Adjust security group rules for control node in sto4
This commit is contained in:
parent
d5663f23e1
commit
7280601637
|
@ -98,6 +98,32 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_sto3_t
|
||||||
# From STO4 to STO3
|
# From STO4 to STO3
|
||||||
#
|
#
|
||||||
|
|
||||||
|
#Controllers
|
||||||
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_sto4_to_dco" {
|
||||||
|
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto4)
|
||||||
|
direction = "ingress"
|
||||||
|
ethertype = "IPv4"
|
||||||
|
protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]]
|
||||||
|
port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
provider = openstack.dco
|
||||||
|
remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto4)].access_ip_v4, "32" ])
|
||||||
|
security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_sto4_to_dco" {
|
||||||
|
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto4)
|
||||||
|
direction = "ingress"
|
||||||
|
ethertype = "IPv6"
|
||||||
|
protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]]
|
||||||
|
port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
provider = openstack.dco
|
||||||
|
remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto4)].access_ip_v6, "/[\\[\\]']/",""), "128"])
|
||||||
|
security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id
|
||||||
|
}
|
||||||
|
|
||||||
|
# Workers
|
||||||
resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_dco" {
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_dco" {
|
||||||
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4)
|
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4)
|
||||||
direction = "ingress"
|
direction = "ingress"
|
||||||
|
|
|
@ -118,6 +118,33 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to
|
||||||
# From STO4 to STO3
|
# From STO4 to STO3
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Controllers
|
||||||
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_sto4_to_sto3" {
|
||||||
|
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto4)
|
||||||
|
direction = "ingress"
|
||||||
|
ethertype = "IPv4"
|
||||||
|
protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]]
|
||||||
|
port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
provider = openstack.sto3
|
||||||
|
remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto4)].access_ip_v4, "32" ])
|
||||||
|
security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_sto4_to_sto3" {
|
||||||
|
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto4)
|
||||||
|
direction = "ingress"
|
||||||
|
ethertype = "IPv6"
|
||||||
|
protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]]
|
||||||
|
port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto4))])[0]
|
||||||
|
provider = openstack.sto3
|
||||||
|
remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto4)].access_ip_v6, "/[\\[\\]']/",""), "128"])
|
||||||
|
security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Workers
|
||||||
resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_sto3" {
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_sto3" {
|
||||||
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4)
|
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4)
|
||||||
direction = "ingress"
|
direction = "ingress"
|
||||||
|
|
Loading…
Reference in a new issue