diff --git a/IaC-test/k8snodes-dco.tf b/IaC-test/k8snodes-dco.tf index e452dd4..f3c902c 100644 --- a/IaC-test/k8snodes-dco.tf +++ b/IaC-test/k8snodes-dco.tf @@ -13,7 +13,7 @@ locals { # resource "openstack_networking_port_v2" "kubecport-dco" { - name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-port" + name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-port" # We create as many ports as there are instances created count = var.controllerdcreplicas network_id = data.openstack_networking_network_v2.public-dco.id @@ -28,9 +28,9 @@ resource "openstack_networking_port_v2" "kubecport-dco" { # Boot volume for node resource "openstack_blockstorage_volume_v3" "kubecvolumeboot-dco" { - count = var.workerdcreplicas # Replicas per datacenter - name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-vol" - description = "OS volume for kubernetes worker node ${count.index * local.indexjump + 1 + local.nodenrbase}" + count = var.controllerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-vol" + description = "OS volume for kubernetes worker node ${count.index * local.dcoindexjump + 1 + local.dconodenrbase}" size = 100 image_id = data.openstack_images_image_v2.debian12image-dco.id enable_online_resize = true # Allow us to resize volume while attached. @@ -39,7 +39,7 @@ resource "openstack_blockstorage_volume_v3" "kubecvolumeboot-dco" { resource "openstack_compute_instance_v2" "controller-nodes-dco" { count = var.controllerdcreplicas # Replicas per datacenter - name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}.${var.dns_suffix}" + name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}.${var.dns_suffix}" flavor_name = "${var.controller_instance_type}" key_pair = "${var.keynameworkers}" provider = openstack.dco @@ -84,7 +84,7 @@ resource "openstack_networking_port_v2" "kubewport-dco" { # Boot volume for node resource "openstack_blockstorage_volume_v3" "kubewvolumeboot-dco" { count = var.workerdcreplicas # Replicas per datacenter - name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-vol" + name = "${var.worker_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-vol" description = "OS volume for kubernetes worker node ${count.index * local.dcoindexjump + 1 + local.dconodenrbase}" size = 100 image_id = data.openstack_images_image_v2.debian12image-dco.id @@ -94,7 +94,7 @@ resource "openstack_blockstorage_volume_v3" "kubewvolumeboot-dco" { resource "openstack_blockstorage_volume_v3" "kubewvolumerook-dco" { count = var.workerdcreplicas # Replicas per datacenter - name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-rook-vol" + name = "${var.worker_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-rook-vol" description = "Rook storage volume for kubernetes worker node ${count.index * local.dcoindexjump + 1 + local.dconodenrbase}" size = 100 enable_online_resize = true # Allow us to resize volume while attached. @@ -108,7 +108,7 @@ resource "openstack_compute_instance_v2" "worker-nodes-dco" { key_pair = "${var.keynameworkers}" provider = openstack.dco security_groups = [ - resource.openstack_networking_secgroup_v2.microk8s-dco.id, + resource.openstack_networking_secgroup_v2.microk8s-dco.name, resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name ] diff --git a/IaC-test/k8snodes-sto3.tf b/IaC-test/k8snodes-sto3.tf index d700243..42beca6 100644 --- a/IaC-test/k8snodes-sto3.tf +++ b/IaC-test/k8snodes-sto3.tf @@ -13,7 +13,7 @@ locals { # resource "openstack_networking_port_v2" "kubecport-sto3" { - name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-port" + name = "${var.controller_name}${count.index * local.sto3indexjump + 1 + local.sto3nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.sto3dc}-port" # We create as many ports as there are instances created count = var.controllerdcreplicas network_id = data.openstack_networking_network_v2.public-sto3.id @@ -29,8 +29,8 @@ resource "openstack_networking_port_v2" "kubecport-sto3" { # Boot volume for node resource "openstack_blockstorage_volume_v3" "kubecvolumeboot-sto3" { count = var.workerdcreplicas # Replicas per datacenter - name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dc}-vol" - description = "OS volume for kubernetes worker node ${count.index * local.indexjump + 1 + local.nodenrbase}" + name = "${var.controller_name}${count.index * local.sto3indexjump + 1 + local.sto3nodenrbase}-${replace(var.dns_suffix,".","-")}-${local.sto3dc}-vol" + description = "OS volume for kubernetes worker node ${count.index * local.sto3indexjump + 1 + local.sto3nodenrbase}" size = 100 image_id = data.openstack_images_image_v2.debian12image-sto3.id enable_online_resize = true # Allow us to resize volume while attached. @@ -39,7 +39,7 @@ resource "openstack_blockstorage_volume_v3" "kubecvolumeboot-sto3" { resource "openstack_compute_instance_v2" "controller-nodes-sto3" { count = var.controllerdcreplicas # Replicas per datacenter - name = "${var.controller_name}${count.index * local.indexjump + 1 + local.nodenrbase}.${var.dns_suffix}" + name = "${var.controller_name}${count.index * local.sto3indexjump + 1 + local.sto3nodenrbase}.