean/digitalocean-cloud-controller-manager/pull/588 is merged
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "30000-32767"
+    source_addresses = [digitalocean_vpc.vpc.ip_range]
+  }
+
   dynamic "outbound_rule" {
     for_each = ["tcp", "udp"]
     content {