Open lb port to source ip during setup and hardening
This commit is contained in:
parent
b497844e59
commit
840af98c51
|
@ -6,6 +6,7 @@ resource "openstack_networking_port_v2" "lb1-port-dco" {
|
|||
# A list of security group ID
|
||||
security_group_ids = [
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id,
|
||||
resource.openstack_networking_secgroup_v2.lb-dco.id
|
||||
]
|
||||
admin_state_up = "true"
|
||||
provider = openstack.dco
|
||||
|
@ -28,7 +29,8 @@ resource "openstack_compute_instance_v2" "lb1-node-dco" {
|
|||
key_pair = "${var.keynameworkers}"
|
||||
provider = openstack.dco
|
||||
security_groups = [
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name,
|
||||
resource.openstack_networking_secgroup_v2.lb-dco.name
|
||||
]
|
||||
|
||||
block_device {
|
||||
|
|
18
IaC-test/securitygroups-lb.tf
Normal file
18
IaC-test/securitygroups-lb.tf
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Security groups lb-frontend
|
||||
resource "openstack_networking_secgroup_v2" "lb-dco" {
|
||||
name = "lb-frontend"
|
||||
description = "Ingress lb traffic to allow."
|
||||
provider=openstack.dco
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
port_range_min = "8443"
|
||||
port_range_max = "8443"
|
||||
provider = openstack.dco
|
||||
remote_ip_prefix = "87.251.31.153/32"
|
||||
security_group_id = openstack_networking_secgroup_v2.lb-dco.id
|
||||
}
|
||||
|
Loading…
Reference in a new issue