${var.dns_suffix}" flavor_name = "${var.controller_instance_type}" key_pair = "${var.keynameworkers}" provider = openstack.sto3 diff --git a/IaC-test/nodes.tf b/IaC-test/nodes.tf index f9bbb6c..20d2db2 100644 --- a/IaC-test/nodes.tf +++ b/IaC-test/nodes.tf @@ -3,121 +3,121 @@ # Controller node resources # -resource "openstack_networking_port_v2" "kubecport" { - name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port" - # We create as many ports as there are instances created - count = var.controller_instance_count - network_id = data.openstack_networking_network_v2.public.id - # A list of security group ID - security_group_ids = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.id, - data.openstack_networking_secgroup_v2.allegress.id, - resource.openstack_networking_secgroup_v2.microk8s-old.id, - resource.openstack_networking_secgroup_v2.microk8s-dco.id, - resource.openstack_networking_secgroup_v2.https.id - ] - admin_state_up = "true" -} - -resource "openstack_blockstorage_volume_v3" "kubecvolumeboot" { - count = var.controller_instance_count # size of cluster - name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol" - description = "OS volume for kubernetes control node ${count.index + 1}" - size = 100 - image_id = data.openstack_images_image_v2.debian12image.id - enable_online_resize = true # Allow us to resize volume while attached. -} - -resource "openstack_compute_instance_v2" "controller-nodes" { - count = var.controller_instance_count - name = "${var.controller_name}${count.index+1}.${var.dns_suffix}" - flavor_name = "${var.controller_instance_type}" - key_pair = "${var.keyname}" - security_groups = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.name, - data.openstack_networking_secgroup_v2.allegress.name, - resource.openstack_networking_secgroup_v2.microk8s-old.id, - resource.openstack_networking_secgroup_v2.microk8s-dco.id, - resource.openstack_networking_secgroup_v2.https.name - ] - block_device { - uuid = resource.openstack_blockstorage_volume_v3.kubecvolumeboot[count.index].id - source_type = "volume" - destination_type = "volume" - boot_index = 0 - } - scheduler_hints { - group = openstack_compute_servergroup_v2.controllers.id - } - network { - port = resource.openstack_networking_port_v2.kubecport[count.index].id - } -} - +#resource "openstack_networking_port_v2" "kubecport" { +# name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port" +# # We create as many ports as there are instances created +# count = var.controller_instance_count +# network_id = data.openstack_networking_network_v2.public.id +# # A list of security group ID +# security_group_ids = [ +# data.openstack_networking_secgroup_v2.sshfromjumphosts.id, +# data.openstack_networking_secgroup_v2.allegress.id, +# resource.openstack_networking_secgroup_v2.microk8s-old.id, +# resource.openstack_networking_secgroup_v2.microk8s-dco.id, +# resource.openstack_networking_secgroup_v2.https.id +# ] +# admin_state_up = "true" +#} # -# Worker node resources +#resource "openstack_blockstorage_volume_v3" "kubecvolumeboot" { +# count = var.controller_instance_count # size of cluster +# name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol" +# description = "OS volume for kubernetes control node ${count.index + 1}" +# size = 100 +# image_id = data.openstack_images_image_v2.debian12image.id +# enable_online_resize = true # Allow us to resize volume while attached. +#} # - -resource "openstack_networking_port_v2" "kubewport" { - name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port" - # We create as many ports as there are instances created - count = var.worker_instance_count - network_id = data.openstack_networking_network_v2.public.id - # A list of security group ID - security_group_ids = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.id, - data.openstack_networking_secgroup_v2.allegress.id, - resource.openstack_networking_secgroup_v2.microk8s-old.id - ] - admin_state_up = "true" -} - -resource "openstack_blockstorage_volume_v3" "kubewvolumeboot" { - count = var.worker_instance_count # size of cluster - name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol" - description = "OS volume for kubernetes worker node ${count.index + 1}" - size = 100 - image_id = data.openstack_images_image_v2.debian12image.id - enable_online_resize = true # Allow us to resize volume while attached. -} - -resource "openstack_blockstorage_volume_v3" "kubewvolumerook" { - count = var.worker_instance_count # size of cluster - name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-rook-vol" - description = "Rook storage volume for kubernetes worker node ${count.index + 1}" - size = 100 - enable_online_resize = true # Allow us to resize volume while attached. -} - - -resource "openstack_compute_instance_v2" "worker-nodes" { - count = var.worker_instance_count - name = "${var.worker_name}${count.index+1}.