Enable external access from lb to k8s

2024-10-30 15:17:58 +01:00 · 2024-10-30 15:17:58 +01:00 · 6393a8279d
parent 7c7b85cfbd
commit 6393a8279d
3 changed files with 12 additions and 6 deletions
--- a/IaC-test/k8snodes-dco.tf
+++ b/IaC-test/k8snodes-dco.tf
@ -20,7 +20,8 @@ resource "openstack_networking_port_v2" "kubecport-dco" {
  # A list of security group ID
  security_group_ids  = [
                          resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id,
-                          resource.openstack_networking_secgroup_v2.microk8s-dco.id
+                          resource.openstack_networking_secgroup_v2.microk8s-dco.id,
+                          resource.openstack_networking_secgroup_v2.k8s-external-control-dco.id
                        ]
  admin_state_up      = "true"
  provider            = openstack.dco
@ -45,7 +46,8 @@ resource "openstack_compute_instance_v2" "controller-nodes-dco" {
  provider        = openstack.dco
  security_groups = [
                      resource.openstack_networking_secgroup_v2.microk8s-dco.name,
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name,
+                      resource.openstack_networking_secgroup_v2.k8s-external-control-dco.name
                    ]

  block_device {
--- a/IaC-test/k8snodes-sto3.tf
+++ b/IaC-test/k8snodes-sto3.tf
@ -20,7 +20,8 @@ resource "openstack_networking_port_v2" "kubecport-sto3" {
  # A list of security group ID
  security_group_ids  = [
                          resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.id,
-                          resource.openstack_networking_secgroup_v2.microk8s-sto3.id
+                          resource.openstack_networking_secgroup_v2.microk8s-sto3.id,
+                          resource.openstack_networking_secgroup_v2.k8s-external-control-sto3.id
                        ]
  admin_state_up      = "true"
  provider            = openstack.sto3
@ -45,7 +46,8 @@ resource "openstack_compute_instance_v2" "controller-nodes-sto3" {
  provider        = openstack.sto3
  security_groups = [
                      resource.openstack_networking_secgroup_v2.microk8s-sto3.name,
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name,
+                      resource.openstack_networking_secgroup_v2.k8s-external-control-sto3.name
                    ]

  block_device {
--- a/IaC-test/k8snodes-sto4.tf
+++ b/IaC-test/k8snodes-sto4.tf
@ -19,7 +19,8 @@ resource "openstack_networking_port_v2" "kubecport-sto4" {
  # A list of security group ID
  security_group_ids  = [
                          resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.id,
-                          resource.openstack_networking_secgroup_v2.microk8s-sto4.id
+                          resource.openstack_networking_secgroup_v2.microk8s-sto4.id,
+                          resource.openstack_networking_secgroup_v2.k8s-external-control-sto4.id
                        ]
  admin_state_up      = "true"
  provider            = openstack.sto4
@ -44,7 +45,8 @@ resource "openstack_compute_instance_v2" "controller-nodes-sto4" {
  provider        = openstack.sto4
  security_groups = [
                      resource.openstack_networking_secgroup_v2.microk8s-sto4.name,
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.name,
+                      resource.openstack_networking_secgroup_v2.k8s-external-control-sto4.name
                    ]

  block_device {