matrixtest-IaC/securitygroups.tf

# Data sources for existing groups

# Datasource of sunet ssh-from-jumphost security group.
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
  name = "ssh-from-jumphost"
}

data "openstack_networking_secgroup_v2" "allegress" {
  name = "allegress"
}


# Resources to define new security groups

# Securitygroup to allow kubernetes nodes 
resource "openstack_networking_secgroup_v2" "kubenode" {
  name                 = "kubenode"
  description          = "Securitygroup for microk8s nodes"
  delete_default_rules = true
}

resource "openstack_networking_secgroup_rule_v2" "kubeingressv4" {
  direction         = "ingress"
  ethertype         = "IPv4"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

resource "openstack_networking_secgroup_rule_v2" "kubeingressv6" {
  direction         = "ingress"
  ethertype         = "IPv6"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

resource "openstack_networking_secgroup_rule_v2" "kubeegressv4" {
  direction         = "egress"
  ethertype         = "IPv4"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {
  direction         = "egress"
  ethertype         = "IPv6"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

# Securitygroup to allow vrrp trafic between lb nodes
resource "openstack_networking_secgroup_v2" "lbnode" {
  name                 = "lbnode"
  description          = "Securitygroup for load balancer nodes"
  delete_default_rules = true
}

resource "openstack_networking_secgroup_rule_v2" "vrrpingress" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "vrrp"
  remote_group_id   = openstack_networking_secgroup_v2.lbnode.id
  security_group_id = openstack_networking_secgroup_v2.lbnode.id
}

resource "openstack_networking_secgroup_rule_v2" "vrrpingressv6" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "vrrp"
  remote_group_id   = openstack_networking_secgroup_v2.lbnode.id
  security_group_id = openstack_networking_secgroup_v2.lbnode.id
}
Define kubenode security groups and assign it to kube nodes 2024-01-12 12:33:22 +00:00			`# Data sources for existing groups`

Create kubernetes nodes and add ssh access security group. 2024-01-11 15:17:50 +00:00			`# Datasource of sunet ssh-from-jumphost security group.`
			`data "openstack_networking_secgroup_v2" "sshfromjumphosts" {`
			`name = "ssh-from-jumphost"`
			`}`
Add egress security group to kubernetes nodes 2024-01-12 11:53:55 +00:00
			`data "openstack_networking_secgroup_v2" "allegress" {`
			`name = "allegress"`
			`}`
Define kubenode security groups and assign it to kube nodes 2024-01-12 12:33:22 +00:00
Begin lb deployment 2024-02-10 21:27:32 +00:00

Define kubenode security groups and assign it to kube nodes 2024-01-12 12:33:22 +00:00			`# Resources to define new security groups`

			`# Securitygroup to allow kubernetes nodes`
			`resource "openstack_networking_secgroup_v2" "kubenode" {`
			`name = "kubenode"`
			`description = "Securitygroup for microk8s nodes"`
			`delete_default_rules = true`
			`}`

			`resource "openstack_networking_secgroup_rule_v2" "kubeingressv4" {`
			`direction = "ingress"`
			`ethertype = "IPv4"`
			`remote_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`security_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`}`

			`resource "openstack_networking_secgroup_rule_v2" "kubeingressv6" {`
			`direction = "ingress"`
			`ethertype = "IPv6"`
			`remote_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`security_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`}`

			`resource "openstack_networking_secgroup_rule_v2" "kubeegressv4" {`
			`direction = "egress"`
			`ethertype = "IPv4"`
			`remote_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`security_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`}`

			`resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {`
			`direction = "egress"`
			`ethertype = "IPv6"`
			`remote_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`security_group_id = openstack_networking_secgroup_v2.kubenode.id`
			`}`
Begin lb deployment 2024-02-10 21:27:32 +00:00
			`# Securitygroup to allow vrrp trafic between lb nodes`
			`resource "openstack_networking_secgroup_v2" "lbnode" {`
			`name = "lbnode"`
			`description = "Securitygroup for load balancer nodes"`
			`delete_default_rules = true`
			`}`

			`resource "openstack_networking_secgroup_rule_v2" "vrrpingress" {`
			`direction = "ingress"`
			`ethertype = "IPv4"`
			`protocol = "vrrp"`
			`remote_group_id = openstack_networking_secgroup_v2.lbnode.id`
			`security_group_id = openstack_networking_secgroup_v2.lbnode.id`
			`}`

			`resource "openstack_networking_secgroup_rule_v2" "vrrpingressv6" {`
			`direction = "ingress"`
			`ethertype = "IPv6"`
			`protocol = "vrrp"`
			`remote_group_id = openstack_networking_secgroup_v2.lbnode.id`
			`security_group_id = openstack_networking_secgroup_v2.lbnode.id`
			`}`