From aec4e02a574fa81233e2cf9d06f8f78a2e9383e4 Mon Sep 17 00:00:00 2001
From: Magnus Andersson <mandersson@sunet.se>
Date: Sat, 10 Feb 2024 22:27:32 +0100
Subject: [PATCH] Begin lb deployment

---
 kube.tf           |  2 +-
 lb.tf             | 28 ++++++++++++++++++++++++++++
 securitygroups.tf | 25 +++++++++++++++++++++++++
 variables.tf      |  5 +++++
 4 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 lb.tf

diff --git a/kube.tf b/kube.tf
index 86bc919..477ffe9 100644
--- a/kube.tf
+++ b/kube.tf
@@ -32,7 +32,7 @@ resource "openstack_blockstorage_volume_v3" "kubevolumesnap" {
 
 # Create instances of kubernetes nodes
 resource "openstack_compute_instance_v2" "kube" {
-  name            = "kube${count.index + 1}.matrix-test.sunet.se"
+  name            = "kube${count.index + 1}.matrix.test.sunet.se"
   count           = var.kubesize
   flavor_id       = data.openstack_compute_flavor_v2.b2c4r16.id
   key_pair        = data.openstack_compute_keypair_v2.manderssonpub.id
diff --git a/lb.tf b/lb.tf
new file mode 100644
index 0000000..c227511
--- /dev/null
+++ b/lb.tf
@@ -0,0 +1,28 @@
+resource "openstack_networking_port_v2" "lbport" {
+  name                = "lb${count.index + 1}-matrix-test-sunet-se-port"
+  # We create as many ports as there are instances created
+  count               =  var.lbsize # Number of loadbalancers
+  network_id          = data.openstack_networking_network_v2.public.id
+  # A list of security group ID
+  security_group_ids  = [ 
+                          data.openstack_networking_secgroup_v2.sshfromjumphosts.id, 
+                          data.openstack_networking_secgroup_v2.allegress.id,
+                          resource.openstack_networking_secgroup_v2.lbnode.id
+                        ]
+  admin_state_up      = "true"
+}
+
+resource "openstack_networking_port_v2" "lbvip" {
+  name                = "lb-vip-matrix-test-sunet-se-port"
+  # We create as many ports as there are instances created
+  network_id          = data.openstack_networking_network_v2.public.id
+  # A list of security group ID
+  security_group_ids  = [
+                          data.openstack_networking_secgroup_v2.sshfromjumphosts.id,
+                          data.openstack_networking_secgroup_v2.allegress.id,
+                        ]
+  admin_state_up      = "false"
+}
+
+
+
diff --git a/securitygroups.tf b/securitygroups.tf
index b550091..e13bdba 100644
--- a/securitygroups.tf
+++ b/securitygroups.tf
@@ -9,6 +9,8 @@ data "openstack_networking_secgroup_v2" "allegress" {
   name = "allegress"
 }
 
+
+
 # Resources to define new security groups
 
 # Securitygroup to allow kubernetes nodes 
@@ -45,3 +47,26 @@ resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {
   remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
   security_group_id = openstack_networking_secgroup_v2.kubenode.id
 }
+
+# Securitygroup to allow vrrp trafic between lb nodes
+resource "openstack_networking_secgroup_v2" "lbnode" {
+  name                 = "lbnode"
+  description          = "Securitygroup for load balancer nodes"
+  delete_default_rules = true
+}
+
+resource "openstack_networking_secgroup_rule_v2" "vrrpingress" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "vrrp"
+  remote_group_id   = openstack_networking_secgroup_v2.lbnode.id
+  security_group_id = openstack_networking_secgroup_v2.lbnode.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "vrrpingressv6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "vrrp"
+  remote_group_id   = openstack_networking_secgroup_v2.lbnode.id
+  security_group_id = openstack_networking_secgroup_v2.lbnode.id
+}
diff --git a/variables.tf b/variables.tf
index 012b32a..aa1a107 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,3 +4,8 @@ variable "kubesize" {
   default = 3
 }
 
+variable "lbsize" {
+  type    = number
+  default = 2
+}
+