resource "openstack_compute_servergroup_v2" "workers" {
name = "workers"
policies = ["anti-affinity"]
}
resource "openstack_compute_servergroup_v2" "controllers" {
name = "controllers"
policies = ["anti-affinity"]
}
resource "openstack_networking_secgroup_v2" "microk8s" {
name = "microk8s"
description = "Traffic to allow between microk8s hosts"
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" {
#We never know where Richard is, so allow from all of the known internet
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 16443
port_range_max = 16443
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" {
#We never know where Richard is, so allow from all of the known internet
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 16443
port_range_max = 16443
remote_ip_prefix = "::/0"
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 10250
port_range_max = 10250
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 10250
port_range_max = 10250
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 10255
port_range_max = 10255
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 10255
port_range_max = 10255
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 25000
port_range_max = 25000
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 25000
port_range_max = 25000
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 12379
port_range_max = 12379
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 12379
port_range_max = 12379
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 10257
port_range_max = 10257
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 10257
port_range_max = 10257
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 10259
port_range_max = 10259
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 10259
port_range_max = 10259
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 19001
port_range_max = 19001
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 19001
port_range_max = 19001
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" {
direction = "ingress"
ethertype = "IPv4"
protocol = "udp"
port_range_min = 4789
port_range_max = 4789
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" {
direction = "ingress"
ethertype = "IPv6"
protocol = "udp"
port_range_min = 4789
port_range_max = 4789
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule19" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 16443
port_range_max = 16443
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule20" {
direction = "ingress"
ethertype = "IPv6"
protocol = "tcp"
port_range_min = 16443
port_range_max = 16443
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_compute_instance_v2" "controller-nodes" {
count = var.controller_instance_count
name = "${var.controller_name}-${count.index}.${var.dns_suffix}"
flavor_name = "${var.controller_instance_type}"
key_pair = "thorslund"
security_groups = ["https", "microk8s", "Allow SSH from SUNET jumphosts"]
block_device {
uuid = "5d24aca9-11be-4de1-9770-4a097d68f361"
source_type = "image"
volume_size = 20
boot_index = 0
destination_type = "volume"
delete_on_termination = true
}
scheduler_hints {
group = openstack_compute_servergroup_v2.controllers.id
}
network {
name = "public"
}
}
resource "openstack_compute_instance_v2" "worker-nodes" {
count = var.worker_instance_count
name = "${var.worker_name}-${count.index}.${var.dns_suffix}"
flavor_name = "${var.worker_instance_type}"
key_pair = "thorslund"
security_groups = ["microk8s", "Allow SSH from SUNET jumphosts"]
block_device {
uuid = "5d24aca9-11be-4de1-9770-4a097d68f361"
source_type = "image"
volume_size = 20
boot_index = 0
destination_type = "volume"
delete_on_termination = true
}
scheduler_hints {
group = openstack_compute_servergroup_v2.workers.id
}
network {
name = "public"
}
}