diff --git a/data/data/aws/vpc/sg-master.tf b/data/data/aws/vpc/sg-master.tf
index 9718cf03412..f5d95fc62d0 100644
--- a/data/data/aws/vpc/sg-master.tf
+++ b/data/data/aws/vpc/sg-master.tf
@@ -138,6 +138,46 @@ resource "aws_security_group_rule" "master_ingress_internal_from_worker" {
   to_port   = 9990
 }
 
+resource "aws_security_group_rule" "master_ingress_kube_scheduler" {
+  type              = "ingress"
+  security_group_id = "${aws_security_group.master.id}"
+
+  protocol  = "tcp"
+  from_port = 10251
+  to_port   = 10251
+  self      = true
+}
+
+resource "aws_security_group_rule" "master_ingress_kube_scheduler_from_worker" {
+  type                     = "ingress"
+  security_group_id        = "${aws_security_group.master.id}"
+  source_security_group_id = "${aws_security_group.worker.id}"
+
+  protocol  = "tcp"
+  from_port = 10251
+  to_port   = 10251
+}
+
+resource "aws_security_group_rule" "master_ingress_kube_controller_manager" {
+  type              = "ingress"
+  security_group_id = "${aws_security_group.master.id}"
+
+  protocol  = "tcp"
+  from_port = 10252
+  to_port   = 10252
+  self      = true
+}
+
+resource "aws_security_group_rule" "master_ingress_kube_controller_manager_from_worker" {
+  type                     = "ingress"
+  security_group_id        = "${aws_security_group.master.id}"
+  source_security_group_id = "${aws_security_group.worker.id}"
+
+  protocol  = "tcp"
+  from_port = 10252
+  to_port   = 10252
+}
+
 resource "aws_security_group_rule" "master_ingress_kubelet_insecure" {
   type              = "ingress"
   security_group_id = "${aws_security_group.master.id}"
diff --git a/data/data/openstack/topology/sg-master.tf b/data/data/openstack/topology/sg-master.tf
index eb03152e07d..040d7995b50 100644
--- a/data/data/openstack/topology/sg-master.tf
+++ b/data/data/openstack/topology/sg-master.tf
@@ -129,6 +129,44 @@ resource "openstack_networking_secgroup_rule_v2" "master_ingress_kubelet_insecur
   security_group_id = "${openstack_networking_secgroup_v2.master.id}"
 }
 
+resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_scheduler" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10251
+  port_range_max    = 10251
+  security_group_id = "${openstack_networking_secgroup_v2.master.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_scheduler_from_worker" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10251
+  port_range_max    = 10251
+  remote_group_id   = "${openstack_networking_secgroup_v2.worker.id}"
+  security_group_id = "${openstack_networking_secgroup_v2.master.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_controller_manager" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10252
+  port_range_max    = 10252
+  security_group_id = "${openstack_networking_secgroup_v2.master.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_controller_manager_from_worker" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10252
+  port_range_max    = 10252
+  remote_group_id   = "${openstack_networking_secgroup_v2.worker.id}"
+  security_group_id = "${openstack_networking_secgroup_v2.master.id}"
+}
+
 resource "openstack_networking_secgroup_rule_v2" "master_ingress_kubelet_secure" {
   direction         = "ingress"
   ethertype         = "IPv4"