213 lines
7.6 KiB
HCL
213 lines
7.6 KiB
HCL
# Datasource of sunet ssh-from-jumphost security group.
|
|
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
|
|
name = "ssh-from-jumphost"
|
|
}
|
|
|
|
data "openstack_networking_secgroup_v2" "allegress" {
|
|
name = "allegress"
|
|
}
|
|
|
|
resource "openstack_networking_secgroup_v2" "microk8s" {
|
|
name = "microk8s"
|
|
description = "Traffic to allow between microk8s hosts"
|
|
}
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 16443
|
|
port_range_max = 16443
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 16443
|
|
port_range_max = 16443
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 10250
|
|
port_range_max = 10250
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 10250
|
|
port_range_max = 10250
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 10255
|
|
port_range_max = 10255
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 10255
|
|
port_range_max = 10255
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 25000
|
|
port_range_max = 25000
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 25000
|
|
port_range_max = 25000
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 12379
|
|
port_range_max = 12379
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 12379
|
|
port_range_max = 12379
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 10257
|
|
port_range_max = 10257
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 10257
|
|
port_range_max = 10257
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 10259
|
|
port_range_max = 10259
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 10259
|
|
port_range_max = 10259
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 19001
|
|
port_range_max = 19001
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "tcp"
|
|
port_range_min = 19001
|
|
port_range_max = 19001
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "udp"
|
|
port_range_min = 4789
|
|
port_range_max = 4789
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "udp"
|
|
port_range_min = 4789
|
|
port_range_max = 4789
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" {
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "udp"
|
|
port_range_min = 51820
|
|
port_range_max = 51820
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" {
|
|
direction = "ingress"
|
|
ethertype = "IPv6"
|
|
protocol = "udp"
|
|
port_range_min = 51820
|
|
port_range_max = 51820
|
|
remote_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
security_group_id = openstack_networking_secgroup_v2.microk8s.id
|
|
}
|
|
|
|
resource "openstack_networking_secgroup_v2" "https" {
|
|
name = "https"
|
|
description = "Allow https to ingress controller"
|
|
}
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "https_rule1" {
|
|
# External traffic
|
|
direction = "ingress"
|
|
ethertype = "IPv4"
|
|
protocol = "tcp"
|
|
port_range_min = 443
|
|
port_range_max = 443
|
|
remote_ip_prefix = "0.0.0.0/0"
|
|
security_group_id = openstack_networking_secgroup_v2.https.id
|
|
}
|