Add security group rules to allow k8s traffic from sto4 to dco
This commit is contained in:
parent
b53cd52314
commit
9872f8f923
24
IaC-test/securitygroups-k8s-dco.tf
Normal file
24
IaC-test/securitygroups-k8s-dco.tf
Normal file
|
@ -0,0 +1,24 @@
|
|||
|
||||
resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_dco" {
|
||||
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4)
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]]
|
||||
port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]
|
||||
port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]
|
||||
provider = openstack.dco
|
||||
remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto4)].access_ip_v4, "32" ])
|
||||
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_sto4_to_dco" {
|
||||
count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4)
|
||||
direction = "ingress"
|
||||
ethertype = "IPv6"
|
||||
protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]]
|
||||
port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]
|
||||
port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]
|
||||
provider = openstack.dco
|
||||
remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto4)].access_ip_v6, "/[\\[\\]']/",""), "128"])
|
||||
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
||||
}
|
Loading…
Reference in a new issue