Add egress security group to kubernetes nodes

2024-01-12 12:53:55 +01:00 · 2024-01-12 12:53:55 +01:00 · 72f54d7e7f
parent 57064f2eb6
commit 72f54d7e7f
2 changed files with 6 additions and 2 deletions
--- a/kube.tf
+++ b/kube.tf
@ -5,7 +5,7 @@ resource "openstack_networking_port_v2" "kubeport" {
  count               =  var.kubesize # size of cluster
  network_id          = data.openstack_networking_network_v2.public.id
  # A list of security group ID
-  security_group_ids  = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.id ]
+  security_group_ids  = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.id, data.openstack_networking_secgroup_v2.allegress.id ]
  admin_state_up      = "true"
 }

@ -32,7 +32,7 @@ resource "openstack_compute_instance_v2" "kube" {
  count           = var.kubesize
  flavor_id       = data.openstack_compute_flavor_v2.b2c4r16.id
  key_pair        = data.openstack_compute_keypair_v2.manderssonpub.id
-  security_groups = ["ssh-from-jumphost"]
+  security_groups = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.name, data.openstack_networking_secgroup_v2.allegress.name ]

  network {
    port   = resource.openstack_networking_port_v2.kubeport[count.index].id
--- a/securitygroups.tf
+++ b/securitygroups.tf
@ -2,3 +2,7 @@
 data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
  name = "ssh-from-jumphost"
 }
+
+data "openstack_networking_secgroup_v2" "allegress" {
+  name = "allegress"
+}