From 7c7b85cfbd011fbab452cf531ddabc52be955192 Mon Sep 17 00:00:00 2001
From: Magnus Andersson <mandersson@sunet.se>
Date: Wed, 30 Oct 2024 14:56:05 +0100
Subject: [PATCH] Create security group for k8s external access.

---
 IaC-test/securitygroup-k8s-external.tf | 55 ++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 IaC-test/securitygroup-k8s-external.tf

diff --git a/IaC-test/securitygroup-k8s-external.tf b/IaC-test/securitygroup-k8s-external.tf
new file mode 100644
index 0000000..b1bc3a2
--- /dev/null
+++ b/IaC-test/securitygroup-k8s-external.tf
@@ -0,0 +1,55 @@
+# Security groups for external acccess k8s control nodes in dco.
+resource "openstack_networking_secgroup_v2" "k8s-external-control-dco" {
+  name        = "k8s-external"
+  description = "External ingress traffic to k8s control nodes."
+  provider=openstack.dco
+}
+
+# Security groups for external acccess k8s control nodes in sto3.
+resource "openstack_networking_secgroup_v2" "k8s-external-control-sto3" {
+  name        = "k8s-external"
+  description = "External ingress traffic to k8s control nodes."
+  provider=openstack.sto3
+}
+# Security groups for external acccess k8s control nodes in sto4.
+resource "openstack_networking_secgroup_v2" "k8s-external-control-sto4" {
+  name        = "k8s-external"
+  description = "External ingress traffic to k8s control nodes."
+  provider=openstack.sto4
+}
+
+# Rules dco
+resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_rule_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "16443"
+  port_range_max    = "16443"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.43/32"
+  security_group_id = openstack_networking_secgroup_v2.k8s-external-control-dco.id
+}
+
+# Rules sto3
+resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_rule1_v4_sto3" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "16443"
+  port_range_max    = "16443"
+  provider          = openstack.sto3
+  remote_ip_prefix  = "89.47.191.43/32"
+  security_group_id = openstack_networking_secgroup_v2.k8s-external-control-sto3.id
+}
+
+# Rules dco
+resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_rule1_v4_sto4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "16443"
+  port_range_max    = "16443"
+  provider          = openstack.sto4
+  remote_ip_prefix  = "89.47.191.43/32"
+  security_group_id = openstack_networking_secgroup_v2.k8s-external-control-sto4.id
+}