Open ingress port from lb to workers
This commit is contained in:
parent
9b343f32e7
commit
f691ae99e6
|
@ -77,7 +77,8 @@ resource "openstack_networking_port_v2" "kubewport-dco" {
|
|||
# A list of security group ID
|
||||
security_group_ids = [
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id,
|
||||
resource.openstack_networking_secgroup_v2.microk8s-dco.id
|
||||
resource.openstack_networking_secgroup_v2.microk8s-dco.id,
|
||||
resource.openstack_networking_secgroup_v2.k8s-external-worker-dco.id
|
||||
]
|
||||
admin_state_up = "true"
|
||||
provider = openstack.dco
|
||||
|
@ -111,7 +112,8 @@ resource "openstack_compute_instance_v2" "worker-nodes-dco" {
|
|||
provider = openstack.dco
|
||||
security_groups = [
|
||||
resource.openstack_networking_secgroup_v2.microk8s-dco.name,
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name,
|
||||
resource.openstack_networking_secgroup_v2.k8s-external-worker-dco.name
|
||||
]
|
||||
|
||||
block_device {
|
||||
|
|
|
@ -78,7 +78,8 @@ resource "openstack_networking_port_v2" "kubewport-sto3" {
|
|||
# A list of security group ID
|
||||
security_group_ids = [
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.id,
|
||||
resource.openstack_networking_secgroup_v2.microk8s-sto3.id
|
||||
resource.openstack_networking_secgroup_v2.microk8s-sto3.id,
|
||||
resource.openstack_networking_secgroup_v2.k8s-external-worker-sto3.id
|
||||
]
|
||||
admin_state_up = "true"
|
||||
provider = openstack.sto3
|
||||
|
@ -112,7 +113,8 @@ resource "openstack_compute_instance_v2" "worker-nodes-sto3" {
|
|||
provider = openstack.sto3
|
||||
security_groups = [
|
||||
resource.openstack_networking_secgroup_v2.microk8s-sto3.name,
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name,
|
||||
resource.openstack_networking_secgroup_v2.k8s-external-worker-sto3.name
|
||||
]
|
||||
|
||||
block_device {
|
||||
|
|
|
@ -77,7 +77,8 @@ resource "openstack_networking_port_v2" "kubewport-sto4" {
|
|||
# A list of security group ID
|
||||
security_group_ids = [
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.id,
|
||||
resource.openstack_networking_secgroup_v2.microk8s-sto4.id
|
||||
resource.openstack_networking_secgroup_v2.microk8s-sto4.id,
|
||||
resource.openstack_networking_secgroup_v2.k8s-external-worker-sto4.id
|
||||
]
|
||||
admin_state_up = "true"
|
||||
provider = openstack.sto4
|
||||
|
@ -111,7 +112,8 @@ resource "openstack_compute_instance_v2" "worker-nodes-sto4" {
|
|||
provider = openstack.sto4
|
||||
security_groups = [
|
||||
resource.openstack_networking_secgroup_v2.microk8s-sto4.name,
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.name
|
||||
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.name,
|
||||
resource.openstack_networking_secgroup_v2.k8s-external-worker-sto4.name
|
||||
]
|
||||
|
||||
block_device {
|
||||
|
|
|
@ -19,7 +19,7 @@ resource "openstack_networking_secgroup_v2" "k8s-external-control-sto4" {
|
|||
}
|
||||
|
||||
# Rules dco
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_rule_v4_dco" {
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_rule1_v4_dco" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
|
@ -42,7 +42,7 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_r
|
|||
security_group_id = openstack_networking_secgroup_v2.k8s-external-control-sto3.id
|
||||
}
|
||||
|
||||
# Rules dco
|
||||
# Rules sto4
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_rule1_v4_sto4" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
|
@ -53,3 +53,62 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_control_r
|
|||
remote_ip_prefix = "89.47.191.43/32"
|
||||
security_group_id = openstack_networking_secgroup_v2.k8s-external-control-sto4.id
|
||||
}
|
||||
|
||||
|
||||
# Security groups for external acccess k8s worker nodes in dco.
|
||||
resource "openstack_networking_secgroup_v2" "k8s-external-worker-dco" {
|
||||
name = "k8s-external-worker"
|
||||
description = "External ingress traffic to k8s worker nodes."
|
||||
provider=openstack.dco
|
||||
}
|
||||
|
||||
# Security groups for external acccess k8s worker nodes in sto3.
|
||||
resource "openstack_networking_secgroup_v2" "k8s-external-worker-sto3" {
|
||||
name = "k8s-external-worker"
|
||||
description = "External ingress traffic to k8s worker nodes."
|
||||
provider=openstack.sto3
|
||||
}
|
||||
# Security groups for external acccess k8s worker nodes in sto4.
|
||||
resource "openstack_networking_secgroup_v2" "k8s-external-worker-sto4" {
|
||||
name = "k8s-external-worker"
|
||||
description = "External ingress traffic to k8s worker nodes."
|
||||
provider=openstack.sto4
|
||||
}
|
||||
|
||||
# Rules dco
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule1_v4_dco" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
port_range_min = "443"
|
||||
port_range_max = "443"
|
||||
provider = openstack.dco
|
||||
remote_ip_prefix = "89.47.191.43/32"
|
||||
security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
|
||||
}
|
||||
|
||||
# Rules sto3
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule1_v4_sto3" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
port_range_min = "443"
|
||||
port_range_max = "443"
|
||||
provider = openstack.sto3
|
||||
remote_ip_prefix = "89.47.191.43/32"
|
||||
security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto3.id
|
||||
}
|
||||
|
||||
# Rules sto4
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule1_v4_sto4" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
port_range_min = "443"
|
||||
port_range_max = "443"
|
||||
provider = openstack.sto4
|
||||
remote_ip_prefix = "89.47.191.43/32"
|
||||
security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto4.id
|
||||
}
|
||||
|
||||
|
|
|
@ -16,3 +16,13 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
|
|||
security_group_id = openstack_networking_secgroup_v2.lb-dco.id
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule2_v4_dco" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
port_range_min = "16443"
|
||||
port_range_max = "16443"
|
||||
provider = openstack.dco
|
||||
remote_ip_prefix = "87.251.31.153/32"
|
||||
security_group_id = openstack_networking_secgroup_v2.lb-dco.id
|
||||
}
|
||||
|
|
|
@ -18,13 +18,13 @@ spec:
|
|||
# - kube-matrixtest.matrix.test.sunet.se
|
||||
# secretName: tls-secret
|
||||
rules:
|
||||
- host: kube-matrixtest.matrix.test.sunet.se
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: health-node
|
||||
port:
|
||||
number: 8080
|
||||
- host: "kube.matrix.test.sunet.se"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: health-node
|
||||
port:
|
||||
number: 8080
|
||||
|
|
Loading…
Reference in a new issue