${var.dns_suffix}" - flavor_name = "${var.worker_instance_type}" - key_pair = "${var.keynameworkers}" - security_groups = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.name, - data.openstack_networking_secgroup_v2.allegress.name, - resource.openstack_networking_secgroup_v2.microk8s-old.name - ] - - block_device { - uuid = resource.openstack_blockstorage_volume_v3.kubewvolumeboot[count.index].id - source_type = "volume" - destination_type = "volume" - boot_index = 0 - } - block_device { - uuid = resource.openstack_blockstorage_volume_v3.kubewvolumerook[count.index].id - source_type = "volume" - destination_type = "volume" - boot_index = 1 - } - - scheduler_hints { - group = openstack_compute_servergroup_v2.workers.id - } - network { - port = resource.openstack_networking_port_v2.kubewport[count.index].id - } -} +#resource "openstack_compute_instance_v2" "controller-nodes" { +# count = var.controller_instance_count +# name = "${var.controller_name}${count.index+1}.${var.dns_suffix}" +# flavor_name = "${var.controller_instance_type}" +# key_pair = "${var.keyname}" +# security_groups = [ +# data.openstack_networking_secgroup_v2.sshfromjumphosts.name, +# data.openstack_networking_secgroup_v2.allegress.name, +# resource.openstack_networking_secgroup_v2.microk8s-old.id, +# resource.openstack_networking_secgroup_v2.microk8s-dco.id, +# resource.openstack_networking_secgroup_v2.https.name +# ] +# block_device { +# uuid = resource.openstack_blockstorage_volume_v3.kubecvolumeboot[count.index].id +# source_type = "volume" +# destination_type = "volume" +# boot_index = 0 +# } +# scheduler_hints { +# group = openstack_compute_servergroup_v2.controllers.id +# } +# network { +# port = resource.openstack_networking_port_v2.kubecport[count.index].id +# } +#} +# +## +## Worker node resources +## +# +#resource "openstack_networking_port_v2" "kubewport" { +# name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port" +# # We create as many ports as there are instances created +# count = var.worker_instance_count +# network_id = data.openstack_networking_network_v2.public.id +# # A list of security group ID +# security_group_ids = [ +# data.openstack_networking_secgroup_v2.sshfromjumphosts.id, +# data.openstack_networking_secgroup_v2.allegress.id, +# resource.openstack_networking_secgroup_v2.microk8s-old.id +# ] +# admin_state_up = "true" +#} +# +#resource "openstack_blockstorage_volume_v3" "kubewvolumeboot" { +# count = var.worker_instance_count # size of cluster +# name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol" +# description = "OS volume for kubernetes worker node ${count.index + 1}" +# size = 100 +# image_id = data.openstack_images_image_v2.debian12image.id +# enable_online_resize = true # Allow us to resize volume while attached. +#} +# +#resource "openstack_blockstorage_volume_v3" "kubewvolumerook" { +# count = var.worker_instance_count # size of cluster +# name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-rook-vol" +# description = "Rook storage volume for kubernetes worker node ${count.index + 1}" +# size = 100 +# enable_online_resize = true # Allow us to resize volume while attached. +#} +# +# +#resource "openstack_compute_instance_v2" "worker-nodes" { +# count = var.worker_instance_count +# name = "${var.worker_name}${count.index+1}.${var.dns_suffix}" +# flavor_name = "${var.worker_instance_type}" +# key_pair = "${var.keynameworkers}" +# security_groups = [ +# data.openstack_networking_secgroup_v2.sshfromjumphosts.name, +# data.openstack_networking_secgroup_v2.allegress.name, +# resource.openstack_networking_secgroup_v2.microk8s-old.name +# ] +# +# block_device { +# uuid = resource.openstack_blockstorage_volume_v3.kubewvolumeboot[count.index].id +# source_type = "volume" +# destination_type = "volume" +# boot_index = 0 +# } +# block_device { +# uuid = resource.openstack_blockstorage_volume_v3.kubewvolumerook[count.index].id +# source_type = "volume" +# destination_type = "volume" +# boot_index = 1 +# } +# +# scheduler_hints { +# group = openstack_compute_servergroup_v2.workers.id +# } +# network { +# port = resource.openstack_networking_port_v2.kubewport[count.index].id +# } +#} diff --git a/IaC-test/securitygroups-k8s-sto4.tf b/IaC-test/securitygroups-k8s-sto4.tf index a0f2286..f53eab1 100644 --- a/IaC-test/securitygroups-k8s-sto4.tf +++ b/IaC-test/securitygroups-k8s-sto4.tf @@ -105,7 +105,7 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_st protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0]] port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] - provider = openstack.sto3 + provider = openstack.sto4 remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto3)].access_ip_v4, "32" ]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } @@ -117,7 +117,7 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_st protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0]] port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes-sto3))])[0] - provider = openstack.sto3 + provider = openstack.sto4 remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.controller-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.controller-nodes-sto3)].access_ip_v6, "/[\\[\\]']/",""), "128"]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } diff --git a/IaC-test/securitygroups.tf b/IaC-test/securitygroups.tf index 20e6425..8cbb511 100644 --- a/IaC-test/securitygroups.tf +++ b/IaC-test/securitygroups.tf @@ -7,206 +7,206 @@ data "openstack_networking_secgroup_v2" "allegress" { name = "allegress" } -resource "openstack_networking_secgroup_v2" "microk8s-old" { - name = "microk8s-old" - description = "Traffic to allow between microk8s hosts" -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 16443 - port_range_max = 16443 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 16443 - port_range_max = 16443 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10255 - port_range_max = 10255 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10255 - port_range_max = 10255 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 25000 - port_range_max = 25000 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 25000 - port_range_max = 25000 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 12379 - port_range_max = 12379 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 12379 - port_range_max = 12379 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10257 - port_range_max = 10257 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10257 - port_range_max = 10257 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10259 - port_range_max = 10259 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10259 - port_range_max = 10259 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 19001 - port_range_max = 19001 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 19001 - port_range_max = 19001 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" { - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" { - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule19" { - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 51820 - port_range_max = 51820 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule20" { - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 51820 - port_range_max = 51820 - remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id - security_group_id = openstack_networking_secgroup_v2.microk8s-old.id -} - -resource "openstack_networking_secgroup_v2" "https" { - name = "https" - description = "Allow https to ingress controller" -} - -resource "openstack_networking_secgroup_rule_v2" "https_rule1" { - # External traffic - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.https.id -} +#resource "openstack_networking_secgroup_v2" "microk8s-old" { +# name = "microk8s-old" +# description = "Traffic to allow between microk8s hosts" +#} +# +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 16443 +# port_range_max = 16443 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 16443 +# port_range_max = 16443 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +# +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 10250 +# port_range_max = 10250 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 10250 +# port_range_max = 10250 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +# +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 10255 +# port_range_max = 10255 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 10255 +# port_range_max = 10255 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 25000 +# port_range_max = 25000 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 25000 +# port_range_max = 25000 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 12379 +# port_range_max = 12379 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 12379 +# port_range_max = 12379 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 10257 +# port_range_max = 10257 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 10257 +# port_range_max = 10257 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 10259 +# port_range_max = 10259 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 10259 +# port_range_max = 10259 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 19001 +# port_range_max = 19001 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "tcp" +# port_range_min = 19001 +# port_range_max = 19001 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "udp" +# port_range_min = 4789 +# port_range_max = 4789 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "udp" +# port_range_min = 4789 +# port_range_max = 4789 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule19" { +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "udp" +# port_range_min = 51820 +# port_range_max = 51820 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +#resource "openstack_networking_secgroup_rule_v2" "microk8s_rule20" { +# direction = "ingress" +# ethertype = "IPv6" +# protocol = "udp" +# port_range_min = 51820 +# port_range_max = 51820 +# remote_group_id = openstack_networking_secgroup_v2.microk8s-old.id +# security_group_id = openstack_networking_secgroup_v2.microk8s-old.id +#} +# +#resource "openstack_networking_secgroup_v2" "https" { +# name = "https" +# description = "Allow https to ingress controller" +#} +# +#resource "openstack_networking_secgroup_rule_v2" "https_rule1" { +# # External traffic +# direction = "ingress" +# ethertype = "IPv4" +# protocol = "tcp" +# port_range_min = 443 +# port_range_max = 443 +# remote_ip_prefix = "0.0.0.0/0" +# security_group_id = openstack_networking_secgroup_v2.https.id +#}