# Define required providers terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "~> 1.53.0" } } } # Configure the OpenStack Provider provider "openstack" { cloud = "sto4-rut" } resource "openstack_compute_servergroup_v2" "workers" { name = "workers" policies = ["anti-affinity"] } resource "openstack_compute_servergroup_v2" "controllers" { name = "controllers" policies = ["anti-affinity"] } resource "openstack_networking_secgroup_v2" "microk8s" { name = "microk8s" description = "Traffic to allow between microk8s hosts" } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 16443 port_range_max = 16443 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 16443 port_range_max = 16443 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 10250 port_range_max = 10250 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 10250 port_range_max = 10250 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 10255 port_range_max = 10255 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 10255 port_range_max = 10255 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 25000 port_range_max = 25000 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 25000 port_range_max = 25000 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 12379 port_range_max = 12379 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 12379 port_range_max = 12379 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 10257 port_range_max = 10257 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 10257 port_range_max = 10257 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 10259 port_range_max = 10259 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 10259 port_range_max = 10259 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 19001 port_range_max = 19001 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 19001 port_range_max = 19001 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" { direction = "ingress" ethertype = "IPv4" protocol = "udp" port_range_min = 4789 port_range_max = 4789 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" { direction = "ingress" ethertype = "IPv6" protocol = "udp" port_range_min = 4789 port_range_max = 4789 remote_group_id = openstack_networking_secgroup_v2.microk8s.id security_group_id = openstack_networking_secgroup_v2.microk8s.id } resource "openstack_compute_instance_v2" "controller-nodes" { count = var.controller_instance_count name = "${var.controller_name}-${count.index}.${var.dns_suffix}" flavor_name = "${var.controller_instance_type}" key_pair = "mifr-yubi" security_groups = ["microk8s", "Allow SSH from SUNET jumphosts", "Allow ssh from the world"] block_device { uuid = "5d24aca9-11be-4de1-9770-4a097d68f361" source_type = "image" volume_size = 20 boot_index = 0 destination_type = "volume" delete_on_termination = true } scheduler_hints { group = openstack_compute_servergroup_v2.controllers.id } network { name = "public" } } resource "openstack_compute_instance_v2" "worker-nodes" { count = var.worker_instance_count name = "${var.worker_name}-${count.index}.${var.dns_suffix}" flavor_name = "${var.worker_instance_type}" key_pair = "mifr-yubi" security_groups = ["microk8s", "Allow SSH from SUNET jumphosts", "Allow ssh from the world"] block_device { uuid = "5d24aca9-11be-4de1-9770-4a097d68f361" source_type = "image" volume_size = 20 boot_index = 0 destination_type = "volume" delete_on_termination = true } scheduler_hints { group = openstack_compute_servergroup_v2.workers.id } network { name = "public" } }