From f8118ef52d6e9cfb1884732ac4c0c9b8c78ab064 Mon Sep 17 00:00:00 2001 From: pettai Date: Thu, 7 Nov 2024 12:38:58 +0100 Subject: [PATCH] Add new mgmt vpn + ingress for https in dco --- IaC-test/securitygroup-k8s-external.tf | 13 ++++++++++++- IaC-test/securitygroups-lb.tf | 11 +++++++++++ .../overlay/etc/hiera/data/local.eyaml | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/IaC-test/securitygroup-k8s-external.tf b/IaC-test/securitygroup-k8s-external.tf index 8a444d2..a4df848 100644 --- a/IaC-test/securitygroup-k8s-external.tf +++ b/IaC-test/securitygroup-k8s-external.tf @@ -76,7 +76,6 @@ resource "openstack_networking_secgroup_v2" "k8s-external-worker-sto4" { } # Rules dco - resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule1_v4_dco" { direction = "ingress" ethertype = "IPv4" @@ -112,3 +111,15 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto4.id } +# Rules sto4 +resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule2_v4_dco" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = "443" + port_range_max = "443" + provider = openstack.dco + remote_ip_prefix = "0.0.0.0/0" + security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id +} + diff --git a/IaC-test/securitygroups-lb.tf b/IaC-test/securitygroups-lb.tf index 2036a79..d8f5850 100644 --- a/IaC-test/securitygroups-lb.tf +++ b/IaC-test/securitygroups-lb.tf @@ -96,3 +96,14 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule8_v4_dco" { remote_ip_prefix = "89.47.184.88/32" security_group_id = openstack_networking_secgroup_v2.lb-dco.id } + +resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule9_v4_dco" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = "16443" + port_range_max = "16443" + provider = openstack.dco + remote_ip_prefix = "130.242.121.23/32" + security_group_id = openstack_networking_secgroup_v2.lb-dco.id +} diff --git a/lb1.matrix.test.sunet.se/overlay/etc/hiera/data/local.eyaml b/lb1.matrix.test.sunet.se/overlay/etc/hiera/data/local.eyaml index 62901e3..569067a 100644 --- a/lb1.matrix.test.sunet.se/overlay/etc/hiera/data/local.eyaml +++ b/lb1.matrix.test.sunet.se/overlay/etc/hiera/data/local.eyaml @@ -3,3 +3,4 @@ sourceips: - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAXJshcFEueSHFlLo3kKvRWqUltrPBNrEligleurVbh64R2T/Qhq6/vwVfT6cmOkXO6AsPQk2+uyPOKQHvHoSqnYuyRS3bhWzmUUpXk8GpCws5w+1mwuB74J4ngK9ALo5CWisnoaAEDuuWvwPJVCrb6ofbkEj66Wz2BIU2Kt+GpvlV8IR79VYm2XQ8K7sk6Yv2/kT/eAHa5xvrzWieFAbXcxeaT92yrKGLkkVuUepu0T8iN+gbacusPRCVXVYKCqJ8t3erqlw3qheL6Q63xb19FMLptsAPClG4KJLSnMtss60pWiP2TaUhvgF1NH0QCQq2SjGjhRSkgzJV9YdRBccRe7TAKLUHcYy/oStMPuv3GaN7C5WhldPcN4bO16ziVCZfKA6yBGW/ezLMd9nk8dnzk3XsIHtCMCeqXiUDPVLFCHY0ekxorcKlppSgZTKB1EBi2xIf14v2ACZA8AKlXrBJ++DXQTL566pffvVMWHwVJX2FJ1X1vtmny4leIs1LOA19DZWkyHF48fM6U7clFwY6WfMXzTdl3oFepcxpOdyLoGa+wvQ9bfpUQNAYP4mQW0gJadPctXxkS1Oi+mYHSDMxrWzAKtbOLA8StQWXvg8LGs9yxcd6KZWufbz1uMTg7WIDcJadG/z3qc5ZEUoVZNbbHOEMnEFVzDgEfeB8+cwtfAkwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQSsM2NFbe2higpR4dySelE4AQoyqyRowuyTxaSZ0lZELn3A==] - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAD3dP3VZajW3lYO5xOQHNNFweEWKcQLunkXRE5eSL88DGNUje7pjATH3bfj7g693Acxy3o/7gmH4kqF6O695I44qf31x2P05HlgzKrIzIx1h8DlSpJEAAF1l3yq8EFkpuT50Bs006lMfb7UmSfEiKtbpqVTWryYf49tevZ/g9xoGE6r1g1Ym31syT7zt2bYkl0T/1TfBg/t9JuQBBawKZifMDKgB+w4ZWvmbuN5n9kIlxqCQupJom8IWSyc9umIQ4Q32NQmTRN7DYOPbGUFAunZ3aGJHvx5xBiy9lh8aswA3odugGU8v8yYqe0ivs1Hu3JV/f/U2pGHeE9t1wQ0QjA1ES+3oexdzJZYpI44q4udxstRhwnZFkFtj7+m7yDUJSDP8eB9UJzdhx63LxxcsNPCFnsUEM7vIr4oL1ZTe86PG7ZljA6v2P+uQmWAUs18PbB1Y4dIAnKewd4d0EyhPz3c4yV4S9dgP1zt0EM9GRj6bCRKSFOnd59vaFOAOKCYZeiNajwNI+Mk2QVagR6NFzgneHRay5quv6yRmNP9Fkmsgc7rtckS03uGCx2sNnfZKZsa6lGc9xekkjKPbTkOjvKa+L+VKc/PTxpTGGroAuDfY5ck68IECQORrqo2irOOM2+Z+BeultL1iwKOVLz5QVY1gVXHKuuXL6z8rcXzEEN9AwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQIxx9tE+wzDqf5i+RWvZo/YAQv0GytVs5YW6BHziK0n7+MQ==] - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAOxSw9yfoFWKbVqPzlozmv99ZmgANjPZtvtIDgKz/sx1xf6k1rIptL+iidO/+hOse6RG1+BBjvioFg+D0gWOeBfFFy1iU21VqFzdJpxJiLAbFQ81pJUTwbfglQIV+zFA73J7aJTERhYb3CG1mx6MZJLwxhTQojWoXP8fZjEa8s7BZpIHtVzBzwz4ynlQ3L/VrC8kIOLu93qtmKcz97fMKGmm0cqrC/BkF0fA487Uco+CBqlRurkc3MB/QrrbNkKEI5JK/OtLWg7wRXiW1oN8AS7iKNBl7Ic23JlFyQbW4XF7mhuPLyOlMNZEXu/7FrvPyK+Te+8YIKi8Q9Zj1ZpW5HNqIMX2Lqc3qyr/Cj+12ztgu9nQdUQmGOQAn7GEYvFoRIZXyIR/FGSI+iuG0R0+fTWh5v2wiHX9fop/U3xKcQq9oCp0kJ9hP59nf/JcFRH1b36+lQhk6PvAZvfsh5JONbOAxxKLhhrliC18PDhiddEmXY1gkqUPTQ+N9Yc+4rSzKQnVNTjP0gT9yOY2Kc6pUzW8Kp76qzewoWWUTdo71DpmmvPGpHUCqGvAPzjkbVB+iiZVKlpR1K/0YRYY0AOipAqY9L50RncPqoGwZ+5qgJ3zVjPhUdmJu2lysOxpZeRZNH4wfG047ISF1IIyLNmCVhOcX8CqVwdpSO/f37yhGzUUwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQcyXQqNfMcDEwrWJRMnF1oIAQBXHWNrsRXMG677xMSWMF8g==] + - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAMNalG6516+YJ2Zv52jjHNmI57u3oV51+MSNlbflGHTkTzEXUnJMoVuQjvpPLFYd4g6X68YBeP7kng4CBURtadpi6YfM9R9L2u/Bf5cKCNS/HfqjjzOCeaVoMhrDfvLBMh7flfJCliqwj6vd/hBTs9teDj8DIoUNm3huQRWR/jgZsgtwGVVLR0AcOk07qNqEZNPCxiq5sFnXSZhLHJfJVdptafwLqZ57TsDJFQTlOOK+M2hFo3+WK3i8a4RliZLu+19UgnIvtZzCNb/7T3BUhe5S4zCNransFIg67iCQ1Ip5K4R6u/vE2BlG7zEMH8XJQ6ikWgX4k/hKO/nc26YhTupuQXst8GPiFjKxebnK+E6xL2EfbQIiZC966SbbfPhlIs4UqAltQFkSsdgwdMbUBVWj5LvSjmPZHzFX1e0RqXoOySRJ4TU9TVE/cLKouajWuY439ZeIjcOUSnb6dudqgsEfSJ4j+pBhvxfwr4ygFOAe8QkOGQ0OWyRdfuyWfbHD/9/ga0RG2UGHHhWPJtRerB2njaoreraF2+XyMwDFmqPQK+ShFcykKzofb2QnbLP8Z96sw1MGVayb2d+5tmql34C/tKEj1TkFNhK1ArwvMGPYKKHlqPkqQ/pyHRey2tOuFcVBLNhQNPSBiEZGEDsOuNtF+aA9Eq21JhOPyxvQ2WOQwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQTJhq8Kp07/r3JsT8o71ZWIAQx7n/2dClmK3GK+9FTrHyNQ==]