diff --git a/IaC-test/k8snodes-dco.tf b/IaC-test/k8snodes-dco.tf index 929592e..e452dd4 100644 --- a/IaC-test/k8snodes-dco.tf +++ b/IaC-test/k8snodes-dco.tf @@ -1,5 +1,5 @@ # -# Controller node resources +# Global DCO definitions # locals { @@ -8,6 +8,65 @@ locals { dcoindexjump = length(var.datacenters) } +# +# Control node resources DCO +# + +resource "openstack_networking_port_v2" "kubecport-dco" { + name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-port" + # We create as many ports as there are instances created + count = var.controllerdcreplicas + network_id = data.openstack_networking_network_v2.public-dco.id + # A list of security group ID + security_group_ids = [ + resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id, + resource.openstack_networking_secgroup_v2.microk8s-dco.id + ] + admin_state_up = "true" + provider = openstack.dco +} + +# Boot volume for node +resource "openstack_blockstorage_volume_v3" "kubecvolumeboot-dco" { + count = var.workerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-vol" + description = "OS volume for kubernetes worker node ${count.index * local.indexjump + 1 + local.nodenrbase}" + size = 100 + image_id = data.openstack_images_image_v2.debian12image-dco.id + enable_online_resize = true # Allow us to resize volume while attached. + provider = openstack.dco +} + +resource "openstack_compute_instance_v2" "controller-nodes-dco" { + count = var.controllerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}.${var.dns_suffix}" + flavor_name = "${var.controller_instance_type}" + key_pair = "${var.keynameworkers}" + provider = openstack.dco + security_groups = [ + resource.openstack_networking_secgroup_v2.microk8s-dco.name, + resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name + ] + + block_device { + uuid = resource.openstack_blockstorage_volume_v3.kubecvolumeboot-dco[count.index].id + source_type = "volume" + destination_type = "volume" + boot_index = 0 + } + + scheduler_hints { + group = openstack_compute_servergroup_v2.controllers-dco.id + } + network { + port = resource.openstack_networking_port_v2.kubecport-dco[count.index].id + } +} + +# +# Worker node resources DCO +# + resource "openstack_networking_port_v2" "kubewport-dco" { name = "${var.worker_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-port" # We create as many ports as there are instances created diff --git a/IaC-test/k8snodes-sto3.tf b/IaC-test/k8snodes-sto3.tf index 7c27af8..d700243 100644 --- a/IaC-test/k8snodes-sto3.tf +++ b/IaC-test/k8snodes-sto3.tf @@ -1,5 +1,5 @@ # -# Controller node resources +# Global definitions sto3 # locals { @@ -8,6 +8,66 @@ locals { sto3indexjump = length(var.datacenters) } +# +# Control node resources STO3 +# + +resource "openstack_networking_port_v2" "kubecport-sto3" { + name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-port" + # We create as many ports as there are instances created + count = var.controllerdcreplicas + network_id = data.openstack_networking_network_v2.public-sto3.id + # A list of security group ID + security_group_ids = [ + resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.id, + resource.openstack_networking_secgroup_v2.microk8s-sto3.id + ] + admin_state_up = "true" + provider = openstack.sto3 +} + +# Boot volume for node +resource "openstack_blockstorage_volume_v3" "kubecvolumeboot-sto3" { + count = var.workerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-vol" + description = "OS volume for kubernetes worker node ${count.index * local.indexjump + 1 + local.nodenrbase}" + size = 100 + image_id = data.openstack_images_image_v2.debian12image-sto3.id + enable_online_resize = true # Allow us to resize volume while attached. + provider = openstack.sto3 +} + +resource "openstack_compute_instance_v2" "controller-nodes-sto3" { + count = var.controllerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}.${var.dns_suffix}" + flavor_name = "${var.controller_instance_type}" + key_pair = "${var.keynameworkers}" + provider = openstack.sto3 + security_groups = [ + resource.openstack_networking_secgroup_v2.microk8s-sto3.name, + resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name + ] + + block_device { + uuid = resource.openstack_blockstorage_volume_v3.kubecvolumeboot-sto3[count.index].id + source_type = "volume" + destination_type = "volume" + boot_index = 0 + } + + scheduler_hints { + group = openstack_compute_servergroup_v2.controllers-sto3.id + } + network { + port = resource.openstack_networking_port_v2.kubecport-sto3[count.index].id + } +} + + +# +# Worker node resources STO3 +# + resource "openstack_networking_port_v2" "kubewport-sto3" { name = "${var.worker_name}${count.index * local.sto3indexjump + 1 + local.sto3nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.sto3dc}-port" # We create as many ports as there are instances created diff --git a/IaC-test/securitygroups-k8s-dco.tf b/IaC-test/securitygroups-k8s-dco.tf index 69e7b71..59b06ce 100644 --- a/IaC-test/securitygroups-k8s-dco.tf +++ b/IaC-test/securitygroups-k8s-dco.tf @@ -39,37 +39,36 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_rule_v6_dco" { security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id } -# -# From DCO controllers to dco workers -# -resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dco_to_dco" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) - direction = "ingress" - ethertype = "IPv4" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - provider = openstack.dco - remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v4, "32"]) - security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dco_to_dco" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) - direction = "ingress" - ethertype = "IPv6" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - provider = openstack.dco - remote_ip_prefix = join("/", [ replace(resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v6, "/[\\[\\]']/",""),"128"]) - security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id -} - # # From STO3 to DCO # +# Control nodes +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_sto3_to_dco" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto3) + direction = "ingress" + ethertype = "IPv4" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + provider = openstack.dco + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto3)].access_ip_v4, "32" ]) + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_sto3_to_dco" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto3) + direction = "ingress" + ethertype = "IPv6" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + provider = openstack.dco + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto3)].access_ip_v6, "/[\\[\\]']/",""), "128"]) + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +# Worker nodes resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto3_to_dco" { count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto3) direction = "ingress" diff --git a/IaC-test/securitygroups-k8s-sto3.tf b/IaC-test/securitygroups-k8s-sto3.tf index 91e0a8b..fbc12a0 100644 --- a/IaC-test/securitygroups-k8s-sto3.tf +++ b/IaC-test/securitygroups-k8s-sto3.tf @@ -42,54 +42,32 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_rule_v6_sto3" { # # From DCO to STO3 # + resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dco_to_sto3" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-dco) direction = "ingress" ethertype = "IPv4" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] provider = openstack.sto3 - remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v4, "32"]) + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-dco)].access_ip_v4, "32" ]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dco_to_sto3" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-dco) direction = "ingress" ethertype = "IPv6" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] provider = openstack.sto3 - remote_ip_prefix = join("/", [ replace(resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v6, "/[\\[\\]']/",""),"128"]) + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-dco)].access_ip_v6, "/[\\[\\]']/",""), "128"]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id } -#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto3" { -# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) -# direction = "ingress" -# ethertype = "IPv4" -# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] -# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# provider = openstack.sto3 -# remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v4, "32" ]) -# security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id -#} -# -#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to_sto3" { -# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) -# direction = "ingress" -# ethertype = "IPv6" -# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] -# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# provider = openstack.sto3 -# remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v6, "/[\\[\\]']/",""), "128"]) -# security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id -#} - +# Worker nodes resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto3" { count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-dco) direction = "ingress" diff --git a/IaC-test/securitygroups-k8s-sto4.tf b/IaC-test/securitygroups-k8s-sto4.tf index 0e83a7c..a0f2286 100644 --- a/IaC-test/securitygroups-k8s-sto4.tf +++ b/IaC-test/securitygroups-k8s-sto4.tf @@ -39,54 +39,36 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_rule_v6_sto4" { security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } +# +# DCO to STO4 +# + +# Controllers resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dco_to_sto4" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-dco) direction = "ingress" ethertype = "IPv4" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] provider = openstack.sto4 - remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v4, "32"]) + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-dco)].access_ip_v4, "32" ]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dco_to_sto4" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-dco) direction = "ingress" ethertype = "IPv6" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-dco))])[0] provider = openstack.sto4 - remote_ip_prefix = join("/", [ replace(resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v6, "/[\\[\\]']/",""),"128"]) + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-dco)].access_ip_v6, "/[\\[\\]']/",""), "128"]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } -#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto4" { -# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) -# direction = "ingress" -# ethertype = "IPv4" -# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] -# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# provider = openstack.sto4 -# remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v4, "32" ]) -# security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id -#} -# -#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to_sto4" { -# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) -# direction = "ingress" -# ethertype = "IPv6" -# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] -# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] -# provider = openstack.sto4 -# remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v6, "/[\\[\\]']/",""), "128"]) -# security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id -#} - +# Workers resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto4" { count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-dco) direction = "ingress" @@ -115,6 +97,32 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to # From STO3 to STO4 # +# Control nodes +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_sto3_to_sto4" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto3) + direction = "ingress" + ethertype = "IPv4" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + provider = openstack.sto3 + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto3)].access_ip_v4, "32" ]) + security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id +} + +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_sto3_to_sto4" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes-sto3) + direction = "ingress" + ethertype = "IPv6" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] + provider = openstack.sto3 + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto3)].access_ip_v6, "/[\\[\\]']/",""), "128"]) + security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id +} + +# Worker nodes resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto3_to_sto4" { count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto3) direction = "ingress" diff --git a/IaC-test/vars.tf b/IaC-test/vars.tf index 58f9443..3f3481c 100644 --- a/IaC-test/vars.tf +++ b/IaC-test/vars.tf @@ -49,7 +49,7 @@ variable "controllerdcreplicas" { variable "controller_instance_count" { - default = "2" + default = "1" } variable "controller_instance_type" {