# Datasource of sunet ssh-from-jumphost security group.
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
  name = "ssh-from-jumphost"
}

data "openstack_networking_secgroup_v2" "allegress" {
  name = "allegress"
}

resource "openstack_networking_secgroup_v2" "microk8s" {
  name        = "microk8s"
  description = "Traffic to allow between microk8s hosts"
}

resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 16443
  port_range_max    = 16443
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 16443
  port_range_max    = 16443
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}

resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 10250
  port_range_max    = 10250
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 10250
  port_range_max    = 10250
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}

resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 10255
  port_range_max    = 10255
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 10255
  port_range_max    = 10255
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 25000
  port_range_max    = 25000
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 25000
  port_range_max    = 25000
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 12379
  port_range_max    = 12379
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 12379
  port_range_max    = 12379
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 10257
  port_range_max    = 10257
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 10257
  port_range_max    = 10257
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 10259
  port_range_max    = 10259
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 10259
  port_range_max    = 10259
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 19001
  port_range_max    = 19001
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 19001
  port_range_max    = 19001
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "udp"
  port_range_min    = 4789
  port_range_max    = 4789
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "udp"
  port_range_min    = 4789
  port_range_max    = 4789
  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
  security_group_id = openstack_networking_secgroup_v2.microk8s.id
}

resource "openstack_networking_secgroup_v2" "https" {
  name        = "https"
  description = "Allow https to ingress controller"
}

resource "openstack_networking_secgroup_rule_v2" "https_rule1" {
  # External traffic
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 443
  port_range_max    = 443
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = openstack_networking_secgroup_v2.https.id
}